OWASP San Antonio

Welcome

Welcome to OWASP San Antonio Chapter, a regional city chapter within OWASP. Our Chapter serves San Antonio region as a platform to discuss and share topics all around information and application security.

Anyone with an interested and enthusiastic about application security is welcome. All meetings are free and open. You do not have to be an OWASP member.

Referrals to this website or to individual meetings to colleagues or acquaintances are welcome.

What’s going to happen?

To be announced via our OWASP San Antonio Chapter Meetup Group. We usually have a talks that related to information and application security.

Further Notes

Please join our OWASP San Antonio Chapter Meetup Group for timely updates on our OWASP Chapter San Antonio Meetup.

Upcoming Events

🎉OWASP San Antonio Quarterly Chapter Meeting (and Happy Hour after)🎉

Presentation : AppSec Bug Bounties Programs and Presentation on Zero Trust

> When: December 12th, 2025 (Friday)

> Presentation Session: 11:00am- 2:30pm

> Happy Hour: 2:30 pm - 4:00pm

> Where: Hybrid Event

• On-site: (Meetup RSVP required) Scuzzi’s Italian Restaurant - 4035 N Loop 1604 W #102, San Antonio, TX 78257
• Virtual: Zoom Call (Room link provided on Meetup)

Join us for an in-depth discussion on Application Security (AppSec) Bug Bounty Programs. Industry experts will share real‑world insights into the biggest challenges these programs face, and how they’ve successfully overcome them through proven strategies, best practices, innovation, and teamwork. Following the bug bounty presentations, we will move into an in-depth presentation on the benefits and challenges of Zero Trust.

Whether you’re a security professional, developer, or simply curious about how bug bounty programs strengthen modern AppSec, this session will provide practical knowledge and inspiration you can take back to your own work.

Featured Presentations:

“The Power and Future of Crowdsourced Security” - Michael McKinley, Senior Cybersecurity Solutions Engineer, HackerOne

In today’s rapidly evolving threat landscape, no single security team can maintain complete visibility. Attack surfaces expand faster than internal defenses, creating gaps that traditional approaches struggle to close. Crowdsourced security offers a powerful solution by extending vulnerability discovery to the edges. Through global bug bounty programs, thousands of independent researchers collaborate to uncover weaknesses across diverse technologies. This collective intelligence accelerates discovery, delivers deeper insights, and strengthens resilience. By harnessing the expertise of a worldwide community united under one goal - security - we can achieve faster, smarter, and more robust protection for the future.

“Featured Talk — Details To Be Announced” - Carlos Torres, US Founding GTM, YesWeHack

[Title and topic to be announced — details coming soon.]

Founded in 2015, YesWeHack is a global Bug Bounty and Vulnerability Management platform connecting organizations with tens of thousands of ethical hackers. By uncovering and patching vulnerabilities across websites, mobile apps, connected devices, and digital infrastructure, YesWeHack helps private, public, and governmental organizations strengthen security cost‑effectively. With in‑house triage, personalized support, and results‑based pricing, the platform is trusted worldwide and operates under strict compliance standards, including ISO certifications, GDPR‑compliant hosting, and CREST accreditation.

“Bug Bounty in the Real World” - Charles Boulware, Field CTO, Fulcrum

[Abstract to be announced — details coming soon.]

Fulcrum is a new type of integrator dedicated to solving critical business challenges across Security, Infrastructure, Cloud, and Big Data. With expertise spanning consulting and staff augmentation, MSP/MSSP services, product sales, and intellectual property, Fulcrum works shoulder‑to‑shoulder with clients to deliver results. Two‑thirds of the team are engineers—but every member is a problem solver—driven to finish the job and provide the service organizations deserve.

“Zero Trust: Benefits and Challenges” - Cletus (Clete) Young - Senior Cyber Security Architect - FrostBank

Discover how Zero Trust can transform organizational security in our presentation, Zero Trust: Benefits and Challenges. We’ll break down what Zero Trust really means, why it matters, and how to navigate the obstacles that come with implementing it effectively.

