Roman Rott

Hello, my name is Roman Rott!

As an Application Security Engineer, I bring a wealth of experience as a Full-Stack Ruby/JavaScript developer and Technical Support Representative. I have accumulated 17 years of IT expertise throughout my career, with a dedicated focus on web development for more than 10 years.

I am deeply interested in penetration testing, red-teaming, and digital forensics, so I have spent the past 3 years expanding my knowledge to transition from Web Development to Cyber Security.

As a Security Analyst and Penetration Tester for Berezha Security Group, my primary responsibilities involve conducting vulnerability assessments and penetration testing. In addition, I occasionally take part in bug-bounty programs.

Cybersecurity Enthusiast

I enjoy testing websites for security vulnerabilities (both white-box and black-box) independently, as a part of a team, or on the platforms like BugCrowd. During the last 3-4 years, I participated in dozens of Web and Mobile Application Security Assessments, held macOS and Windows Digital Forensics, provided AWS, EKS, and Kubernetes Security Audits.

I was a member of the latest NoNameCon's core team - the Ukrainian community-built practical cybersecurity conference.

I also used to design, deploy and support vulnerable web and mobile applications for CTF hacking games organized or supported by the Berezha Security Group for:

  • BruCON 0x0B (2019) — (assisted with creating UI for a vulnerable websites)
  • NoNameCon (2018) — Practical Cybersecurity Conference (created admin interface, was one of the Game Masters)
  • UISGCon #10, #11, #12 (2014-2016) — Ukrainian InfoSec conference held by Non Government Organization «Ukrainian Information Security Group»
  • The Cybersecurity Olympiad «HackIT-2015»
  • International forum «Cybersecurity: Ukraine and the world»

Community Development

Contributing to open source projects:

Volunteering:

  • I was a team member of the UA30CTF Ukrainian student cybersecurity CTF competition held by SSSCIP, The State Service for Special Communications and Information Protection of Ukraine
  • Worked as a full-stack developer, creating and maintaining the website for the NoNameCon 2019.
  • Did the same for the annual OWASP Ukraine 2019 Cybersecurity Conference held by OWASP Lviv Chapter

Developing local community:

Recent posts from my blog:

Former Web Developer

Throughout my 9-year tenure at IxWebhosting.com, a large Shared and Cloud Hosting company, I worked in various departments in different positions. During this time, I spent 5 years working in the Tech Support department and 4 years as a Ruby/Rails Developer in the IT department.

There I gained a wealth of experience dealing with code written by other developers, focusing on troubleshooting, debugging, and fixing code. Additionally, I gained extensive experience in detecting and resolving security flaws and bugs.

Afterward, I spent another 5 years working as a Full-Stack Ruby Developer for various US and Europ companies. Meanwhile, I've designed and developed intentionally vulnerable applications for CTF hacking games, which provide a platform for security enthusiasts to practice and enhance their skills.

My portfolio as a Full-Stack Web Developer provides a brief summary of project samples that I completed before transitioning into the Cybersecurity field.

Contact information

contact me:

gpg:
keybase.io/rrott
mail:
roman@rrott.com
roman.rrott@owasp.org
rott.roman@protonmail.com

my resume:

pdf  |  odt  |  docx  |  google docs

twitter:
roman_rott
linkedin:
rrott
GitHub:
rrott
GitLab:
rrott