Hi, I'm Michal Špaček.


developer and a trainer, Zend Certified Engineer

I'm into web, security, and performance. I build, break, and test web applications. I'm a Zend Certified Engineer since 2009. As a developer, I've learned a lot and I like to pass my knowledge and experience on my trainings. Since 2011, I've delivered over 150 workshops. I want to show other web developers why and how to build secure and fast web applications.

Report URI developer

I joined Report URI, a real-time security reporting tool, in 2017. Founded by Scott Helme (runs Security Headers, too), later joined by Troy Hunt of Have I Been Pwned? fame. Both Scott and Troy are award-winning security researchers and bloggers.


I've been speaking at more than 140 conferences and events, including WebExpo Conference in Prague, Czech Republic and Passwords conference in Las Vegas, USA, both multiple times. Check the list of all my Talks.

Occasional bug hunter

I find and report security issues because I care about the Internet and I want it to be more secure. I'm not trying to hide while doing so, and I don't want to cause any harm. I've reported both major and minor bugs to companies like Google (hall of fame record), Atlassian (hall of fame, problem description), T-Mobile (hall of fame), Operátor ICT (hall of fame, bug description), DomainTools (with a swift response), “Czechia” – a web hosting service by a Czech company called ZONER (customer login details dump), Alza (my post about the bug), CZC.cz and many others. If you want people like me to report security bugs to you easily, add security.txt file to your site.


Skyper based in Prague, Czech Republic

Absolutely awesome 5 years and 5 months since my Day One in Tallinn, Estonia until November 2012 in which I've learned gazillion of new things about how to build a service for hundreds of millions of users, how to build a company, and how to grow an office from few people up to a hundred.

A developer in Slevomat.cz

I was working for one of the fastest growing on-line companies in the Czech Republic from September 2013 to June 2014. I've done a talk about how we've secured the application and user data. The slides from the talk are on-line and the talk is called How we have improved the security of Slevomat.cz (in Czech only).

WebTop100 juror a guarantor

I was a juror (2011–2018) and later also a guarantor (2014–2018) for the area of technical solution and security for WebTop100, the largest competition of company websites in the Czech Republic. I wrote several articles about the experience with the evaluation and also about the results.

Co-founder of hosting service tojeono.cz

In late 2003, my colleagues and I decided to purchase our own servers, which we've offered under the brand name tojeono.cz to use by our clients and other customers who required customized hosting services. I left the project after about a year and after two more years I also left my colleagues.

More about me and my experience at LinkedIn.