OWASP San Antonio

Welcome

Welcome to OWASP San Antonio Chapter, a regional city chapter within OWASP. Our Chapter serves San Antonio region as a platform to discuss and share topics all around information and application security.

Anyone with an interested and enthusiastic about application security is welcome. All meetings are free and open. You do not have to be an OWASP member.

Referrals to this website or to individual meetings to colleagues or acquaintances are welcome.

What’s going to happen?

To be announced via our OWASP San Antonio Chapter Meetup Group. We usually have a talks that related to information and application security.

Further Notes

Please join our OWASP San Antonio Chapter Meetup Group for timely updates on our OWASP Chapter San Antonio Meetup.

Upcoming Events

OWASP San Antonio Quarterly Chapter Meeting Friday January 17th 2025 11an-2pm

When: OWASP San Antonio Chapter Qtrly Meeting-January 17th, 2025 11am-2pm (Friday)

**Presentation: Shift Left - A discussion of AppSec Best Practices**

Details

Topics- See abstracts below

Lunch Provided Scuzzi’s Italian Restaurant - 4035 N Loop 1604 W #102, San Antonio, TX 78257

ZOOM link provided for remote attendees- see Meetup for Zoom link

We encourage everyone to attend in person. We will have door prizes and excellent food for all to enjoy, as you take advantage of this excellent networking opportunity!
Please feel free to pass this information on to your peers and team members.+
Please reply “ONSITE” if you plan on attending in person so we can finalize headcount for food and room attendance 😊
Social Hour after

Presentations will include:

Topics- See abstracts below

Strategies for Aligning Programs with Modern Expectations-Frost Bank
Cultivating Developer Adoption in the era of Artificial Intelligence-Synk
The radical future of app and API security is in production-Contrast Security
Shift Left: Design for Security and Quality-CheckMarx

I. Strategies for Aligning Programs with Modern Expectations Vipul Gupta-SVP Frost Bank

In this talk, Vipul plans to share his experience with building and scaling an Application Security program. He will share why engaging with development and business teams is essential for the Shift Left journey.

II. Cultivating Developer Adoption in the era of Artificial Intelligence-Snyk

In today’s fast-paced, AI-driven development landscape, securing developer adoption is key to integrating security seamlessly into workflows. This presentation explores practical strategies to overcome challenges like trust, tooling complexity, and unclear ownership. By focusing on people, processes, and tools, we demonstrate how to empower developers, reduce friction, and scale security effectively. Attendees will gain actionable insights to foster a collaborative culture where security becomes a natural part of development. One of the biggest challenges that organizations face when shifting left is getting developers to actually adopt the “shift left" tools. This presentation speaks to how to overcome that.

III. Development Team Transformation -Contrast Security

The lines between proactive and reactive cyber defenses are somewhat arbitrary. If you blur those lines, you can some serious advantages. A SAST or SCA tool finding is a theoretical vulnerability that may or may not be exploitable, but if you can see that a vulnerability is within the blast radius of active probes or attacks, it suddenly becomes real. What might have been labeled as "critical" in pre-prod suddenly becomes "super-critical". On the other hand, things that are not exploitable in a production context due to compensating control, can be deprioritized preserving the limited attention of development for things that really matter. Join DevSecOps pioneer, Larry Maccherone, for this thought-provoking discussion on going right to shift left

IV. Shift Left: Design for Security and Quality-CheckMarx:

This presentation will discuss the elements of design phase security, highlighting the critical role of design decisions in achieving a secure and high-quality software product.

**Speakers:**

Strategies for Aligning Programs with Modern Expectations Vipul Gupta-SVP Frost Bank
Vipul Gupta has an extensive experience in a variety of Information Technology & Security roles. In his current role, he is responsible for establishing as well as growing Application Security, Data Governance, Records Management, and Security Architecture programs. He has spent the last 12 years focusing on Security within the Financial industry. He is passionate about Information Security and is always eager to learn as well as share his knowledge with others in this field. Vipul holds a Master of Engineering in Computer Science and Engineering from the University of South Carolina and holds industry certifications such as Certified Information Systems Security Professional (CISSP) and Certified Secure Software Lifecycle Professional (CSSLP). In his free time, Vipul enjoys serving his community in multiple volunteer programs and spending time with his family.

Cultivating Developer Adoption in the era of Artificial Intelligence-Snyk

Joey is a Senior Solutions Engineer with Snyk, based out of Chicago, IL. After studying computer engineering and software development, Joey has spent his career focused on making complex technical topics and solutions easily accessible to all types of audiences. His 15-year career in technology has given him experience in a wide variety of areas, including manufacturing, IoT, observability, and cybersecurity. https://sessionize.com/joey-arowcavage [email protected]

Development Team Transformation -Contrast Security

Larry Maccherone is a thought leader on DevSecOps, Agile, and Analytics. At Comcast, Larry launched and scaled the DevSecOps Transformation program over five years. In his DevSecOps Transformation role at Contrast, he's now looking to apply what he learned to guide organizations with a framework for safely empowering development teams to take ownership of the security of their products. Larry was a founding Director at Carnegie Mellon's CyLab, researching cybersecurity and software engineering. While there, he co-led the launch of the DHS-funded Build-Security-In initiative. Larry has also served as Principal Investigator for the NSA's Code Assessment Methodology Project which wrote the book on how to evaluate application security tools and received the Department of Energy's Los Alamos National Labs Fellow award. Contact Larry on his LinkedIn page: https://LinkedIn.com/in/LarryMaccherone
For three years, Chris built and led an entire application security program that includes the implementation of mature AppSec programs, including oversight of security processes and procedures, SAST, DAST, CSA/OSA, compliance, training, developer communication, code reviews, application inventory gathering, and risk analysis.

Shift Left: Design for Security and Quality-CheckMarx
<br? Adrian Acuna is a US Navy Veteran currently serving as a Senior Sales Engineer at Checkmarx. With over 15 years of extensive experience in cybersecurity, Adrian has held key roles at Synopsys, Denim Group, Protegrity, and Globalscape, where he excelled as both a Sales Engineer and Consultant. His expertise spans various critical domains, including application security, data security, and data transfer security, underscoring his comprehensive knowledge and commitment to advancing the field. 619.829.5753 [email protected]

Panel Moderator-Brandon Pinzon
A seasoned leader at the forefront of AI and data security, Brandon Pinzon is an experienced Chief Security Officer, who leverages his 17+ years of experience across technology, banking, and insurance industries to guide organizations as a sought-after advisor.
He spearheads comprehensive security programs, encompassing not just traditional areas like cyber defense and data protection, but also the unique challenges of AI and data-driven environments. His expertise spans data collection, forensics, and crafting robust security and privacy strategies specifically tailored for heavily regulated industries. Brandon's ability to navigate complex data systems and collaborate with multinationals to establish best practices is well-recognized within the industry, as evidenced by his frequent speaking engagements and guest lectures.

RSVP:
Meetup (online)

**Location:** Lunch Provided Scuzzi’s Italian Restaurant - 4035 N Loop 1604 W #102, San Antonio, TX 78257 ZOOM link provided for remote attendees

Speaking at OWASP San Antonio Chapter Events -------------------------------------------- Call For Speakers is open - if you would like to present a talk on Application Security at future OWASP San Antonio Chapter events - please review and agree with the [OWASP Speaker Agreement](Speaker_Agreement "wikilink") and send the proposed talk title, abstract and speaker bio to the Chapter Leaders via e-mail.