Featured Speakers

• Michael McKinley - Senior Cybersecurity Solutions Engineer - HackerOne

Michael McKinley is a senior cybersecurity solutions engineer passionate about collaborating with customers and partners to strengthen their security programs and achieve meaningful outcomes. He works closely with organizations to understand their unique challenges, architect solutions that align with their goals, and help translate strategy into measurable security improvements. Known for his blend of technical depth and practical problem-solving, Michael thrives at the intersection of innovation and execution - bridging the gap between technology and business value. His approach emphasizes partnership, adaptability, and a shared commitment to improving the resilience of the cybersecurity ecosystem. A U.S. Marine Corps veteran and University of Texas at Austin graduate, Michael brings a mission-driven mindset to helping organizations safeguard what matters most. When not behind a screen, Michael enjoys van life in the mountains and doing crazy things on two wheels.

LinkedIn: https://www.linkedin.com/in/michael-mckinley-510235126/

• Carlos Torres - US Founding GTM - YesWeHack

Carlos Torres is an eight+ year veteran of the bug bounty industry and currently serves as the U.S. Founding GTM Lead at YesWeHack, where he is driving major growth and expand the company’s presence across North America. Prior to YesWeHack, he spent several years at Bugcrowd, remaining closely involved in the technical side of bug bounty operations while progressing through sales and leadership roles. With experience across multiple leading platforms, Carlos brings a unique blend of technical insight and program-building expertise to crowdsourced security.

LinkedIn: https://www.linkedin.com/in/carlos-torres-b32b9125/

• Cletus (Clete) Young - Senior Cyber Security Architect - FrostBank

Cletus (Clete) Taylor is the author of the forthcoming book Trust at the Speed of Execution: The Role of Automation and Orchestration in Zero Trust. He currently serves as Senior Security Architect at Frost Bank, leading the enterprise transition to Zero Trust Architecture. His past roles include Security Architect at Genesys and Sysco, CISO for Harrah’s Entertainment, and Security Director/Data Center Director at S1. A decorated 10‑year U.S. Navy and special operations veteran, Clete brings operational discipline and deep technical expertise to advancing Zero Trust through automation and orchestration.

LinkedIn: https://www.linkedin.com/in/cletetaylor13/

• Charles Boulware - Field CTO - Fulcrum

Charles Boulware is a cybersecurity architect and consultant with over 15 years of experience designing, optimizing, and securing enterprise environments. His work spans SIEM, SOAR, NDR, observability pipelines, and incident response, with a strong focus on scalable monitoring, automation, and actionable security analytics for SOC teams. As Field CTO at Fulcrum Technology Solutions and Co-Founder of Booli.ai, he has led the design of identity-centric SIEM architectures, agentic AI-driven SOC workflows, and high-throughput security data pipelines that materially reduce investigation and response times. His background in digital forensics, incident response, and large-scale logging makes him particularly passionate about how bug bounty programs complement modern detection, response, and application security practices.

LinkedIn: https://www.linkedin.com/in/charlesboulware/

• Joseph Gregorio - VP Application Security - Frost Bank

Joseph Gregorio is the Vice President of Application Security at Frost Bank, bringing over 30 years of experience in Information Technology. His career spans software product development, application security, third-party risk management, governance, risk and compliance, and business continuity. Joseph’s diverse background includes leadership roles across the Department of Defense, telecommunications, financial services, and banking industries. He holds multiple professional certifications, including CISSP, CSSLP, GSEC, CGEIT, and PMP. Joseph earned a Master’s in Computer Information Systems from the University of Denver and an MBA from Colorado State University.

LinkedIn: https://www.linkedin.com/in/jmgregorio01/

Additional Meeting Details

• Lunch Provided
• Happy Hour & Demo Lab networking after session!!!

Happy Hour - Sponsors

• HackerOne
• Fulcrum
• YesWeHack
• Harness

Future Presentation Topics To Vote On

• ASPM
• Pentest
• Ransomware
• DevSecOps - Security as Code
• Security Controls for AI

Speaking at OWASP San Antonio Chapter Events

Call For Speakers is open - if you would like to present a talk on Application Security at future OWASP San Antonio Chapter events - please review and agree with the OWASP Speaker Agreement and send the proposed talk title, abstract and speaker bio to the Chapter Leaders via e-mail.