Skip to main content

Experience

Selected Projects #

CRA compliance strategy and implementation
For a large EU-based manufacturer, I am supporting the compliance team in preparing all products for the EU Cyber Resilience Act (CRA). This includes guidance on interpreting the legal requirements, setting up a compliance strategy, establishing a secure product development lifecycle, and designing and evaluating concrete security mechanisms. The project spans hundreds of developers across multiple continents.

CRA training for the C-level
For a producer of chemical laboratory equipment, I developed a tailored training course on the Cyber Resilience Act (CRA). The interactive session was designed for the executive board and addressed industry-specific compliance questions raised by the client.

Portfolio-wide RED DA compliance
For a Danish client in the liquid handling industry, I provided technical guidance on achieving compliance with the newly activated essential requirements in the EU Radio Equipment Directive (RED DA). We began with pilot projects, applying EN 18031 to two products, and designed a process to scale compliance across the full product portfolio. I supported the rollout and played a key role in the compliance assessment of hundreds of products. As a result, the client secured compliance for all products and safeguarded revenue ahead of RED DA’s entry into effect on 2025-08-01.

RED DA support for an engine manufacturer
I assisted a European engine manufacturer in interpreting the RED DA legal requirements and applying EN 18031-1. This enabled more effective communication with their compliance assessment body and allowed them to narrow the set of requirements to those strictly necessary.

Product PKI design
For an international client producing building management equipment, I designed a product public key infrastructure (PKI). The design was tailored to the specific needs of the client, including: (i) the absence of Internet connectivity, (ii) the need for zero-config installations, and (iii) support for OEM manufacturing.

Fleet security for 3D-imaging products
A client developed a product that utilizes high-precision photographs to create 3D facial reconstructions. I supported in securing capture device based on embedded linux. I also provided support to protect the devices against remote take over in the case of a compromised development pipeline.

CRA gap analysis
For a Swiss client in the machinery industry, I analyzed their current product and development processes against the EU Cyber Resilience Act (CRA) and IEC 62443. We established a roadmap towards compliance in Q4 2027.

Positions & Education #

Current Product Security Consultant at Product Security Guru, CH
Boutique consulting on product security and related EU legislation (Primarily CRA and RED DA). Actively involved in CRA standardization.

Current Network Security Lecturer at ETH Zürich, CH Teaching in the master-level Network Security course. Ca. 320 students/year.
Focus topics: PKI, VPNs, anonymous communication, and BGP security.

Lead Security Architect at Zühlke Engineering, CH
Work on PKI design, product security, IEC 62443, EU CRA, RED DA, …
Various Swiss and international clients in industrial and consumer products

PhD in Network Security at ETH Zürich, CH
Advised by Prof. Adrian Perrig at the Computer Science Department
Thesis: “Fine-Grained Access Control for Sensors, Actuators, and Automation Networks”

MSc in Electrical Engineering at ETH Zürich, CH
GPA: 5.92/6 — with Distinction — ESOP Excellence Scholarship

BSc in Electrical Engineering at TU Delft, NL
GPA: 9.5/10 — Cum Laude — Honours Programme — Challenge Programme

Piet De Vaere
Author
Piet De Vaere