Hello, my name is Roman Rott!
I am an Application Security Engineer with a huge background of a Full-Stack Ruby/JavaScript developer and Technical support representative. I have about 15 years of IT experience and 8 years experience dedicated to web-development. My current interest is in penetration testing and vulnerability analysis and all over the last year I've spend for learning a lot of staff to switch from WebDev to the Cyber-Security.
Ruby and Python are my favorite when it comes to writing simple api or scripts, while EcmaScript/JavaScript and TypeScript are the best one for front-end.
I'm working remotely for clients all over the world and from time to time I take part in bug-bounty programs.
Web Developer
Over the 9 years I occupied different positions in different departments in a big Shared and Cloud Hosting company, IxWebhosting.com. 5 of them were in Tech Support department and 4 in IT as a Ruby/Rails developer. There I've gained experience dealing with someone else's code, troubleshooting, debugging and fixing it as well as with catching security flaws and bugs.
For the last 5 years I've been working as a full-stack ruby developer, where I've got extended experience in React, Redux, TypeScript and JavaScript.
I also design and develop vulnerable applications for CTF hacking games that give an opportunity for security enthusiasts to practice their skills. Below is a portfolio that contains a list of such apps and web services.
All of these sites and services were developed using Ruby, JS/ES6, TypeScript, CoffeeScript, React, Redux, Svelte, Sinatra, Padrino and RoR frameworks. Some of them handles large amounts of traffic on daily basis.
My Full-Stack web developer portfolio is a brief summary of the projects samples that I've accomplished during the last years.
Take a look at my portfolio
Cybersecurity Enthusiast
I enjoy testing websites for security vulnerabilities (both white-box and black-box) independently or on the platforms like BugCrowd I held several internal Web Application Security Assessments for the products I've been working on as a developer, preparing reports and/or fixing found bugs and issues. My interest in the Ethical Hacking has resulted in dozens of found and reported security issues in such services as rubygems.org, ZeroMail, tagged.com, cater2.me, etc.
I am a member of NoNameCon 2021 core team - the Ukrainian community-built practical cybersecurity conference.
I also used to design, deploy and support vulnerable web and mobile applications for CTF hacking games organized or supported by the «Berezha Security Group» for:
- BruCON 0x0B (2019) — (only assisted with creating UI for a vulnerable website)
- NoNameCon (2018) — Practical Cybersecurity Conference (created admin interface, was one of the Game Masters)
- UISGCon #10, #11, #12 (2014-2016) — Ukrainian InfoSec conference held by Non Government Organization «Ukrainian Information Security Group»
- The Cybersecurity Olympiad «HackIT-2015»
- International forum «Cybersecurity: Ukraine and the world»
Community Development
Contributing to open source projects:
I am working on my own open source pet-project on Electron(using React and TypeScript) rrott/cosnole.alert react-toolbox gitlab-org/gitlab-ceVolunteering:
- Was working as a full-stack developer, creating, configuring CI/CD and maintaining website for the «NoNameCon #2» Practical CyberSecurity Conference (2019)
- Did the same for the annual «OWASP Ukraine» Cybersecurity Conference held by OWASP Lviv Chapter (2019)
- Almost all apps/sites created by me for the CTFs, were prepared for students, non-profit organizations or just for fun.
Developing local community:
- Held «Ruby for Pentesters» presentation on the OWASP Kyiv Chapter Kick-off Meeting.
- Held «Ruby Security Tips» presentation on the OWASP Kyiv Summer 2019 Meetup
- Had a talk on the 11th Ruby Meditation meetup.
- Partnered with 4 friends of mine to plan and execute several frontend Meetups and the very first Hackathon in Zaporizhzhya city — «24Hack»