Bali, Indonesia
Cybersecurity Expert with 7 years of experience and a proven track record of responsibly identifying and reporting security vulnerabilities. Started reporting 10 security vulnerabilities on Alibaba.com at the age of 14, and reached 100 security vulnerabilities on Alibaba.com at the age of 17. Ranked 1st, Alibaba Bug Bounty Program (2023 – Present). Recognized as a Top Security Researcher by Google (2021) and Alibaba.com (2022). Letters of Appreciation from the University of Cambridge (2023) and Harvard University (2020). Certificates of Appreciation from the Ministry of Communication and Information Technology (2024) and the National Cyber and Crypto Agency (2019). Helped protect the data of 1 BILLION+ users from potential data breaches. Secured 300+ organizations including NASA, WHO, and UNESCO by identifying and reporting 1,000+ security vulnerabilities. Received 50+ letters and certificates of appreciation from various organizations. Conducts technology research with Prof. Ben Koo, Ph.D., from MIT and former Associate Professor at Tsinghua University, under the guidance of Prof. Yohanes Surya, Ph.D., and has collaborated with Prof. Mats Hanson, Professor Emeritus at KTH Royal Institute of Technology, as an informal Student Researcher. Mentored seven junior high school students and presented their progress to General (Ret.) Luhut Binsar Pandjaitan, Chairman of the National Economic Council of Indonesia. Some of the students were personally tested by Elon Musk, H.E. Joko Widodo, President of Indonesia, and Prof. Satryo Soemantri Brodjonegoro, Ph.D., Minister of Higher Education, Science, and Technology of Indonesia. Invited to participate in Indonesia's Higher Education Transformation Program in line with the vision of Golden Indonesia 2045. Website: alessandrorumampuk.com Email: [email protected]
- Identified and reported 20+ security vulnerabilities - Top Google VRP Researcher 2025
- Instructor for Clickjacking, HTML injection, and advanced XSS (Dec 2025 – Present). - Instructor for XSS attacks, advanced XSS, and WAF bypass techniques (Nov 2024 – Aug 2025). - Built 8 private virtual labs for XSS testing. - Built 2 private virtual labs for Clickjacking testing.
I am not a student at KTH Royal Institute of Technology.