We would like to invite you to the LSZ Cyber Crime Forum Graz. Our colleagues Nicolas Petri, Information Security Consultant, and Gerald Sendera, Data Protection Supervisor and Legal Counsel, are giving an expert talk on Ich wollte nur Software bauen – und jetzt mach ich CRA-Compliance.
Abstract
“I just wanted to build software – and now I’m doing CRA compliance”
More and more legal acts of the European Union require the mandatory implementation of cybersecurity measures. The consequences of non-compliance go beyond potential fines and the associated security risks. They include personal liability of management bodies (NIS-2) or loss of market access for non-compliant products (Cyber Resilience Act – CRA). As of today, harmonized cybersecurity standards for products have not yet been issued, while European certification schemes – such as certifications under the EUCC scheme – involve complex processes that generate high costs. Often, there is a lack of awareness of a low-threshold approach that would allow organizations and software developers to review and improve the security of their processes and products already during design and development. Using selected Essential Security Requirements from Annex I of the Cyber Resilience Act and an approach based on SAMM and ASVS, we demonstrate one way to address these requirements. The outcome could already serve as the foundation for a self-assessment of CRA conformity or as evidence in the context of third-party evaluation within a certification process.
Speakers
Nicolas Petri
Nicolas Petri is an Information Security Consultant, currently completing his Master’s degree in Information Security Management at the University of Applied Sciences Upper Austria, Campus Hagenberg, and holds a Bachelor’s degree in Human Resources and Organizational Development.
Since 2018, he has been working for SBA Research gGmbH and previously worked as a consultant in organizational development and IT recruiting. His consulting focus is on the organizational aspects of information security. He is responsible for partner management and leads projects in community building, external representation, and networking.
Gerald Sendera
Gerald Sendera has been Legal Counsel and Data Protection Officer at SBA Research gGmbH since 2017. Since 2004, he has held various positions, including working as an IT technician. During this time, he completed certification training from several vendors, such as Cisco, Oracle, and Avaya.
He is a CIS-certified Data Protection Officer and completed the Privacy Professional program at the training academy of Sigmund Freud University Vienna. His consulting work focuses on data protection and legal security. He combines his legal expertise with many years of practical experience in information technology.
Further information
Cyber Crime Forum 2025: Cyber-Abwehr für die Steiermark | LSZ Graz
About the Event
The Cyber Crime Forum is Austria’s leading IT security meetup, held in Vienna, Salzburg, Rankweil, and Graz. It connects CISOs, security and risk managers, tech providers, start-ups, and experts to discuss trends, challenges, and innovations in cybersecurity. Attendees can expect keynotes, deep dives, panels, and networking to shape the future of cyber resilience and create #FutureConnections.