If your developers call you the “Iron Dome,” upper management is dropping way too many bombs. Protect your devs at all costs. 🛡️
I get machine builders & automotive suppliers through CRA, ISO 21434 & IEC 62443. Without wrecking engineering velocity.
One of the few engineers who speaks both functional safety (CMSE/CEFS) and offensive security — down to the C and Rust. I build the automated compliance architecture so your engineers can stay focused on shipping. On-site in the Heilbronn-Franken region, in German or English.
Projects
Software isn't art; it's engineering. Complexity is the enemy of security. I don't look for 'intricate details'—I try to eliminate them. By keeping the code and architecture simple, I build systems that are actually robust. You can't secure what you can't understand.
From My Blog
All PostsCRA Isn't New. OT Just Wasn't Listening.
The EU Cyber Resilience Act is panicking the OT world. Mission-critical software has shipped under stricter rules for thirty years. The standards aren't the problem. The architecture is.
Code Got Cheap. The Hard Part Didn't.
Coding agents made writing code fast. They did not make software fast. The bottleneck just moved.
Spec-Driven Development, but the Specs Are a Graph
A 12-lesson course that rebuilds the DeepLearning.AI spec-driven development tutorial on Rust + sphinx-needs — and the AgentClinic domain you build to learn it.
Latest Notes
All NotesThe argument for Rust in 2026 isn’t safety. It isn’t speed. It’s that AI writes it better than it writes C++. The compiler answers fast. The model listens. Every error is a free lesson. Rust got built for this work ten years before anyone needed it to be.
trying to be a dev, DevOps, DevEx, manager, and CTO at the same time is a one way ticket to burnout town on the express lane

Short Story About Me
I’m the iron dome for engineering teams. I take the regulatory incoming — CRA, ISO 21434, IEC 62443, ASPICE — and turn it into automated compliance architecture, so your developers can stay focused on shipping deterministic code. Fifteen years across automotive, industrial and mission-critical software taught me one thing: reduce complexity, because you can’t certify what you can’t understand.
You can’t secure what you can’t understand.