Rapid Relaunch for a Cruise Company

Context

A German cruise company ran an online store for accessories and customer-loyalty engagement alongside its core travel business. After a security incident, continuing to operate the existing system was no longer viable — the store had to be replaced completely rather than patched. The work was delivered through Webmatch GmbH, where I act as an external software architect and consultant on Shopware and enterprise-commerce projects, combining hands-on implementation with architecture and stakeholder guidance.

Challenge

The brief left little room: replace an entire production store under a tight deadline, with no tolerance for downtime and no acceptable loss of customer or order data. Security had to be designed in from the start rather than bolted on afterwards — the replacement was triggered by a security incident in the first place. Compounding this, the whole effort ran inside a regulated corporate environment: deployment and operations had to satisfy traceable, auditable requirements, and PCI DSS compliance had to be demonstrated as a prerequisite for payment processing. On top of the technical constraints, the project spanned several stakeholder groups, from the client’s internal development team to business leadership, whose requirements and expectations had to be aligned and kept in sync across a compressed timeline.

Approach

As lead developer and architect, I rebuilt the store on Shopware 6, containerised the application with Podman, and set up a GitLab CI/CD pipeline so deployments were repeatable and auditable. What made this workflow particular was the regulated corporate environment: the pipeline had to fit the organisation’s approval, evidencing, and security requirements rather than work around them. In parallel, I supported the PCI DSS compliance certification, making sure the architecture, deployment process, and operations met its requirements. Hands-on development and architectural guidance went hand in hand: establishing robust technical guardrails, reducing complexity instead of passing it on, and translating ambiguous or competing requirements into precise, prioritised work. Progress was driven through structured weekly stakeholder meetings that kept decisions efficient and documented, and the whole solution was prepared for a clean handover to the client’s internal team.

Outcome

The store was relaunched within the deadline, with no downtime and no data loss. The client received a secure, PCI DSS-compliant, containerised Shopware 6 platform with a reproducible CI/CD workflow tailored to a regulated corporate environment, handed over to their internal team to operate and extend. Beyond the delivery itself, the engagement was marked by structured, solution-oriented communication and reliable, results-driven execution across both the development team and business leadership.