Security, Privacy, and Inclusion: Day 3 Highlights of DrupalCon Atlanta 2025

DrupalCon Atlanta 2025 is set to run from March 24–27, bringing together the global oopen-source community at the Hyatt Regency. On March 26, the third day of the event, the spotlight turns to some of the most urgent and timely topics in tech—software supply chain security, data privacy, and inclusive workplace practices.

Speakers Christopher Gervais, Jurgen Haas, and Matthew Saunders will lead sessions that go beyond code, addressing how Drupal—and the broader tech industry—can build more secure, compliant, and human-centered systems.

Christopher Gervais: Securing the Drupal Supply Chain

As a lead contributor to the Drupal AutoUpdates initiative, Christopher Gervais is working to solve a tough problem: keeping sites secure, automatically and at scale. His session, Supply Chain Security in Drupal and Composer, co-presented with Tim Lehnen and Neil Drumm, dives into what it takes to harden the Drupal ecosystem.

“Large institutions have the staff to stay on top of security. Smaller organizations—nonprofits, small businesses—usually don’t,” Christopher explained. “AutoUpdates is about closing that gap.”

At its core, AutoUpdates allows Drupal sites to receive updates automatically via Composer. But Christopher's work goes deeper—into the integrity of the update process itself. His focus has been on integrating The Update Framework (TUF), a standard that ensures packages haven’t been tampered with.

“If AutoUpdates is going to be hands-off, verifying checksums is essential,” he said. “That’s where TUF comes in.”

Christopher's path to supply chain security stems from years in the Drupal ecosystem—from the Aegir project to Drush Make and now Composer. When the Drupal Association issued an RFP to build a supply chain solution, he was a natural fit. The work led him to create the Rugged TUF Server, now a key part of Drupal’s packaging pipeline.

At DrupalCon Barcelona, Christopher co-presented an early version of this session and even collaborated with Composer co-creator Nils Adermann on ways to scale TUF for Packagist.org.

“The web’s power depends on tools staying accessible and secure,” Gervais said. “Opensource can’t just be free—it has to be safe.”

Beyond his technical session, Christopher will also be presenting on Sociocracy at the Community Summit—a reflection of his commitment to inclusion in both code and governance.

Jurgen Haas: Privacy and Compliance, Built Into Drupal CMS

Jurgen Haas is bringing a clear message to Atlanta: Drupal CMS isn’t just capable of privacy compliance—it’s setting a new standard for it. His session, Drupal CMS: Golden Standard for Privacy and Data Protection, walks attendees through the evolving privacy standards and how Drupal is built to meet them.

“There hasn’t really been a misconception in Drupal about privacy,” Jurgen said. “The issue is that until recently, it wasn’t something frameworks enforced during setup. That’s changed.”

As privacy laws like GDPR and CCPA continue to evolve, organizations are under pressure to comply—without slowing down development. Drupal CMS now includes preconfigured tools that help site owners manage privacy from day one.

“What used to take time to research, find, and configure is now ready to go out of the box,”

Jurgen explained.

His session focuses on how Drupal CMS supports ongoing compliance—not just one-time checklists. “Compliance isn’t a status. It’s a process,” he said. “When your site changes, your privacy settings may need to change too. Drupal CMS helps guide users through that.”

Rather than offering rigid rules, Drupal CMS provides best practice defaults, documentation, and upcoming tools that help site builders navigate legal requirements—without imposing one-size-fits-all solutions.

“We’re not trying to give legal advice,” Jurgen said. “We’re giving users a strong framework and the flexibility to meet their specific needs.”

And he’s quick to challenge one of the web’s biggest myths: that privacy and good UX are mutually exclusive.

“Most websites don’t need cookie banners. And if they do, they don’t need to ruin the user experience,” Haas said. “Drupal CMS proves that strong privacy and great design can go hand in hand.”

Matthew Saunders: Neurodiversity Is a Strength, Not an Accommodation

In his session, The Neurodivergency SuperPower – How Diverse Teams Function Better, Matthew Saunders flips the conversation around neurodiversity. This isn’t about accommodations—it’s about advantages.

“With shrinking labor pools and increasing demand for innovation, organizations can’t afford to overlook neurodivergent talent,” Matthew said. “And the data is clear: diverse teams perform better.”

The challenge, he explains, isn’t just hiring neurodivergent employees—it’s creating environments where they thrive. His session outlines three critical areas: rethinking hiring, building psychological safety, and adapting workplace structure.

“Standard interviews screen out a lot of talent,” Matthews said. “We need to move toward skills-based assessments and train managers to recognize different communication styles.”

He also pushes for sensory-friendly spaces, flexible schedules, asynchronous collaboration, and clear, direct communication. “Soft skills aren’t easy for everyone. Small talk is not the measure of value,” he said.

For Saunders, this isn’t a theoretical talk. It’s his third session on neurodiversity, and it’s grounded in both research and lived experience. After a three-year break, DrupalCon Atlanta will be his 26th.

“Drupal’s built by a global, neuroinclusive team,” he said. “If we can understand how to unlock that potential, we can build better products and better communities.”

He hopes attendees leave with simple, actionable steps they can bring back to their organizations—and a new way of thinking about inclusion.

“This is about competitive advantage,” he said. “Companies that lead on neuro-inclusion will attract and retain the best talent. And they’ll build stronger teams as a result.”

Day 3 of DrupalCon Atlanta brings practical sessions rooted in real-world impact. Whether it’s hardening your supply chain, making privacy simpler, or rethinking team dynamics through neurodiversity, these speakers are pushing the conversation forward.

Stay tuned to The DropTimes for live updates from DrupalCon Atlanta 2025