OWASP San Antonio
Welcome
Welcome to OWASP San Antonio Chapter, a regional city chapter within OWASP. Our Chapter serves San Antonio region as a platform to discuss and share topics all around information and application security.
Anyone with an interested and enthusiastic about application security is welcome. All meetings are free and open. You do not have to be an OWASP member.
Referrals to this website or to individual meetings to colleagues or acquaintances are welcome.
What’s going to happen?
To be announced via our OWASP San Antonio Chapter Meetup Group. We usually have talks related to information and application security.
Further Notes
Please join our OWASP San Antonio Chapter Meetup Group for timely updates on our OWASP Chapter San Antonio Meetup.
Upcoming Events
🎉OWASP San Antonio Supply Chain Security Summit (and Happy Hour after)🎉
Presentations and Security Panel: Supply Chain Security and AI-Enabled Threats
Call for Sponsorships and Papers:
We are now accepting presentation abstracts and sponsorship inquiries. Please send submissions to [email protected].
Selections for sponsors and presentations will be finalized soon, so please submit early for full consideration.
> When: Friday, Jun 12 · 11:00 AM to 3:00 PM CDT
> Presentation Session: 11:00am - 3:00pm
> Happy Hour: 3:00pm - 4:30pm
> Where: Hybrid Event
- On-site: Scuzzi’s Italian Restaurant – 4035 N Loop 1604 W #102, San Antonio, TX 78257
- Virtual: Zoom details below
Event Overview
Join us for a deep dive into one of the most critical and rapidly evolving fronts in cybersecurity: supply chain security. From compromised vendors and poisoned dependencies to AI-enabled attack campaigns, today’s threat landscape is no longer isolated — it is interconnected, automated, and operating at unprecedented scale.
This summit brings together real-world threat intelligence, incident-driven insights, and practitioner-led discussions to examine how modern supply chain attacks actually unfold and what it takes to defend against them. We will explore how adversaries are leveraging AI to accelerate reconnaissance, impersonate trusted entities, and exploit gaps across software, hardware, and third-party ecosystems.
Whether you’re responsible for application security, third-party risk, detection engineering, or incident response, this session will provide actionable strategies to better understand, detect, and reduce supply chain exposure in an era of continuous, intelligent attack.
Featured Presentations
Mapping the Kill Chain: How Supply Chain Attacks Actually Unfold
Speaker: TBD
This presentation breaks down real-world supply chain attack sequences from initial compromise to lateral movement and data exfiltration. We will analyze attacker methodologies across vendor ecosystems, software dependencies, and hardware channels, highlighting where traditional defenses fail.
Topics include:
- Common supply chain attack paths and kill chain stages
- Threat actor tactics, techniques, and procedures (TTPs)
- Detection gaps and incident response challenges
- Lessons learned from recent high-impact breaches
AI-Enabled Attacks: New Vectors, Amplified Scale
Speaker: TBD
Adversaries are increasingly weaponizing AI to scale and automate their operations. This session explores how large language models and AI tooling are used to forge identities, exploit dependency ecosystems, and accelerate vulnerability discovery.
Topics include:
- How AI is used in modern attack campaigns
- Real-world examples of AI-assisted threats
- Risks such as model poisoning and data manipulation
- Defensive considerations for AI-driven attack surfaces
Threat-Informed Defense: Reducing Exposure Across the Supplier Ecosystem
Speaker: TBD
Defending against supply chain threats requires more than visibility, it requires operationalizing threat intelligence. This talk focuses on practical strategies to monitor, verify, and contain risk across third-party relationships.
Topics include:
- SBOM implementation and enforcement
- Continuous supplier monitoring strategies
- Trust verification and zero trust principles for vendors
- Response strategies when a supplier is compromised
Security Panel Discussion: The Supply Chain Threat We’re Not Ready For
This panel brings together practitioners to discuss the most under-addressed risks in today’s supply chain landscape. From open source dependencies to AI model supply chains, panelists will explore where organizations remain vulnerable and what needs to change.
Discussion themes:
- Gaps in current supply chain security practices
- Accountability between vendors and customers
- Regulatory and governance challenges
- Emerging risks across AI and critical infrastructure dependencies
Facilitator: Joseph Gregorio, President OWASP San Antonio, VP Application Security Frost Bank
Additional Meeting Details
Lunch: Optional ($20 paid in person or via our Square account). Attendees are welcome to attend without purchasing lunch.
Square payment link:
https://square.link/u/W21TqLWD
Location:
Scuzzi’s Italian Restaurant
4035 N Loop 1604 W #102
San Antonio, TX 78257
HAPPY HOUR & NETWORKING after session!!!
Happy Hour Sponsors:
To Be Announced
Virtual Meeting Details
Join Zoom Meeting
https://us06web.zoom.us/j/84639739238?pwd=yiq0jJXgneT1pec1yV837nzNk3Eczu.1
Meeting ID: 846 3973 9238
Passcode: 934605
We encourage everyone to attend in person. We will have door prizes and excellent food for all to enjoy, along with a great opportunity to connect with fellow security professionals.
Please feel free to pass this information on to your peers and team members. 😊
Featured Speakers
J Fridley – Solutions Engineer, Oligo
J Fridley is a Solutions Engineer at Oligo, where he works with security and engineering teams to better understand and prioritize real-world application risk. His work focuses heavily on issues that don’t fit neatly into traditional vulnerability management — including third-party and open-source risk, security concerns introduced by embedded and agentic AI, and why defending against attack techniques is often more effective than focusing solely on individual CVEs.
Prior to joining Oligo, J supported application security programs and developer security tooling initiatives across a variety of environments. He is particularly interested in the practical realities of modern software security: how teams actually build applications, how security findings are communicated to developers, and why risk prioritization in cloud-native environments remains such a difficult challenge.
Tim Gowan – Success Architect, Endor Labs
Tim Gowan spent the early part of his career believing security teams were simply professional blockers to engineering velocity. A decade, a U.S. patent, and millions of vulnerability alerts later, he has thoroughly unlearned that assumption.
Today, Tim serves as a Success Architect at Endor Labs, where he focuses on post-sales architecture and helping organizations operationalize secure development practices at scale. With more than ten years of experience designing carrier-grade infrastructure at Verizon and developer security platforms at Snyk, he specializes in transforming chaotic enterprise environments into secure, developer-friendly engineering workflows.
Tim holds an M.S. in Computer Science with an NSA CyberOps designation and is passionate about designing systems that help organizations minimize risk without sacrificing productivity.
Dima Gorbonos – Global Director of Sales Engineering, Mend.io
Dima Gorbonos is a cybersecurity and application security leader with extensive experience helping enterprises secure modern software development at scale. As Global Director of Sales Engineering at Mend.io, he leads go-to-market initiatives focused on software supply chain security, AI security, open-source risk management, and DevSecOps.
Dima works closely with organizations to strengthen application security programs while enabling development teams to move quickly and securely in increasingly complex environments.
Future Presentation Topics To Vote On
- Post-Quantum Computing
- ASPM
- Pentest
- Ransomware
- DevSecOps - Security as Code
- Security Controls for AI