Jiri’s Notepad

I have worked in various security and infrastructructure-related roles for a wide variety of clients in different industry sectors.

I started while studying for a degree translating BS7799:1996, ETSI and Common Criteria Protection Profiles into Czech language. After that I spent some time implementing firewalls and working on Windows NT and Linux infrastructure hardening as well as conducting security vulnerability testing and audits. This period was then followed by several years when the core of my work was conducting risk analysis and developing security policies and procedures for clients from various industry sectors. This created body of work which we subsequently used to develop translate risk analysis tool called CRAMM and some time after, develop national profile for the purposes of Czech government. At the end of this period I contributed to the only translation of BS7799:2000, which is currently available in Czech. At that point I realised the tragedy of security compliance management where people spend man-years of effort developing tomes of paperwork, which no-one wants and no-one uses.

I changed jobs and started as a security architect with one of the big European consultancy and systems integration houses. I quickly learnt about applications, integration technology and some peculiarities of HMG security requirements. I have done a number of projects mostly developing a business case or a technical and security architecture, typically on large application implementation or integration projects. In one or two cases I worked on the client side as a security manager, developing security strategy and policies for a large ERP implementation programme and trying to make sure it is followed during implementation. Throughout my carreer I have been involved and stranegly enough learnt to like pre-sales and service offer development aspects of my consulting job.

I worked for and learnt to appreciate differences of clients in a wide range of industries. I would say that I have the best understanding of central and local government, legal services and manufacturing sectors, but I also have some experience with telco, insurance and defence clients.

Alongside proffessional and non-professional interests I have, I started this weblog 2 years ago, mainly as a way to learn writing and also as a virtual notepad helping me to capture and conceptualise stuff I am thinking about.