Cyber careers

Andy Gill

We talk to Andy Gill, aka @ZephrFish and pentest rockstar about his career into the industry, through tough times at school, competitions and social media trickery. 

Tell us a bit about your journey into the industry :
…Buckle up it’s a long one… I got into industry via a sort of standard and non-standard path. At school I messed up all of my exams in my last year, ended up winging it and going to college (in Scotland it’s an option after 6 years of school or if you leave school at 16 you can go to College). Anyway I went to college to study computer networking on a two year course. Along the way managed to land myself an internship at a bank working with their technology and information risk (TIR) team, where I quickly found that TIR was not for me and I much more enjoyed the red/blue team side of things. This led me to apply for university to study Digital Security, Forensics and Ethical Hacking at Glasgow Caledonian University.

This course allowed me to get involved with Cyber Security Challenge UK as there was a cyber camp event held at the uni over a weekend and I was lucky enough to take be given a place at. The camp composed of three days of different challenges, a business day, digital forensics and finally a CTF (capture-the-flag) style day surrounding a hacking pretence idea. Following this camp I managed to land a place at the prestigious Masterclass (national final), which saw 42 of the best delegates at the time take part in a team challenge over a few days in a bid to save the UK from a fictional cyber attack (funnily enough similar to Wannacry(!)). This allowed me to network with lots of people in industry and also happened to be the year in which Whitehatters Academy was formed (several former finalists all banded together and we started it! as a community for new infosec people and Challenge alumni).

As a result of being at Masterclass I managed to get my CV to several companies and landed myself another internship, this time in London to work with Context Information Security as a penetration tester intern. This is essentially where I found my taste for hacking and learning the ropes (which coincidentally is the name of my book – see below). Over the three months I spent in London, I attended the first BSides Manchester where I met lots of like minded folks and made friends with lots of the girls and guys I know in industry today! At the event I ended up grabbing a lot of business cards and talking to lots of people and by chance ended up meeting my current and previous employers. At the end of my internship I was faced with the ultimatum, go back to uni for two more years and get a Masters or, with my new found taste for working, go find a job. So I took a punt and put a tweet out:

“any #infosec companies in #Scotland fancy taking me on for a 1 Year internship? Or Anyone anywhere want to hire me “

At the same time I also started a blog and started publishing some of my notes on projects I’d started including building a Macbook and converting the CD drive at the time to an additional drive bay! Following the combo of tweet, blog and some miracle the stars aligned and I got a few folks get in touch wanting to talk to me. Fast forward six months, I started my first full time job in Industry as a penetration tester (still makes me laugh that that’s my title!).

So that’s my story, but in terms of tips to break in here are my top tips:

  • Get social, get on Twitter and get involved in discussions, ask questions and be active.
  • Start a blog and write up about different bits and pieces, have a look at my early posts
  • Go to conferences; they’re fun, reasonably cheap and a great opportunity to meet folks and learn, but not only that actually interact with folks, speak to the sponsors (they could end up becoming employers! My past two jobs have been landed from going to cons!)

What are three of the top traits you should have to work in cyber security?

In terms of traits I’d say be hungry and willing to learn, make sure you can communicate too, we’re all introverts at one point or another but grab life by the horns and dive in at the deep end!
I believe that anyone can become technical if they are willing to learn. Likewise with personal skills, just practice and give it a go, really what is the worst that could happen?


You can get yourself a free e-copy of his book (although he’d appreciate a small donation to fund further books) here. 

Fancy working with Andy at Pen Test Partners? Click here to find out more.