Robert Scocca | Red Team Operator & Penetration Tester

About Me

The Story

My Runescape account was hacked when I was a kid. I fell for a watering hole attack at Grand Exchange, and that moment sparked a lifelong obsession with understanding how attacks work—and how to stop them. Today, I'm the one conducting social engineering campaigns with phone calls, emails, and in-person engagements.

With over 6 years in cybersecurity, I've evolved from curious gamer to seasoned red team operator. I've executed 100+ security assessments for multibillion-dollar financial institutions, led purple team exercises, and developed cutting-edge attack methodologies. My work spans network pentesting, web application security, mobile app testing, AI/ML system exploitation, and physical security assessments.

I approach my work with the care, tenacity, and enthusiasm of a craftsman—persistently honing my craft every day. You can make someone do a job, but you can't force someone to care. I genuinely care about security and helping organizations become truly resilient.

Clearance

Top Secret (TS)

Education

B.S. Cybersecurity, Utica University

Specialty

Offensive Security & Red Teaming

Location

New York Area

Blog Views

~5,000/month

Expertise

Technical Arsenal

A comprehensive toolkit for identifying and exploiting vulnerabilities across the full attack surface.

⚔️

Red Team Operations

Full-scope adversary simulation including C2 infrastructure, persistence mechanisms, and evasion techniques.

Cobalt Strike Evilginx MFA Bypass EDR Evasion

🌐

Network Pentesting

Internal and external network assessments with Active Directory exploitation and privilege escalation.

BloodHound Rubeus Impacket Kerberoasting

🔓

Web & API Security

Deep manual testing for OWASP vulnerabilities across modern web applications and REST/GraphQL APIs.

Burp Suite Pro SQLi XSS IDOR

📱

Mobile Security

Android and iOS application testing including reverse engineering and runtime manipulation.

Frida Objection Corellium APK Analysis

🎭

Social Engineering

Phishing, vishing with AI impersonation, pretexting, and physical security assessments.

Gophish Vishing Physical Pentests OSINT

🤖

AI/ML Security

Prompt injection, model exploitation, and adversarial attack simulations on AI-powered systems.

LLM Testing Prompt Injection Adversarial ML

Career Path

Experience

February 2022 — Present

Red Team Operator

NCAE Cyber Games

Executing red team operations and managing C2 infrastructure for a national cybersecurity competition. Leading web app, API, and mobile pentests. Conducting LLM/AI system penetration testing and social engineering campaigns with AI impersonation techniques.

January 2022 — May 2024

Pentesting Consultant - Financial Services

Crowe LLP

Executed 100+ security assessments for multibillion-dollar financial institutions including purple teaming, network pentesting, application testing, and physical security. Developed red team methodology and mentored junior consultants. SME for Cobalt Strike and red team operations.

September 2021 — April 2022

Junior Security Engineer

Cosiant Cyber LLC

Malware analysis of ransomware samples from active APTs. Wrote Yara rules for endpoint detection and reverse engineered malware with assembly. Built detection capabilities with Elasticsearch, Logstash, and Kibana.

October 2020 — April 2021

Cyber Security Technician

Anjolen Inc.

Executed vulnerability scans, penetration tests, and configured phishing campaigns. First professional role in offensive security.

Credentials

Certifications & Training

2021

OSCP

Offensive Security

2021

eWPT

eLearnSecurity

2022

Red Team Operator

Zero-Point Security

2022

Azure Fundamentals

Microsoft

2024

CCSP-AWS

Cloud Security

2024

C-AI/MLPen

AI/ML Pentester

2024

CMPen-Android

Mobile Pentester

2025

Maldev Academy

Malware Development

Writing

Technical Blog

Security Research & Tutorials

Deep dives into offensive security techniques, red team methodologies, CTF writeups, and ethical hacking tutorials.

~5,000 views/month

Visit Blog →

Get In Touch

Let's Connect

Ready to work together?

I'm always interested in discussing red team engagements, security assessments, or opportunities to help organizations strengthen their security posture.

[email protected]