I am a cybersecurity architect, UNIX/Linux system administrator, software engineer, and currently a master's student of cybernetic security at FEE CTU in Prague, a big fan of open source projects and The OpenBSD Project.

My public projects

• A Complete OpenSSL Certificate Authority - two-layer CA (Root, DV TLS, Personal), private keys on HSM (PKCS#11), OCSP, encrypted key backup
• rtsp-timelapse - Shell script-based routine that takes full-resolution snapshots from IP cam RTSP stream and periodically creates a HEVC timelapse video using FFmpeg.
• webcam-snapshot - Shell script-based routine that takes unique snapshots from live JPEG images published on the Web.
• [CZ] Školní Burza / Online Book Swap - projekt z gymnázia / a grammar school project
• [CZ] Společenská hra Aktivity pro počítač / Aktivity board game for a computer

Miscellaneous

• [CZ] Záznamy zasedání Zastupitelstva města Holic / Holice local government meeting recordings
• [CZ] Nahrávky akademií Gymnázia Dr. Emila Holuba, Holice
• Questions and answers that can help someone (for search engines)

Skills & Work experience

• Programming & scripting:
  • C - UNIX platform programming, STM32, Microchip PIC16,18
  • C++ - school projects
  • C# - .NET Core, .NET Framework (services & Windows Forms)
  • Go - gorm, Fiber (Web API backend)
  • Python - scripting, Django (basic experience)
  • JavaScript - basic frontend scripting (fetch API)
  • Shell - bash, ksh, PowerShell
  • Rust - Actix, Diesel (Web API backend)
  • PHP - low complexity projects
  • HTML, CSS - basic responsive web design
  • LaTeX - writing software documentation
• Database: SQL, InfluxDB (Flux), Prometheus (PromQL)
• Operating systems: OpenBSD, FreeBSD, Linux (Debian-like, Alpine, RHEL, Armbian, Gentoo)
• Server technologies: Proxmox, VMware ESXi, Synology, Nakivo
• Services:
  • Firewall: pf, nftables, iptables
  • VPN: Wireguard, OpenVPN
  • Database: PostgreSQL, MariaDB, Redis
  • nginx, OpenBSD's httpd / relayd
  • FreeRADIUS (complex setup EAP-TLS, TTLS, PEAP-MSCHAPv2)
  • Mail: OpenSMTPD + dovecot + rspamd + Roundcube (complete mailserver)
  • Monitoring & alerting: Prometheus
  • Gitea, Authelia, RustDesk, Jitsi, CUPS, Asterisk (basic knowledge)
• ILP, optimization: Gurobi (basic school experience)
• Traffic analysis: tcpdump, Wireshark, nmap
• Software testing: designing test scenarios (pairwise input, unit, path-based, integration), Gitlab CI/CD, Playwright (basic school experience)
• Tools:
  • Docker - multistage compose, networking
  • git
  • OpenSSL - encrypt, decrypt, X.509
  • ffmpeg - reencode, split, concat, H.264, H.265, rtsp stream processing
  • Draw.io: UML diagrams
• Work experience:
  • 2024: I was responsible for complete ISO 27001 implementation from both technical and administrative scope, namely IT security measures design & implementation, documentation development, employee-training, internal & external audit in small-size company.
  • 2024: designing custom high-level language & compiler implementation for automated label graphics generation
  • 2024: transferring virtual machines from VMware ESXi to Proxmox
  • 2023: S/MIME certificate management, dealing with global CA, gaining EU-trusted Qualified certificates
  • 2023-current: designing, establishing and maintenance of complex private Certification authority (ECC) in small company
  • 2023: Cybersecurity manager course (provided by Seminaria.cz)
  • 2022: implementing custom IP peripheral driver in .NET Core
  • 2019-current: IT administrator (BSD, Linux, MSAD), security architect in small company in Industry IT field
  • 2019-current: maintaining .NET Windows Forms application for output quality assurance in industry, controlling multiple peripherals
  • 2019-20: introducing UNIX-like technologies to small Industry IT company
  • 2016-current: development (PHP) & running online book swap for my grammar school
  • 2016-18: Programming course guidance (grammar school)

Languages

• Czech (native speaker)
• English (B2)
• French (B1)