Garrett Kohlrusch - Security Researcher and Penetration Tester

Garrett Kohlrusch

Security Researcher · Penetration Tester

Offensive security specialist with 100+ validated vulnerabilities across Fortune 500 targets and major tech platforms. Hunter-mentality approach focused on accurate findings, impactful reporting, and actionable remediation.

View Research Contact

Approach

I bring a researcher's curiosity and a penetration tester's precision to offensive security. My background spans responsible disclosure through bug bounty platforms, web application security testing, and building automation tooling for reconnaissance and exploit validation.

Currently completing a BS in Cybersecurity and Information Assurance while transitioning from agriculture into full-time security engineering roles where research is encouraged and technical depth is valued.

Core Competencies

What I Do

Penetration Testing & AppSec

Web applications, APIs, mobile platforms

Bug Bounty & Responsible Disclosure

100+ findings across enterprise programs

Reconnaissance & Automation

Python/JavaScript tooling for attack surface mapping

Exploit Development & Validation

PoC creation, impact demonstration, remediation guidance

Cloud Security Testing

AWS, Azure, GCP attack surface enumeration

Stakeholder Collaboration

Clean reporting, technical communication, team integration

The OSI Model

Network Communication, Layer by Layer

7

Application

HTTP, HTTPS, DNS, SMTP, FTP, SSH

The layer closest to the end user. It provides network services directly to applications like web browsers, email clients, and file transfer utilities. This is where most user-facing interactions with the network begin and end.

Resource sharing Remote access Directory services Email

Click a ring to peel back layers

Recognition

Track Record

NASA Letters of Appreciation (2x)

Recognition for responsible disclosure of security vulnerabilities in NASA systems.

Responsible Disclosure Submissions

Valid vulnerability reports submitted to Meta, Apple, Microsoft, and Fortune 100 companies.

100+ Validated Vulnerabilities

Across enterprise bug bounty programs and responsible disclosure initiatives.

Research

Notable Findings

Critical Authentication Bypass Fortune 500 Financial Services
Critical Stored XSS with Session Exfiltration Major Enterprise Platform
Critical IDOR Exposing Customer PII Insurance Provider API
High Subdomain Takeover Healthcare Infrastructure
High SQL Injection Government System
Multiple Security Vulnerabilities (Responsible Disclosure) NASA
Multiple Valid Security Reports Meta, Microsoft

Credentials

Education & Certifications

Education

BS in Cybersecurity and Information Assurance

In Progress · Sophomore

Certifications

CompTIA Security+ CompTIA Network+ CompTIA A+

Open to Work

Open to Opportunities

Currently seeking penetration testing, application security, or offensive security engineering roles where:

Security is taken seriously from leadership down
Researchers are encouraged to learn and explore
Technical depth is valued over checkbox compliance
Teams collaborate on real-world threat scenarios

Preference for environments with active bug bounty programs, red team operations, or product security teams. Open to remote or relocation from Minneapolis, Minnesota.