20+ years in Linux and infrastructure security. From securing Kubernetes clusters and managing PKI to designing zero-trust architectures — I build systems that stay resilient.
Security architect and Linux veteran with over 20 years of hands-on experience across telco, enterprise IT and IoT. I've managed fleets of 800+ servers at HP, designed telecom core systems, and now focus on what I'm most passionate about — building secure infrastructure from the ground up.
Currently working on Kubernetes security, PKI, secrets management with HashiCorp Vault, and software supply chain security. I hold certifications including CEH, RHCE, and Utimaco Security HSM Engineer, backed by a Master's degree in Telecommunications.
I speak Slovak natively and English at an advanced level. Outside of work, I'm a tech enthusiast who enjoys photography and travelling. Always eager to experiment with open-source tools and emerging technologies.
From Linux kernel hardening to cloud-native security — a full-stack security toolkit.
Expert-level administration and hardening across enterprise Linux distributions and BSD systems. x86 & ARM.
PKI design, secrets management, identity federation, SELinux, Linux namespaces, OWASP and application security.
Kubernetes security, container hardening, supply chain security and SBOM management.
Building monitoring stacks, IDS/IPS, log analysis and proactive threat detection.
Infrastructure as code, custom tooling, scripting for security automation and provisioning.
Network and application protocols, VPN, firewalls, QoS. From SS7 and SIP to HTTP, IMAP/SMTP and DLMS/COSEM.
20+ years building secure infrastructure across telco, enterprise and IoT.
Designing and implementing security architecture for cloud-native infrastructure. Managing PKI, secrets management with HashiCorp Vault, and identity federation via Keycloak and OIDC. Driving Kubernetes and container security posture. Establishing software supply chain security practices including SBOM generation and vulnerability tracking with DependencyTrack.
Architected end-to-end smart metering and IoT data collection solutions for the utility sector based on the DLMS/COSEM standard, covering remote electricity meter reading, data processing and automated measurement infrastructure. Served as Security Engineer across all delivered projects, providing comprehensive security assessments. Built and maintained enterprise monitoring with Zabbix across UNIX/Windows servers, IPMI hardware and SNMP infrastructure.
Managed a fleet of 800+ HP-UX and Linux servers, supporting global HP teams across monitoring, performance and infrastructure. Built internal tooling for automation, OS patching and deployment workflows.
Designed telco core network components for IP Multimedia Subsystem (IMS) according to 3GPP/IETF/ETSI standards. Built SIP routing platforms and payment service architectures for telecom operators.
Deployed Asterisk PBX and OpenSER into corporate networks. Designed enterprise voice VPN solutions with SIP integration. Delivered internal training on networking and VoIP technologies.
Extensive hands-on experience with open-source technologies across the full stack.
PKI infrastructure, secrets lifecycle management, identity federation and SSO for enterprise environments.
SBOM generation, dependency vulnerability tracking, container image scanning and runtime security.
IDS/IPS deployment, penetration testing, network analysis and threat detection stacks.
Full-stack infrastructure: web servers, databases, DNS, mail, VPN, HA clusters and monitoring.
Professional certifications and education validating my expertise.
Open for consulting, collaboration and new opportunities. Based in Bratislava, Slovakia.