Ross Simpson

Web App Development, Scaling, and Security

About Me

I have over 20 years of professional experience in web application development and the systems they run on - mostly in e-commerce, fintech, and cyber security industries. I've also run my own consulting company since 2009.

My passion for cybersecurity led me to earn my OSCP in 2018. I've identified serious security flaws in most of the systems I've worked on, been hired to penetration test, and large cyber security platforms.

Recently I've been drawn to compiled languages like Go and Rust, as well as WebAssembly (WASM), for their performance.

Technical Skills

Programming/Scripting Languages

  • Python
  • Java (VertX)
  • NodeJS & TypeScript
  • Bash
  • GoLang
  • Clojure
  • Ruby on Rails
  • PHP

Infrastructure

Cloud Platforms and Technologies
  • Microsoft Azure
  • Amazon AWS
  • Google GCP
  • Web Application Gateways
  • AWS Lambda / Fargate
  • CloudFlare
Containerization
  • Docker
  • Kubernetes
  • Calico (Network Policies)
Databases
  • MySQL / MariaDB
  • PostgreSQL
  • MongoDB
  • Google BigQuery
  • AWS DynamoDB
  • AWS Athena
CI/CD Pipelines and Monitoring
  • Azure DevOps Pipelines
  • AWS CodePipeline
  • AWS OpsWorks
  • Vagrant
  • Jenkins
  • SonarQube
  • Puppeteer
  • Azure LogAnalytics
  • Grafana
Other Platforms and Technologies
  • Apache Spark
  • ServiceNow
  • Salesforce
  • ElasticSearch
  • Metabase
  • Microsoft Power BI

Cyber Security

Certificates Services and tools used
  • Swimlane Turbine
  • Google SecOps SOAR
  • Splunk
  • Azure Sentinel
  • BurpSuite
  • Kali Linux
  • Wireshark
  • OllyDbg
  • dnSpy

Work Experience

K-Rad Web Technologies

Owner (May 2009 - Present)
Currently contracting (remotely) through my own company for a European Managed Security Service Provider (MSSP).
  • Built Azure Cloud based infrastructure and CI/CD pipelines
  • Developing data extraction/sync jobs and API microservices
  • Collaborating with the SOAR team to improving automation and performance, reducing SOC analyst workload
  • Building integrations for third-party security services and products, to meet client needs and improve service offering

Orange Cyberdefense (ZA - remote)

Senior Developer (May 2021 - Apr 2022)
A European based MSSP, with a strong ethical hacking (pentesting) focus and a South African presence.
  • Developed new features and resolved bugs within the customer portal
  • Improved integration between the customer portal and ServiceNow
  • Made improvements to SensePost's training platform
  • Worked on internal GoLang and machine learning security tools

Deimos (ZA - remote)

Principal Security Engineer (Nov 2020 - Apr 2021)
A cloud-native solutions provider focused on multi-cloud strategies.
  • Advised clients on microservice architecture design and cloud-native migration
  • Assisted in the development of a USSD e-commerce system for a large local retailer in C#
  • Conducted penetration testing for clients, including security vendors, fintech, and cryptocurrency platforms

Bibblio (UK - remote)

Developer (Nov 2016 - Oct 2020)
A machine-learning company specializing in content recommendation to maximize user engagement and content ROI.
  • Built REST API endpoints in Clojure on AWS cloud infrastructure, using AWS Lambda and an event-driven architecture
  • Optimized Apache Spark based training process and orchestration, significantly reducing processing times and costs
  • Developed custom headless-browser diagnosis tools to automate checking and debugging of integrations

Konga Online Shopping (ZA)

Developer (Aug 2015 - Oct 2016)
A large e-commerce company in Africa, serving customers across a range of connectivity levels and devices.
  • Migrated a monolithic PHP application to Node.js microservices
  • Built REST and GraphQL API backends for a Progressive Web App featured by Google
  • Identified and resolved security vulnerabilities in other systems, including a related payment service and its SDKs

Earlier jobs:

  • VisionOSS - Developer (Apr 2015 - Jul 2015)
  • Global Kinetic - Security Development and Research (Mar 2014 - Mar 2015)
  • Platform45 - Ruby on Rails Developer (Jun 2012 - Feb 2014)
  • Handguns & Tequila - Ruby on Rails Developer (Jun 2010 - May 2012)
  • JAM Web Designs (USA - remote) - PHP Developer (Aug 2009 - May 2012)
  • Spaceacre - PHP Developer (Aug 2004 - Jul 2009)

Achievements and Activities

Conferences spoken at:

Workshops and events hosted:

Other:

Education

OffSec

Offensive Security Certified Professional (OSCP) - June 2018


CTI Education Group

Comprehensive Programming Diploma - 2002


Download PDF