‘Autonomous Compliance: Operationalising EU CRA and UK PSTI via Embedded Microservices’ and ‘Standards vs. Security: A Proactive Compliance Framework’
Presentation 1 with Murat Cakmak (Microservice Store)
With the UK PSTI in effect and the EU CRA approaching, IoT manufacturers face a massive manual burden of vulnerability reporting and lifecycle governance.
This session introduces a shift from static documentation to ‘Autonomous Compliance’.
By replacing monolithic firmware with a modular, microservice-based architecture, the Microservice Store (MSS) and its integrated Security Manager (iSM) automate mandatory obligations—including SBOM generation, 24-hour module-level incident notification, fault-containment, and targeted security updates.
Murat will demonstrate how device-level evidence and edge-to-cloud automation transform compliance from an engineering bottleneck into a seamless, verifiable platform function.
Presentation 2 with Jonny Tyers (Threatplane)
Most organisations treat compliance and security as separate problems.
You tick boxes for one, patch vulnerabilities for the other, and maintain two sets of documentation that drift apart over time.
This talk presents an approach that unifies both. Using risk-based threat modelling, you can identify the controls that satisfy your compliance requirements and protect against real threats. Same analysis, same documentation, same implementation.
You’ll see how mapping business impact to technical controls creates a single source of truth.
This approach helps you prove to auditors that your controls address actual risks, not just checkbox requirements. And it gives your security team clear priorities based on what matters to the business.
We’ll walk through practical examples showing how threat models can simultaneously document controls, justify security investments, and guide implementation work. You’ll leave with a framework that makes compliance and security work together instead of competing for resources.
Register HERE