One Security Partner for
Founder-Led SMEs
For founder-led European SMEs that need practical security ownership, stronger customer trust, ISO 27001 readiness, or NIS2 scope clarity - only where those frameworks genuinely apply.
Petr Pospíšil
Cybersecurity Architect & vCISO
Expertise
Credentials and track record
My Path to Mastery
Ethical Hacker
Started as a Red Teamer. I learned exactly how attackers think and exploit vulnerabilities.
Threat Hunter
Shifted to Blue Team. Proactively hunting for threats I used to emulate.
Information Security Manager
Managed security for a Global Retail Enterprise. Focused on Threat Intel & Strategy.
Cybersecurity Architect
Independent Consultant. Combining technical depth with strategic business vision.
Trusted by Institutions
Verified Expertise
About Me
Who I am
Why work with me?
Strategic Clarity, Not Just Tech
I don't just fix bugs. I align security with your business goals. My background as an Information Security Manager means I understand budgets, timelines, and the need for operational continuity.
Full-Spectrum Expertise
Having worked as both an attacker (Red Team) and defender (Blue Team), I offer a rare, complete perspective. I know how they break in, so I know exactly how to keep them out.
Human-Centric Security
Security fails when people don't understand it. My experience training for OSCE and UNDP proves I can translate complex threats into clear, actionable habits for your staff.
How I Work
My working rules
A security recommendation is only useful if it is honest. These are the rules I work by, on every engagement.
Vendor-neutral
I take no commission from any tool vendor. The recommendation is the one that fits your business, not the one that pays a referral fee.
Open-source-first for SMEs
Where an open-source tool will serve you well over the long term, I propose it before a commercial product. Lower licence cost, no lock-in, and you keep control of your data.
Commercial when it earns its place
Paid tools are recommended when they materially reduce risk or operational load for your team - not by default, and never to fill a slide.
How We Work Together
Engagement model
Security is not bought once. It is owned, reviewed, and improved over time. The core engagement is a retained security partnership - senior ownership of your security programme, month after month. One-off projects exist, but as a way in.
Primary engagement
Retained Security Partner - advisor, architect and engineer on demand
Senior security ownership without hiring a full-time CISO. I set priorities, review architecture, guide implementation, and keep ISO 27001 or NIS2 work grounded in practical security. The programme moves forward every month - final business accountability stays with management.
Explore the Retained PartnershipWhat the retainer covers
- Security ownership
- Risk management
- ISO 27001 / NIS2
- Architecture reviews
- Control roadmap
- Supplier assurance
- Vendor decisions
- Board reporting
Ways to Start
Not ready for a retainer? A focused project is a clean first step - and a natural way into the ongoing partnership.
Web, API, AI, and Active Directory testing, plus human-layer phishing simulation. Clear findings, scoped to your stack.
Start with a pentestInteractive sessions for executives, boards, and government entities - building real-world judgement, not checkbox compliance.
Explore workshopsISO 27001 and NIS2 work runs through the retainer; technical reviews start with a Web & API pentest or a phishing simulation.
Get In Touch
Book a call
If customer questionnaires, ISO 27001 readiness, enterprise sales, or NIS2 scope questions are creating pressure, let's turn them into a practical assessment, roadmap, and implementation rhythm.
