Llorenç Roma

• Led end-to-end penetration testing engagements across network, web, wireless, mobile, IoT/embedded, and OT environments, including scoping, execution, reporting, and remediation guidance.

• Advised technical and non-technical stakeholders on security risks and remediation strategies aligned with NIST CSF and CIS Controls.

• Managed responsible disclosure and vulnerability coordination with vendors and system developers.

• Conducted vulnerability research in UAV/drone systems, VoIP, side-channel attacks, and automotive security; developed open-source security tools and proof-of-concepts.

• Represented Switzerland at NATO CWIX, contributing to the Secure Voice Working Group and national cyber strategy development.

• Supervised 7+ master’s thesis projects with ETH Zürich, EPFL, and Eurecom on drone security, SCION, and P4 networking.

• Discovered and responsibly disclosed vulnerabilities across multiple vendors and platforms — including web applications, mobile apps, and IoT devices

• Findings include CVEs, GitHub security advisories, and vendor-acknowledged disclosures

• Acknowledged in Garmin's Hall of Fame; DJI: responsible disclosure, CVE pending (expected Jul 2026)

• Performed radio attacks on commercial drones: signal jamming, GPS spoofing, and drone hijacking

• Analyzed PII leakage from commercial drone mobile applications

• Developed open-source Remote ID spoofer and receiver tools; presented at Black Hat Arsenal Europe 2023 and Asia 2026

• Conducted TEMPEST-based HDMI data exfiltration attacks, critical in restricted environments

• Developed an open-source software pipeline for reproducing these attacks, raising awareness of hardware vulnerabilities

Awarded a fully funded scholarship to a double master's degree program at two European universities.

Awarded 1 out of 40 scholarships in Europe to attend a European ICT for Health Summer School in Castres, France.