Roman Rott

Hello, my name is Roman Rott!

I am an Application Security Engineer with a huge background of a Full-Stack Ruby/JavaScript developer and Technical support representative. I have about 15 years of IT experience and 8 years experience dedicated to web-development. My current interest is in penetration testing and vulnerability analysis and all over the last year I've spend for learning a lot of staff to switch from WebDev to the Cyber-Security.

Ruby and Python are my favorite when it comes to writing simple api or scripts, while EcmaScript/JavaScript and TypeScript are the best one for front-end.

I'm working remotely for clients all over the world and from time to time I take part in bug-bounty programs.

Web Developer

Over the 9 years I occupied different positions in different departments in a big Shared and Cloud Hosting company, 5 of them were in Tech Support department and 4 in IT as a Ruby/Rails developer. There I've gained experience dealing with someone else's code, troubleshooting, debugging and fixing it as well as with catching security flaws and bugs.

For the last 5 years I've been working as a full-stack ruby developer, where I've got extended experience in React, Redux, TypeScript and JavaScript.

I also design and develop vulnerable applications for CTF hacking games that give an opportunity for security enthusiasts to practice their skills. Below is a portfolio that contains a list of such apps and web services.

All of these sites and services were developed using Ruby, JS/ES6, TypeScript, CoffeeScript, React, Redux, Svelte, Sinatra, Padrino and RoR frameworks. Some of them handles large amounts of traffic on daily basis.

My Full-Stack web developer portfolio is a brief summary of the projects samples that I've accomplished during the last years.

Cybersecurity Enthusiast

I enjoy testing websites for security vulnerabilities (both white-box and black-box) independently or on the platforms like BugCrowd I held several internal Web Application Security Assessments for the products I've been working on as a developer, preparing reports and/or fixing found bugs and issues. My interest in the Ethical Hacking has resulted in dozens of found and reported security issues in such services as, ZeroMail,,, etc.

I am a member of NoNameCon 2021 core team - the Ukrainian community-built practical cybersecurity conference.

I also used to design, deploy and support vulnerable web and mobile applications for CTF hacking games organized or supported by the «Berezha Security Group» for:

Community Development

Contributing to open source projects:

I am working on my own open source pet-project on Electron(using React and TypeScript) rrott/cosnole.alert react-toolbox gitlab-org/gitlab-ce


Developing local community: