Professional Event: Mitigating Modern Software Supply Chain Attacks

Name: Professional Event: Mitigating Modern Software Supply Chain Attacks
Start: 2026-06-18T17:00:00-05:00
End: 2026-06-18T19:00:00-05:00
Location: Cisco Office

June 18 @ 5:00 pm - 7:00 pm CDT

Free

Let’s get together in person!

Our next ISC2 Chicago Chapter Professional Event is scheduled for June 28th, 2026 at the Cisco office downtown. See below for all details, including RSVP information:

Topic: Mitigating Modern Software Supply Chain Attacks

Presented by: Tom Burns, CISSP

Modern applications inherit code from hundreds of third-party packages, and attackers have learned to weaponize that trust. From the SolarWinds Orion backdoor, to the LiteLLM compromise that poisoned a popular AI-gateway library, to the “Mini Shai-Hulud” npm worm that self-propagates by stealing developer tokens and republishing itself into other packages, the supply chain has become one of the highest-leverage attack surfaces in enterprise software — one compromised dependency can land code inside thousands of organizations before anyone notices.

This talk walks through the threat landscape and the layered defenses that have emerged to counter it: Software Bill of Materials (SBOM) generation, vulnerability scanning (pip-audit, OSV), signature and provenance verification, dependency pinning, lockfile review, and policy-driven CVE waiver workflows. We’ll discuss why each control matters and where each one falls short in practice.

Tom will demo Supply Chain Guardian, an open workstation toolkit he has been building that wires these controls together into the developer’s daily loop. Guardian enforces pre-commit gates for dependency changes, runs targeted vulnerability scans with expiration-tracked waivers, sweeps for security anti-patterns, and ships AI-agent guardrails so that Claude Code and similar assistants can’t silently introduce risky dependencies.

Attendees will leave with a concrete model for what supply chain defense looks like on a real workstation — and an open-source starting point they can adopt for their own teams.

Tom Burns is a former Platform Security Architect at Intel and a former Principal Solutions Architect at AWS. Today, he is CTO of his own AI startup and an AI/Cybersecurity consultant.

Please RSVP early so we can plan space and food accordingly.

This event counts as 2 hours CPE credit for ISC2 Certification holders.

A light meal will be served.

This event will occur in the Cisco Office inside the Old Post Office downtown. We will meet in the lobby of 433 W Van Buren and be escorted to their office on the 7th floor.

Details

Date: June 18
Time:
5:00 pm - 7:00 pm CDT
Cost: Free
Event Category: Professional Event
Event Tags:attack, chain, cpe, credits, professional, supply

Venue

Cisco Office
433 W Van Buren
Chicago, IL + Google Map

RSVP

5 Going

25 remaining

RSVP Here