Application Security

**Supply Chain Security Summit**: 11am-3:00pm **Happy Hour**: 3:00pm-4:30pm Join us for a deep dive into one of the most critical and rapidly evolving fronts in cybersecurity: supply chain security. From compromised vendors and poisoned dependencies to AI-enabled attack campaigns, today’s threat landscape is no longer isolated — it is interconnected, automated, and operating at unprecedented scale. This summit brings together real-world threat intelligence, incident-driven insights, and practitioner-led discussions to examine how modern supply chain attacks actually unfold — and what it takes to defend against them. We will explore how adversaries are leveraging AI to accelerate reconnaissance, impersonate trusted entities, and exploit gaps across software, hardware, and third-party ecosystems. Whether you're responsible for application security, third-party risk, detection engineering, or incident response, this session will provide actionable strategies to better understand, detect, and reduce supply chain exposure in an era of continuous, intelligent attack. (***Virtual attendance is free.*** ***In-person attendance is $20 to help cover the cost of lunch.)*** **Featured Presentations** **How to Engineer Supply Chain Controls - Tim Gowan, Success Architect (Endor Labs)** Modern software supply chains generate more findings than security and engineering teams can realistically address. As organizations scale, dependency sprawl, version fragmentation, and decentralized package management create hidden operational costs that make vulnerability remediation increasingly difficult. This session explores practical approaches for engineering supply chain controls that improve both security outcomes and developer productivity. Attendees will learn how concepts such as version cardinality, controlled package ingestion, dependency standardization, and large-scale change management can help organizations reduce risk while accelerating remediation efforts. Attendees will gain insights into: * Understanding version cardinality and its impact on remediation cost and engineering velocity * Reducing dependency sprawl through standardization and version-flattening strategies * Implementing controlled package ingestion and software supply chain governance * Building scalable controls that align security objectives with engineering workflows * Leveraging supply chain visibility and dependency intelligence to prioritize risk more effectively **Threat-Informed Defense: Prioritizing What Actually Matters - J Fridley, Solutions Engineer (Oligo Security)** Security teams are inundated with alerts, vulnerabilities, and findings, yet many organizations still struggle to determine which risks truly matter. As software ecosystems become increasingly interconnected through open-source components, third-party services, cloud-native architectures, and AI-powered applications, defenders must move beyond vulnerability counts and focus on the techniques and attack paths adversaries are most likely to exploit. This session explores how a threat-informed defense strategy can help organizations better understand real-world risk, prioritize remediation efforts, and focus security investments where they have the greatest impact. Attendees will learn practical approaches for aligning vulnerability management, application security, and threat intelligence programs to defend against modern attack techniques. Topics include: * Applying threat intelligence to prioritize vulnerabilities and security findings * Identifying exploitable attack paths across applications and software supply chains * Moving beyond CVE-centric security programs toward attacker-focused defenses * Understanding risks introduced by third-party software, open-source dependencies, and AI-enabled applications * Building a threat-informed security strategy that improves resilience and operational efficiency **The Supply Chain Threat We're Not Ready For: Where Are the Real Gaps? - Dima Gorbonos, Global Director of Sales Engineering (Mend.io)** Supply chain security has become a boardroom priority, yet many organizations continue to focus on the wrong risks. While visibility into software dependencies has improved, significant gaps remain across open-source ecosystems, transitive dependencies, third-party integrations, and emerging AI-driven development workflows. This session explores where organizations are still vulnerable despite increased investment in supply chain security. Attendees will gain practical insights into the challenges of identifying, prioritizing, and mitigating risk across increasingly complex software delivery environments. Topics include: * The most overlooked supply chain security risks facing organizations today * Hidden exposure within open-source and transitive dependencies * Challenges introduced by AI-assisted software development * Strategies for prioritizing and reducing software supply chain risk * Practical recommendations for building a more resilient security program **The AI Attack Storm: Security at Machine Speed - Eric Pedersen, Solutions Engineer (Black Duck)** Artificial intelligence has fundamentally changed the economics of cyber attacks. While AI has not created entirely new attack techniques, it has dramatically reduced the cost, time, and expertise required to discover vulnerabilities, develop exploits, and scale attacks across software ecosystems. As attackers increasingly operate at machine speed, organizations must rethink how they approach application security, vulnerability management, and supply chain defense. This session examines how AI is transforming both offensive and defensive security practices, the challenges facing traditional AppSec programs, and what organizations can do today to prepare for an era of AI-powered vulnerability discovery and exploitation. Attendees will learn practical strategies for building security programs capable of responding at the speed of modern threats. What you'll learn: * How AI is accelerating vulnerability discovery, exploitation, and attack automation * Why traditional vulnerability management and patching processes struggle to keep pace * The evolving role of automated application security testing, software composition analysis, and supply chain security * Key considerations for securing AI-assisted and agentic software development workflows * Practical steps for building an AppSec program that can operate at machine speed **Security Panel Discussion: The Supply Chain Threat We’re Not Ready For** This panel brings together practitioners to discuss the most under-addressed risks in today’s supply chain landscape. From open source dependencies to AI model supply chains, panelists will explore where organizations remain vulnerable and what needs to change. Discussion themes: * Gaps in current supply chain security practices * Accountability between vendors and customers * Regulatory and governance challenges * Emerging risks across AI and critical infrastructure dependencies **Facilitator**: Joseph Gregorio, President OWASP San Antonio, VP Application Security Frost Bank **Additional Meeting Details** Lunch ($20 paid in person or via our Square account). Square payment link: https://square.link/u/W21TqLWD ``` Disclaimer: You do not need to be a Meetup member to attend this event. In-person attendees may optionally purchase lunch through our Square payment link or pay at the event. Virtual attendance is completely free, and no payment is required through Meetup. ``` **Location**: Scuzzi’s Italian Restaurant - 4035 N Loop 1604 W #102, San Antonio, TX 78257 HAPPY HOUR & NETWORKING after session!!! **Happy Hour - Sponsors** [To Be Announced] **Join Zoom Meeting** [https://us06web.zoom.us/j/84639739238?pwd=yiq0jJXgneT1pec1yV837nzNk3Eczu.1](https://us06web.zoom.us/j/84639739238?pwd=yiq0jJXgneT1pec1yV837nzNk3Eczu.1) Meeting ID: 846 3973 9238 Passcode: 934605 We encourage everyone to attend in person. We will have door prizes and excellent food for all to enjoy, along with a great opportunity to connect with fellow security professionals. Please feel free to pass this information on to your peers and team members. 😊 **Future Presentation Topics To Vote On** * Post-Quantum Computing * ASPM * Pentest * Ransomware * DevSecOps - Security as Code * Security Controls for AI

