Cyber ​​security in focus: Student wins competition with master's thesis!

Cyber ​​security in focus: Student wins competition with master's thesis!

On May 30, 2025, Anna Neumann, a graduate of the master's program in practical computer science at the FernUniversität in Hagen, was recognized as the winner of the “Germany's best IT security master's thesis” competition at the NIS-2 Congress. Her work is entitled “Evaluation of the CRA and NIS-2: Role and Relevance of the Software Bill of Materials in Open Source Projects in the Context of Vulnerability Management for KRITIS Companies” and addresses a highly topical topic in cybersecurity.

Neumann, who works in cyber security in the food industry, studied while working full-time. After completing her bachelor's degree, she decided to gain financial independence before starting her master's degree. She previously worked in vulnerability management at a financial services provider. Your master's thesis focuses on the “Software Bill of Materials” (SBOM), which serves as a comprehensive list of all components of a system or application. These lists are crucial for identifying vulnerabilities in software components.

NIS-2 and Cyber ​​Resilience Act

In her work, Neumann analyzed how SBOMs can be implemented within the framework of the NIS 2 directive and the Cyber ​​Resilience Act (CRA). The NIS 2 Directive, which is intended to strengthen cybersecurity in essential and important sectors, regulates security measures in critical infrastructure companies (KRITIS). The aim is to increase security through stricter requirements and reporting obligations, explains TwoBirds. Despite the challenges in implementing the NIS 2 Directive in Germany, which is experiencing politically-related delays, Neumann's approach shows the importance of cybersecurity solutions.

The NIS 2 directive, in force since January 2023, requires companies in certain sectors to comply with governance and risk management requirements. There is a deadline of October 17, 2024 for national implementation, while failure to comply could result in fines of up to 10 million euros. The CRA, which will apply from December 2024, also ensures uniform security standards for products with digital elements.

Recognition and award ceremony

At the NIS-2 Congress, which took place in Frankfurt from May 6th to 7th, Neumann had the opportunity to interact with experts from various industries and make valuable professional contacts. The congress discussed the NIS 2 directive and its importance for European cybersecurity. Neumann was made aware of the competition when she heard about the opportunity to submit her work from Prof. Tobias Eggendorfer at her university. She received prize money of 1,500 euros for her outstanding performance. This award recognizes not only their academic achievement, but also the growing interest and need for professionals in the cybersecurity field.

The developments of the NIS 2 Directive and the CRA are part of a small number of legislative measures adopted to help ensure a high level of cybersecurity in the EU. Loud eur-lex.europa.eu These regulations are essential steps to improve cybersecurity. The ongoing challenges posed by cyber threats underscore the importance of such initiatives. The focus on SBOMs, as discussed by Neumann, could represent a significant advance in the security architecture of KRITIS companies.