Ross Simpson

Web App Development, Scaling, and Security

Cape Town, South Africa
Email: [email protected]

Technical Skills | Work Experience | Achievements | Education

About Me

I have over 20 years of professional experience in web application development and the systems they run on - mostly in e-commerce, fintech, and cyber security industries. I've also run my own consulting company since 2009.

My passion for cybersecurity led me to earn my OSCP in 2018. I've identified serious security flaws in most of the systems I've worked on, been hired to penetration test, and large cyber security platforms.

Recently I've been drawn to compiled languages like Go and Rust, as well as WebAssembly (WASM), for their performance.

Technical Skills

Programming/Scripting Languages

Python
Java (VertX)
NodeJS & TypeScript
Bash
GoLang
Clojure
Ruby on Rails
PHP

Infrastructure

Cloud Platforms and Technologies

Microsoft Azure
Amazon AWS
Google GCP
Web Application Gateways
AWS Lambda / Fargate
CloudFlare

Containerization

Docker
Kubernetes
Calico (Network Policies)

Databases

MySQL / MariaDB
PostgreSQL
MongoDB
Google BigQuery
AWS DynamoDB
AWS Athena

CI/CD Pipelines and Monitoring

Azure DevOps Pipelines
AWS CodePipeline
AWS OpsWorks
Vagrant
Jenkins
SonarQube
Puppeteer
Azure LogAnalytics
Grafana

Other Platforms and Technologies

Apache Spark
ServiceNow
Salesforce
ElasticSearch
Metabase
Microsoft Power BI

Cyber Security

Certificates

Swimlane SOAR: Turbine Administrator - Sep 2024
Varonis Role: Security Teams Learning Path - Aug 2024
Google Security Operations SOAR: Chronicle Certified SOAR Developer (CCSD) - Dec 2023
Google Security Operations SOAR: Siemplify Certified SOAR Analyst (SCSA) - Jun 2022
OffSec Certified Professional (OSCP) - Jun 2018

Services and tools used

Swimlane Turbine
Google SecOps SOAR
Splunk
Azure Sentinel
BurpSuite
Kali Linux
Wireshark
OllyDbg
dnSpy

Work Experience

K-Rad Web Technologies

Owner (May 2009 - Present)
Currently contracting (remotely) through my own company for a European Managed Security Service Provider (MSSP).

Built Azure Cloud based infrastructure and CI/CD pipelines
Developing data extraction/sync jobs and API microservices
Collaborating with the SOAR team to improving automation and performance, reducing SOC analyst workload
Building integrations for third-party security services and products, to meet client needs and improve service offering

Orange Cyberdefense (ZA - remote)

Senior Developer (May 2021 - Apr 2022)
A European based MSSP, with a strong ethical hacking (pentesting) focus and a South African presence.

Developed new features and resolved bugs within the customer portal
Improved integration between the customer portal and ServiceNow
Made improvements to SensePost's training platform
Worked on internal GoLang and machine learning security tools

Deimos (ZA - remote)

Principal Security Engineer (Nov 2020 - Apr 2021)
A cloud-native solutions provider focused on multi-cloud strategies.

Advised clients on microservice architecture design and cloud-native migration
Assisted in the development of a USSD e-commerce system for a large local retailer in C#
Conducted penetration testing for clients, including security vendors, fintech, and cryptocurrency platforms

Bibblio (UK - remote)

Developer (Nov 2016 - Oct 2020)
A machine-learning company specializing in content recommendation to maximize user engagement and content ROI.

Built REST API endpoints in Clojure on AWS cloud infrastructure, using AWS Lambda and an event-driven architecture
Optimized Apache Spark based training process and orchestration, significantly reducing processing times and costs
Developed custom headless-browser diagnosis tools to automate checking and debugging of integrations

Konga Online Shopping (ZA)

Developer (Aug 2015 - Oct 2016)
A large e-commerce company in Africa, serving customers across a range of connectivity levels and devices.

Migrated a monolithic PHP application to Node.js microservices
Built REST and GraphQL API backends for a Progressive Web App featured by Google
Identified and resolved security vulnerabilities in other systems, including a related payment service and its SDKs

Earlier jobs:

VisionOSS - Developer (Apr 2015 - Jul 2015)
Global Kinetic - Security Development and Research (Mar 2014 - Mar 2015)
Platform45 - Ruby on Rails Developer (Jun 2012 - Feb 2014)
Handguns & Tequila - Ruby on Rails Developer (Jun 2010 - May 2012)
JAM Web Designs (USA - remote) - PHP Developer (Aug 2009 - May 2012)
Spaceacre - PHP Developer (Aug 2004 - Jul 2009)

Achievements and Activities

Conferences spoken at:

Hacking "AAA" Unreal Engine Games with... Python? - 2 December 2023
B-Sides Cape Town - "Shall We Play A Game?" - 1 December 2018
0xcon - "Shall We Play A Game?" - 10 November 2018
B-Sides Cape Town - "Docker for Hackers" - 2 December 2017
B-Sides Cape Town - "Lock Picking" - 1 December 2012
B-Sides Cape Town - "Game Hacking" - 1 December 2012
ZaCon - "Game Hacking" - 27 October 2012
ZaCon - "iPhone Hackery" - 9 October 2010

Workshops and events hosted:

Monthly local hacker meetup "0xC0FFEE Cape Town" - from 2016 to present
Def Con 20 Documentary screening @ Labia - 17 August 2013
Android hacking with Mercury (aka Drozer) - 13 July 2013
Hacking with Metasploit - 6 April 2013

Other:

Completed SANS Holiday Hack challenges - from 2016 to present
Created a Unity3D based CTF game "WarAndUnity" - October 2021
Created an 8bit NES Game for BSides Cape Town - December 2016
Participated in Hack The Box
Attended DEF CON 24 and BSidesLV in Las Vegas - August 2016