OpenShift AI

August 2023–

• Analysis of the AI "edge" problem space and use cases.

Red Hat Enterprise Linux (RHEL) Security Group

January 2023–July 2023

• RHEL 9 Common Criteria (CC) certification: advisory role to the new team owning the certification while the product heads for check-in to evaluation
• Focus area analysis of technology opportunities and gaps: sigstore, identity and integrity verification (attestation), confidential computing

Platform Security Readiness

February 2020–December 2022

• Product owner of RHEL 9 (CC) certification: established internal process, documentation, and discoverability to make RHEL CC certification business as usual, with focus on timely certification, minimizing surprises and uncertainty; drove transparent communication and collaboration with RHEL engineering and program teams to make RHEL always CC-ready; automation and CI to capture the state of the product; managed handover of the certification ownership to a new team
• Secure Software Management Lifecycle (SSML): RHEL evidence gathering, process documentation and setup; SSML is Red Hat's Software Development Lifecycle framework in situation when vast majority of the product is primarily developed in upstream open-source projects

Security Engineering

May 2018–February 2020

• SWID (Software Identification) ISO/IEC 19770-2:2015 devel lead: research of the standard and SWID tags implementation, focusing on RHEL
• RHEL 8 CC certification tiger effort: SCAP content contributor for Protection Profile for General Purpose Operating (OSPP) 4.2.1
• Frictionless Entitlements contributor: enabling bill-later product access and consumption

OpenShift Security

June 2017–May 2018

• OpenShift Security Team member: authentication and authorization, security context constraints; certificate and secrets provisioning, handling, and lifetime; user namespacing enablement
• Focused on upstream contributions to OpenShift Origin and Kubernetes

Identity Management Engineering

May 2013–June 2017

• Integration Task Force lead: integrating identity management technologies into Red Hat products: OpenShift integration pilot, CloudForms (ManageIQ), RHEV (oVirt), Satellite 5 (Spacewalk), and Satellite 6 (Foreman) external authentication and authorization integration
• FreeIPA containerization, including deployment in Kubernetes and OpenShift
• Secrets distribution from FreeIPA Vault to OpenShift clusters
• SSSD/IPA-enrollment/AD-join container for Atomic platform
• Author and maintainer of Apache authentication and authorization modules

Red Hat Network Satellite Engineering / Spacewalk project

June 2006–May 2013

• Lead technical engineer
• Handling security issues of the product and upstream project
• Debugged hundreds of customer reported cases and escalations, focus on network and database issues
• Bugfix backporting for maintenance releases, hotfix request processing, reviewed hundreds of patches
• Release nanny of multiple release of the Spacewalk project (Satellite's upstream)
• Re-initiated the PostgreSQL database backend support and lead it to production-ready state; database schema migration and validation
• Feature lead for SELinux support and script based reporting
• Initiated and steered multiple infrastructure improvements especially for the build and automation systems (internal processes and systems, Spacewalk's koji in EC2)
• Introduced new technologies to the product (migration to Apache 2 / mod_perl 2, RHEL 5, multiple Fedora versions, Tomcat 7)
• Ambassador of interests of Spacewalk community of users and contributors

Billing of voice services

• Responsible for analysis, design, and development; team lead
• Process coordination both within the company and with with external partners and customers (interconnect, deployment of the system for other companies)
• The billing software allowed the company to successfully enter the voice services market

Other internal systems

• Analysis and development of domain management and domain registrar system
• Supervised development of system for order processing and service provisioning
• Development, certification, and deployment of domain registration system
• Connections to legacy systems, invoicing / reporting / controlling, providing database systems know-how

Information System of Masaryk University — administration of studies and scientific research

• Analysis, architecture specification and design of data model, development of system environment and core modules, application development
• Connections to other university information resources, on-line data transfers
• Electronic applications for admission, payment processing
• Deployment of the system for other institutions (outsourcing)
• Document management system, including conversions of proprietary formats
• Support for ECTS adoption at university level including modification of university regulations, coordination with rector's office

Project Meta-List.net

• Analysis and design of cluster solution for mailing-list archive (clustered MySQL, mod_perl)

• Administration of Unix servers and computer networks (IRIX, Linux, Solaris; ATM)