Nerding Out With Viktor

In this episode of Nerding Out with Viktor, host Viktor Petersson sits down with Olle Johansson and Anthony Harrison to explore the intersection of Software Bills of Materials (SBOMs) and the EU Cyber Resilience Act (CRA). Together, they unpack what CRA compliance looks like in practice and why SBOMs are becoming a critical piece of the regulatory puzzle. Olle and Anthony share their hands-on experience navigating SBOM tooling, formats like CycloneDX and SPDX, and the operational challenges teams face when integrating these workflows into real-world development pipelines. The conversation covers how organizations can move beyond checkbox compliance toward meaningful transparency in their software supply chains. They also discuss the timeline and enforcement realities of the CRA, how it interacts with existing standards, and what engineering teams should be doing now to prepare. For anyone building, shipping, or securing software in the EU market, this episode offers a grounded, practical guide to the compliance landscape ahead.

In this episode of "Nerding Out with Viktor," host Viktor Petersson sits down with Marcelo Garcia, a telecom infrastructure veteran turned extreme biohacker, to explore what biohacking looks like when approached through systems thinking and data. Marcelo recently completed a 50-day water-only fast while hiking nearly 1,000 kilometers, tracking everything from DEXA scans and VO2 max to HRV and metabolic panels. The conversation moves from the mechanics of prolonged fasting and fat oxidation to muscle preservation under sustained load, immune adaptation, and the role of movement as a metabolic signal. Viktor and Marcelo also discuss biological age modeling and how AI can synthesize large sets of biomarkers into practical health span projections. For builders and technically inclined listeners, this episode reframes resilience as something measurable, testable, and intentionally designed.

In this episode of "Nerding Out with Viktor," host Viktor Petersson sits down with Sarah Fluchs, CTO and OT cybersecurity expert, to unpack the EU's Cyber Resilience Act and what it means for anyone building connected devices. Sarah shares her journey from engineering into the world of OT security, and explains her involvement in the CRA expert group that's shaping how the regulation gets implemented. Together, they explore what CRA compliance looks like in practice—from the requirement to provide five years of vulnerability support, to the constraints around over-the-air updates, and the rising importance of Software Bills of Materials (SBOMs) in embedded systems. The conversation dives into the practical challenges facing device manufacturers, including how to structure security workflows, manage firmware lifecycles, and prepare for regulatory scrutiny. Sarah offers clear, grounded insights into the timeline, scope, and enforcement mechanisms of the CRA, helping listeners understand what's required and what's still being defined. Viktor and Sarah also discuss the broader implications of the CRA for the embedded and IoT ecosystem, exploring how the regulation intersects with existing standards and what it means for both large enterprises and smaller hardware teams. They examine common misconceptions about compliance and share strategies for teams looking to get ahead of the requirements. Whether you're managing firmware, building security workflows, or navigating hardware compliance, this episode offers a practical guide to understanding the CRA and preparing your organization for what's ahead.

In this episode of "Nerding Out with Viktor," host Viktor Petersson sits down with James Baker, Policy and Campaigns Manager at Open Rights Group, to explore the real-world impact of the UK Online Safety Act and proposed Digital ID systems. Together, they unpack how the UK's approach to digital identity is raising concerns about centralization, privacy, and long-term control over personal data. James shares his experience fighting the UK's original ID card proposal and why current models risk repeating the same mistakes—only with more data and less oversight. The conversation covers how enforcement is playing out across infrastructure, the role of companies like Palantir, and how surveillance tools like facial recognition and metadata scanning are already affecting users and platforms. Viktor and James delve into the technical and policy implications of centralized identity systems, examining how seemingly convenient digital ID solutions can create unprecedented opportunities for surveillance and control. They discuss the challenges facing platforms trying to comply with age verification requirements while protecting user privacy, and why the current regulatory approach may be fundamentally incompatible with secure, decentralized systems. The discussion also explores the broader implications for encryption, anonymity, and digital rights in an increasingly surveilled digital landscape. James provides insights into how civil liberties organizations are pushing back against overreaching legislation, and what individuals and organizations can do to protect privacy and freedom in the digital age. This episode is especially relevant for anyone working on identity, encryption, or infrastructure. It offers a clear look at how policy and implementation intersect—and why design choices today matter more than ever for the future of digital rights and privacy.

