2025-06-26 –, Track 3
This talk dives into the challenges of building open digital infrastructures with state-of-the-art security for public health. It emphasizes the critical importance of embedding zero trust design from the very beginning of the project life cycle rather than approaching security as an afterthought.
How can you successfully implement zero trust networks in a domain that traditionally lags behind digitally, such as public administration? How can privacy by design and security by design be integrated seamlessly into these processes from day one? What approaches help in transitioning specialist government applications to cloud-native architectures? How can we leverage service mesh and data mesh concepts for many public health departments at once? And most importantly, how can you do this in Open Source?
Join us on a journey exploring the modernization of Germany's public health infrastructure through the GA-Lotse project since 2021. We will discuss challenges in integrating security since day zero in a highly distributed world of health departments in Germany.
GA-Lotse is a software project that aims to assist the Hessian public health departments in their daily business with modern and unifying software. The project started development in late 2023 but was planned to be open source from its start in late 2021.
This talk will be a case study on how modern security and open digital infrastructures can be integrated into a highly distributed world normally known for its legacy IT processes and infrastructure.
GA-Lotse is available in OpenCoDE (code repository and documentation is primarily in English): https://gitlab.opencode.de/ga-lotse
Sven Nobis works as a Senior Security Analyst at ERNW, performing application and infrastructure assessments. He is mainly focusing on cloud infrastructure and web application security. Besides IT security, he is a passionate developer and trying to link his experiences to the everyday work.
Benedikt Waldvogel has been working as a software developer at cronn GmbH for over a decade. During this time, he has gained extensive experience with technologies in the Java and Spring ecosystems. One of his greatest passions is developing automated integration tests.
In the GA-Lotse project, he was part of the software architecture team and played a pivotal role in implementing its security architecture.
Bianca is currently working at the public health department of Frankfurt / Main in Germany. Her role right now is main product owner of the software project GA-Lotse.
She has been part of various software projects with a security and privacy focus in the german administration and healthcare, mainly in the field of public health.
In her spare time she is also involved in ethical hacking, for example hacking the luca App in the year 2021 or the recent breach of the german electronic health record - ePA für alle.