Roman Rott

Hello, my name is Roman Rott!

As an Application Security Engineer, I bring a wealth of experience as a Full-Stack Ruby/JavaScript developer and Technical Support Representative. I have accumulated 17 years of IT expertise throughout my career, with a dedicated focus on web development for more than 10 years.

I am deeply interested in penetration testing, red-teaming, and digital forensics, so I have spent the past 3 years expanding my knowledge to transition from Web Development to Cyber Security.

As a Security Analyst and Penetration Tester for Berezha Security Group, my primary responsibilities involve conducting vulnerability assessments and penetration testing. In addition, I occasionally take part in bug-bounty programs.

Cybersecurity Enthusiast

I enjoy testing websites for security vulnerabilities (both white-box and black-box) independently, as a part of a team, or on the platforms like BugCrowd. During the last 3-4 years, I participated in dozens of Web and Mobile Application Security Assessments, held macOS and Windows Digital Forensics, provided AWS, EKS, and Kubernetes Security Audits.

I was a member of the latest NoNameCon's core team - the Ukrainian community-built practical cybersecurity conference.

I also used to design, deploy and support vulnerable web and mobile applications for CTF hacking games organized or supported by the Berezha Security Group for:

Community Development

Contributing to open source projects:


Developing local community:

Former Web Developer

Throughout my 9-year tenure at, a large Shared and Cloud Hosting company, I worked in various departments in different positions. During this time, I spent 5 years working in the Tech Support department and 4 years as a Ruby/Rails Developer in the IT department.

There I gained a wealth of experience dealing with code written by other developers, focusing on troubleshooting, debugging, and fixing code. Additionally, I gained extensive experience in detecting and resolving security flaws and bugs.

Afterward, I spent another 5 years working as a Full-Stack Ruby Developer for various US and Europ companies. Meanwhile, I've designed and developed intentionally vulnerable applications for CTF hacking games, which provide a platform for security enthusiasts to practice and enhance their skills.

My portfolio as a Full-Stack Web Developer provides a brief summary of project samples that I completed before transitioning into the Cybersecurity field.