In this episode of "Nerding Out with Viktor," host Viktor Petersson sits down with Nick Selby, a security leader and advocate for practical security culture, to explore the reality behind software security compliance and why so many teams treat it as a checkbox rather than a mindset. The discussion unpacks how frameworks like SOC 2 and ISO 27001 often provide structure but not necessarily safety, and why real resilience depends on culture, not compliance. Viktor and Nick dig into the challenges of adopting AI tools faster than they can be secured, the limits of certification-driven trust, and how modern legislation such as the Cyber Resilience Act and SBOMs can reshape accountability across the software supply chain. Nick shares insights from his extensive experience in security leadership, revealing the gap between compliance theater and genuine security practices. The conversation explores how organizations can build security cultures that make compliance a natural outcome rather than a forced exercise, and why understanding the "why" behind security measures is more valuable than simply following checklists. The episode also delves into the practical challenges facing modern development teams as they navigate the rapid adoption of AI tools while maintaining security standards. Viktor and Nick examine how traditional compliance frameworks struggle to keep pace with emerging technologies, and what this means for organizations trying to balance innovation with risk management. For founders, engineers, and leaders navigating the balance between innovation and security, this episode offers a grounded look at how to make compliance a natural outcome of good security practices, not its substitute. Safety Co-Option and Compromised National Security: The Self-Fulfilling Prophecy of Weakened AI Risk Thresholds EU Cyber Resilience Act

In this episode of "Nerding Out with Viktor," host Viktor Petersson sits down with Patrick Walker, former YouTube and Facebook executive and now founder of the conscious tech platform Uptime, to explore the quiet discipline of digital minimalism. Patrick shares his journey from building global video platforms to stepping away from Big Tech, reflecting on the ethical and personal tradeoffs of always-on technology. They discuss the design choices that shape user behavior, why screen time isn't just a personal problem, and how to raise screen-literate kids without going off the grid. The conversation delves into the psychology of attention design, exploring how recommendation algorithms and notification systems are engineered to capture and hold user engagement. Patrick offers insights from his years inside major tech companies, revealing the tension between user wellbeing and business metrics that drive product decisions. Viktor and Patrick examine practical strategies for reclaiming digital autonomy, from intentional device usage to creating boundaries that support deep work and meaningful relationships. They also discuss the challenges facing parents in an increasingly connected world, sharing approaches for teaching children healthy technology habits without resorting to complete digital abstinence. Whether you're designing products, leading a team, or just trying to protect your own attention, this episode offers a clear-headed look at why digital minimalism matters—and how to make space for what truly counts in an age of infinite scroll.

In this episode of "Nerding Out with Viktor," Viktor Petersson is joined by Sean Rhodes from Star Labs for a deep dive into coreboot and Linux hardware. The discussion explores how Star Labs builds Linux-first laptops and mini PCs that prioritize open firmware, long-term support, and user trust. Sean shares the company's journey from its early days as a small team wanting a reliable Linux laptop, through the challenges of manufacturing, supply chain crises, and the decision to move away from AMI BIOS in favor of coreboot. He explains how firmware updates, LVFS integration, and careful hardware choices shape devices that remain usable years after release. The conversation delves into the technical complexities of building hardware that truly works out of the box with Linux distributions, from driver compatibility to power management optimization. Sean discusses the realities of competing with mass-market manufacturers while maintaining commitment to open-source principles and transparent development practices. This episode is essential listening for technical founders, engineers, and open-source contributors who care about building secure, sustainable, and Linux-first hardware in a market dominated by mass-produced PCs. Whether you're interested in coreboot development, hardware manufacturing challenges, or the future of open firmware, this conversation offers valuable insights into creating hardware that respects user freedom and privacy.

In this episode of Nerding Out with Viktor, host Viktor Petersson sits down with Marcus Taylor, co-founder at Planet Computers and veteran of IBM, Logica, and the GSM Association. Marcus brings decades of experience across telecom, hardware, and secure systems. The conversation traces his early work on natural language systems at IBM, his role in pioneering mobile commerce and ticketless travel in the 1990s, and his time advancing telco standards at the GSM Association. Taylor also shares how Erlang became the backbone of resilient systems powering WhatsApp, financial exchanges, and mission-critical infrastructure. The episode dives into the creation of Planet Computers smartphones - niche, keyboard-first devices designed for journalists, engineers, and security professionals. Marcus discusses their unique multi-boot Android/Linux capability, industrial use cases, and how the company is expanding into network appliances and Industry 4.0 solutions. For builders and product teams, this is a look at why specialized devices and resilient networks still matter in a consumer-driven world.

