zan@nula:~/cv — zsh 80×24
$ whoami --verbose
→ Žan "Zane" Rotar · uid=1337(zan) groups=soc,dfir,re
$ cat /etc/role
→ SOC Analyst · Malware Researcher · DFIR
$ uptime
→ active since 2022-09-08 · status: online
$ ./about.sh

Žan Rotar

// SOC Analyst · Malware Researcher · DFIR

Cybersecurity professional with a love for digging into the unknown — whether it's a malware sample, a CTF challenge, or a rabbit hole in my home lab.

DOB 21.12.2000 Slovenia Based in Ljubljana / Videm-Dobrepolje Status Active SOC @ MORS

$ cat ~/career/experience.log

SOC Analyst running
Sep 2022 — Present
Ministrstvo za obrambo Republike Slovenije · Ljubljana, Slovenia
  • Collection and correlation of security events from multiple sources (SIEM)
  • Analysis of logs, network traffic, and endpoints
  • Malware and malicious code analysis
  • Real-time incident response
  • System administration and ensuring high availability of services
  • Threat intelligence gathering and processing (MISP, OpenCTI)
  • Reverse engineering of suspicious binaries
  • Writing and maintaining technical documentation
  • Monitoring and tuning of detection rules and alerts
  • Collaboration with other teams during security exercises and incidents
Programmer archived
Jun 2018 — Feb 2021
IMS Merilni sistemi d.o.o. · Ljubljana, Slovenia
  • Development of Windows applications in C# (WPF)
  • Development of iOS applications in Swift / Xamarin
  • Bug fixing and maintenance of production code
  • Writing unit tests for the application
Metal Planer Operator archived
Jun 2015 — Aug 2017
Kovinostrugarstvo Janez Klinc s.p. · Videm-Dobrepolje
  • Setup and operation of CNC machines and metal planer
  • Cutting metal stock for downstream machining
  • Final-product packaging

$ ls ~/exercises/

Locked Shields 2026
20–23 Apr 2026
Live-fire cyber defence exercise (CCDCOE).
DFIR
Armython 2025
17–20 Nov 2025
CTF competition held in Jordan.
CTF
Locked Shields 2025
5–9 May 2025
Cyber defence & strategic decision-making exercise.
DFIR
Locked Shields 2024
22–26 Apr 2024
Cyber defence & strategic decision-making exercise.
DFIR
Locked Shields 2023
18–21 Apr 2023
First year participating; contributed to the SIEM team.
SIEM

$ tail /var/log/conferences.log

  • BSides Ljubljana
    Ljubljana
    13.03.2026
  • NT konferenca 2025
    Portorož
    22–24 Sep 2025
  • Chaos Computer Club — 38C3
    Hamburg
    27–30 Dec 2024
  • BSides Ljubljana — Speaker
    Ljubljana
    "Is CyberChef just for Base64?" — talk on using CyberChef for deobfuscation, crypto, and beyond.
    27.09.2024