Brigitte Lewis, otherwise known as (t00t_t00t), is a former sociology lecturer turned ethical hacker. She brings a unique perspective to an industry desperately in need of diverse voices. With seven years of bug hunting experience and a PhD in sociology, she’s become a vocal advocate for women in cybersecurity while building a successful career as a penetration tester and security consultant.
Her passion wasn’t originally hacking—she considers writing to be her first love. “Before I discovered hacking, I was writing extensively on lesbian culture. Since then, I’ve pivoted into cybersecurity content,” Lewis said. One of her recent pieces is a poem called King Root, which is a social commentary on the nature of masculine and patriarchal language. Another piece Lewis wrote was an article for The Australian Cybersecurity magazine on penetrating testing and data analytics.
Lewis’s transition from academia to cybersecurity was driven by practical necessity. “Once upon a time, I was a Sociologist teaching all kinds of really interesting classes at Melbourne University on identity, culture, power, and embodiment, which I absolutely loved. Unfortunately, the employment conditions were precarious,” she explains. The harsh reality of academic employment led to a pivotal decision. “With the dream of one day not being homeless as a 60 year old woman, which is an increasing problem in Australia, I decided to upskill in a new area and went back to uni.”
The transition wasn’t smooth. “I failed my first coding test because I hadn’t used that part of my brain in my previous career,” Lewis admits. “I was adept at critical thinking and smashed all those classes, but the really logical, step by step action causation concepts took me a lot longer to master. But I persisted.”
Her breakthrough came through community and mentorship. As Cybersecurity Club Captain at Swinburne University, Lewis was mentored along with a few other women across Melbourne by a brilliant hacker, Esther Lim, in the basics of hacking. This sparked her interest in hacking, along with a chance encounter at an Australian Women in Security Network breakfast with Katherine Robins from Deloitte’s pentesting team.
“Some of my other major influences include Ippsec, The Cyber Mentor, Rana Khalil, Tanya Janca, and most recently Katie (InsiderPhD). Outside of hacking, I love Audre Lorde and her line about the fact that the master’s tools will never dismantle the master’s house,” Lewis said.
Seven years into her hacking journey, Lewis specializes in web applications, APIs, and LLMs, recently earning her PNPT certification. “I used every waking hour I could to learn web apps initially. I bought all the foundational books like the various hackers handbooks, hacked vulnerable machines, and joined platforms like Hack The Box,” she says. “I’m still learning every day.”
This continuous learning is what keeps her passionate about the field. “I really love hacking as a job. It brings me immense joy to chat to clients about how I’ve made their site or application safer and what they can do in the future to ensure a more robust security posture. I am lucky to get to talk tech with people who love it as much as I do,” Lewis reflects. “I also love the learning aspect of the job; it never gets boring because there’s always something new to learn.”
When discussing dangerous vulnerabilities, Lewis gravitates toward access control issues. “I love a good broken access control bug. These happen when a lower level user or a standard everyday account user is able to access admin level pages or functions on a website because the developer assumes that only high privileged users will access particular pages, and then the developer forgets to restrict access,” she explains.
She describes a particularly concerning recent discovery: “A password reset function was able to be used to change any user’s password without verifying that the actual user requested this, so you could take over any user’s account with one simple password reset request, followed by a brute force MFA attack and then get full account take over.”
Her technical toolkit centers around practical efficiency. “Burp Suite is my tool of choice, and I love a good note taking software situation,” she says. “I’ve got my own GitBook that I refer to on the daily, as well as a Joplin template that I created for when I test that includes the OWASP Testing Guide broken down into nodes that I check against.”
On the topic of artificial intelligence in cybersecurity, Lewis brings hands-on experience. “I’ve done quite a bit of AI or Large Language Model (LLM) testing for clients and the issues are often in the way the chatbot is used or what you can convince it to do that is the most dangerous, in terms of cybersecurity,” she observes. However, she emphasizes that the fundamentals remain the same. “Never trust user input, always start from defence in depth, and have your LLM tested by a pentester,” Lewis said.
Lewis doesn’t shy away from discussing the industry’s gender problems. Her career success has come with a sobering realization: “It has made me realize just how far we have to go to make hacking more welcoming for women and diverse populations. Women get paid less, experience more discrimination, and leave the industry in really high numbers, which is reflective of just how difficult it can be to thrive in an overwhelmingly male environment.”
She’s personally witnessed these disparities. “I’ve seen firsthand how many men create space and opportunities for other men to thrive without question, but for the women on pentesting teams, it’s often a fight to be even seen, let alone be given a chance to rise, to be promoted, and to get paid equitably.”
Lewis’s commitment to supporting other women led her to found W0m3nWh0HackM3lbourn3. “I started W0m3nWh0HackM3lbourn3 because I wanted other women to hack with. We were a crew of women-identified hackers who met up once a month and hacked vulnerable machines together while munching on Banh Mi and throwing back a wine or two,” she explains. Though she shut it down during COVID, the experience reinforced her belief that learning should be fun and there are no dumb questions, just things you don’t know yet.
Now she’s channeling her educational passion into her YouTube series OMFG {insert cyber-sec concept here}, designed to inject some fun into the cybersecurity and hacking education space.
Lewis’s advice for newcomers is both practical and empowering. “No-one is an expert in everything. Keep learning every day and one day, you’ll be effortlessly explaining concepts and security risks with the same ease as the people you looked up to,” she says.
However, she doesn’t sugarcoat the challenges, particularly for women. “Hacking is a boys club and you’ll have to work three times as hard to get any recognition. Don’t stay in toxic work environments if you can move on; it’s not worth your mental health. When someone shows you they’re not going to give you the same opportunities as the men on the team, believe their actions, not their assertions otherwise,” Lewis said.
Most importantly, she emphasizes community. “Find your people. It’s a tough industry in general, and ever more so for women and minorities. You need to have a crew you can go to when everything is a bit shit and have them remind you that it’s not just you. You’re not the problem, it’s the bloody patriarchy and misogyny is real.”
Despite the industry’s challenges, Lewis has found ways to thrive while maintaining her wellbeing. She prioritizes self-care through regular gym sessions, meditation, and social connections. “I believe that avoiding burnout is also about finding workplaces that don’t work you into the ground and are cognizant that people have lives and aspirations outside of work.”
Her ultimate message to women entering cybersecurity is one of defiant optimism. “Women in hacking and cybersecurity in general will get told they’re not technical enough all the time (often by non technical men). Don’t listen. Know your worth. Stand your ground and find your people. You deserve to be here and bring so much more to the table that you’ll ever be given credit for.”
As Lewis looks toward 2026, which she believes will be transformative, her journey from sociology lecturer to respected security professional serves as both inspiration and blueprint for others seeking to break into cybersecurity from non-traditional backgrounds.