Robert Babaev's Logo


// ABOUT ME //

A caucasian man in a black collared shirt turned at a 45 degree angle and smiling

Hey, I'm Robert! Thanks for stopping by. In the modern world, having not only security be an integral part of the development process but also part of culture is increasingly important in the face of rampant cyberattacks.

That's my mission. Since 2019 I've been involved with cybersecurity, and while I like breaking websites wide open, I love locking them down from attacks. Even this portfolio website has a few nifty security tricks up its sleeve despite the small attack surface. (Try bypassing Cloudflare, and if you laugh I'd love to grab a coffee.)

I've done everything from pitch a cybersecurity business while having just started in the field and still getting into an accelerator, to flying to Europe and collaborating with and competing against some of the best university-level hackers on the planet. Am I the best penetration tester or security developer on Earth? Who knows? But I love educating folks looking to get into the field through presentations at my university, and advocating for better security in both conversation and research.

You can find my contact information at the bottom of this page, below my resume, projects, and articles. Let's chat!

// RESUME //

Sept. 2023 - Present
  • Conducted a security analysis on an automated submission server using Java and expertise in data encoding and networking, identifying and patching a data leakage vulnerability that could have potentially led to hidden input dataset exposure

  • Clarified an assignment ambiguity with a student through active listening and proficiency in algorithms and data structures, pinpointing and addressing core issues related to understanding and approach

May. 2023 - Aug. 2023
  • Developed an automation suite using HTML, JavaScript, and VBA to enhance data audit processes, resulting in a 200\% increase in efficiency

  • Conducted research on a proprietary operating system to evaluate antivirus needs, leveraging expertise in security vulnerabilities and operating system security for a targeted assessment

  • Crafted a comprehensive data flow diagram for an internal service, collaborating with experts and leveraging expertise in firewalls, cloud architecture, and network protocols to present information to auditors

Jan. 2023 - Apr. 2023
  • Investigated a client application issue on an Azure Virtual Machine, utilizing Docker, networking, and cloud platforms to pinpoint the root cause of monitoring software failure

  • Implemented a C\# and ASP.NET feature in a Windows environment to export system log data in CSV format, streamlining log processing for IT personnel

  • Resolved a high-priority ticket blockage in a development environment by identifying and rectifying a discrepancy using SQL, ensuring seamless progress

  • Explored artificial intelligence and machine learning technologies to identify monitoring tool enhancements, presenting findings to company leadership and incorporating a new technology into the tool's potential tech stack

May. 2022 - Aug. 2022
  • Identified and addressed hard-coded credentials in a Ruby on Rails application, mitigating potential risks from source code leaks

  • Detected a critical denial-of-service condition in a medical application using regular expressions and Burp Suite, averting a potential system shutdown

  • Developed a BASH script for Nmap scans on all subdomains of a given domain, streamlining reconnaissance in security testing

  • Developed a Python script employing concurrent programming and web scraping techniques to parse library manifests and scan for vulnerabilities on Snyk, enhancing static analysis speeds for vulnerable components by 200\%

  • Utilized AWS Elastic Compute Cloud to deploy a server, leveraging networking expertise to assess web application server-side request forgery vulnerabilities

  • Contributed findings to client-facing reports, applying CVSS and DREAD scoring, CIA triad principles, and realistic attack scenarios to fortify client security posture

Jan. 2022 - Apr. 2022
  • Engineered an HTML-based document renderer, replacing an unmaintainable MS Word-based generator. Utilized HTML/CSS, JavaScript, and template engines to create a robust solution for generating professional reports in a sustainable manner

  • Conducted vulnerability assessments on a WordPress site using wpscan and OWASP ZAP, uncovering two instances of outdated components with known security vulnerabilities

  • Performed a thorough review of source code for a client-facing application, employing vulnerability databases, search engines, and NodeJS expertise. Identified an unmaintained library spanning 8 years, prompting the adoption of more contemporary and secure code

  • Resolved a critical issue in Django Forms causing data disappearance. Employed rigorous testing and source code review to pinpoint the root cause, averting data corruption and preventing severe delays in report delivery

May. 2021 - Dec. 2021
  • Fixed a Java-based Intellij code scanner bug using integrated debuggers and creative troubleshooting to ensure proper rendering of custom breakpoint icons, preserving the professional appearance of the application

  • Developed and implemented a secure password reset feature using Angular and Django, as well as researching one time passwords to enhance website security

  • Established a comprehensive backup and restore workflow for an internal tool using Django management scripts and the SendSafely REST API, enabling disaster recovery and DevOps version control

  • Implemented a secure authentication system for a client-facing application with Single Sign-On and JWT authentication in TypeScript and SvelteKit, ensuring authentication without storing client credentials

  • Managed Docker-based application deployments, applying self-taught skills in both Docker and Git to adapt the environment in line with Agile development practices

  • Accelerated GitHub repository curation for a collaborative event with CENGN by 350\% through a Python script utilizing the GitHub API

  • Developed custom PostgreSQL queries to aggregate data in Django, enhancing data visualization for employee performance analysis


Project NOAH // 2023 - Present (WIP)

Stack: Notion, Python, FastAPI, NextJS, React, GraphQL

  • Developed a campaign planner for the Lancer TTRPG, evolving from a Notion template to an in-progress SaaS application

  • Addressed a significant barrier to entry in the Lancer community by analyzing needs through discussions and personal experience, resulting in the sale of over 100 licenses

  • Explored GraphQL and REST differences, determining that GraphQL was optimal for Project NOAH's data model with potential deep nesting

  • Designed a Notion template leveraging relational databases like PostgreSQL, streamlining campaign notes storage across multiple documents for improved accessibility


KaliDocker // 2023 - Present

Stack: Linux, Docker, BASH

  • Created a system for easy setup of Kali Linux Docker containers for CTF events, utilizing Just for a hassle-free setup with minimal dependencies


Personal Website // 2021 - Present

Stack: SvelteKit, Django, PostgreSQL, Nginx, Docker, Github Actions, Digital Ocean

  • Maintaining continually evolving, cloud-hosted web application with focus on ease of maintenance and security, leveraging knowledge of Docker, web servers, IPv4 networking, and security principles to keep site running smoothly


Selenium Oxide // 2022 - 2022

Stack: Python, Selenium, Burp Suite, Git

  • Engineered browser-based web exploitation library in Python using Selenium, featuring builder pattern workflow, stealth functions, cookie manipulation, and proxy compatibility


CourseFull // 2023 - Present

Stack: Java, Spring Boot, Angular

Elevator Control System // 2022 - 2022

Stack: C/C++, Qt

VibeChek // 2022 - 2022

Stack: NodeJS, Svelte, SQL, Git, Spotify API

Hangar // 2021 - 2022

Stack: Rust