Hello, my name is Roman Rott!
As an Application Security Engineer, I bring a wealth of experience as a Full-Stack Ruby/JavaScript developer and Technical Support Representative. I have accumulated 17 years of IT expertise throughout my career, with a dedicated focus on web development for more than 10 years.
I am deeply interested in penetration testing, red-teaming, and digital forensics, so I have spent the past 3 years expanding my knowledge to transition from Web Development to Cyber Security.
As a Security Analyst and Penetration Tester for Berezha Security Group, my primary responsibilities involve conducting vulnerability assessments and penetration testing. In addition, I occasionally take part in bug-bounty programs.
Cybersecurity Enthusiast
I enjoy testing websites for security vulnerabilities (both white-box and black-box) independently, as a part of a team, or on the platforms like BugCrowd. During the last 3-4 years, I participated in dozens of Web and Mobile Application Security Assessments, held macOS and Windows Digital Forensics, provided AWS, EKS, and Kubernetes Security Audits.
I was a member of the latest NoNameCon's core team - the Ukrainian community-built practical cybersecurity conference.
I also used to design, deploy and support vulnerable web and mobile applications for CTF hacking games organized or supported by the Berezha Security Group for:
- BruCON 0x0B (2019) — (assisted with creating UI for a vulnerable websites)
- NoNameCon (2018) — Practical Cybersecurity Conference (created admin interface, was one of the Game Masters)
- UISGCon #10, #11, #12 (2014-2016) — Ukrainian InfoSec conference held by Non Government Organization «Ukrainian Information Security Group»
- The Cybersecurity Olympiad «HackIT-2015»
- International forum «Cybersecurity: Ukraine and the world»
Community Development
Contributing to open source projects:
- I am a maintainer of rrott/cosnole.alert - a simple JavaScript library for displaying alerts in the browser console.
- do contributions to OSS in terms of security, like: CVE-2022-25854 - stored XSS in the @yaireo/tagify npm module.
Volunteering:
- I was a team member of the UA30CTF Ukrainian student cybersecurity CTF competition held by SSSCIP, The State Service for Special Communications and Information Protection of Ukraine
- Worked as a full-stack developer, creating and maintaining the website for the NoNameCon 2019.
- Did the same for the annual OWASP Ukraine 2019 Cybersecurity Conference held by OWASP Lviv Chapter
Developing local community:
- Held «Ruby for Pentesters» presentation on the OWASP Kyiv Chapter Kick-off.
- Held «Ruby Security Tips» presentation on the OWASP Kyiv Summer 2019 Meetup
- Had a talk on the 11th Ruby Meditation meetup.
- Partnered with 4 friends of mine to plan and execute several frontend Meetups and the very first Hackathon in Zaporizhzhya city — «24Hack»