News and events archive

Tomáš became a finalist of the national Cyber Securiy Competition and is now a member of a governmental cybersecurity team as well as a developer of simulation-based exercises that teach people how to stay calm during cyberattacks.
In this article, we present a story that shows cybersecurity is not only about technology, but above all about the courage to try new things. The full interview is available in the Stories of Our Alumni section.

A Competition as a Gateway to Ethical Hacking

Tomáš Hájek’s journey into the world of cybersecurity began rather inconspicuously—with a school assignment in a computer systems course.
“The first round of the competition was theoretical, but it caught my attention so much that a friend and I decided to continue. In the end, I became a finalist—and that changed everything,” recalls the student of a follow-up master’s programme specialising in Cybersecurity Management.

After the competition, he began educating himself independently through platforms such as TryHackMe and experimenting with penetration testing in a home environment. This curiosity eventually led him to the INJECT project and to the governmental CERT team at NÚKIB, where he now focuses on identifying vulnerabilities in systems critical to the security of the Czech Republic.

INJECT: An Educational Project of FI MU with International Reach

Tomáš has made a significant contribution to the development of the INJECT Exercise Platform (IXP), which translates theory into practice. The platform simulates real-life crises—from personal data breaches to attacks on maritime navigation systems.

“It’s not just about finding the right answer, but also about how people think about a threat. It’s important for them to experience the situation in a safe environment, before it becomes a real attack,” Tomáš explains.

 Tomáš also explored the topic of digital tabletop exercises in his bachelor’s thesis, Development of Tabletop Cybersecurity Exercises. He is now continuing to build on this work in his master’s thesis. 

He also explored the topic of digital tabletop exercises in his bachelor’s thesis, Development of Tabletop Cybersecurity Exercises, which serves as a concrete example of how academic study can be directly connected with real-world practice in cybersecurity.

INJECT in teaching at FI MU:
In the course PV210, students use INJECT to deal with phishing attacks or data loss scenarios. They must analyse the situation and coordinate their response under time pressure.

International scope of INJECT:
The project is currently used by partners such as NÚKIB (National Cyber and Information Security Agency), the State Treasury Shared Services Centre, and the Estonian university TalTech in Tallinn. Interest has also been expressed by institutions in Portugal and Canada.

AI as Both a Helper and a Threat

In the interview, Tomáš highlights how artificial intelligence is changing the rules of the game. As part of his studies, he experimented with creating functional malware using freely available models.
“While GPT-based models have strong safeguards, other models such as DeepSeek are much more permissive—and they really helped me generate functional code,” Tomáš explains.

Today, AI significantly simplifies the preparation of convincing attacks, especially phishing. Tomáš has also focused on this type of threat as part of public training activities within the Cyber Security Seminars project supported by Google, where he helped design exercises that teach participants how not to fall victim to scams.

Security as an Interdisciplinary Field

According to Tomáš, cybersecurity is not just about programming in a dark room. It is a field at the intersection of computer science, law, psychology, and sociology. Equally important, he says, is the ability to step out of one’s comfort zone.
“One has to think in context. It’s not just about the correct answer, but about how people arrive at it,” he explains.

When he needs to disconnect, he heads to the mountains.
“I prefer spending a week in the Alps—hiking in summer, skiing in winter. It helps me recharge and gain perspective. Fresh air and movement are essential for me to function during the next semester.”

But that’s not all. Are you curious about what working on the INJECT project really involves, or why humans are considered the weakest link in cybersecurity?
Read the full interview with Tomáš Hájek in the Stories of Our Alumni section.

Author: Radka Grace, Office for External Relations and Partnerships at FI MU