About ZephrSec
The creation of ZephrFish, aka Andy Gill
The creation of ZephrFish, aka Andy Gill
ZephrSec Ltd is the creation of Andy Gill, known online as @ZephrFish. A hacker at heart, an adversary architect, an offensive security leader, an engineer, and a consultant who has always been interested in taking things apart — and sometimes even putting them together again.
With over 15 years in the security industry, Andy specialises in cybersecurity training development and security advisory. Through ZephrSec, the goal has always been simple: give back to the community and pay it forward.
Whether through freely published blog posts, open-source tooling, conference talks, mentoring, or building training courses like Malwareless Adversarial Emulation (MAE), the mission is to help others grow in security — just as others once helped Andy.
Andy is a firm believer in passing knowledge on and supporting the infosec community. He does this through tutorials on his blog, running his local DEF CON chapter, and helping out at DEF CON as a SOC Goon (Red Shirt) each year since DC25, assisting with SOC operations and people flow.
He contributes to the security community through knowledge-sharing, technical assurance, and training content — bridging technical depth with practical application. Both his books and blog have been recognised with awards:
UnsungSecHeroes 2021 — Best Cyber Writer
EU Cyber Security Bloggers Award 2020 — Best Personal Security Blog
He has authored two globally available books aimed at those looking to get into security, available on both Amazon and Leanpub:
Breaking Into Information Security: Learning The Ropes 101
Expanding Your Security Horizons: Learning The Ropes 102
He also pursues creative interests outside security, publishing photography work at photos.zsec.uk.
Andy holds CREST's Certified Red Team Specialist (CCRTS) certification, which is highly regarded and required for regulatory red teaming within the UK and Europe. He has previously held CREST CCT Infrastructure and CHECK Team Leader status, and is a Certified Red Team Operator.
Alongside his professional work, Andy participates in bug bounty programmes, having reported vulnerabilities to over a hundred vendors including the US Dept. of Defense, Facebook, and Oracle.
Andy regularly speaks at security conferences across the UK and Europe. Below is a selection of recorded public talks.
Andy is frequently featured in media articles on cybersecurity topics and has been quoted in Forbes, BBC News, SC Magazine, and the Telegraph among others. His security research includes published CVEs and active participation in bug bounty programmes.
He has also appeared on several podcasts including Human Factor Security, the Offensive Security Podcast, and TMHC Podcast, and maintains a YouTube channel discussing security topics.