Michal Rampášek
Michal is a lawyer at the Slovak Government CSIRT unit (CSIRT.SK), where he provides legal advice on cyber security and regulation. He is a PhD. student and lecturer at the Institute of Information Technology and Intellectual Property Law at the Faculty of Law of Comenius University in Bratislava.
Michal is the author of several scientific articles focused on information technology law and cybersecurity. He is also co-author of the university textbook "Law and Artificial Intelligence". In his practice and academic research he focuses on cybersecurity, AI and criminal law. He is a member of ISACA Slovakia Chapter and also a certified Cyber Security Manager.
Session
CSIRT.SK’s cybersecurity approach emphasizes proactive vulnerability management through Achilles, system which performs non-invasive scanning of public administration systems to detect security flaws while minimizing disruption. This model enables real-time risk assessment without impacting system availability, in line with NIS2. To enhance threat-driven assessments, CSIRT.SK integrates cyber threat intelligence, mapping active threat campaigns to known exploits. This fusion of CTI and vulnerability scanning enables targeted security enhancements and faster mitigation of emerging threats.
Further key NIS2 innovation at CSIRT.SK and its constituency, is structured vulnerability disclosure, where public organizations must publish clear guidelines for reporting security issues. This shifts responsibility from researchers to system operators, ensuring efficient triage and response while fostering trust with security researchers.
The presentation showcases Slovakia’s model of scanning, contrasting it with alternative approaches, and provides actionable insights for CSIRT teams on scalable vulnerability assessment, ethical hacking engagement, and intelligence-driven security operations.