From Graphic Design to ‘Legal Theft’: A Cybersecurity Journey in Australia
Fadzayi Moyo’s path into the world of cybersecurity wasn’t a straight line; she describes it more akin to a “jungle gym” than a traditional career ladder. Her journey has taken her from her birthplace in Zimbabwe to South Africa, and eventually to Perth, Western Australia, where she now thrives as a penetration tester. While initially trained in graphic design, Moyo has discovered a deep-seated connection to cybersecurity that predates her formal training.
“We found a bug when I was doing my work in South Africa. I did not have the vocabulary to articulate what that bug was, but I knew it was bad,” Moyo recalls. This early encounter, which she describes as an accidental discovery, revealed a significant vulnerability. The bug allowed access to sensitive personal information, including names, surnames, past addresses, and even car records, essentially enabling identity theft.
At the time, Moyo lacked the technical jargon to convey the severity of the issue. “I did not even have the vocabulary to articulate to anyone that this is not secure,” she explains. It wasn’t until approximately five years later, after relocating to Australia and undertaking formal cybersecurity training, that she was offered a role as a penetration tester. This opportunity brought a crucial realisation: her earlier experience in South Africa was, in fact, her initial foray into the very field she now works in.
Today, Moyo is a valued member of the Security, Testing and Assurance Team at CyberCX. While the role of a penetration tester is often colloquially referred to as an “ethical hacker,” Moyo expresses a preference for a different terminology.
Understanding the Role: More Than Just Hacking
“I’m not a big fan of using the term hacker because of the negative connotations it comes with,” she states. Instead, Moyo playfully defines her work as being a “legal thief.”
“One of my directors always says, hacking with authorisation is penetration testing, and that’s legal,” Moyo elaborates. “And then hacking minus authorisation is just hacking, you’re just performing criminal activities.” Essentially, companies engage Moyo and her team to proactively attempt to breach their digital defences. This allows organisations to identify weaknesses and fortify their systems before malicious actors can exploit them.
However, the process isn’t always straightforward. Much like her early accidental discovery, penetration tests can sometimes uncover unexpected vulnerabilities.
Moyo explains that during a penetration test, she is provided with strict guidelines outlining the scope of her activities and the specific systems she is authorised to target. Despite these boundaries, it’s not uncommon to stumble upon systems that fall outside the designated scope.
“It happens quite often that you are trying to penetrate a system, and then you get into another system that is probably not in scope,” she notes. When such an occurrence arises, Moyo and her team are obligated to immediately inform all relevant stakeholders involved in the engagement.
The Limits of Legal Hacking
While Moyo and her colleagues operate under the guise of hackers, they face distinct limitations compared to their illicit counterparts.
“If I’m going to do a reconnaissance for an engagement that is only five days, it’s going to take me very little time to do the reconnaissance, and I won’t be able to do it at the same level as a black-hat hacker would do it,” Moyo explains. This is because, unlike illegal hackers who have unlimited time and operate without oversight, penetration testers work within strict, time-boxed engagements.
Busting Cybersecurity Stereotypes
One of the most pervasive misconceptions surrounding cybersecurity professionals is their appearance and working environment. Popular media often portrays them as solitary figures hunched over glowing screens in dimly lit rooms, immersed in streams of green code. Moyo readily debunks this image.
“No dark rooms, no matrix screens … But when it comes to being stuck on your screen all day and trying to figure things out, yes,” she laughs. While acknowledging that some may work from home in less conventional settings, she highlights the diversity within the field. “We are not in a dark room, we are in an office, or maybe, sometimes, if you’re working from home, you’re in a dark room and you wear a hoodie. That does happen.”
Moyo proudly identifies as someone who breaks this mould. “But you get people like me who will do it in heels. Crazy hair, dresses up, and you would not even know what’s coming your way.” Her statement underscores that the skills and dedication required for cybersecurity are not confined to a specific aesthetic, and professionals in the field come from all walks of life, bringing unique perspectives to the critical task of digital security.
This initiative is proudly produced in partnership with Career One.
