I'm the security team in Shoptet, the Central European Shopify alternative. It's a technical role, mostly. I've known Shoptet since at least 2012, I know many Shoptet people, present or past, and I love e-commerce, in my own way, so the decision wasn't that difficult.My Shoptet security team is the smallest and the largest at the same time - because everyone in the company is my team member, some just don't know it yet. It would be very boring without them, and I couldn't do it without them either.We run tens of thousands eshops so there's a chance to influcence and motivate quite a large part of the market, and to royally mess it up, too. I've always loved it, both ways.My mission is to do it like I've always done, be transparent and don't require passwords to be changed every 91.5 days. Yes, we've already rolled out 1Password company-wide, why are you asking?

Helping companies figure out web security, performance, and architecture in general.My goal is to teach web developers (and managers!) how to build secure and fast web applications, that's why I also do some speaking. I've done 100 talks and counting, including 4 times in a row at BSides/Passwords in Las Vegas. My talks are available at https://www.michalspacek.com/talks, though most of them are in Czech.I also run my own public and in-house trainings, using my experience gained during my professional career, be it thinking as a hacker or designing applications as an experienced developer. See https://www.michalspacek.com/trainings for details.I look for and report security bugs, from Atlassian to T-Mobile CZ, was introduced to their Hall of Fames, from Alza to T.S.Bohemia. If you live in the Czech Republic, then my reports prevented leaking your personal data, even more than once. You're welcome :-) I'm a fan and an advocate for security.txt because trying to figure out where to report things shouldn't take this long.

I build report-uri.com, a real-time security reporting tool for both browser reports (CSP, NEL, ...) and email reports (DMARC, TLS-RPT), with Scott Helme and Troy Hunt, both award-winning security researchers and bloggers.We've processed 1.3T reports so far (in Dec 2022, up from 1.2T reports in June 2022 and 1T in Feb 2022, see report-uri.com and scroll down for the current number) currently doing 5k+ requests per second every day – that's some 100k requests before I've even managed to write this sentence. Subscriptions & payments powered by Stripe, report processing uses Cloudflare Workers & Digital Ocean Droplets, PHP 8 & Microsoft Azure Storage.I contribute regularly to the Microsoft Azure Storage SDK. We rely on testing and static analysis to prevent most bugs reaching the production environment. We automate all the things and update our dependencies regularly. We have our vendor directory versioned in Git and for a really good reason, ask me. I've built the initial Stripe payments integration and then switched to Stripe-hosted payment pages few years later. I generally do most of the development nowadays.I know how to build a secure web app, check out our penetration testing reports https://scotthelme.co.uk/tag/penetration-test/We deploy on Fridays, and if you ask I'll tell you how we've managed to do that. We've even upgraded to PHP 8.0 on Friday 13th 👻

I was in charge of all things security: handling our penetration testing response as well as doing testing on my own, handling security incident responses, helping with security measures and design of secure storages and procedures. Also, raising team security awareness and introducing best practices to keep Apiary people safe and secure.

Introduced up-to-date web security concepts and helped build payment and order pickup integrations. Discovered several security issues, introduced better protection for user passwords (no more SHA-1), initiated the move to HTTPS everywhere. Introduced Content Security Policy for resources loaded into our HTML.

Building web applications in PHP (mainly Account https://secure.skype.com/account, Skype Manager https://manager.skype.com and various PCI-DSS certified payment systems 💳, integrations and APIs) and writing backend PostgreSQL functions and scripts in Python.

Infrastructure support, bugtracking software management, knowledge basemanagement, learning- and document management systems analysis & tweaking.

Web sites and on-line applications development, co-founder of www.tojeono.cz webhosting service.

Network, server, workstation administration, user support.

Internet websites and applications, network and server administration(cooperation with WEBMADE, spol. s r.o. on www.tojeono.cz web hostingstart-up; cooperation with Institute of Plant Molecular Biology ASCR,administration of network, servers and workstations).

Internet presentations, websites, graphic designs.