How do you keep pace in a constantly changing tech landscape? What role do industry conferences, new tools and community meetups play in day-to-day software development? And where is DevOps heading when suddenly everyone is talking about Platform Engineering?
Jasmin Müller leads the infrastructure team at STRG.at. Together with Jürgen Schmidt, the Managing Director of STRG.at, she talks about trends, challenges and personal insights into her work and the community. A conversation that combines technical know-how, day-to-day reality and strategic perspective.
Industry conferences, meetups & community
Jürgen: Jasmin, you regularly attend conferences and meetups. Which are your favorites?
Jasmin: I try to attend a good mix of large conferences and local community events. Among the larger formats, these include KubeCon or the Kubernetes Community Days. They naturally bring in many international perspectives. But the smaller formats are often more interesting – such as the Vienna DevOps Meetup by Squer, the Vienna DevOps and Security Meetup or the fairly new Platform Engineering Vienna, which is organized by Dynatrace.
Jürgen: How do large conferences like KubeCon differ from these meetups?
Jasmin: With just over 12.000 participants, KubeCon is of course a very large event. In Amsterdam 2023, some of the rooms were overbooked and it was then only possible to join via live stream. The Kubecon Experience is nevertheless unique, because there is something for everyone. Compelling keynotes and talks, countless networking opportunities, as well as project booths with demos and swag. The Co-Located Events, which always take place one day before the actual Kubecon, are particularly worth highlighting. Inspiring talks on specific topics, in 2025 e.g. the Platform Engineering Day or the Cloud Native + K8s AI Day, and many show-and-tell sessions round off the start of Kubecon.
Meetups, on the other hand, are more manageable, with 30 to 80 participants. There are two or three talks, networking in between, pizza, coffee – it is more approachable and regional. Kubecon is very valuable for observing international trends and developments in the community. Regional events are just as essential for understanding how these global trends affect the local market and, above all, for better positioning ourselves in the competitive landscape.
Jürgen: Which specific topics are covered there?
Jasmin: The topics are wide-ranging, but tools dominate. Often it is about use cases for existing tools, e. g. how Gitops is implemented with FluxCD or why we want to keep our code up to date. Another major topic is Observability, meaning Open Telemetry, metrics, logs, traces. It is also about Software Supply Chain Security – for example image signing or the security of IoT devices. I once saw a talk by a PhD student from TU Wien who showed how easily security vulnerabilities in the IoT space can be exploited – incredibly interesting!
Security, automation and the changing tool landscape
Jürgen: How present is the topic of security in the DevOps community?
Jasmin: Awareness is increasing steadily. The focus here is on application security, especially how the software supply chain can be secured as effectively as possible. Part of our stack is also a complex network of dependencies, where a complete manual review of every component involves significant effort. The risk lies in the potential integration of compromised packages, as we are currently seeing again in the example of the GitHub Action tj-actions/changed-files see. We use this action. Incidents like this show that even trusted and widely used tools can suddenly develop security vulnerabilities. Thanks to the open-source community, the vulnerability was ultimately discovered and addressed quickly.
Jürgen: We often see that in software projects as well. Libraries are loaded whose further development unsuspecting software developers no longer look at. (Not with us) I often ask myself: how secure is that, actually?
Jasmin: Exactly, that is where Automation comes into play. For us, Renovate handles a large part of the automated updates. It continuously checks whether new versions of libraries are available, creates PRs and merges them – but only once security checks and tests have run successfully. For example, we use npm audit, to identify vulnerabilities. This process runs fully automatically as part of the PR.
Jürgen: And what if there isn’t sufficient test coverage?
Jasmin: Then that is a problem. Renovate only checks the existing status checks. If they are missing or insufficient, an update goes through that may break something. That is why test quality is a central point in any automation. Automation only works if the foundation is stable.
Telemetry and observability in practice
Jürgen: What is behind the buzzword „OpenTelemetry“?
Jasmin:OpenTelemetry is an open-source project that provides a standardized approach to collecting telemetry data from applications and infrastructure. It is about what the application reports: which metrics, which logs, which traces. In principle, this allows you to trace every request from start to finish across all services. Then there is Alerting – meaning when, how often and via which channels I receive notifications when something is not working.
Jürgen: And does that work for large systems?
Jasmin: Yes and no. With a few clusters, it is manageable. With many clusters, central observability is often necessary… There are dedicated solutions for centrally and scalably evaluating telemetry data.
The shift: from DevOps to Platform Engineering
Jürgen: Earlier you said that Platform Engineering is the next big topic. What distinguishes it from DevOps?
Jasmin: Platform Engineering takes a holistic view of infrastructure. DevOps was often focused on tools and processes – Platform Engineering also takes care of all the surrounding aspects: infrastructure, costs, scaling, developer portals.
Jürgen: Earlier you said that Platform Engineering is the next big topic. What distinguishes it from DevOps?
Jasmin: Yes, so-called self-service platforms. The developer fills out a form: „I need a bucket with these specifications“ – clicks OK – and in the background a pipeline runs that provisions everything. This is called Infrastructure as a Service, or in short: IaaS. „I thought I had invented the term, but it actually exists.“
Collaboration, separation, understanding
Jürgen: I take a critical view when developers and infrastructure people move too far apart. Good developers need to understand what is happening in the backend – and vice versa.
Jasmin: Absolutely. I don’t think you can be a good developer if you say: I’ve written my class – the rest doesn’t concern me. Especially in the web space, you need to know how a high-load system works, how caching behaves, what security means.
Jürgen: I’ve seen frontend code where sensitive data was sent via a GET request – including a social security number in the URL. Technically, it works, but it is catastrophic. And that kind of thing happens when there is no understanding of infrastructure.
Jasmin: Or when database credentials appear in plain text – either in the code or in the logs. We’ve seen both.
Looking ahead
Jürgen: You’ve been observing the scene for years. Where is your area heading over the next two to three years?
Jasmin: Clearly: platforms. Platform Engineering, Developer Self-Service, Infrastructure as a Service – everything is moving toward processes being automated, abstracted and made scalable.
Jürgen: Has there been an experience recently that particularly impressed you?
Jasmin: The tour of the NTT data center in Wien was excellent. They use a gas that deprives the fire of oxygen. They don’t extinguish it – they smother it. The security standards there are extremely high; it was really impressive. It was organized by NextLayer – we know them well.
Thank you for the conversation, Jasmin.