Roman Mednitzer
Vienna, AT · Infrastructure & Compliance Engineering
Building infrastructure where compliance evidence is a byproduct of normal operation, not a documentation exercise after the fact.
About
I design systems where compliance evidence is a byproduct of normal operation, not a documentation exercise assembled after the audit. Policy-as-code enforces controls at runtime and produces signed audit trails automatically.
My background is production Linux platforms (since 2015), now specialising in Kubernetes, observability, and governance-as-infrastructure for EU-regulated environments. The focus is the boundary where infrastructure meets compliance, safety, and AI.
Writing
Domains
Infrastructure & Reliability
Linux on-prem and datacenter operations, virtualization (VMware, Proxmox), server lifecycle, backup/DR, SRE practices, observability, and incident response.
Platform Engineering
Kubernetes and OpenShift, Helm, Terraform, Ansible, GitOps, CI/CD security, container image supply chain, and secrets management.
Governance & Compliance
ISO 27001, NIS2, GDPR, EU AI Act, DORA, CRA, Machinery Regulation. Translating framework obligations into policy-as-code, measurable controls, and audit-ready evidence packs.
Assurance & AI Integration
Systems assurance architecture, enforceable boundary contracts, observability for AI/ML workloads, supply-chain integrity (SBOM/SLSA), and identity/access governance.
Technologies
Organizations
- IEEE
Systems, Man and Cybernetics Society
Computational Intelligence Society - OCG (Austrian Computer Society)
Current Focus
Applying enforceable boundary contracts to hybrid Linux and Kubernetes environments under NIS2, the CRA, and the AI Act. Current work: guardrail architecture for agentic AI in regulated operations, and continuous compliance evidence pipelines that satisfy multiple frameworks from a single control plane.