Software Security

**Building a great product is one thing—building momentum behind it is another.** Join **Senior Product Manager Adam Solaiman** and **User Experience Manager Tyson Smith** for a behind-the-scenes look at what it takes to turn complex ideas into scalable products inside large organizations. In this session, they’ll share how teams move from ambiguity to execution—navigating organizational complexity, aligning stakeholders, and continuously evolving products after launch. You’ll walk away with insights on how to: * Build and sustain momentum across teams * Adapt to changing priorities without losing direction * Scale products thoughtfully in complex environments Whether you're driving a new initiative or growing an existing product, this conversation will give you practical strategies to keep things moving forward. Come connect, learn, and swap stories with fellow product professionals. \-\-\- Food and drinks will be provided by Switchbox, our generous host. Free parking will be available at the front and back sides of the Switchbox Office.

**Important time note:** Please plan on arriving between 5:30 and 6:00 as the elevators lock after 6 and you'll need to message us and we'll need to come get you. The building address is 4450 Bridge Park The entrance is 6620 Mooney St, Suite 400 You will need to scan your ID at the door to get a visitor badge. **Abstract** TBD **YouTube Link** TBD

**Improving Office in Franklinton** Physical location: Improving Office 330 Rush Alley Suite #150 Columbus, OH 43215 Schedule: 6:00 p.m.: Socialize, eat, and drink. Improving will be providing pizza and beverages. 6:30 to 8:00 pm. Main meeting and presentation(s). Topic: This month John Lairson will share a notebook describing the Alpaca (Paper) Trading API and discuss different algorithms for evaluating stock trades. We meet on the last Monday of each Month. Presentations are given by members and friends of this group. If you would like to do a presentation (small or large) on a python topic, please contact Central OH Python at centralohpython@gmail.com

Bring your work or your hobby, hang out, and code with us. Follow @buckeyecocoa for more information.

What does a trojan look like when it has over 900k+ combined installs and a Forbes write-up? Exactly like a legitimate Chrome extension. This session presents a technical dissection of two Chrome extensions, each with over one million active installations — that functioned as trojans in production environments, evading detection while operating through entirely legitimate browser APIs. These were not obscure tools. They were widely trusted, actively recommended, and covered by mainstream press before their malicious behavior was fully understood. We will walk through the actual source code of both extensions, showing precisely how the malicious functionality was constructed, concealed, and executed at scale. This analysis anchors a broader examination of how modern compromises actually succeed. Drawing on aggregated real-world incident data, we identify the technique categories currently delivering the highest adversary return, and why they keep working. Spoiler: it's rarely a zero-day. It's trust. The Chrome extension deep-dive will cover: * Line-by-line source analysis of how malicious functionality was embedded within working, useful software * Which browser permission scopes were abused, and why a million users — and their IT teams — didn't see it coming * The behavioral and structural indicators that distinguish a trojan extension from a legitimate one, and how to operationalize detection around them This session closes with a practical defensive prioritization framework built around observed attacker behavior: which mitigations are measurably reducing risk in production environments, which are consuming budget without impact, and a scoring methodology your team and leadership can apply immediately. **Source material:** Primary analysis of extension source code, corroborated by reporting from Forbes and other established outlets. **What this is not:** A vendor pitch, a speculative threat narrative, or a surface-level breach retrospective. **Who should attend:** Security architects, AppSec and cloud security practitioners, blue team leads, threat hunters, browser security practitioners, and security leaders responsible for prioritizing risk and investment decisions.

Columbus Code & Coffee is an inclusive, informal co-working session. People of all skill levels attend, and we love it that way. Many people (optionally) bring projects to work on, and many other people (optionally) socialize the entire time. It's entirely up to you! **What to Expect at the Intro Circle** \~\~\~\~\~\~\~\~\~\~\~\~\~ Near the beginning of the event (1:30 pm), we do a standup: * Organizer announcements, updates, and logistics Round 1 - (7 secs max): * Your name * What you're working on * What you can help others with Round 2: * Community events you wanna plug. If none, that's cool too. Round 3: * Job opportunities you're hiring for OR announce that you are looking for one. If none, that's cool. After the introduction circle, everything is self-organized! Feel free to work alone, pair up, attend one of our workshops/presentations, or mingle!