Andy is a hacker at heart, who's always been interested in taking things apart and sometimes even putting them together again(in-fact he spent a good few years in computer repair and data recovery).
As his day job, Andy works as a senior penetration tester who is capable of delivering a wide spectrum of assessment types. These include; web applications, external & internal infrastructure, open source intelligence gathering, configuration reviews and many more.
Andy has been in the IT security industry for just over five years, currently holding CREST’s CCT Infrastructure certification which is highly sought-after, in addition he holds CHECK Team Leader status. He is also working towards CREST's Certified Simulated Attack Specialist certification too.
To back up his years in industry he also holds several other certifications and accolades including OSCP, OSWP.
Coupled with his day job, Andy also participates in bug bounty programs, having reported bugs to over a hundred vendors including high profile targets such as US Dept. of Defense, MindGeek, Facebook and Oracle.
Passing on Knowledge
For those that don't know Andy, he is a strong believer in passing knowledge on and supporting the infosec community he does this by providing tutorials on his blog (https://blog.zsec.uk), running his local DEF CON Chapter & has also published a book Breaking into Information Security: Learning the Ropes 101.
He has also recently started a YouTube channel, discussing and teaching an overview of different security topics.
Personal Technical Talks
Hack in the Box: Haxpo 2015, All Your Hostnames Are Belong To Us (Slides)
BSides Leeds 2018. Hacker of All Trades: Master of None
BSides Glasgow 2018. Internet of Death: Modern Murder
BSides London 2018. Learning The Ropes 101 - Was not recorded :(
Steelcon 2018. Breaking Into Information Security: Learning The Ropes 101
A ***cking Introduction to Offensive Security - Was not recorded
GCU Ethical Hacking Society.
A Day in the Life of a Pentester - Was not recorded
BSides Leeds 2019. Hacking Companies For Internet Glory While Not Dying In A Sarlacc Pit
Group Talks Participation
- BSides Leeds 2019. We Take Your Security Seriously. Or Do We? - The Beer Farmers
- SecuriTay 2019. We Take Your Security Seriously. Or Do We? - The Beer Farmers
- Le Tour Du Hack 2019. We Take Your Security Seriously... Or Do We? - The Beer Farmers
- BSides Edinburgh 2019. Companies Take Your Security Seriously... - The Beer Farmers
In The Media
- Blog Your Passion Feature
- BBC News Car Alarm Hacking & BBC Click Gone In Six Seconds
- BBC Clickmas Xmas special 2018
- Inside Cyber Issue 3 - My Journey Into Cyber
- How To Minimise Cybercrime - Telegraph Feature
- Speaking to Scottish Gov About Cyber Security
- Cyber Security Challenge Feature 2018
- Portswigger Daily Swig Feature 2018
- CSC Careers Blog 2016
- DEF CON Coverage on BBC Click
However aside from all the technical goodness his life isn't completely spent behind a terminal as he also enjoys training martial arts; holding a 1st Dan black belt in Karate with over sixteen years experience, during which he has fought and competed at full contact level with an amateur record of 1 win, 1 loss and 2 draws.
It is important with the work of pentesting or any home based security role that people have an escape away from the keyboard!
If you're interested in Andy's other work feel free to reach out on twitter, github or via github.