Blog & Articles

Blog Post

Updating OWASP’s Microservice Security Cheat Sheet: Practical Considerations & Recommendations

Turning principles and patterns into practice — just as promised.

Article

From Data Graveyards to Knowledge Landscapes

Europe is sitting on a wealth of public data—but much of its potential remains untapped. The challenges are well known: fragmented portals, incompatible interfaces, and growing reliance on non-European platforms that slow innovation. While new industrial data spaces are emerging—enabling secure and sovereign exchange of sensitive information—public and industrial data ecosystems remain largely siloed. This article explores how Artificial Intelligence (AI) and the Model Context Protocol (MCP) can help bridge that gap and accelerate Europe’s shift from Open Data to Open Knowledge—supporting digital sovereignty and delivering greater value to society.

Blog Post

Updating OWASP’s Microservice Security Cheat Sheet: Decision Dimensions for Authorization Patterns
Article

Pragmatische Architekturdokumentation für Entwicklungsteams

Eine gut gepflegte Architekturdokumentation ist nützlich, gerade auch für die Entwickler:innen eines Softwaresystems. Sie hilft nicht nur beim Verständnis, sondern sorgt auch dafür, dass sich wichtige Sachverhalte reflektiert diskutieren und klären lassen.

Blog Post

Updating OWASP’s Microservice Security Cheat Sheet: Authorization Patterns

Authorization patterns explain how distributed systems organize their access control — where and how decisions happen, where policies live — and influence, in turn, how identities and related attributes travel between components.

Blog Post

Updating OWASP’s Microservice Security Cheat Sheet: Identity Propagation Patterns
Blog Post

AI — Behind the Buzzword Garbage

Tired of AI hype? Me too. But beneath the buzzwords lies real value for developers. Tools like Claude Code save me hours on routine tasks, freeing me to focus on what matters: understanding problems and building the right solutions. It’s not magic—it’s practical support that makes development faster without replacing our core skills.

Blog Post

Updating OWASP’s Microservice Security Cheat Sheet: Authentication Patterns

Without knowing who the subject is, without verifying its identity, there is only a limited way to perform meaningful access decisions.

Blog Post

Business Model Canvas: Geschäftsmodelle sichtbar machen

Ein pragmatisches Werkzeug für Architektur, Strategie und Transformation

Blog Post

Updating OWASP’s Microservice Security Cheat Sheet: Core Concepts

In part two of my series, I begin the journey to rethink the OWASP Microservice Security Cheat Sheet. This post focuses on core concepts, laying the groundwork for practical, real-world microservice security.

Blog Post

What’s Wrong with the Current OWASP Microservice Security Cheat Sheet?

Modern microservice architectures require evolving security practices. Yet popular resources like the OWASP Microservice Security Cheat Sheet are starting to show their age and need a fresh look.

Blog Post

First Agile, Then Agentic

Why AI Won’t Help You

Article

Asset Administration Shell und Model Context Protocol

Mit der zunehmenden Digitalisierung der Industrie rücken standardisierte Schnittstellen zur Beschreibung, Verwaltung und Nutzung digitaler Assets in den Fokus. Die Asset Administration Shell (AAS) gilt als Herzstück des digitalen Zwillings in der Industrie 4.0. Dieser Standard soll einen reibungslosen Austausch von Daten gewährleisten. Gleichzeitig entstehen mit Konzepten wie dem Model Context Protocol (MCP) neue, leichtgewichtige Ansätze, Kontextinformationen auszutauschen, die insbesondere für KI-Anwendungen hohe Attraktivität bieten. Beide Protokolle tauschen Daten aus, beide bieten eine gewisse Interoperabilität, beide haben die Möglichkeit, kontextabhängige Informationen auszutauschen. Doch stellt sich die Frage: Kann das einfache, schnelle MCP das schwergewichtigere AAS verdrängen? Oder bieten beide zusammen eine neue, synergetische Perspektive?

Blog Post

Context Engineering

Have you ever wondered how chatbots, copilots, or virtual assistants seem to know just the right things to say — or sometimes, spectacularly fail? The difference often comes down to one crucial skill: context engineering.

Blog Post

Primacy-Recency

Wie Anfang und Ende unsere Wahrnehmung formen

Article

Technical and other Debt in IT Systems

This article explores the many hidden forms of technical debt that silently slow down IT teams—far beyond just messy code.

Article

Common Approaches in the Field of Socio-Technical Architectures

In the age of digitalization and modernization, companies face the challenge of not only keeping up with technological advancements but also optimizing their organizational structures. Socio-technical architectures play a crucial role in this process by focusing on the flow of work, team collaboration, and the seamless integration of technical and social systems. This article explores two key approaches—Team Topologies and Domain-Driven Design (DDD)—and demonstrates how they can help organizations take the first steps toward consciously designing their socio-technical architecture.

Article

Internal Development Platforms

Shift Down Instead of Shift Left

Article

Don’t Forget the People

On paper, the architecture vision is perfect. It addresses all pressing deficiencies of the existing system, aligns seamlessly with the business domain, and enables teams to retain more work within their boundaries. Finally, we will enjoy higher speed-to-market and a significant reduction in (non-value-adding, tedious) coordination efforts between teams. Surely, everyone will immediately see how much better our new architectural vision is. Not quite.

Article

Enabling Stakeholders as a Success Factor

Sociotechnical architectures consider both technical and human-organizational aspects and promote their effective collaboration. To ensure the successful design and implementation of these systems, it is crucial to actively involve stakeholders and address their interests. In this article, we explore why enabling stakeholders represents a key function in sociotechnical projects and how you can implement this approach effectively.

Blog Post

Plattformen für AI: Daten und APIs als digitales Fundament
Article

How Much Thinking Can a Team Handle?

The term Cognitive Load has become a common reference point in recent discussions about team structures, roles, and task distribution in IT organizations. However, these discussions often fail to distinguish between the different purposes of IT organizations and frequently rely on an oversimplified concept of Cognitive Load.

Blog Post

Agenten - Kreise - Firmen

In Teil 2 habe ich Ihnen versprochen, die probabilistische Weltsicht zu beleuchten, mit der Machine Learning Experten schon immer vertraut sind, und die uns allen mit agentischen KI-Systemen bevorsteht. Wir befassen uns damit, was genau in unserem Fall das Lernende System ist, welche neue Rolle dabei Menschen einnehmen, und wie die Vision des CEO von Microsoft Satya Nadella zur Firma der Zukunft aussieht.

Blog Post

Das Versprechen der Agenten
Blog Post

Macht die KI die Softwareentwicklung effizienter?

Millionen Zeilen Code für ein einfaches “Hallo Welt”? Dieser Post beschreibt, wie aufgeblähte Open-Source-Projekte unsere Softwareentwicklung verlangsamen und wie KI diesen Trend umkehren könnte. Ist unsere Software wirklich so effizient, wie wir wollen? Eine Analyse, die zum Nachdenken anregt.