Petr Pospíšil | CyberPOPE Independent Consultant | Cyber Security Architect & Fractional CISO
> ./simulate_adversary --full_scope

Offensive Security
& Technical Audits

I find the vulnerabilities before the real attackers do.
Comprehensive testing for Humans, AI, Applications, and Infrastructure.

> Technical Assessments

01 // Human Layer

Phishing Assessment

Social Engineering

I craft an appropriate phishing campaign to target your employees. You will get a report of user actions and recommendations. A fast and clear assessment of your current security posture.

INPUT: Employee Email List
OUTPUT: Campaign Statistics & Behavior Report
Want to improve? View Security Awareness Program

02 // Artificial Intelligence

AI / LLM Red Teaming

Prompt Injection

Specific tests for internal AI chatbots. I test for "Jailbreaking" (forcing the AI to say harmful things) and data leakage (extracting secrets).

INPUT: Chatbot / Model Access
OUTPUT: Prompt Hardening Strategies

03 // Application & API Security

Traditional Web Applications

Logic / XSS / SQLi

The solution for standard web apps and monoliths. I simulate a real-world attack on your application logic to prevent data breaches, XSS, and SQL injection flaws. *Note: For major codebases, consider my "Shift Left" Secure SDLC service.

INPUT: URL, Test Creds (Graybox)
OUTPUT: Technical Report with Executive Summary

GraphQL & API Testing

Modern Architecture

Modern apps rely on complex API chains. I manually test for Broken Object Level Authorization (BOLA), excessive data exposure, and injection flaws.

INPUT: Swagger/OpenAPI Specs
OUTPUT: Technical Report with Executive Summary

04 // Infrastructure & Network

External Network PenTest

Attack Surface Management

Assess what the internet sees. I map your digital footprint and attempt to breach your perimeter. Essential for companies with unknown asset sprawl.

INPUT: Public IPs & TLDs
OUTPUT: Attack Surface Report

Active Directory Health Check

Ransomware Prevention

90% of ransomware spreads via AD . I audit your Domain Controllers for "Kerberoasting," weak service accounts, and legacy protocols.

INPUT: AD Read-Only Access
OUTPUT: AD Risk Report
> > ./execution_pipeline.sh

How We Collaborate

Discovery & Scoping

We define ideas and expected results via a scoping call. We establish the "Rules of Engagement" and decide between Blackbox or Whitebox testing.

01_INIT
02_AGREEMENT

Proposal & Contract

I propose a solution via email. Once agreed, we sign a framework contract (MSA/SOW) defining timing, inputs, and outputs.

Note: 35% Advance Deposit Required

Execution Phase

I execute the tests within the agreed window. Focused deep work with updates provided only on critical findings (business stoppers).

03_HACK
04_CLOSE

Report & Debrief

You receive the final report. We hold one final session to discuss findings and propose next steps. The project is delivered.

Optional: Long-Term Retainer

Security doesn't stop at the report. We can establish a minimal retainer to ensure I remain available for ad-hoc advice, re-tests, or strategic guidance throughout the year.

05_PARTNER
Schedule Teams Call