Andy began his career in IT by fixing other people’s computers and rescuing data from the brink, before transitioning into the world of offensive security. These days, he’s a seasoned red teamer and penetration tester by trade, with a passion for research, tooling, and blogging after hours.

With a decade-plus of hands-on experience, Andy has worked across a broad spectrum of offensive security domains, including penetration testing, threat-led red teaming (both regulatory and bespoke), purple teaming, adversary emulation, and security capability development. He’s played a key role in delivering intelligence-led engagements aligned to frameworks and has helped organisations build resilience through realistic threat simulation and collaborative defence testing.

Beyond the day job, Andy has a strong track record in community involvement and education. He was the organiser of a local DEF CON group (DC44141), regularly presents at global security conferences, and runs training sessions focused on red teaming tradecraft, malwareless access, and adversary simulation. He’s also the author of numerous technical articles and walkthroughs published on his blog, often mixing clarity, humour, and depth to demystify complex topics in offensive security.

Andy enjoys photography and long drives outside of tech, finding creative and reflective space away from the screen. Whether you catch him speaking on stage or in the pub at a con, he’s always keen to talk shop, swap stories, or help others level up.

You can read more on his blog at https://blog.zsec.uk or his handle on the internet is @ZephrFish.