Kevin Roh

• Conduct security reviews which consist of: design reviews (threat modeling), code review, and penetration testing of Okta's product and functionality, as well as, Auth0 to discover unintentional behaviors and vulnerabilities
• Contributed and developed the current processes of the Application Security/Product Security team
• Collaborate with engineers to develop and implement mitigation strategies
• Managing Okta's Bug Bounty Program
• Managing the teams Oncall processes
• Developed a Slack bot to assist in cross team communication and collaboration
• In short, I find vulnerabilities and break things

• I got better at hacking and breaking things

• I hack and break things

• Performed validation and impact analysis, reproduction, packing, and escalation of vulnerabilities of client delivery
• Provide client-facing technical insights and explanation on the severity and importance of the vulnerabilities
• Perform penetration testing on web and mobile applications and hosts provided by the client
• Create automated tools written in Python to help perform everyday tasks

While being on the Synack Red Team I was not an employee of Synack. The Synack Red Team is a private network of highly-curated and vetted security researchers from across the globe. Basically, another bug bounty program that is more private.

• Discovered over 100 vulnerabilities in the span of half a year

While being a Security Researcher for HackerOne, I was not an employee of HackerOne. HackerOne is a bug bounty platform which allows security researchers to safely report vulnerabilities to companies.