Skip to content
Back to home

//All projects

Delivery you can point to.

A selection of work across public-procurement delivery, identity, infrastructure, monitoring, security and AI integration. Client names and selected details are anonymized where required.

PAM360 · Public-sector delivery

Delivered

Privileged Access Management Implementation for Liberecká IS, a.s.

Coordinated the complete technical delivery of a ManageEngine PAM360 privileged-access solution under public-procurement requirements — from vendor communication to deployment, documentation and handover.

Liberecká IS, a.s.Liberec, Czech Republic
  1. Privileged accountsScattered, high-risk
  2. PAM360ManageEngine platform
  3. Controlled accessGoverned paths
  4. Audit trailWho did what, when
  5. OperationsOperated & reviewed
ManageEngine PAM360Privileged access managementIdentity & access controlsServer & account integrations
View case study

Identity · Automation

Delivered

Global Identity & Employee Lifecycle

Designed and implemented a centralized employee-lifecycle model connecting identity, devices and applications — replacing manual operations with automated, auditable flows.

International company (anonymized)Czech Republic, Europe & United States
  1. RequestJoiner / mover / leaver
  2. ApprovalRight approvals
  3. IdentityOkta
  4. AccountsProvisioned
  5. DeviceJamf-enrolled
  6. ApplicationsBy role
  7. AuditConsistent record
OktaGoogle WorkspaceJamfSupabase
View case study

Internal platform · Data

Ongoing

Internal Operations Platform

Architected a central internal platform with a single data model and role-based workflows to replace forms, spreadsheets and manual approvals — prepared for automation and AI.

Internal IT (anonymized)Czech Republic & remote

Fragmented

  • Fragmented processes with no single owner or data model.
  • Manual approvals and duplicated tools.
  • No reliable foundation for automation or AI.

Connected

  • A central data model in PostgreSQL/Supabase as the single source of truth.
  • Role-based access controlling who can see and do what.
  • Workflows and approvals modelled as first-class, auditable objects.
  • Integration points and an API-driven design ready for automation and AI.
Modern frontendSupabasePostgreSQLREST APIs
View case study

Network architecture · New York & Berlin

Delivered

International Office Infrastructure

Designed and coordinated network architecture and standards for international offices — focusing on architecture, security and long-term manageability rather than physical installation.

International company (anonymized)New York, USA & Berlin, Germany
  1. Internet / ISPInbound connectivity
  2. GatewayFirewall & routing
  3. Core networkBackbone
  4. Access layerSegmented VLANs
  5. Devices & servicesEndpoints & systems
  6. MonitoringVisibility
Network architectureVLANsFirewalls / gatewaysWi-Fi
View case study

Industrial network architecture · Pardubice region

Delivered

Production Hall Infrastructure

Led the IT and network architecture, technical specification and delivery coordination for large production-hall environments — not the physical construction work.

Industrial company (anonymized)Pardubice region, Czech Republic
  1. Internet / ISPInbound connectivity
  2. GatewayFirewall & routing
  3. Core networkBackbone
  4. Access layerSegmented VLANs
  5. Devices & servicesEndpoints & systems
  6. MonitoringVisibility
Network architectureBackbone / distribution designRack topologyWi-Fi planning
View case study

Security · TISAX / ISO 27001

Ongoing

Security & Audit Readiness

Technical preparation and continuous improvement of environments subject to TISAX, ISO 27001 and customer security requirements — across identity, devices, evidence, backups and monitoring.

International company (anonymized)Czech Republic & Europe

Fragmented

  • Controls and evidence spread across many systems and owners.
  • Device compliance and identity controls to keep consistent.
  • Backups, physical and vendor controls to evidence.
  • Audit readiness maintained continuously, not just before an audit.

Connected

  • Identity and privileged-access controls aligned to requirements.
  • Device compliance enforced through endpoint management.
  • Evidence and documentation organized so it is audit-ready.
  • Backups, physical and vendor controls maintained and monitored.
TISAXISO 27001 environmentsIdentity controlsDevice compliance
View case study

Architecture · Cost & technical debt

Ongoing

SaaS & Architecture Rationalization

Mapped a fragmented landscape of overlapping SaaS tools, integrations and manual processes, then planned consolidation onto a connected platform with a decommissioning roadmap.

Internal IT (anonymized)Czech Republic & remote

Fragmented

  • Overlapping tools doing similar jobs.
  • Hidden dependencies between systems and workflows.
  • Duplicated data and rising cost.
  • Accumulating technical debt.

Connected

  • A clear map of tools, integrations, data stores and dependencies.
  • Consolidation targets where duplication is removed.
  • A connected internal platform as the destination for key workflows.
  • A phased decommissioning roadmap protecting operations.
Architecture mappingDependency analysisInternal platformVendor & cost review
View case study

AI · Active development

Active development

AI Integration into IT Operations

Integrating AI as a controlled component of the IT environment — connected through APIs to reliable data, with human review and audit. An active, ongoing initiative, not a finished production rollout.

Internal initiative (anonymized)Czech Republic & remote
  1. Company dataReliable, owned
  2. Controlled contextScoped & governed
  3. AI processingClassify / extract
  4. Human reviewPerson validates
  5. Workflow actionExecuted
  6. Audit recordDecision logged
AI APIsREST APIsInternal platformsAutomation orchestration
View case study