OWASP San Antonio: Supply Chain Security Summit
Details
Supply Chain Security Summit: 11am-3:00pm
Happy Hour: 3:00pm-4:30pm
Join us for a deep dive into one of the most critical and rapidly evolving fronts in cybersecurity: supply chain security. From compromised vendors and poisoned dependencies to AI-enabled attack campaigns, today’s threat landscape is no longer isolated — it is interconnected, automated, and operating at unprecedented scale.
This summit brings together real-world threat intelligence, incident-driven insights, and practitioner-led discussions to examine how modern supply chain attacks actually unfold — and what it takes to defend against them. We will explore how adversaries are leveraging AI to accelerate reconnaissance, impersonate trusted entities, and exploit gaps across software, hardware, and third-party ecosystems.
Whether you're responsible for application security, third-party risk, detection engineering, or incident response, this session will provide actionable strategies to better understand, detect, and reduce supply chain exposure in an era of continuous, intelligent attack.
Featured Presentations
Mapping the Kill Chain: How Supply Chain Attacks Actually Unfold - Speaker TBD
This presentation breaks down real-world supply chain attack sequences from initial compromise to lateral movement and data exfiltration. We will analyze attacker methodologies across vendor ecosystems, software dependencies, and hardware channels, highlighting where traditional defenses fail.
Attendees will gain insights into:
- Common supply chain attack paths and kill chain stages
- Threat actor tactics, techniques, and procedures (TTPs)
- Detection gaps and incident response challenges
- Lessons learned from recent high-impact breaches
AI-Enabled Attacks: New Vectors, Amplified Scale - Speaker TBD
Adversaries are increasingly weaponizing AI to scale and automate their operations. This session explores how large language models and AI tooling are used to forge identities, exploit dependency ecosystems, and accelerate vulnerability discovery.
What you’ll learn:
- How AI is used in modern attack campaigns
- Real-world examples of AI-assisted threats (2024–2025)
- Risks such as model poisoning and data manipulation
- Defensive considerations for AI-driven attack surfaces
Threat-Informed Defense: Reducing Exposure Across the Supplier Ecosystem - Speaker TBD
Defending against supply chain threats requires more than visibility, it requires operationalizing threat intelligence. This talk focuses on practical strategies to monitor, verify, and contain risk across third-party relationships.
Topics include:
- SBOM implementation and enforcement
- Continuous supplier monitoring strategies
- Trust verification and zero trust principles for vendors
- Response strategies when a supplier is compromised
Security Panel Discussion: The Supply Chain Threat We’re Not Ready For
This panel brings together practitioners to discuss the most under-addressed risks in today’s supply chain landscape. From open source dependencies to AI model supply chains, panelists will explore where organizations remain vulnerable and what needs to change.
Discussion themes:
- Gaps in current supply chain security practices
- Accountability between vendors and customers
- Regulatory and governance challenges
- Emerging risks across AI and critical infrastructure dependencies
Facilitator: Joseph Gregorio, President OWASP San Antonio, VP Application Security Frost Bank
Additional Meeting Details
Lunch ($20 paid in person or via our Square account.
Square payment link:
https://square.link/u/W21TqLWD
Location: Scuzzi’s Italian Restaurant - 4035 N Loop 1604 W #102, San Antonio, TX 78257
HAPPY HOUR & NETWORKING after session!!!
Happy Hour - Sponsors
[To Be Announced]
Join Zoom Meeting
https://us06web.zoom.us/j/84639739238?pwd=yiq0jJXgneT1pec1yV837nzNk3Eczu.1
Meeting ID: 846 3973 9238
Passcode: 934605
We encourage everyone to attend in person. We will have door prizes and excellent food for all to enjoy, along with a great opportunity to connect with fellow security professionals.
Please feel free to pass this information on to your peers and team members. 😊
Future Presentation Topics To Vote On
- Post-Quantum Computing
- ASPM
- Pentest
- Ransomware
- DevSecOps - Security as Code
- Security Controls for AI