Operationalizing Regulatory Security Requirements
Cybersecurity manager role, architecture, risk management and implementation of measures including resilience of critical infrastructure.
MKB / ZoKB & SECRET & Local LLM
I help organisations worldwide with cybersecurity management and architecture, undertake classified projects at EU SECRET and NATO SECRET levels, and deploy local LLMs that keep sensitive data out of public clouds.
Expertise, trust and data control
Connected expertise
Regulatory obligations, working with classified information and using AI are not separate disciplines. Trust, responsibility and the ability to keep sensitive data under your own control bind them together.
Cybersecurity manager role, architecture, risk management and implementation of measures including resilience of critical infrastructure.
EU SECRET and NATO SECRET clearances enable participation in classified projects with the appropriate security regime and requirements for protection of classified information.
Language models can run within the organization’s infrastructure. Prompts, documents and results therefore need not be sent to public cloud services.
Security roles
Documentation is essential but does not protect by itself. Its purpose is a security system that owners can manage, risk responsibilities and operates in daily operations.
Security management in the context of the organization’s goals, real risks and available resources.
Design of clear and maintainable architecture that connects technologies, processes and operational constraints.
Recommendations for concrete steps, configuration, accountability and verifiable outcomes.
ZoKB & Critical Infrastructure
I help connect the operational cybersecurity regime with organisational resilience and continuity of essential services. Both regulatory regimes have their own scope, but in practice they intersect in risk management, suppliers, incidents and operational readiness.
Basic framework of obligations, regulated services, security measures and incident reporting.
Determines whether an organisation and its services fall under regulation and which regime applies.
Organisational and technical measures including security roles, ISMS, risk management and architecture.
Resilience of the entity as a whole, continuity of essential services and preparedness for disruptions affecting critical cyber risks.
Practical procedural requirements for communication and meeting selected obligations towards NÚKIB.
Work approach
Starting with context and risks, not a template. The output must be actionable, owned, and sustainably maintainable.
What we protect, why it matters, and what constraints we must respect.
Risks, priorities, target state, responsibilities, and a realistic path to the outcome.
Technical and organizational measures implemented together with the people who will operate them.
Evidence that the measures actually work—not just a document or configuration.
Local AI
A local LLM gives the organization the ability to use generative AI even where public cloud services are not acceptable. The model, knowledge base, prompts and outputs can remain in an owned or dedicated environment and outside public AI cloud services, including projects with heightened confidentiality requirements.

Ing. Jan Bareš, CISA – BARA Consult
30+ years in IT, management and consulting; independent consultancy since 2010.
For the client this means a partner who understands technical detail, can translate risk into management language and can drive change into production. The portfolio includes MKB, ZoKB and resilience of critical infrastructure, security architecture, ISMS and governance, classified projects and private LLM.
Based in Prague, I deliver cybersecurity, architecture and advisory services worldwide through secure internet and VPN connectivity; geography does not limit delivery, even the ISS is theoretically within reach.
BARA Consult and Ing. Jan Bareš hold the authorisations required to work with classified information at these levels. This enables participation in classified projects within the appropriate security regime.
Professional profile on LinkedInPrague-based / worldwide delivery
The initial conversation serves to understand the situation, risks and expected outcome. No pre‑prepared sales pitch.