CVEalert.io ~ join the waitlist for early access.
O mně: zázemí a zkušenosti
Jsem nezávislý specialista na ofenzivní bezpečnost s více než 19 lety praktických zkušeností v oblasti etického hackingu, se zaměřením na bezpečnost webových aplikací. Kombinuji hluboké, manuální testování s praktickými zkušenostmi z oblasti AppSec v rychle se vyvíjejících produktových týmech a reálných produkčních prostředích.
Spolupracuji přímo s klienty a zakázky vedu jednoduše a transparentně: jasně vymezený rozsah, testování z pohledu útočníka a nálezy prioritizované podle reálné zneužitelnosti a dopadu. Níže najdete stručný přehled mých nedávných zkušeností, certifikací a vybraných profesních úspěchů.
Curriculum vitae
For additional details, see my LinkedIn profile.
Recent professional experience
- Jan 2026 - Present
-
Independent offensive security expert @ AppSecAudit.cz (Freelance)
- Jan 2026 - Present
-
Product Security Architect @ CVEalert.io (Founder)
- Jan 2025 - Dec 2025
-
Founder, Initial Full-Stack Engineer @ CVEalert.io (Earlier role)
- Jul 2023 - Dec 2024
-
Senior Application Security Engineer @ Printify.com (Contract)
- Aug 2022 - Jul 2023
-
Application Security Engineer @ Printify.com (Earlier role)
- May 2023 - Present
-
Czech Chapter Leader @ OWASP.org (Volunteer)
- Jul 2020 - Present
-
Senior Penetration Tester @ TunaSec.com (Non-profit organization)
- Aug 2022 - May 2023
-
Offensive Security Researcher @ Synack.com (Bug Bounty)
- Jun 2019 - Jun 2022
-
Application Security Engineer @ Kiwi.com (Full-time)
- Jun 2020 - Nov 2020
-
Lector of Ethical Hacking course @ Engeto.cz (Seasonal)
- Oct 2018 - May 2019
-
IT Security Assessment Specialist @ Homecredit.net (PPF Group)
Burp Suite Certified Practitioner
This certification, created by PortSwigger's Web Security Academy, demonstrates that I have the ability to:
-
Detect and prove the full business impact of a wide range
of common web vulnerabilities. -
Adapt attack methods to bypass broken defences,
using knowledge of fundamental web technologies. -
Quickly identify weak points within an attack surface,
and perform out-of-band attacks to attack them.
This certification focuses on advanced, real-world web exploitation and is widely regarded as one of the most practical web security certifications.
Reported vulnerabilities (CVEs)
Courses & certifications
- Advanced Web Attacks and Exploitation (AWAE)
- Code Review Badge, PentesterLab
- English C1/C2
Skills (in no particular order)
- Web Application Penetration Testing & Bug Bounty
- Application Security Testing (SAST, DAST, SCA)
- Advanced Web Application Security Audits
- CI/CD Security Assessments & Supply Chain Risk
- Secure Code Review (Web, APIs, Backend & Android)
- Threat Modeling & Real-World Attack Surface Analysis
- Web Application Firewall & Rate Limiting (Cloudflare)