Dan Cvrcek
Dan Cvrcek has spent over 25 years working at the intersection of applied cryptography, public key infrastructure, and enterprise security. His career spans foundational academic research through to hands-on delivery at some of the world's most security-critical financial institutions.
Enterprise Experience
At TSB Bank, Dan led the design and build of the bank's cryptographic and key management capability from the ground up following its technology separation from Banco Sabadell in 2020. This included establishing secure facilities, deploying HSMs, creating inventory and audit procedures, and operationalising annual key renewals for critical payment systems. He subsequently delivered TSB's new Enterprise PKI solution, fully decoupled from the parent bank and embedded into CI/CD pipelines and support workflows.
At Deutsche Bank, Dan served as Subject Matter Expert for IT security and cryptography, analysing cryptographic projects, evaluating business and security requirements against threat profiles, and defining mid-term strategy across the cryptographic estate.
Earlier in his career, Dan held senior consultant roles at Barclays and Deloitte UK, focused on gap analysis across payment and key management systems. He has also led PKI transformation programmes at Sky and Integrity360, including root CA rollovers, enterprise ACME deployments, and Akamai-based WAF implementations protecting 100% of eligible services.
Academic Background & Cryptographic Research
Dan holds a PhD in Computer Science from Brno University of Technology and completed post-doctoral research at the University of Cambridge, where his work focused on security in wireless communication. His published research includes work on high-assurance cryptographic hardware from untrusted components, supply chain security, and vulnerabilities in widely deployed smartcard cryptography.
His research on the ROCA cryptographic attack (Return-Oriented Cryptographic Attack) identified critical vulnerabilities in RSA key generation across millions of smartcards and hardware security modules. This work demonstrated how cryptographic weaknesses in widely deployed hardware could compromise the security of payment systems, government infrastructure, and enterprise PKI deployments globally.
Selected publications:
- A Touch of Evil: High-Assurance Cryptographic Hardware from Untrusted Components
- Trojan-Tolerant Hardware and Supply Chain Security in Practice
- Crippling Crypto Weakness Opens Millions of Smartcards to Cloning (ROCA research)
- Can This $70 Dongle Stem the Epidemic of Password Breaches?
Security Conference Speaking & Industry Authority
Dan is a recognized speaker at major security conferences including Black Hat and DEF CON, where he has presented research on cryptographic vulnerabilities, PKI implementation failures, and enterprise security architecture. His presentations focus on practical lessons from real-world PKI deployments at Fortune 500 financial institutions, translating academic cryptography research into actionable guidance for enterprise security teams.
As an applied cryptography consultant and PKI implementation expert, Dan bridges the gap between academic cryptographic research and enterprise operational reality. His work demonstrates how theoretical cryptographic attacks (like ROCA) manifest in production systems, and how organizations can build PKI infrastructure resilient to both known and emerging cryptographic threats.
Current Work
Dan is founder and CEO of Axelspire, which applies enterprise-grade certificate automation and PKI discipline to help startups become contract-ready for university and enterprise procurement. He is also an active security contractor, currently delivering a new secret management service at Comcast.
Dan writes on PKI, cryptography, and infrastructure security; check his books and his research and commentary on LinkedIn.