OWASP San Antonio

Welcome

Welcome to OWASP San Antonio Chapter, a regional city chapter within OWASP. Our Chapter serves San Antonio region as a platform to discuss and share topics all around information and application security.

Anyone with an interested and enthusiastic about application security is welcome. All meetings are free and open. You do not have to be an OWASP member.

Referrals to this website or to individual meetings to colleagues or acquaintances are welcome.

What’s going to happen?

To be announced via our OWASP San Antonio Chapter Meetup Group. We usually have a talks that related to information and application security.

Further Notes

Please join our OWASP San Antonio Chapter Meetup Group for timely updates on our OWASP Chapter San Antonio Meetup.

Upcoming Events

OWASP San Antonio Quarterly Chapter Meeting October 18th 2024

When: OWASP San Antonio Chapter Qtrly Meeting-Oct 18th 2024 (Friday)

**Presentation: Container Security-A discussion Details**


Details

Topics- See abstracts below

Lunch Provided Scuzzi’s Italian Restaurant - 4035 N Loop 1604 W #102, San Antonio, TX 78257

ZOOM link provided for remote attendees

We encourage everyone to attend in person. We will have door prizes and excellent food for all to enjoy, as you take advantage of this excellent networking opportunity!
Please feel free to pass this information on to your peers and team members.+
Please reply “ONSITE” if you plan on attending in person so we can finalize headcount for food and room attendance 😊
Social Hour after

Presentations will include:

I. Containers 101-Optiv
Container Security Best Practices and Tooling-Optiv

II. Securing APIs in the Cloud: Insights and Best Practices- Palo Alto

This presentation explores the security challenges and opportunities in containerization, emphasizing a defense-in-depth approach. We begin by discussing the widespread adoption of containers and the emerging trends driving innovation, such as serverless computing and hybrid/multi-cloud environments. We then examine key security concerns, including container sprawl, misconfigurations, and supply chain vulnerabilities. A defense-in-depth strategy, starting with shifting security left during development, followed by securing images at rest and implementing runtime protection, ensures comprehensive container security. By integrating cloud workload protection platforms (CWPP) with broader CNAPP strategies, organizations can safeguard containers throughout their entire lifecycle, from code to production

III. From Reactive to Effective: Building Application Security that Works-Mend IO

In 2023, 71% of enterprises admitted their AppSec programs were reactive, playing catch-up with vulnerability alerts -– while at the same time, applications remain the top target for threat actors. That adds up to increased business risk for a lot of companies and fuels an urgent need to improve application security strategies. But how? The key is to move from a compliance-based approach to managing application risk.


IV. Protecting AI: The ultimate Game of Cat and Mouse:
Panel-Moderator-Brandon Pinzon

Panelists: Eddie Contreras- Frost, Chris Lindsey-Mend, Joseph Gregorio-Frost.



**Speakers:**

Containers 101-Optiv
Anthony Pipia has over seven years of experience in information security, spending most of that time working in the application security space. His experience ranges from performing web application assessments, to managing various application security programs. With a focus on development and automation, he has built automated solutions at various companies to support application security tooling and metrics. Pipia also has experience as an educator, providing training on security topics. He has instructed a Cyber Security Bootcamp and has built and delivered secure development training for engineers. He leverages his teaching experience when working within application security teams and communicating with engineers and developers in the organization. Prior to joining Optiv, Pipia worked on security teams varying from large tech companies to startups. He has had experience as a crucial member of a mature application security team, as well as the sole member and owner of application security at an organization.

Security challenges and opportunities in containerization -Palo Alto

Jonathan Brown is a Solutions Architect at Palo Alto Networks, specializing in Prisma Cloud. With over 15 years of experience in technology, Jonathan has a deep understanding of traditional enterprise architecture and the security challenges organizations face as they transition to the cloud. Before joining Palo Alto Networks, Jonathan worked as an infrastructure engineer in data centers and at Twistlock, a pioneer in Cloud Native Security for Containers, acquired by Palo Alto Networks in 2019. At Palo Alto Networks, Jonathan focuses on helping organizations secure their cloud environments through comprehensive security strategies and cutting-edge technologies.

From Reactive to Effective: Building Application Security that Works-Mend IO

Chris Lindsey is a seasoned speaker who has appeared at conferences, webinars, and private events. Currently building an online community and creating a podcast series, Chris draws on expertise from more than 15 years of direct security experience and over 35 years of experience leading teams in programming and software, solutions, and security architecture.
For three years, Chris built and led an entire application security program that includes the implementation of mature AppSec programs, including oversight of security processes and procedures, SAST, DAST, CSA/OSA, compliance, training, developer communication, code reviews, application inventory gathering, and risk analysis.
Panel Moderator-Brandon Pinzon
A seasoned leader at the forefront of AI and data security, Brandon Pinzon is an experienced Chief Security Officer, who leverages his 17+ years of experience across technology, banking, and insurance industries to guide organizations as a sought-after advisor.
He spearheads comprehensive security programs, encompassing not just traditional areas like cyber defense and data protection, but also the unique challenges of AI and data-driven environments. His expertise spans data collection, forensics, and crafting robust security and privacy strategies specifically tailored for heavily regulated industries. Brandon's ability to navigate complex data systems and collaborate with multinationals to establish best practices is well-recognized within the industry, as evidenced by his frequent speaking engagements and guest lectures.
RSVP:
Meetup (online)

Panel Guest-Eddie Contreras
Edward has spent his career protecting companies and organizations from cyber risk and crime. He has guided companies through global breaches, cyber and digital transformation, and risk management. He spent 22 years in the Army as a signal Warrant Officer with deployments to combat zones and earning a bronze star in the process. His core expertise has positioned him to lead cyber teams at systemically important financial institutions while enabling business success with minimal risk exposure. He is currently the Sr. Executive Vice President and Chief Information Security Officer at Frost Bank in San Antonio, Texas.

**Location:** Lunch Provided Scuzzi’s Italian Restaurant - 4035 N Loop 1604 W #102, San Antonio, TX 78257 ZOOM link provided for remote attendees

Speaking at OWASP San Antonio Chapter Events -------------------------------------------- Call For Speakers is open - if you would like to present a talk on Application Security at future OWASP San Antonio Chapter events - please review and agree with the [OWASP Speaker Agreement](Speaker_Agreement "wikilink") and send the proposed talk title, abstract and speaker bio to the Chapter Leaders via e-mail.