Ross Simpson

Web App Development, Scaling, and Security

Technical Skills | Work Experience | Community | Education

About Me

I find and solve problems other people miss, whether logic errors in small codebases or vulnerabilities in multi-million dollar platforms - and I "get things done".

I have over 20 years of experience developing web applications in ecommerce, fintech, and cybersecurity industries. I favour "the right tool for the job", doing more with less, and working hard upfront to avoid repeating work later.

Although primarily a developer, I achieved my "Offensive Security Certified Professional" (OSCP) certificate in 2018, have carried out many penetration testing engagements, and am actively involved in the local hacker community.

I've operated in environments with SOC2, GDPR, and other compliance requirements, balancing security with practical engineering, and have run my own consulting company since 2009.

Technical Skills

(in order of most recently used)

Software Development

  • Python
  • Java (VertX)
  • Bash
  • NodeJS & TypeScript
  • Go
  • Clojure
  • GraphQL
  • C#
  • Ruby on Rails
  • PHP
  • Claude Code
  • OpenCode

Infrastructure

Generative AI
  • LiteLLM
  • Ollama
  • Microsoft Foundry
  • Open-WebUI
  • LangChain
  • OpenClaw
Cloud Platforms and Technologies
  • Microsoft Azure
  • Cloudflare
  • Google GCP
  • Amazon AWS
Containerization
  • Docker
  • Kubernetes
  • Calico (Policies)
Databases
  • MySQL / MariaDB
  • PostgreSQL
  • DuckDB
  • Azure SQL
  • MongoDB
  • Google BigQuery
  • AWS DynamoDB
  • AWS Athena
CI/CD Pipelines and tools
  • Azure DevOps
  • SonarQube
  • AWS CodePipeline
  • AWS OpsWorks
  • Jenkins
Automation and Monitoring
  • Grafana
  • Azure LogAnalytics
  • InfluxDB
  • LogicMonitor
  • Puppeteer / Playwright
  • Apache Airflow and Hop
  • N8N
  • HomeAssistant

Cybersecurity

Certificates


Services and tools used
  • Torq Hyperautomation
  • Google Chronicle SOAR
  • Swimlane Turbine
  • BurpSuite
  • HTTP Toolkit
  • Wireshark
  • Kali Linux
  • Splunk

Other Platforms and Technologies

  • ServiceNow
  • Metabase
  • Elasticsearch
  • Apache Spark

Work Experience

Integrity360 (UK - remote)

Senior Developer (May 2022 - Present)
A European based Managed Security Service Provider (MSSP) and cybersecurity company.
  • Setup and configured Azure Cloud based infrastructure and CI/CD pipelines
  • Assisted in migration of >100 clients between external platforms with no downtime or service disruption
  • Developed API microservices serving client-facing applications
  • Designed and setup private AI infrastructure (LiteLLM, Ollama, etc) aligning with compliance requirements (SOC2/GDPR), for use by employees and internal applications
  • Built integrations, data ELTs, and near-realtime syncs between business-critical systems
  • Created monitoring tooling and Grafana dashboards

Orange Cyberdefense (ZA - remote)

Senior Developer (May 2021 - Apr 2022)
A European based MSSP, with a strong ethical hacking (pentesting) focus and a South African presence.
  • Developed new features and resolved bugs within the customer portal
  • Improved integration between the customer portal and ServiceNow
  • Made improvements to SensePost's training platform
  • Worked on internal Golang and machine learning security tools

Deimos (ZA - remote)

Principal Security Engineer (Nov 2020 - Apr 2021)
A cloud-native solutions provider focused on multi-cloud strategies.
  • Advised clients on microservice architecture design and cloud-native migration
  • Assisted in development of a USSD e-commerce system for a large local retailer in C#
  • Conducted penetration testing for clients, including security vendors, fintech, and cryptocurrency platforms

Bibblio (UK - remote)

Developer (Nov 2016 - Oct 2020)
A machine-learning content recommendation company maximizing user engagement and content ROI.
  • Built REST APIs in Clojure on AWS cloud infrastructure, using AWS Lambda and event-driven architecture
  • Optimized Apache Spark based training process and orchestration, reducing processing times and costs
  • Developed custom headless-browser diagnosis tools to automate checking and debugging of integrations

Konga Online Shopping (ZA)

Developer (Aug 2015 - Oct 2016)
A large e-commerce company in Africa, serving customers across a range of connectivity levels and devices.
  • Migrated a monolithic PHP application to Node.js microservices
  • Built REST and GraphQL API backends for a Progressive Web App featured by Google
  • Identified and resolved security vulnerabilities in other systems, including a related payment service and its SDKs

Earlier employment (2004 - 2015)

  • VisionOSS - Developer (Apr 2015 - Jul 2015)
  • Global Kinetic - Security Development and Research (Mar 2014 - Mar 2015)
  • Platform45 - Ruby on Rails Developer (Jun 2012 - Feb 2014)
  • Handguns & Tequila - Ruby on Rails Developer (Jun 2010 - May 2012)
  • JAM Web Designs (USA - remote) - PHP Developer (Aug 2009 - May 2012)
  • Spaceacre - PHP Developer (Aug 2004 - Jul 2009)

Community Activities and Achievements

Conference Talks

Workshops and Events hosted

Other

Education

OffSec

Offensive Security Certified Professional (OSCP) - June 2018


CTI Education Group

Comprehensive Programming Diploma - 2002


π  
Download PDF