BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//ISC2 Chicago - ECPv6.16.3//NONSGML v1.0//EN
CALSCALE:GREGORIAN
METHOD:PUBLISH
X-ORIGINAL-URL:https://isc2chicago.org
X-WR-CALDESC:Events for ISC2 Chicago
REFRESH-INTERVAL;VALUE=DURATION:PT1H
X-Robots-Tag:noindex
X-PUBLISHED-TTL:PT1H
BEGIN:VTIMEZONE
TZID:America/Chicago
BEGIN:DAYLIGHT
TZOFFSETFROM:-0600
TZOFFSETTO:-0500
TZNAME:CDT
DTSTART:20250309T080000
END:DAYLIGHT
BEGIN:STANDARD
TZOFFSETFROM:-0500
TZOFFSETTO:-0600
TZNAME:CST
DTSTART:20251102T070000
END:STANDARD
BEGIN:DAYLIGHT
TZOFFSETFROM:-0600
TZOFFSETTO:-0500
TZNAME:CDT
DTSTART:20260308T080000
END:DAYLIGHT
BEGIN:STANDARD
TZOFFSETFROM:-0500
TZOFFSETTO:-0600
TZNAME:CST
DTSTART:20261101T070000
END:STANDARD
BEGIN:DAYLIGHT
TZOFFSETFROM:-0600
TZOFFSETTO:-0500
TZNAME:CDT
DTSTART:20270314T080000
END:DAYLIGHT
BEGIN:STANDARD
TZOFFSETFROM:-0500
TZOFFSETTO:-0600
TZNAME:CST
DTSTART:20271107T070000
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
DTSTART;TZID=America/Chicago:20260618T170000
DTEND;TZID=America/Chicago:20260618T190000
DTSTAMP:20260602T212734
CREATED:20260602T192149Z
LAST-MODIFIED:20260602T200010Z
UID:101665-1781802000-1781809200@isc2chicago.org
SUMMARY:Professional Event: Mitigating Modern Software Supply Chain Attacks
DESCRIPTION:Let’s get together in person! \nOur next ISC2 Chicago Chapter Professional Event is scheduled for June 28th\, 2026 at the Cisco office downtown. See below for all details\, including RSVP information: \nTopic: Mitigating Modern Software Supply Chain Attacks \nPresented by: Tom Burns\, CISSP \nModern applications inherit code from hundreds of third-party packages\, and attackers have learned to weaponize that trust. From the SolarWinds Orion backdoor\, to the LiteLLM compromise that poisoned a popular AI-gateway library\, to the “Mini Shai-Hulud” npm worm that self-propagates by stealing developer tokens and republishing itself into other packages\, the supply chain has become one of the highest-leverage attack surfaces in enterprise software — one compromised dependency can land code inside thousands of organizations before anyone notices. \nThis talk walks through the threat landscape and the layered defenses that have emerged to counter it: Software Bill of Materials (SBOM) generation\, vulnerability scanning (pip-audit\, OSV)\, signature and provenance verification\, dependency pinning\, lockfile review\, and policy-driven CVE waiver workflows. We’ll discuss why each control matters and where each one falls short in practice. \n  \nTom will demo Supply Chain Guardian\, an open workstation toolkit he has been building that wires these controls together into the developer’s daily loop. Guardian enforces pre-commit gates for dependency changes\, runs targeted vulnerability scans with expiration-tracked waivers\, sweeps for security anti-patterns\, and ships AI-agent guardrails so that Claude Code and similar assistants can’t silently introduce risky dependencies. \n  \nAttendees will leave with a concrete model for what supply chain defense looks like on a real workstation — and an open-source starting point they can adopt for their own teams. \n  \nTom Burns is a former Platform Security Architect at Intel and a former Principal Solutions Architect at AWS.  Today\, he is CTO of his own AI startup and an AI/Cybersecurity consultant. \n  \nPlease RSVP early so we can plan space and food accordingly. \nThis event counts as 2 hours CPE credit for ISC2 Certification holders. \nA light meal will be served. \nThis event will occur in the Cisco Office inside the Old Post Office downtown. We will meet in the lobby of 433 W Van Buren and be escorted to their office on the 7th floor.
URL:https://isc2chicago.org/event/professional-event-mitigating-modern-software-supply-chain-attacks/
LOCATION:Cisco Office\, 433 W Van Buren\, Chicago\, IL
CATEGORIES:Professional Event
END:VEVENT
END:VCALENDAR