Security

Defense in Depth

ByStefan Karg 01.11.202225.08.2025

Food for thought on the public holiday in Germany: What is defense in depth and why should you consider it?

OT

New Publication: Automated Security Risk Management for trains
ByStefan Karg 21.07.202525.08.2025

Patric Birr and I published an article in SIGNAL+DRAHT, the leading international medium for control and safety technology plus communication and information technology in the railway sector. In the article we propose automating Security Risk Assessments by using digital twins. These allow attack trees to be derived automatically enabling a systematic analysis of potential attack…

Read More New Publication: Automated Security Risk Management for trains
AI

Microsoft Certified: Azure AI Fundamentals
ByStefan Karg 04.06.202325.08.2025

I’m happy to share that last weekend I passed the Microsoft Certified: Azure AI Fundamentals certification exam. As a rail security professional, why am I sitting for an AI-related exam when I’m not a data scientist? The rail industry is moving more and more towards interconnected technical solutions. Of course, we are not yet seeing…

Read More Microsoft Certified: Azure AI Fundamentals
Conferences / Events

Key aspects for successful open source software
ByStefan Karg 09.06.202525.08.2025

Frank Karlitschek, the founder and CEO of Nextcloud, gave an inspiring talk at 2025 re:publica conference in Berlin about how to establish a sustainable, enterprise-ready open-source project. 🌐 Link [DE]: re:publica 25: Frank Karlitschek – So baut man ein nachhaltiges Open Source Unternehmen In his talk he highlights the factors making an open-source project successful….

Read More Key aspects for successful open source software
AI

ISO 42001 Practitioner certification
ByStefan Karg 26.09.202516.12.2025

This month I’ve earned the ISO/IEC 42001:2023. Artificial intelligence management system practitioner certification of rigcert.education. As AI systems become widely integrated into the business world, securely managing them is increasingly critical. How can organizations ensure the reliability of AI outputs, protect company data from loss, and maintain system availability? These topics—and many others—are addressed by…

Read More ISO 42001 Practitioner certification
Cyber Resilience Act (CRA)

CRA Compliance Costs Money – But What Does Non-Compliance Really Cost?
ByStefan Karg 21.04.202621.04.2026

In discussions with manufacturers about the Cyber Resilience Act, one recurring theme is: “Compliance is expensive.” True, implementing CRA requirements does require significant investment. However, the costs of non-compliance and incidents can be far greater – and the financial risks are often underestimated. What I’ve observed in practice: Many manufacturers focus solely on the upfront…

Read More CRA Compliance Costs Money – But What Does Non-Compliance Really Cost?
Cyber Resilience Act (CRA) | Uncategorized

CRA: Standardization projects
ByStefan Karg 01.12.202501.12.2025

Currently a lot of standardization projects regarding the CRA are on-going. These standardization projects aim to develop harmonized European standards for the fundamental cybersecurity requirements of the CRA and the requirements regarding vulnerability management (horizontal standards) as well as different product categories (vertical standards). You can find an overview over the currently active standardization projects…

Read More CRA: Standardization projects

Similar Posts