Chapter Meeting: CRA and learnings switching from red to blue team

You are invited to join us for the next OWASP Switzerland Community Event.
This time we are guests of Digitec Galaxus, so we meet in their offices at Förrlibuckstrasse 70, 8005 Zürich (Room Pause).

We have a selection of two talks ready for you:

• We will learn about the impact of the EU Cyber Resilience Act (CRA) and RED Delegated Act (RED DA) on software development from Derek.
• and get inspired by Tom's learnings when he switched from red team to blue team.

Agenda:

• 16:50 Doors opening
• 17:10 Derek: Coding for Compliance Without Losing Your Mind: Real-world CRA and RED DA Lessons
• 18:10 Break
• 18:30 Tom: All Findings, No Context: Tales from Both Sides of the Firewall
• 19:30 Small Apéro

Talk Details:
Speaker: Thomas Houiellebecq
Talk Title: 🔎All Findings, No Context: Tales from Both Sides of the Firewall
Abstract:
What happens when the person who used to write the security reports becomes the one responsible for making them actionable? In this talk, I’ll take you on a journey from life as an external cybersecurity consultant—armed with test cases, idealistic frameworks, risk rated issues and a 1337-page PDF—to leading an internal security team responsible for actually making it all work in the real world.💫
We’ll explore the shift from writing findings to feeling their friction: why business context is everything, how not all recommendations age well in live environments, and the surprises (good and bad) that come with being embedded in the heartbeat of an organization. Expect real stories, tactical insights, and maybe a few laughs about the irony of once saying “just implement zero trust” without knowing what the backend chaos actually looked like.🔥

Speaker: Derek Yu
Title: Coding for Compliance Without Losing Your Mind: Real-world CRA and RED DA Lessons
Abstract:
With the EU Cyber Resilience Act (CRA) and RED Delegated Act (RED DA), best practices in security development have become legal obligations. In this talk, I'll share hands-on experiences helping teams implement security by design, security updates, SBOMs, vulnerability handling, supplier management, and more in real-world products. We’ll cover common developer pitfalls and how to align DevSecOps activities with standards like EN 18031 and future norms. Expect practical takeaways, tooling tips, and insights from the field. If you're building connected products, this will help your team save time and stay ahead of the curve.