In this crossover episode, Viktor Petersson sits down with Sean Martin, co-founder of ITSPmagazine, to unpack how software supply chain security is evolving under regulatory pressure, real-world incidents, and a fast-changing tooling landscape. They explore how SBOMs are moving from static artifacts to operational assets, why transparency beats blanket claims of being "secure," and how teams can build systems that hold up in production, not just audits. Sean shares insights from decades in the field, from shipping products at Symantec to speaking with security leaders on his podcast. With topics ranging from AI tooling guardrails to IoT failures and compliance gaps, this episode is for anyone building or securing modern software systems.

In this episode, Viktor Petersson sits down with Niklas Düster, co-lead of OWASP DependencyTrack and contributor to CycloneDX, to explore the realities of managing software bill of materials (SBOMs) at scale. Drawing on real-world experience, Niklas explains how DependencyTrack helps engineering teams analyze, monitor, and act on risks buried deep in their dependency trees. The conversation covers how teams integrate SBOM workflows into CI/CD pipelines, why gating deployments on vulnerability scans can backfire, and how the platform's evolving architecture is built to handle massive, multi-project setups. Niklas also unpacks how VEX files fit into the equation, and why context-aware suppression logic is key to reducing alert fatigue without missing critical issues. For anyone responsible for securing large-scale software systems, this episode provides a grounded look at how DependencyTrack works under the hood and what's ahead. It's a practical, engineering-focused conversation that highlights what it takes to operationalize SBOMs across modern infrastructure.

In this episode, Viktor Petersson sits down with Thorbjørn Rønje, founder of Bifrost Studios, to unpack the venture studio model and why he believes it’s a smarter, faster way to build startups. Thorbjørn explains how Bifrost applies a playbook-driven approach to validate product ideas quickly, reduce risk, and bring businesses to life without wasting time or capital. He shares how they’ve used frameworks like Purple Ocean and Apollo to launch companies such as Scaleup Finance, and why separating the early build team from the long-term operators makes their model scalable. They also explore how this model applies to acquiring legacy businesses, turning them around with tech and brand upgrades. If you're thinking about startups, product-market fit, or the future of micro private equity, this one is worth your time.

In this episode of Nerding Out with Viktor, Viktor Petersson sits down with Carl Richell, founder and CEO of System76, to unpack how a small Linux-focused hardware company grew into a full-stack open source innovator. They explore System76's journey from shipping Ubuntu laptops to designing open firmware, building a factory, and launching their own desktop environment, Cosmic. Carl shares hard-earned lessons on supply chain trust, hardware enablement, and why openness, done right, can scale. If you're into Linux, open hardware, or building products that last, this one's for you.

In this episode of Nerding Out with Viktor, host Viktor Petersson welcomes back Jon Seager, VP of Engineering at Canonical, for a candid conversation about managing remote teams. They explore how Canonical structures its fully distributed engineering org, why hybrid meetings rarely work, and how to build systems that support clarity, autonomy, and actual output. With Jon's experience scaling teams at Canonical and Viktor's 15+ years of running distributed organizations, this episode offers a clear, practical view of what makes remote teams succeed. Topics include performance frameworks, calendar ownership, documentation debt, onboarding traps, and hiring in the age of AI. This is a must-listen for engineering leaders, remote managers, and anyone serious about scaling remote teams.

In this episode of Nerding Out with Viktor, host Viktor Petersson sits down with Vlad Trifa, founder of Zimt and co-founder of EVRYTHNG, to explore why Web3, crypto, and blockchain often fail to deliver on their promises in the real world. Drawing from Vlad's extensive background in IoT, supply chain traceability, and decentralized systems, they dive into the cultural and technical challenges that make blockchain adoption difficult in enterprise environments. The conversation unpacks how tokenomics and DAOs are frequently misused, why wallet UX and self-custody are blockers to mainstream adoption, and what meaningful NFT use cases might look like beyond digital art. They also discuss why many "decentralized" solutions are just overengineered databases, and how regulation, governance, and real-world incentive alignment remain unsolved problems in Web3 development. This episode is essential listening for Web3 builders, blockchain skeptics, and anyone looking for a clear-eyed take on what it really takes to scale decentralized technologies beyond prototypes.

