Tomáš Polešovský is a technical, hands-on Director of InfoSec with 14+ years of experience who evolved from a Java web developer into a pragmatic security leader focused on measurable controls over theater. He leads global security at Liferay, blending program management, incident response, SOC operations and cloud-native protections (CNAPP/CSPM/CWP) with deep AppSec roots and secure SDLC practices. An active open-source contributor and FindSecBugs maintainer, he has directly improved Java/SpotBugs security analysis and fixed real-world XSS issues in Liferay plugins. Comfortable in both policy and code, he pairs compliance expertise (ISO27k, SOC2, HIPAA, NIST, GDPR/NIS2) with gritty engineering—lock picking and forensics included—to close the gap between risk appetite and operational reality.
14 years of coding experience
15 years of employment as a software developer
Master's degree, IT, Theoretical computer science, Master's degree, IT, Theoretical computer science at Masaryk University Brno
General Education, General Education at Gymnázium Františka Palackého
The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
Role in this project:
Back-end & Security Engineer
Contributions:45 commits, 17 PRs, 40 comments in 3 years 10 months
Contributions summary:Tomáš primarily contributed to the security auditing features of the Java web and Android application SpotBugs plugin. Their work involved refactoring and enhancing the taint analysis configuration, focusing on method summaries, class summaries and field configurations. They also added features for the analysis of custom injection configurations and addressed false positives in the taint analysis, which included refactoring of existing code, as well as refactoring of existing code and support for new features like portlet injection.
Contributions summary:Tomáš contributed to various aspects of the Liferay plugins repository. They addressed XSS vulnerabilities in multiple portlets, including the Calendar and Web Form portlets. Additionally, the user refactored code to use `escapeJS` instead of `encodeURIComponent` and improved the display logic in several portlets based on the presence of the portlet on a page. They also made minor code changes in sample hook configurations and added copyright information.
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Tomáš Polešovský - Director, InfoSec at topolik.cz s.r.o.