Curriculum Vitae

Table of Contents

Personal information
Security Certification
Work Experience
Consultancy Experience
Academical Experience
Lecturing and papers
Security auditing & penetration testing skills
Programming languages

Personal information

Name: Pavol Lupták
Address: Štefana Moyzesa 1571/47, Ružomberok, 034 01, Slovak Republic
Mobil Phone (SK): +421 905 400542
Mobil Phone (CZ): +421 910 800955
Email: pavol dot luptak at nethemba dot com
Date of birth: May 15th 1979
Place of birth: Ružomberok, Slovak Republic
Driving license: Full


Security Certification

I am willing and able to gain any other security-related certification (CISA, GCIA, GSEC, ..)


  • English

    Fluent both writing and speaking (TOEFL certificate).

  • Spanish

    Very good (practical experiences from Mexico, Peru, Chile and Spain).

  • Slovak

    The mother language.

Work Experience

  • 1999 - 2000 S&T, Bratislava

    Contract work for Slovak Telecom, the distributed shut-downing UPS system for HP-UX development (in C/perl).

  • 2000 - August 2001 UI42 s.r.o, Bratislava

    Securing and administration of the most visited job portal in Slovakia , the intranet & internet company, a lot of client's servers (,, ..), experience in creating security audits and consulting.

  • September 2001 - December 2001 LMC, Prague

    Development and maintenance of the complex monitoring system based on Netsaint for

  • January 2002 - January 2008 ICZ, Prague

    Security Consultant focused on securing and administration of central servers of The University of Economics, Prague, Czech National Radio, Czech post services, network & server security, creating large penetration tests and security audits for Czech government institutions, almost all Czech mobile operators, American corporations and other international customers.

  • February 2008 Nethemba s.r.o, Bratislava

    Owner, CTO and Lead Security Consultant of the security-based company Nethemba s.r.o. focused on comprehensive penetration tests and security audits, proposing ultra secure solutions, VOIP solutions, clusters, consulting & training in security areas.

Consultancy Experience

Academical Experience

Lecturing and papers

I have 8 years of experience in lecturing at various security conferences

Security auditing & penetration testing skills

I have 9 years of experience in creating security audits and penetration tests.

  • Deep knowledge of OSSTMM - Open Source Security Testing Methodology Manual, OWASP testing guide, ISO 17799 and ISO 27001

  • Knowledge of many security scanners and exploiting frameworks

  • 10 years of experience in manual seeking of buffer/heap overflows, race conditions, web application vulnerabilities (SQL injection, XSS, CSRF, directory traversal, ..) and other serious vulnerabilities

  • Network / local auditing of all operating systems

  • Wireless network auditing

  • Web application testing (deep knowledge of Burpsuite, WebScarab, Paros, SpikeProxy, CAL9000) according to the OWASP Testing Guide

  • Auditing of mobile phones & PDAs

  • Source code audit (PHP, perl, C, dot net, java)

  • Experience with social engineering (simulating of phishing attacks)

Programming languages

I have 13 years of experience and knowledge in (user-space, application, server, network) programming in various languages (including low-level assembler programming), bug-tracing and code auditing.

  • ASM (x86, Alpha, 6502) - writing shell codes, reverse engineering, own 3D engine

  • C - my second native language, the most large projects (e.g.TTT talker) I wrote in pure C, also have experience with security source code audit

  • C++ - my bachelor thesis was written in C++, experience with QT graphics library

  • XML/XSLT - my master thesis was written in XSLT language

  • Perl - I coded the distributed shut-downing UPS system for Slovak Telecom

  • PHP, Javascript, Java - security source code audit

  • PL/SQL, Lisp, Prolog, Visual Basic, Pascal - many academical projects I wrote in these languages

  • Script languages (bash, awk, sed, ..) - daily usage


I have 11 years experience in Unix systems (Linux, all BSD systems, Solaris, HP/UX, AIX, ..), detailed knowledge of TCP/IP networking, load balancing, fail-over clusters, web servers and various other technologies

  • Ultra secure OS (NSA SELinux, RSBAC, Medusa DS9, GRSecurity - I have a deep knowledge of NSA SELinux (I used it in my master thesis as the main security framework)

  • Firewalling - iptables, ipfw, ipf, Cisco/PIX IOS, Apache mod_security, kernun application firewall, Zorp Apllication Gateway

  • VPNs - OpenVPN, CiscoVPN, various IPSEC implementations

  • PKIs - OpenCA, NewPKI, PyCA, SimpleCA, IDX-PKI

  • IDS - snort, prelude

  • Honeypots - honey pot project, sebek, also I wrote own patches to SSH to monitor the attackers

  • LVS HA clusters - lvs, ldirectord, heartbeat, keepalived - I implemented many production clusters

  • Various databases (MySQL, PostgreSQL, Oracle) - experience with MySQL cluster

  • LDAP - I use OpenLDAP as a main backend for large-scale mail clusters

  • Antispam/antivirus mail clusters - postfix, amavisd-new, clamav, spamassassin, pyzor, razor, dccproc - I designed and implemented many big mail clusters (up to 20000 users)

  • IP Telephony - I wrote my own patches to Asterisk SVN trunk and proposed large call centers

  • Virtual machine technologies - I have experience with KVM, XEN and VMWare

  • Latex, XML DocBook - I wrote my bachelor thesis in Latex and my master thesis in XML DocBook