Q&A: Gemma Moore

Gemma Moore is one of – if not the – most qualified penetration tester(s) in the country. Her proudest achievement is co-founding Cyberis, staying true to her values and making a real difference to her clients. She dreams of a sector more diverse and thus better equipped to address modern threats...

What would be your dream client and/or project?

I love working on red teaming engagements. It would be fascinating to take a whole critical national function (like banking or central government) and be able to run a red team engagement against the end-to-end function and explore how threats might compromise those critical national functions in a cyber-warfare scenario. No scope boundaries, no limits, nothing off the table!

What’s your biggest professional regret?

When I was younger, I often let anxiety dictate what I was going to do. I missed out on opportunities to network and build relationships with people in the industry because I felt a little bit like an imposter and worried about striking up conversations with strangers. As I’ve matured, it has become clear to me that building relationships is as key to success as building skills and gaining qualifications.  Had I been a bit braver when I was younger, I think it would have benefitted my career.

What was your route into the industry?

Getting into cybersecurity was never part of the grand plan – I fell into it without meaning to. After my degree in computing at Imperial College, I couldn’t decide which specialism in IT felt right. Cybersecurity wasn’t on my radar until I saw a job advertisement for a trainee penetration tester. It sounded like great fun, so I applied and was lucky enough to get the job. I’ve never looked back – I absolutely love working in this field, and penetration testing gave me exposure across all the disciplines I’d been interested in. It’s fast-paced, ever-changing and I never get bored.  

What advice would you give to an industry n00bie?

Imposter syndrome is common in penetration testing – people often feel they’re not technical enough, not skilled enough, not learning enough to belong. Most people around them are feeling the same way! Ignore the thoughts that you don’t belong here or that you’re not good enough – reach out to those people you respect and admire, your interest will be rewarded.

Quick-fire Q&A


  • Dream job? A dog trainer or behaviorist.
  • Surprise us? I’m not much of a technology buff. Once I finish working, give me a good book or a nice walk!
  • Favorite part of your job? The sheer variety of networks, applications and systems we work with. There’s no time to get bored!
  • Worst part of your job?  Customers using penetration testing purely as a compliance-based exercise looking for a tick in the box.  
  • Most important lesson you’ve learned? No matter how much training and awareness you encourage, people will still be human. Make the secure option the easy and seamless option to succeed.
  • Most misunderstood thing about cybersecurity? People believe they can’t make an impact themselves, but every day, every person makes choices that lead to good or bad security outcomes for themselves, their colleagues and the companies they work for.

Bio: Gemma is a founder of the consultancy firm, Cyberis. She is an expert in penetration testing and red teaming. Having been a CHECK Team Leader since 2007, she holds the highest levels of CREST certifications in Infrastructure, Applications and Simulated Attack. Gemma was selected to receive a lifetime CREST Fellowship award in 2017. She is also a member of the CREST GB Executive and chairs the CREST Penetration Testing Steering Committee.

Follow Cyberis @cyberisltd


What’s Hot on Infosecurity Magazine?