Skip to main content
🎓 Claude Code Masterclass Learn AI-assisted development on Udemy — plus the companion book on Leanpub & Amazon. Start Learning
Django Beek from Chainguard presenting on the future of open source software and AI at Platform Engineering Amsterdam
Platform Engineering

Platform Engineering Amsterdam: This is FIN(e)TECH Meetup Recap

Recap of the 10th Platform Engineering Amsterdam meetup: Kubernetes security at ING, dark matter supply-chain vulnerabilities, and secure platforms for AI.

LB
Luca Berton
· 4 min read

The 10th edition of the Platform Engineering Amsterdam meetup — themed “This is FIN(e)TECH” — took place on a boat at Hannekes Boot, docked on the Amstel. Fitting theme for the venue: how does platform engineering hold up against the specific pressures FinTech puts on infrastructure — Kubernetes security, software supply-chain risk, resilience, compliance, and now AI moving into all of it at once.

Speaker presenting on a boat at Hannekes Boot with the Amsterdam waterfront in view, Platform Engineering Amsterdam FinTech meetup

Thanks to organizers Michaela, Darko Klincharski, and Rajesh Gunasekaran for pulling the community together again, and to Chainguard and Tarmac.io for hosting and sponsoring the evening.

Lars Lefebvre (ING): What I’ll Tell My Kids About K8s Security

Lars Lefebvre from ING opened with a genuinely different angle on a well-worn topic. Rather than another slide deck of CIS Benchmark checkboxes, he framed Kubernetes security as the story he’d want to pass on — what actually matters once you strip away the compliance theater.

The technical payload: an open-source tool built internally at ING to surface real-world cluster vulnerabilities, not theoretical misconfigurations. The distinction matters. A lot of Kubernetes security tooling flags everything that could theoretically be exploited; what a bank actually needs is a signal for what is exploitable in this cluster, with these workloads, today. Tooling built inside an institution that has to answer to regulators tends to be shaped by that constraint in useful ways.

Cassie Crossley (VulNow): Dark Matter Vulnerabilities

Cassie Crossley, CEO and Co-Founder of VulNow, presented “Dark Matter Vulnerabilities™: The Next Infrastructure Frontier” — a term for the class of software supply-chain risk that sits outside what a standard CVE feed will ever show you.

Three threads stood out:

  • PreCVEs — vulnerabilities that exist and are exploitable before they are ever assigned a CVE identifier, meaning any program that gates remediation on CVE publication is working with a structural blind spot.
  • Codebase integrity — the difference between “this dependency has no known CVEs” and “this dependency has not been tampered with,” which are not the same claim and get conflated constantly.
  • The EU Cyber Resilience Act — upcoming requirements that will force vendors and integrators to demonstrate supply-chain due diligence in a way most current SBOM practices do not yet satisfy.

For platform teams, the practical implication is that supply-chain security programs built purely around CVE scanning are already behind where regulation is heading.

Django Beek (Chainguard): A Secure Platform for, and Against, AI

Django Beek from Chainguard presenting on the future of open source software and AI at Platform Engineering Amsterdam

Django Beek from Chainguard closed the talks with “Towards a Secure Platform for, and against AI” — deliberately framed both ways, because platform teams are now solving two problems at once: how to support AI-powered development without slowing it down, and how to protect the platform from the new failure modes AI introduces.

The traditional open-source maintainer model — a small number of trusted humans reviewing every change — was never designed for a world where a meaningful share of contributions are AI-generated, at AI speed. Django’s argument was that platforms need to become the enforcement point: verified base images, provenance that survives an AI-assisted commit, and policy that does not depend on a human catching a subtle issue in a code review. This is the same direction Chainguard’s supply-chain security work has been pushing for a while, but the AI framing sharpens why it is urgent now rather than later.

Networking on the Amstel

Networking with fellow attendees along the Amsterdam waterfront near Hannekes Boot

Networking with fellow Platform Engineering Amsterdam attendees at Hannekes Boot

The rest of the evening was BBQ, drinks on the dock, and the kind of hallway-track conversation that makes this community worth showing up to every time — comparing notes on Kubernetes security tooling, supply-chain compliance timelines, and how everyone’s platform team is actually handling AI-assisted development in practice, not just in theory.

Why FinTech Is the Right Lens for This

FinTech makes a good stress test for platform engineering precisely because it cannot cut corners on any of the topics covered: Kubernetes security has to hold up under audit, supply-chain provenance has to survive a regulator’s questions, and AI adoption has to happen without expanding the attack surface the compliance team already has to defend. What a bank’s platform team gets right under that pressure is usually worth stealing for any other industry.

About the Author

I am Luca Berton, AI and Cloud Advisor. I work at the intersection of platform engineering, cloud security, and enterprise AI deployments. Book a consultation.

Free 30-min AI & Cloud consultation

Book Now