We are bringing Microsoft Build sessions to Columbus Ohio! The Central Ohio Azure Meetup and Central Ohio .NET Developer's Group (CONDG) are coming together to bring some of the labs and breakouts from Microsoft Build to your backyard. In this free, 1 day event, you are going to Build stuff with us! And yes, there will be free food. Please RSVP via [Microsoft Build //localhost:columbus | Microsoft Reactor](https://developer.microsoft.com/en-us/reactor/events/27247/).

Please see below for this event's description. **Visit our [Eventbrite page](https://www.eventbrite.ca/e/owasp-toronto-june-2026-tickets-1991326120030?aff=oddtdtcreator) to RSVP!** **Hybrid event:** * In-person: Security Compass, 325 Front Street West, Unit 103, Toronto, ON M5V 2Y1 * Livestream: https://www.youtube.com/watch?v=H5aZ_CwYEus Doors open at 6:00 PM. Presentation/livestream starts at 6:30 PM **Description:** AI split AppSec into two attack surfaces: your code, and the code factory that produces it—coding agents, the models and MCP tools they call, the developer environment itself. With exploits now landing in under ten hours and vulnerabilities shipping from more authors than ever, this talk lays out a staged path to a "Mythos-ready" program—reprioritizing around reachable risk, accelerating remediation, and securing the AI-SDLC—and argues security should stop filing tickets and start shipping fixes.

Over a billion documents processed. Millions of Veterans impacted. Hundreds of thousands of employee hours saved. Faster decisions. Greater accuracy. More benefits in the hands of our disabled Veterans. We created Smart Search, the world’s largest consumer of Amazon Textract, right when GenAI began reshaping what’s possible. Since then, we’ve built a suite of AI‑driven solutions that transform this data into real, measurable outcomes—accelerating benefits decisions for our Nation’s Veterans. Join us for a focused conversation on how an outcome‑driven approach to AI is helping us boost accuracy, streamline workflows, and deliver faster results for those who have served. This is a follow up to the AWS re:Invent 2023 "Intelligent Document Processing with Gen AI for Public Sector" presentation. About Speaker: Cameron Williams is a Senior Technical Project Manager and cross-functional technical leader at Booz Allen Hamilton with 15+ years of experience architecting and evolving scalable, cloud-native systems, from greenfield development to complex enterprise modernization. https://www.linkedin.com/in/cameronw711/ **THANK YOU** *Franklin University* for hosting our meetup! To learn more about *Franklin University*, please visit their website: https://www.franklin.edu/ **DIRECTIONS** Franklin University Fisher Hall 300 E. Main St, Columbus, OH 43215 Map: https://maps.app.goo.gl/jxjBA2hUmS5qrvhq8 Parking is FREE! Please park in Lot C in front of Fisher Hall. See attached map. NOTE: Map the address only. When mapping with Google Maps it may use the Fisher Hall at OSU, which is NOT correct. **Want to sponsor the pizza and/or bar tab?** Please contact me if you would like to sponsor this meetup's pizza and/or bar tab: angelo@mandato.com

