Miloslav Homer
About
Archive
RSS
 
DarkMode

About

dny_ai_me

Welcome!

Subscribe if you’re interested in application security, self-hosting, programming, and, of course, AI. I cover various topics like tools, concepts, experiments and others. Get the articles into your inbox once in a while™.

This blog is intended for exploration, learning and sharing - part “portfolio” and part knowledge base. I pursue topics that interest me, mostly related to application security and programming. I will not stick to a schedule - some topics take weeks, some are done in a day. In the end, I’d like to deliver content I’d like to read - and not writing content for content’s sake.

You'll find the email subscription form, I solemnly swear not to abuse your inboxes. If you prefer RSS, I've got that set up as well.

Sometimes I speak at meetups at conferences. If you'd like to hear one of these topics in a talk, or if you have a general question, hit me up on LinkedIn, Github or email, happy to talk.

About Me

Currently working as the Lead Application Security Architect at Sandoz, I work to redefine and modernize application security as we're finishing the separation from Novartis. I manage a team of external workers providing various appsec-related services (threat models, reviews, pentests, ...). I also work with various asset owners to improve their security architecture and provide advisory whenever needed (and sometimes even when not asked for).

My previous role was Senior Application Engineer at Kiwi.com. Working with GCP (notably GKE, IAM), Okta, Cloudflare, Datadog, Gitlab and others to create and enforce security guardrails. I've also managed Kiwi.com's bug bounty program, transitioning it from private to public. That's when I started blogging, and I was also selected as Ambassador for Security. In the final stretch I took on managerial responsibilities, briefly managing the whole security team.

I've started my IT Security career as a penetration tester in ESET. Web applications were the bread and butter, but uncommon projects had me dealing with Android apps, thick clients, infrastructure, k8s, iOS and couple others. I've also completed OSCP around this time.

I've studied mathematics, specializing in Algebra and Cryptography. As my bachelor thesis (in Slovak, sorry) I've implemented an attack on a GRS-based system in C++. In my master thesis (also Slovak) I've worked to unify the security proofs of known one-pass modes for authenticated encryption with associated data (most notably OCB). I've found an error in one of the schemes, which I've turned into an attack and published it as a separate article.