About Andy

About Andy

Andy is a hacker(ハッカー) at heart, an offensive security engineer and a consultant who has always been interested in taking things apart and sometimes even putting them together again (in fact, he spent a good few years in computer repair and data recovery).


In his day job, Andy Gill is a security consultant focusing on offensive security through and through; as of 2022, he has been in the security industry for over 12 years! He is passionate about offensive security and specialises in red teaming and simulated attacks. He strives to further defensive technologies to better assist clients with technological and strategic issues.

In recent years he has focused more on contextualising risk and findings from pentests and similar engagements to help clients prioritise remediations, with more of a focus on cloud technologies such as Microsoft Azure.

With a hunger for knowledge and paying it forward, Andy actively helps grow the community by mentoring and educating the masses on the basics of security awareness, paired with his excellent consultancy skills.

Accolades

Andy has previously held CREST’s CCT Infrastructure certification, which is highly sought-after; he has also previously held CHECK Team Leader status. He is also a Certified Red Team Operator. He is working towards attaining several Microsoft Azure cloud certifications to bolster his achievements and accolades.

To back up his years in the industry, he holds several other certifications and accolades, including OSCP and OSWP.

Coupled with his day job, Andy also participates in bug bounty programs, having reported bugs to over a hundred vendors, including high-profile targets such as the US Dept. of Defense, MindGeek, Facebook and Oracle.

Passing on Knowledge

For those that don't know Andy, he is a firm believer in passing knowledge on and supporting the infosec community. He does this by providing tutorials on his blog (/), running his local DEF CON Chapter & has also published a book Breaking into Information Security: Learning the Ropes 101 & is working on a second book to publish in 2022! He also helps out at DEF CON as a SOC Goon (Red Shirt) each year (since DC25), assisting the SOC with operations and people flow.

DC30 - Team Scotland on 3rd Shift SOC Gooning

Both his book and blog have won awards:

  • UnsungSecHeroes 2021 - Best Cyber Writer
  • EU Cyber Security Bloggers Award 2020 - Best Personal Security Blog

He can be found on most mediums on the internet as @ZephrFish, and is always happy to help folks if they have questions. DMs are open on Twitter.

Podcasts

Aside from the blog and book, Andy has started a podcast with one of his good friends, who is learning the ropes.

Dave & Andy's WeegieCast [NSFW]

Other Podcast Guest Spots

YouTube Videos

Alongside this blog, his book and other platforms, he also has a YouTube channel that discusses and teaches an overview of different security topics.

Technical Talks

Below is a list of all the recorded public talks that Andy has delivered; as a prewarning, most, if not all, are not safe for work!

🎤 Talks:

2022

2021

2020

2019

2018

Additional Talks were not recorded, sadly :(

  • Hack in the Box: Haxpo 2015, All Your Hostnames Are Belong To Us (Slides)
  • BSides London 2018. Learning The Ropes 101 - Was not recorded :(
  • Cyber RE:Coded. A ***cking Introduction to Offensive Security - Was not recorded
  • GCU Ethical Hacking Society. A Day in the Life of a Pentester - Was not recorded
  • Abertay Ethical Hacking Society Oct 2019. A ***cking Offensive Introduction to Security - What The F**k is pentesting - Was not recorded
  • BSides Leeds 2020. - GoTtA gO fAsT - Zoom Zoom Hax - Was not recorded
AndyPresent

Security Research

Andy also participates in bug bounties and security research, the links below show his public profiles and published research.

In The Media

Andy is frequently involved in helping educate and encourage people to learn the arts and has been featured in several media articles, some of which can be found below.

2022

2021

2020

2019

2018

Non-Technical Things

However aside from all the technical goodness, his life isn't wholly spent behind a terminal as he also enjoys training martial arts; holding a 1st Dan black belt in Karate with over seventeen years experience, during which he has fought and competed at full contact level with an amateur record of 1 win, 1 loss and 2 draws.

Andy Gill Karate

It is important with the work of pentesting or any home-based security role that people have an escape away from the keyboard!

Andy is also a keen photographer with love for getting out and about and taking pics of all sorts.

If you would like to see my photos I have a photos blog, https://photos.zsec.uk

Internet Self

If you're interested in Andy Gill's other work, feel free to reach out on Twitter (it is the best place to get me usually and my DMs are open).