**HAPPY HOUSE HUNTERS JOIN THE CENTRAL OHIO INVESTOR NETWORK [COIN}** \* Time: 5 pm‎ - ‎8 pm‎ ‎ [Eastern Time] Every Third Tuesday \* Where: Pastimes Pub at Grandview Yard, 775 Yard St., Columbus 43212 \* Description: Join Us for the Ultimate Real Estate Meet and Greet! Flip, Buy and Hold, Long-Term Rentals, Mid-Term Rentals & Short-Term B&B! Are you passionate about real estate investments or curious about the world of long-term rentals, mid-term rentals, or short-term rentals? Look no further because the "Happy House Hunters" and "The Inns and Outs of a B&B" invite you to come together with COIN for exciting monthly Meet and Greet events for all real estate investors! We look forward to seeing you there!

**Important time note:** Please plan on arriving between 5:30 and 6:00 as the elevators lock after 6 and you'll need to message us and we'll need to come get you. The building address is 4450 Bridge Park The entrance is 6620 Mooney St, Suite 400 You will need to scan your ID at the door to get a visitor badge. **Abstract** *Customize the IDE: Building Extensions for Visual Studio Code* Visual Studio Code is one of the most widely used development environments today, and much of its flexibility comes from its extension ecosystem. Extensions allow developers to customize the editor with new features, integrations, and workflow improvements tailored to their needs. In this session, we’ll cover what extensions are and the different types available, including full extensions written in TypeScript or JavaScript, along with lighter-weight extensions such as color themes, language packs, language support, code snippets, and keymaps. We’ll also look at practical reasons a developer might create an extension, from automating repetitive tasks to adding custom tooling. The session includes a hands-on walkthrough of creating a new extension, testing it locally, and understanding the basic project structure. We’ll close with a brief overview of how extensions are packaged and published to the Visual Studio Marketplace and other distribution options. **YouTube Link** TBD

🔥 OVER 50 HAPPY HOUR at PBR EASTON! 🔥 Looking to meet new people, enjoy great music, dance, laugh, and have an unforgettable night out? Then grab your friends and join us for one of the most exciting Over 50 social events in Columbus! 📍 PBR Cowboy Bar + Smokehouse – Easton 📅 Thursday, June 18th ⏰ 6:00 PM – 9:00 PM (and the fun keeps going!) This is NOT your typical quiet happy hour… this is a high-energy, country-meets-nightlife experience designed for fun-loving singles and couples over 50 who still enjoy getting out, socializing, and making memories! ✨ What’s Happening: 🎵 Live Music from 6:30–8:30 PM 🐂 Mechanical Bull Riding starting at 8:30 PM 💃 Line Dancing with Instructor from 9–10 PM 🎧 DJ & Dancing starting at 9 PM 🍹 Drink Specials All Night: $3, $4 & $5 specials! Whether you want to relax with a drink, hit the dance floor, try the mechanical bull, or just meet a great group of people in a fun atmosphere — this event has something for everyone. 👉 IMPORTANT: When you arrive, CHECK IN with the host under: “Doug / Meetup” to receive your wristband. 🚗 FREE Parking available across from the venue and at the Easton West Garage. Come when you can, leave when you want… but don’t be surprised if you stay all night! Let’s make Thursday night FUN again! 🎉

Christians in Tech is a community at the intersection of faith and technology. Our meetups are designed to spark meaningful conversations, promote knowledge sharing, and encourage growth—both in your career and your spiritual walk with God. Whether you're an experienced professional or just starting your tech journey, CIT welcomes you. Our Website [https://linktr.ee/citcbus](https://linktr.ee/citcbus) Sponsors and Partners * Improving (Venue Sponsor) * Bethel World Prayer Center (Fiscal Sponsor) * Fruits & Roots (Coffee Partner)