When Fadzayi Moyo first stumbled upon a bug while working in web development, she saw it as a performance issue.
She was working with a client in a previous role, and at the time, cybersecurity training hadn’t been available to her.
Now, working as a penetration tester, she’s realised there was a much deeper issue.
Moyo was born and raised in Zimbabwe and describes her career path as more of a jungle gym than a ladder.
Her work has seen her move from Zimbabwe to South Africa to Perth, where she currently lives and works.
Originally trained and starting her career in graphic design, Moyo never thought she would end up working in cybersecurity. Now that she does, she’s recognised that she was working in the field much earlier than she thought.
”We found a bug when I was doing my work in South Africa. I did not have the vocabulary to articulate what that bug was, but I knew it was bad,” she tells nine.com.au.
“We found this out by accident … it was their name, their surname, their two previous addresses, their car records, we could get everything that we needed to impersonate someone and steal their identity.
“I did not even have the vocabulary to articulate to anyone that this is not secure.”
Around five years later, Moyo moved to Australia, trained in cybersecurity and was offered a role as a penetration tester.
Fadzayi Moyo studied graphic design and has since found herself in a role as a penetration tester. (Supplied)
It was then that she realised that what she had seen so many years ago was her first foray into the role.
Today, Moyo works as part of the Security, Testing and Assurance Team at Cyber CX.
Colloquially, the role of a penetration tester is referred to as an ethical hacker, but Moyo says she doesn’t love that term.
“I’m not a big fan of using the term hacker because of the negative connotations it comes with,” she says.
In Moyo’s words, she’s paid to be a ‘legal thief’.
“One of my directors always says, hacking with authorisation is penetration testing, and that’s legal,” she explains.
“And then hacking minus authorisation is just hacking, you’re just performing criminal activities.”
Basically, companies hire Moyo and her team to try and hack into their systems as a way to test how secure it is.
But, just like that job all those years ago, sometimes the plan can go off the rails.
Basically, she gets paid to legally hack into systems to test how secure they are. (Supplied)
She explains that when performing a penetration test, she’s given strict guidelines of where she can go and what she is looking for. But every now and then, she’ll come across something she wasn’t expecting.
”It happens quite often that you are trying to penetrate a system, and then you get into another system that is probably not in scope,” she explains.
“If anything outside that has popped up, you inform everyone else who is a key stakeholder in that engagement.”
Even though Moyo and others in her profession are hired to legally take on the role of a hacker, she explains that there are some limitations she faces that those doing the same thing illegally most likely wouldn’t.
“If I’m going to do a reconnaissance for an engagement that is only five days, it’s going to take me very little time to do the reconnaissance, and I won’t be able to do it at the same level as a black hacker would do it,” she says.
“Because they’ve got all the time, there’s no one who’s managing them, they are not an engagement, they are just there. With us it’s time limited, it’s time boxed.”
And while there’s many misconceptions about the role, one of the biggest is about the people themselves.
Thanks to film and TV, many assume that those who work in cybersecurity work in dark rooms surrounded by screens covered in green code, but Moyo says that isn’t the case.
Moyo assures that working in this industry doesn’t look like someone wearing in a hoodie in a dark room. (Getty)
“No dark rooms, no matrix screens … But when it comes to being stuck on your screen all day and trying to figure things out, yes,” she laughs.
“We are not in a dark room, we are in an office, or maybe, sometimes, if you’re working from home, you’re in a dark room and you wear a hoodie. That does happen.
“But you get people like me who will do it in heels. Crazy hair, dresses up, and you would not even know what’s coming your way.”
Produced in partnership with Career One.