Alexander Valach
Alexander is the Head of Analytical Department at Government Unit CSIRT.SK at Ministry of Investment, Regional Development and Informatization of the Slovak Republic. He focuses on network security and security monitoring and has been working at CSIRT.SK since 2021. He teaches the basics of network technologies at Faculty of Informatics and Information Technologies Slovak University of Technology (STU) in Bratislava.
Session
CSIRT.SK’s cybersecurity approach emphasizes proactive vulnerability management through Achilles, system which performs non-invasive scanning of public administration systems to detect security flaws while minimizing disruption. This model enables real-time risk assessment without impacting system availability, in line with NIS2. To enhance threat-driven assessments, CSIRT.SK integrates cyber threat intelligence, mapping active threat campaigns to known exploits. This fusion of CTI and vulnerability scanning enables targeted security enhancements and faster mitigation of emerging threats.
Further key NIS2 innovation at CSIRT.SK and its constituency, is structured vulnerability disclosure, where public organizations must publish clear guidelines for reporting security issues. This shifts responsibility from researchers to system operators, ensuring efficient triage and response while fostering trust with security researchers.
The presentation showcases Slovakia’s model of scanning, contrasting it with alternative approaches, and provides actionable insights for CSIRT teams on scalable vulnerability assessment, ethical hacking engagement, and intelligence-driven security operations.