Andy is a hacker at heart, a penetration tester, and consultant who has always been interested in taking things apart and sometimes even putting them together again (in fact he spent a good few years in computer repair and data recovery).
As his day job, Andy Gill is a security consultant through and through, as of 2020 he has been in the industry for around 15 years! With a passion for offensive security, he specialises in red teaming and simulated attacks. He also is striving to further defensive technologies to better assist clients with their technological and strategic issues. With a hunger for knowledge and paying it forward, Andy actively helps grow the community by mentoring and educating the masses on the basics of security awareness paired with his excellent consultancy skills.
Andy has been in the IT security industry for just over eight years, currently holding CREST’s CCT Infrastructure certification which is highly sought-after, in addition he holds CHECK Team Leader status. He is also a Certified Red Team Operator.
To back up his years in industry he also holds several other certifications and accolades including OSCP, OSWP.
Coupled with his day job, Andy also participates in bug bounty programs, having reported bugs to over a hundred vendors including high profile targets such as US Dept. of Defense, MindGeek, Facebook and Oracle.
Passing on Knowledge
For those that don't know Andy, he is a strong believer in passing knowledge on and supporting the infosec community he does this by providing tutorials on his blog (/), running his local DEF CON Chapter & has also published a book Breaking into Information Security: Learning the Ropes 101. He also helps out at DEF CON as a SOC Goon (Red Shirt) too each year (since DC25) assisting the SOC with operations and people flow.
He can be found on most mediums on the internet as @ZephrFish and is always happy to help folks if they have questions. DMs are open on Twitter.
Aside from the blog and book, Andy has started a podcast with one of his good friends who is learning the ropes.
Dave & Andy's WeegieCast
- About Page
- WeegieCast is on most major podcast platforms and is updated mostly monthly or every other month. If you are interested here is our platforms.
Other Podcast Guest Spots
Alongside this blog, his book and other platforms he also has a YouTube channel, discussing and teaching an overview of different security topics.
- 0x01 - Introduction to ZephrSec
- 0x02 - Penetration Testing Overview
- Stumble Through Series - traversing hack the box, boxes live on stream [NSFW]
Below are a list of all the recorded public talks that Andy has delivered, as a prewarning most if not all are not safe for work!
- Leanpub.com. Leanpub Interview - LTR101
- BSides Leeds 2018. Hacker of All Trades: Master of None
- BSides Glasgow 2018. Internet of Death: Modern Murder
- Steelcon 2018. Breaking Into Information Security: Learning The Ropes 101
- BSides Leeds 2019. Hacking Companies For Internet Glory While Not Dying In A Sarlacc Pit
- Steelcon 2019. Hunting Sh*t Up - "Red Team" with a Bug Hunter's Mindset
- Steelcon 2019. PwnShop LollyPop - Workshop
- G3C Glasgow 2019. Sniffing Routes to Pwnage - An Introduction to Bloodhound
- Cyber Careers Summit 2019. Learning To Test Pens 101
- SecuriTay 2020. - So You want to learn Red Teaming
- DC44141 April 2020. - So You Want To Learn Red Teaming
- TUDublin HackerSoc. Red Team Talk
- CRESTCon 2020. Nijūshiho - A Year Targeting Nippon
Personal Technical Talks (Most of them are NSFW)
- Hack in the Box: Haxpo 2015, All Your Hostnames Are Belong To Us (Slides)
- BSides London 2018. Learning The Ropes 101 - Was not recorded :(
- Cyber RE:Coded.
A ***cking Introduction to Offensive Security - Was not recorded
- GCU Ethical Hacking Society.
A Day in the Life of a Pentester - Was not recorded
- Abertay Ethical Hacking Society Oct 2019.
A ***cking Offensive Introduction to Security - What The F**k is pentesting - Was not recorded
- BSides Leeds 2020. -
GoTtA gO fAsT - Zoom Zoom Hax - Was not recorded
Andy also takes part in bug bounties and security research, the links below show his public profiles and published research.
- Write Up
- Link to Exploit
- HackerOne Profile
- BugCrowd Profile
- HoneyPoC - A research experiment as to why you should not run random binaries on the net!
In The Media
Andy is frequently involved with helping educate and encourage people to learn the arts and as a result has been featured in several media articles, some of which can be found below.
- ABERTAY SET TO HOST EUROPE’S LARGEST STUDENT CYBERSECURITY CONFERENCE
- Infosecurity Magazine - Life Of: A Pen Test Report Writer
- CafePress Breach - Andy Gill Quoted in Forbes
- Google Chrome 76 Dangers - Quoted in Forbes
- DoxDirect Feature
- Portswigger Daily Swig Feature 2019
- STV Scam Awareness & Phishing
- Blog Your Passion Feature
- BBC News Car Alarm Hacking & BBC Click Gone In Six Seconds
- BBC Clickmas Xmas Special 2018
- Inside Cyber Issue 3 - My Journey Into Cyber
- How To Minimise Cybercrime - Telegraph Feature
- Speaking to Scottish Gov About Cyber Security
- Cyber Security Challenge Feature 2018
- Portswigger Daily Swig Feature 2018
- CSC Careers Blog 2016
- DEF CON Coverage on BBC Click
However aside from all the technical goodness his life isn't completely spent behind a terminal as he also enjoys training martial arts; holding a 1st Dan black belt in Karate with over seventeen years experience, during which he has fought and competed at full contact level with an amateur record of 1 win, 1 loss and 2 draws.
It is important with the work of pentesting or any home based security role that people have an escape away from the keyboard!
If you're interested in Andy Gill's other work feel free to reach out on twitter(it is the best place to get me usually and my DMs are open).