Roi Kol

Security Researcher at Aqua Security

Israel
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts

Summary

🤩
Rockstar
🎓
Top School
Roi Kol is a security researcher with a decade of hands-on experience in cyber defense and applied kernel-level tooling, currently advancing threat detection at Aqua Security. His background includes four years in IDF cyber units and deepening technical studies in computer science, giving him a practical and disciplined approach to security engineering. Roi contributes to prominent open-source projects like aquasecurity/tracee, adding eBPF-based signatures in Go to detect subtle indicators such as stdio-to-socket redirection and unauthorized file access. He blends low-level systems expertise with real-world incident awareness, focusing on building auditable, runtime security controls that scale in production environments. Colleagues describe him as a detail-oriented researcher who turns kernel insight into actionable detection logic.
code10 years of coding experience
bookComputer Science, Computer Science at The Open University of Israel
github-logo-circle

Github Skills (11)

it-security10
go10
ebpf10
security9
linux-security-module9
linux-kernel9
linux9
kernel9
container8
golang8
run-time7

Programming languages (2)

CGo

Github contributions (5)

github-logo-circle
aquasecurity/tracee

Feb 2021 - Jan 2023

Linux Runtime Security and Forensics using eBPF
Role in this project:
userBack-end Developer & Security Engineer
Contributions:131 reviews, 100 commits, 92 PRs in 1 year 11 months
Contributions summary:Roi contributed to the security features of the `tracee` project, specifically by adding signatures. These signatures focused on identifying potential security vulnerabilities, such as standard input/output redirection to a socket and unauthorized access to sensitive files, using Go. The commits demonstrate an understanding of eBPF and kernel security, as the signatures are built to run with the `tracee` eBPF engine.
bpfgolangsecurity-toolssecurityruntime
roikol/tracee

Jan 2021 - Nov 2023

Container and system event tracing using eBPF
Contributions:1 PR, 308 pushes, 92 branches in 2 years 10 months
tracingebpfdockerobservabilityevent-system
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Roi Kol - Security Researcher at Aqua Security