Tomáš Polešovský

Director, InfoSec at topolik.cz s.r.o.

Brno, South Moravia, Czechia
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts

Summary

👤
Senior
🎓
Top School
Tomáš Polešovský is a technical, hands-on Director of InfoSec with 14+ years of experience who evolved from a Java web developer into a pragmatic security leader focused on measurable controls over theater. He leads global security at Liferay, blending program management, incident response, SOC operations and cloud-native protections (CNAPP/CSPM/CWP) with deep AppSec roots and secure SDLC practices. An active open-source contributor and FindSecBugs maintainer, he has directly improved Java/SpotBugs security analysis and fixed real-world XSS issues in Liferay plugins. Comfortable in both policy and code, he pairs compliance expertise (ISO27k, SOC2, HIPAA, NIST, GDPR/NIS2) with gritty engineering—lock picking and forensics included—to close the gap between risk appetite and operational reality.
code14 years of coding experience
job15 years of employment as a software developer
bookMaster's degree, IT, Theoretical computer science, Master's degree, IT, Theoretical computer science at Masaryk University Brno
bookGeneral Education, General Education at Gymnázium Františka Palackého
github-logo-circle

Github Skills (20)

static-analysis10
taint10
jsp10
audit10
findbugs10
liferay10
java10
security10
javas10
owasp10
code-analysis10
jspx10
xss10
xs10
auditing10

Programming languages (8)

JavaShellTeXSCSSJavaScriptHTMLGroovyPython

Github contributions (5)

github-logo-circle
find-sec-bugs/find-sec-bugs

Jun 2016 - Apr 2020

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
Role in this project:
userBack-end & Security Engineer
Contributions:45 commits, 17 PRs, 40 comments in 3 years 10 months
Contributions summary:Tomáš primarily contributed to the security auditing features of the Java web and Android application SpotBugs plugin. Their work involved refactoring and enhancing the taint analysis configuration, focusing on method summaries, class summaries and field configurations. They also added features for the analysis of custom injection configurations and addressed false positives in the taint analysis, which included refactoring of existing code, as well as refactoring of existing code and support for new features like portlet injection.
groovyjava-webstatic-analysissecurity-auditweb-applications
liferay/liferay-plugins

Jun 2012 - Nov 2017

Role in this project:
userFull-stack Developer
Contributions:41 commits in 5 years 5 months
Contributions summary:Tomáš contributed to various aspects of the Liferay plugins repository. They addressed XSS vulnerabilities in multiple portlets, including the Calendar and Web Form portlets. Additionally, the user refactored code to use `escapeJS` instead of `encodeURIComponent` and improved the display logic in several portlets based on the presence of the portlet on a page. They also made minor code changes in sample hook configurations and added copyright information.
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Tomáš Polešovský - Director, InfoSec at topolik.cz s.r.o.