feat: add recent talks

content/blog/2026-01-fosdem-supply-chain-strategy/index.md

@@ -17,6 +17,6 @@ event:
   href: https://fosdem.org/2026/schedule/event/ZSWH3N-deutsche-bahn-supply-chain-cra-strategy/
 ---
 
-Deutsche Bahn, with its 230,000 employees and hundreds of subsidiaries, is far from an average organization. Yet it faces the same challenges under the CRA as many others. In this session, I showed how we connected the concrete requirements of CRA compliance with our broader effort to bring transparency to our software supply chains. This forms the basis for security and license compliance processes, as well as for proactively shaping the ecosystems we depend on.
+Deutsche Bahn, with its 230,000 employees and hundreds of subsidiaries, is far from an average organization. Yet it faces the same challenges under the CRA as many others. In this session at FOSDEM 2026, I showed how we connected the concrete requirements of CRA compliance with our broader effort to bring transparency to our software supply chains. This forms the basis for security and license compliance processes, as well as for proactively shaping the ecosystems we depend on.
 
 In the presentation, I outlined our strategy for addressing the expectations tied to the different roles we take on -- customer, manufacturer, and indirectly even steward -- from both organizational and technical angles. Given the diversity and scale of Deutsche Bahn, we rely on modular FOSS tools that offer the flexibility to adapt to varying stakeholder needs and evolving regulation. This flexibility is a core element of our approach. This session showed how we align strategy and technology to make this work.

content/blog/2026-01-policy-summit-ospos-sovereignty/index.md

@@ -0,0 +1,32 @@
+---
+title: "OSPOs as Sovereignty Engines"
+date: 2026-01-30
+categories:
+  # Language
+  - english
+  # - deutsch
+  - presentation
+  # - podcast
+  # - article
+tags:
+  - OSPO
+  - Sovereignty
+headerimage:
+  src: panel.jpeg
+  text: The panelists at the Open Source EU Policy Summit 2026
+summary: At the EU Open Source Policy Summit 2026, I participated in a panel discussion on how Open Source Programme Offices (OSPOs) can serve as engines of digital sovereignty for large organizations. Alongside experts from the European Commission, RTE, IKEA Group, and Research Institutes of Sweden, we explored how OSPOs can build institutional capability for open collaboration and governance, and how EU policy can accelerate this transformation across critical sectors.
+video: https://www.youtube.com/watch?v=qcxaBetVrLc
+event:
+  name: EU Open Source Policy Summit 2026
+  href: https://summit.openforumeurope.org/
+---
+
+Delivering digital sovereignty requires more than regulation and investment -- it depends on institutional capability. I've been invited to join a panel at the EU Open Source Policy Summit focusing on how large organisations, both public and private, are building the structures needed to adopt and sustain open approaches. We discussed the role of Open Source Programme Offices (OSPOs) as engines of institutional learning, collaboration, and governance, and the potential for a EU policy to accelerate this transformation. Drawing on examples from critical sectors -- including energy, transport, and public administration -- the discussion explored how organisational capacity can strengthen Europe’s digital resilience and enable openness at scale.
+
+My main arguments were:
+
+1. OSPOs are more than just a team for managing open source software -- they are a strategic function that can drive cultural change, cross-functional collaboration, and ecosystem engagement across an organisation. They act as vertical and horizontal enablers.
+2. In the debate around Digital Sovereignty, Open Source is a highly relevant option on the table, and goes far beyond "Buy European". OSPOs can help organisations navigate the complex landscape of open source, build internal expertise, and foster partnerships that enhance sovereignty through openness.
+3. OSPOs cannot drive this change alone. External support in the form of strategy, incentives and regulation is needed, especially for organizations under high regulatory pressure or with limited resources. This needs to be coherent vertically across the EU and horizontally across sectors.
+
+It was a pleasure to elaborate this with my co-panelistzs Manuel Mateo Goyet (Acting Head of Unit CNECT.E.2, European Commission), Lucian Balea (Deputy Director of R&D and Open Source Director, RTE), Supriya Chitale (Open Source Program Office Manager, IKEA Group) and moderator Johan Linåker (Senior Researcher, Research Institutes of Sweden).

content/blog/2026-02-fosdem-sbom-collection/index.md

@@ -0,0 +1,22 @@
+---
+title: "Deutsche Bahn's Approach to Large-Scale SBOM Collection and Use"
+date: 2026-02-01
+categories:
+  - english
+  - presentation
+tags:
+  - OSPO
+  - SupplyChain
+  - Security
+headerimage:
+  src: firstslide.jpg
+video: https://video.fosdem.org/2026/ud2208/7EYTRJ-deutsche-bahn-large-scale-sbom-approach.av1.webm
+slides: https://fosdem.org/2026/events/attachments/7EYTRJ-deutsche-bahn-large-scale-sbom-approach/slides/267417/2026-02-0_wtntumx.pdf
+event:
+  name: FOSDEM 2026
+  href: https://fosdem.org/2026/schedule/event/7EYTRJ-deutsche-bahn-large-scale-sbom-approach/
+---
+
+500,000 SBOMs -- that's the scale of Deutsche Bahn's software supply chain. In this FOSDEM 2026 session, I showed how we extend our automated collection of Source, Build, Artifact, and Runtime SBOMs from both internal systems and external suppliers, and how we make this data usable. Doing this, we understand that SBOMs are not a tool by themselves but a supporting method for various use-cases. To facilitate them, we heavily rely on FOSS tools, enriched with own logic to fit into our enterprise architecture.
+
+But tools and clever ideas aren't enough. We need people to integrate them into pipelines and continuously monitor the quality of the resulting SBOMs and derived findings. We depend on cooperation from operators of related internal services. And we also need support from our governance stakeholders. This session was about our journey, where we stand today, and what lies ahead.