Skip to content

Rootshell Security - Cybersecurity Consultant

Role: Cybersecurity Consultant
Duration: Feb 2022 - Sep 2023 (18 months)
Location: Professional consultancy environment

Overview

During my time at Rootshell Security, I conducted comprehensive security assessments for client organisations, identifying vulnerabilities and providing remediation guidance across diverse IT infrastructure. Led monthly vulnerability management scans for 15+ global organisations while maintaining a 93% client retention rate.

Key Responsibilities

Vulnerability Assessment

  • Led monthly vulnerability management scans for 15+ global organisations
  • Managed enterprise vulnerability scanning platforms including Qualys VMDR and Tenable Suite
  • Utilised BurpSuite Enterprise for comprehensive web application testing
  • Prioritised findings based on business risk and exploitability
  • Produced detailed technical reports for both technical and executive audiences

Penetration Testing

  • Performed penetration tests against web applications, network infrastructure, and internal systems
  • Conducted phishing campaigns and red-team engagements
  • Performed ad-hoc web application pentests, leveraging extensive bug bounty community experience
  • Utilised industry-standard tools including BurpSuite Enterprise, Nmap, and Metasploit Framework
  • Developed proof-of-concept exploits to demonstrate risk to clients
  • Followed structured methodologies (OWASP, PTES) for comprehensive testing

Security Research

  • Conducted proactive vulnerability research during security assessments
  • Discovered CVE-2022-1386, a critical zero-day WordPress vulnerability recognised by NIST
  • Maintained awareness of emerging threats and exploitation techniques
  • Contributed to the broader security community through responsible disclosure

Client Engagement

  • Communicated complex technical findings to diverse stakeholder audiences
  • Provided strategic security recommendations aligned with business objectives
  • Supported remediation efforts through technical guidance
  • Built strong client relationships through professional service delivery
  • Achieved 93% client retention rate while successfully onboarding 5 new clients

Technical Skills Developed

Tools & Platforms

  • Vulnerability Management: Qualys VMDR, Tenable Suite, Nessus
  • Penetration Testing: BurpSuite Enterprise, Metasploit, Nmap, SQLMap
  • Analysis: Wireshark, TCPDump, various OSINT tools
  • Reporting: Custom documentation and client reporting systems

Testing Methodologies

  • OWASP Top 10 and web application security testing
  • PTES (Penetration Testing Execution Standard)
  • Network infrastructure assessment
  • Social engineering assessment frameworks

Vulnerability Categories

Gained extensive experience identifying and exploiting: - Web application vulnerabilities (XSS, SQLi, CSRF, authentication flaws) - Network vulnerabilities and misconfigurations - Active Directory and domain security issues - Cloud infrastructure misconfigurations - Cryptographic weaknesses

Notable Achievements

CVE Discovery

The discovery of CVE-2022-1386 during client work demonstrated: - Deep technical analysis capabilities - Proactive security research mindset - Understanding of responsible disclosure processes - Real-world impact on global WordPress installations

Professional Development

  • Transitioned from foundational security knowledge to advanced practitioner skills
  • Developed client communication and stakeholder management abilities
  • Built comprehensive understanding of enterprise security challenges
  • Established professional network within the security industry

Client Impact

Delivered tangible security improvements for client organisations: - Identified critical vulnerabilities before malicious exploitation - Provided actionable remediation guidance - Reduced client risk exposure through comprehensive assessment - Supported clients in achieving compliance requirements - Achieved 93% client retention rate

Skills Demonstrated

Technical Competency: - Advanced penetration testing capabilities - Systematic vulnerability identification - Tool proficiency across security platforms - Technical documentation and reporting

Professional Skills: - Client relationship management - Clear communication of technical concepts - Time management across multiple engagements - Ethical conduct and responsible disclosure

Business Acumen: - Risk-based prioritisation - Alignment of security findings with business objectives - Understanding of compliance frameworks - Strategic security recommendations

Key Takeaways

This role provided foundational experience in commercial cybersecurity consulting:

  1. Breadth of Experience: Exposure to diverse client environments and security challenges across 15+ global organisations
  2. Practical Application: Real-world application of theoretical security knowledge
  3. Professional Standards: Understanding of industry best practices and client expectations
  4. Continuous Learning: Necessity of staying current with evolving threat landscape
  5. Client Success: Strong client retention through professional delivery

The 18-month tenure at Rootshell Security established a strong foundation for advanced security research and consulting work, directly informing subsequent research at Reversec and academic pursuits.