In this episode of Nerding Out with Viktor, host Viktor Petersson speaks with Joshua Watt of Garmin and Ross Burton of ARM to explore how the Yocto Project is evolving to meet the growing demands of software supply chain security, embedded Linux customization, and long-term product maintenance. As two long-time contributors to Yocto and OpenEmbedded, Joshua and Ross share hard-earned insights on how build-time Software Bill of Materials (SBOMs) offer deeper accuracy and compliance benefits compared to traditional post-build analysis. They dig into how the integration of SPDX 3.0 in Yocto enables better license tracking, reproducibility, and component transparency, critical features for developers building connected products in regulated industries like industrial IoT, telecom, and automotive. The conversation also covers how VEX metadata can be used to prioritize vulnerabilities in real-world environments, and why reproducible builds using BitBake's hashserver infrastructure are becoming a cornerstone of secure firmware development. As global regulatory frameworks like the EU Cyber Resilience Act (CRA) push for stricter transparency and vulnerability management, the Yocto Project's native SBOM tooling is helping teams future-proof their embedded Linux stacks. Joshua and Ross also discuss the challenges of managing multi-layer board support packages (BSPs), handling closed-source components responsibly, and navigating SBOM creation across vendors in complex system builds. This episode is a must-listen for embedded engineers, firmware architects, and product teams who want to build secure, scalable Linux-based devices while staying ahead of compliance and lifecycle management needs.

In this episode of Nerding Out with Viktor, host Viktor Petersson is joined by Kevin Henrikson, an experienced engineering leader who's worked with Zimbra, Microsoft, and Instacart, to share real startup founder lessons on how to scale engineering teams, build resilient systems, and manage growth through acquisitions. Kevin explains what founders often get wrong when scaling, why a simple weekly shipping cadence changed everything at Outlook Mobile, and how aligning around a single operational metric helped Instacart navigate massive demand during the COVID surge. We talk about how to avoid "organ rejection" during an acquisition, the shift from founder to advisor inside large companies, and what breaks first when scaling from 10 to 1500 engineers. Kevin also covers org design for distributed teams, why CTOs need to think about people and systems as much as code, and how he's using AI and automation to operate leaner, more scalable SaaS businesses. Whether you're a startup founder, CTO, or building your first technical team, this episode is packed with insights from someone who has done it at every stage.

In this episode of "Nerding Out with Viktor," host Viktor Petersson is joined by Vlad A Ionescu, founder and CEO of Earthly, to explore the realities of modern CI/CD pipelines, why developer experience remains fragmented, and how platform and security teams can work more effectively across organizations. Vlad outlines the origins of Earthly and how their open-source build automation tool enables consistent CI/CD across teams. The conversation covers GitHub Actions, the challenge of running pipelines locally, and why container-based workflows offer practical improvements in debugging and collaboration. The discussion moves to Earthly's second product, Lunar, which focuses on monitoring and enforcing engineering practices in the SDLC. Vlad explains how this enables organizations to apply policies like test coverage and vulnerability scanning, without relying solely on teams to adopt them individually. Other key topics include plugin governance, differences in developer infrastructure at large companies versus smaller teams, and the complexity of managing shared CI/CD ownership. The conversation also touches on hybrid work challenges, remote team management, and strategies for building trust and documentation in distributed teams. Toward the end, the episode explores the potential impact of AI in software development. Vlad shares why he sees AI as a tool for accelerating skilled engineers, rather than a full replacement, and highlights the risks of relying on machine-generated code without proper verification. Whether you're working on developer tooling, building remote teams, or thinking about the role of AI in engineering workflows, this episode offers a grounded and technical perspective.

In this episode of "Nerding Out with Viktor," I'm joined by Johan Christenson, founder of Cleura, to dig into one of the most critical questions facing European tech today: how do we build a sovereign cloud that can actually compete? Johan brings decades of experience in open infrastructure and a front-row seat to the evolution of cloud computing. We talk about why Europe still leans so heavily on U.S. cloud platforms, and the real-world risks that come with that dependency whether it's pricing, control, or strategic leverage. We get into the friction points that keep Europe from moving faster: outdated procurement practices, broken incentive structures, and the lack of deep technical understanding inside policymaking circles. Johan also shares what it's been like building on OpenStack from the early days, and what Cleura has learned about scaling sovereign infrastructure in a space dominated by hyperscalers. I really enjoyed diving into how cloud-native tools like Kubernetes can unlock more flexibility and how standardization could help level the playing field for smaller providers. We also touch on the limitations of regulation when enforcement is missing, and why alignment between government goals and operational behavior is long overdue. Whether you're in cloud infrastructure, policy, or just curious about how Europe can chart its own course, this one's packed with insight.