Ross Simpson
Hacker, Coder, OSCP
- Cape Town, South Africa
- Email: [email protected]
About Me
I've always been interested in how computers work, which led me to a career in software development, with a keen interest in cyber security. I obtained my OSCP in June 2018.
My focus has been on backend systems, scaling and security. I'm a big believer in using the right tool for the job. Much of the work I've done has been in the e-commerce and fintech space.
Alongside my software development career I've run K-Rad Web Technologies - a web consultancy and penetration testing company started in 2009.
Technical Skills
Programming
- Python
- NodeJS / TypeScript
- Java (VertX)
- Clojure
- Ruby on Rails
Infrastructure
- Docker Kubernetes
- Amazon, Azure and Google cloud
- Serverless and event-driven architecture
Cyber Security
- OSCP Certified
- Web application and API penetration testing
- Google Siemplify Certified SOAR Analyst
Work Experience
May 2022 - Present
K-Rad Web Technologies
Owner
- Penetration testing, cloud infrastructure and microservices, SOAR integrations
- Technologies: Google Siemplify, Python, Azure cloud, Kubernetes, Burp Suite
May 2021 - Apr 2022
Orange Cyberdefense
Senior Developer (remote)
- Development on the Customer Portal and training platform, migration to ServiceNow
- Technologies: GoLang, Java VertX, Google Cloud, TypeScript, GitLab
Nov 2020 - Apr 2021
Deimos
Principal Security Engineer (remote)
- Performing penetration tests for clients, reviewing and advising on security practices
- Technologies: Google Cloud, Burp Suite, .Net, Elixir, Kubernetes
Jul 2009 - Oct 2020
K-Rad Web Technologies
Owner
- Web Application security audits, penetration testing, development and consulting
- Technologies: Kali Linux, Burp Suite, AWS Web Services, Google Cloud
Nov 2016 - Oct 2020
Bibblio (UK)
Developer (remote)
- Building backend services and APIs using stream processing; improving performance
- Technologies: Clojure NodeJS, AWS Lambda and Kinesis, Apache Spark
Aug 2015 - Oct 2016
Konga Online Shopping
Developer
- Building API microservices and detecting + fixing security issues
- Technologies: NodeJS, Docker, AWS EC2 and OpsWorks, ElasticSearch
Apr 2015 - Jul 2015
VisionOSS
Developer
- Worked on "VOSS-4-UC" (unified communications platform)
- Technologies: Python, MongoDB, Git, Vagrant
Mar 2014 - Mar 2015
Global Kinetic
Security Development and Research
- Advising and assisting with security on "Zapper" (a mobile payment application)
- Technologies: XCode, Node.js, Mono and .Net
Jun 2012 - Feb 2014
Platform45
Ruby on Rails Developer
- Agile development - scrum methodologies, pair programming and project management
- Technologies: Ruby on Rails, PostgreSQL, Heroku, EngineYard, ElasticSearch
Achievements and Activities
Conferences spoken at:
- B-Sides Cape Town - "Shall We Play A Game?" - 1 December 2018
- 0xcon - "Shall We Play A Game?" - 10 November 2018
- B-Sides Cape Town - "Docker for Hackers" - 2 December 2017
- B-Sides Cape Town - "Lock Picking" - 1 December 2012
- B-Sides Cape Town - "Game Hacking" - 1 December 2012
- ZaCon - "Game Hacking" - 27 October 2012
- ZaCon - "iPhone Hackery" - 9 October 2010
Workshops and events hosted:
- Monthly local hacker meetup "0xC0FFEE Cape Town" - from 2016 to present
- Def Con 20 Documentary screening @ Labia - 17 August 2013
- Android hacking with Mercury (aka Drozer) - 13 July 2013
- Hacking with Metasploit - 6 April 2013
Other:
- Completed SANS Holiday Hack challenges - from 2016 to present
- Completed Siemplify Certified SOAR Analyst - June 2022
- Created a Unity3D based CTF game "WarAndUnity" - October 2021
- Obtained Offensive Security Certified Professions (OSCP) - June 2018
- Created an 8bit NES Game for BSides Cape Town - December 2016
- Attended DEF CON 24 and BSidesLV in Las Vegas - August 2016
- Interviewed on Radio 702 about Hacktivism and the SAPS site hack - May 2013