Stefan Aeschbacher
“Software must work — reliably, predictably and efficiently. From over 25 years in IT, including 10 in software security and technical leadership in critical infrastructure, I have learned: trust is good, but methodical rigour and precise specifications are the only insurance against system failure.”
Background & Expertise
CTO / CISO & Member of Executive Management — Security Printing
High-security environments, physical-digital security
Technology and security leadership at a family-owned security printing company producing forgery-proof tickets. When product integrity is the business model, you learn to treat physical security and IT governance as one discipline.
Head of Development & System Engineer — PostAuto / Railway Technology
Critical infrastructure, high availability
Responsible for the new generation of ICT systems for a fleet of 2,500 vehicles. In an environment where failure is not an option, one conviction took hold: what is not precisely specified cannot be reliably built.
10 Years of Software Security
Hardening, threat analysis, security architecture
Long-standing experience securing networks and software architectures. Security is not an add-on for me — it is the foundation of every stable solution.
Why Agentic Software Engineering today?
The current hype around AI agents reminds me of the early days of insecure software architectures: plenty of enthusiasm, little control. “Vibe coding” — blind trust in AI outputs — is a real risk in professional environments.
I draw on my experience from railway engineering and security technology to show teams how to capture the productivity of AI agents without losing control over their code.
Focus areas
- Spec-Driven Development — machine-readable specifications as the foundation for controlled AI engineering
- Secure Agentic Workflows — security architecture for AI-assisted development processes
- CTO Advisory — strategic AI adoption, governance and nDSG/EU AI Act compliance
- Founding partner of waytogreenit.ch
Open Source: Taproot
To close the gap between vague requirements and unsafe code, I am building the open-source framework Taproot. It transforms probabilistic AI coding into structured, verifiable Spec-Driven Development — a controlled interface between business logic and the AI agent, rather than an open prompt surface. This website is itself an example: specs and implementations are fully traceable in the repository.