Marcus Ross
Kubestronaut & DevOps Plattform Engineer@HPA
Hamburg, Germany
Actions
The Hamburg Port Authority (HPA) has been operating future-oriented port management from a single source since 2005 and is active wherever efficiency, safety, and cost-effectiveness are required in the Port of Hamburg. Marcus works as a DevOps Plattform Engineer in a team responsible for operating dozens of Kubernetes clusters running several production workloads in hybrid environments. We apply principles like GitOps to orchestrate everything smoothly.
Area of Expertise
Topics
From Compliance to Code: the Cyber Resilience Act (CRA), SBOMs, DevTeams and YOU!
The EU Cyber Resilience Act (CRA) is reshaping how manufacturers and developers must secure their products—but what does it mean for your Developer platforms, DevOps pipelines, and DevTeams? In this session, we’ll share a real-world implementation of the Technical Guideline TR-03183 from the Federal Office of Information Security. I will demonstrate how to technically address CRA mandates without drowning in compliance overhead.
You will leave with
✅ Understand the CRA’s impact on your Dev-Teams (and why ignoring it isn’t an option).
✅ See a production-ready workflow for SBOMs, vulnerability management, and compliance automation.
✅ actionable insights on integrating CRA requirements with SBOM handling into your CI/CD pipelines.
✅ A clear "why this matters" for your org, and lessons from the trenches of securing critical infrastructure with Kubernetes.
✅ Get a checklist for team adoption—because compliance is a cultural challenge, not just a technical one.
IT-Grundschutz trifft Kubernetes: Sicherheit praxisnah umsetzen
Wie lassen sich Anforderungen aus dem BSI IT-Grundschutzkatalog konkret in Kubernetes-Umgebungen umsetzen?
Am Beispiel der Hamburg Port Authority (HPA) zeigen wir drei echte Implementierungen der folgenden IT-Grundschutz Bausteine:
- APP.4.4.A2 Planung der Automatisierung mit CI/CD
- APP.4.4.A7 Separierung der Netze bei Kubernetes
- APP.4.4.A21 Regelmäßiger Restart von Pods
Zusätzlich wird auch die aktuelle Technische Richtlinie TR-03183: Cyber Resilience Requirements for Manufacturers and Products oder kurz das Thema SBOM und Kubernetes vorgestellt.
Der Vortrag verbindet Best Practices mit echten Herausforderungen des Plattform Teams/SRE und liefert Impulse für sichere Kubernetes-Setups im Einklang mit dem IT-Grundschutz.
Es geht hier um praktische Probleme mit praktischen Lösungen für Kubernetes-Setups in der kritischen Infrastruktur.
Komm an Bord - HPA - Wir machen Hafen!
From Policy to Production: Implementing ISO27001/BSI IT-Grundschutz in Kubernetes with GitOps
How do you bridge the gap between strict compliance requirements (like Germany’s BSI IT-Grundschutz/ISO27001) and dynamic Kubernetes environments? Using a real-world case study from the Hamburg Port Authority (HPA), this lightning talk demonstrates how GitOps and open-source tools can automate compliance for critical security controls—without sacrificing agility.
We’ll spotlight two key IT-Grundschutz/ISO27001 building blocks and their GitOps-powered implementations:
- APP.4.4.A2 (CI/CD Automation): Secure scaleable setup via Templateing/Kyverno/ArgoCD.
- APP.4.4.A13 (Automated Configuration Auditing): Continuous compliance checks via tools like Trivy, Kyverno and ArgoCD through GitOps workflows.
Why this talk?
Most compliance discussions focus on what to secure—this talk shows how to do it scalably with GitOps, using a high-stakes public-sector example. Attendees will leave with a blueprint to turn audit checklists into automated guardrails.
When IT Grundschutz/ISO27001 meets Kubernetes in real life - call CNCF Landscape for the help
How can requirements from the German BSI IT baseline protection catalog (IT Grundschutz/ISO27001) be implemented in production Kubernetes environments? Using the example of the Hamburg Port Authority (HPA), we show four real implementations of the following IT-Grundschutz building blocks:
- APP.4.4.A2 Planning automation with CI/CD
- APP.4.4.A7 Separation of networks with Kubernetes
- APP.4.4.A13 Automated Configuration Auditing
- APP.4.4.A21 Regular restart of pods
The presentation combines best practices with real challenges of the platform team and provides impulses for secure Kubernetes setups in accordance with IT-Grundschutz/ISO27001. We show how to implement solutions (hands-on-demos in a kubernetes-cluster) with the help of OpenSource-Projects from the CNCF-Landscape to cover the compliance.
IT Grundschutz/ISO27001 + k8s + real life = <3 ???
How can requirements from the BSI IT baseline protection catalog and the ISO27001 be implemented in Kubernetes environments? Using the example of the Hamburg Port Authority (HPA), we will show how real implementations of the IT-Grundschutz building blocks can look in the APP.4.4 Kubernetes area.
The presentation combines best practices with real challenges of the platform team at the HPA and provides impulses for secure Kubernetes setups in line with IT-Grundschutz/ISO27001.
WeAreDevelopers World Congress 2026 - Europe Sessionize Event Upcoming
NAVIGATE 2026 Sessionize Event
Container Days London Sessionize Event
GitOpsCon North America Virtual Sessionize Event
ContainerDays Conference 2025 Sessionize Event
Cloud Native Summit 2025 Sessionize Event
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top