From CRA to K8s: Building Smart, Secure Systems

Two exciting topics, two very experienced speakers and much networking opportunity. We are very much looking forward to the next DevOps Meetup Zurich.
Here's what's planned for the evening:
17:30 - 18:00 - Arrival and first drinks
18:00 - 18:45 - Navigating the EU Cyber Resilience Act: A DevSecOps Approach by Marc Herren
18:45 - 19:30 - Running a Kubernetes cluster on Hetzner in production as a KMU - for almost nothing by Patrick Schratz
19:30 - 20:30 - Networking, Open Space & More drinks

Navigating the EU Cyber Resilience Act: A DevSecOps Approach
This session introduces the European Union's Cyber Resilience Act (CRA) - a landmark regulation adopted in October 2024 that establishes common cybersecurity standards for products with digital elements in the EU.
The presentation begins with an overview of the CRA's purpose and scope. It examines how this regulation addresses growing cybersecurity concerns, from vulnerabilities in connected devices to supply chain security issues, and its relevance to engineering teams.

The second part outlines what organizations can expect as the CRA is implemented, including adaptation periods, reporting requirements, and compliance considerations that will affect product development cycles.

The main focus highlights a practical DevSecOps approach to address CRA requirements through automation. The concept of not only "shifting left" (integrating security earlier in development) but also "shifting down" (embedding security into the platform layer) demonstrates how open-source tools create a security foundation that reduces manual overhead.
This cultural and process transformation enables teams to embed security throughout the software lifecycle automatically. By treating security as a catalyst rather than a constraint, organizations can transform compliance requirements into an opportunity to build more resilient software while maintaining development velocity.

Marc Herren
Platform Engineer @ bespinian
Making complex DevSecOps challenges disappear through platform engineering magic!
I work as a platform engineer with Kubernetes, cloud-native technologies, and AI-enhanced automation. As such, I do a lot of development using infrastructure as code and CI/CD pipelines. I'm also the founder of remmen.io GmbH, where I focus on digital education and knowledge sharing.
With 25 years of experience in datacenters, networking, and automation, I've helped numerous teams master platform engineering challenges. My Linux journey started in 1995, and I'm passionate about emerging technologies, especially AI in automation.
Outside of work, you'll find me spending time with family, strategizing over board games, mixing tracks as a DJ, or diving into sci-fi literature.

Running a Kubernetes cluster on Hetzner in production as a KMU - for almost nothing
Operating a Kubernetes cluster is often seen as costly, mainly due to managed control planes, the need for multiple environments, and expensive storage solutions. These factors can make it challenging for small businesses to adopt Kubernetes. On alternative cloud providers, the process typically involves manually configuring each component, which demands significant expertise and time. But it doesn’t have to be this way! There are effective methods to easily set up and manage Kubernetes clusters on smaller cloud providers, such as Hetzner, via IaC, allowing you to reduce costs by 5-10 times. Let me show you how!

Patrick Schratz
I am a professional in the DevOps/System Administration space for ~ 10 years with a background in applied machine learning (PhD). I am a FOSS advocate and have been active as a Gitea/Forgejo maintainer and Codeberg (core) member since several years. Starting out with R initially, I mainly work with Go and IaC these days. On the business side, I am an independent consultant (at devxy.io) bridging the DevOps/Data Science fields.

Many thanks to our sponsors:

• Catering Sponsor: DevOpsDays Zürich https://www.devopsdays.ch/
• Location Sponsor: Digicomp https://www.digicomp.ch/