Andrew Valentine is a Managing Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps, based in Dallas, Texas. Andy is a prominent computer crime and cyber security professional who excels in multiple capacities, including investigator, expert witness, thought leader, author, and presenter. Throughout his career, Andy has proved tenacious and innovative in successfully working through the intricacies of highly complex cyber incidents to protect the best interests of clients.
Andy has managed several high-profile criminal forensic and data breach investigations in the United States and internationally, and has regularly collaborated with multijurisdictional law enforcement agencies. He is well-versed in criminal and civil investigative requirements, including computer forensics, evidentiary procedures, and fact-finding techniques. Adept at making challenging subject matter clear and comprehensible, Andy has also served as an expert witness in criminal and civil trials, several of which have been extensively covered by the media worldwide.
A recognized authority in the disciplines of forensics and incident response, Andy is the author of numerous articles as well as the co-author of reference books and reports. He is also frequently invited to speak on the subjects of data breach, digital forensics, and computer crime at industry events and specialized panels.
Prior to joining Kroll, Andy was Managing Principal/Team Lead within the Forensics and Incident Response Team within Verizon/Cybertrust Inc. In this leadership role, he closely managed a team of investigators routinely called upon to investigate some of the largest and most noteworthy data breach situations in both the United States and abroad. He started his career as a Cyber Security Analyst with the Florida Department of Law Enforcement’s Computer Crime Center. In addition to focusing on a wide array of operational cases and computer crime prevention projects, Andy also coordinated and managed the Florida Infrastructure Protection Center’s Computer Incident Response Team.
Reports and Books
- CyberForensics: Understanding Information Security Investigation, contributing author, Humana Press, 2010.
- Data Breach Investigation Report 2008-2012, Verizon
- 2008 American Bar Association (ABA) Cyber Crime Handbook, contributing author
- “Case Study: Pro-active Log Review Might Be A Good Idea,” Originally published in Verizon RISK Blog, reposted to CNN, ABC News, BBC, Gawker, and Los Angeles Times
- “Compliance Complacency: How Check Box Compliancy Remains a Pitfall for Many Organizations Worldwide,” Information Security Technical Report
- ”Anatomy of an Attack,” Enterprise Innovation Magazine
- “Hacking Hits Full Throttle,” Retail Banking Review
- “A Crash Course in Data Compromise,” New Zealand/Australia RBR Magazine
- “The Art of Preserving Digital Evidence,” Online Banking Review
- “Year of Reckoning for Data Security,” SDA Asian Magazine
- “Simple Solutions for Simple Attacks,” Retail Banking Review
- “Good Guys Finish Last,” Retail Banking Review
- “Enhancing the Security Awareness Model,” Computer Fraud and Security Magazine
- “The Empty Safe,” Computer Fraud and Security Magazine
- “Hot or Not: Remote Access Breaches,” SC Magazine
Selected Speaking Engagements & Presentations
- eID Conference, 2012
- RSA Conference, 2011
- GFIRST Conference, 2008
- Information Systems Security Association (ISSA) national and regional conferences
Education & Certifications
- M.S., Criminal Justice, Florida State University
- B.A., Criminal Justice and Spanish, Purdue University
- Qualified Security Assessor (QSA)
- PCI Council Qualified Incident Response Assessor (QIRA/PFI)