May OWASP Bay Area Meetup

We’re excited to announce that our May OWASP Meetup will be hosted by Adobe!
Join us for an evening of great conversations, community networking, and insightful security discussions — all in an awesome venue provided by Adobe. And yes, there will be delicious food and drinks generously provided by our hosts!

5:30 PM : Doors open, Networking, food and drinks
5.45 PM :- Chapter introductions
6-6.45 PM :- Proactive Defense: Preventing Account Takeovers Before They Begin
6.45-7.30 :- Implementing Secure guardrails

Talk #1 Proactive Defense: Preventing Account Takeovers Before They Begin
Account Takeovers (ATOs) have become the silent enablers of modern breaches—where attackers don’t break in, they log in. Whether sourced from phishing campaigns, infostealer logs, or vast combolists circulating on the dark web, leaked credentials continue to fuel unauthorized access across both enterprise and customer-facing environments.
This session will explore practical strategies for preventing ATOs, with a focus on:

• Proactively detecting and remediating leaked credentials across employees and customers.
• Leveraging phishing visibility to detect early signs of compromise.
• Introducing AI-driven analysis using the Model Context Protocol (MCP): an experimental approach within Cursor that enhances AI’s ability to search, contextualize, and support on-demand investigation of leaked credentials

Attendees will learn how to integrate these methods to build a strong defense against account takeovers, strengthening security and resilience against cyber threats. By adopting proactive credential defense and tools like MCP, organizations can develop an adaptive response to account takeover threats.
Speakers: Barath Subramaniam, Senior Product Security Engineer at Adobe, has over 16 years of experience. He manages security data exchange programs between security and product teams, focusing on security automation, AI, data engineering, identity monitoring for stolen credentials, brand abuse detection, and phishing.

Alessio Iacovone is a Product Security Engineer at Adobe with three years of experience on the Data and AI Engineering team, specializing in applying AI to enhance security efforts.

Talk#2 Implementing Secure guardrails
In the fast-paced world of AI software development, balancing rapid innovation with robust security is a persistent challenge. Security guardrails offer a solution by providing protective boundaries that guide developers towards secure practices without hindering agility.

This talk delves into a pragmatic methodology for establishing and scaling security guardrails within your organization. Drawing from real-world experiences at leading tech companies, we'll explore:

• Implementing security controls across infrastructure, applications, and dependencies.
• Identifying areas to implement guardrails.
• Establishing secure defaults in foundational services
• Leveraging static code analysis to steer developers towards secure coding patterns.
• Prioritizing common security issues to standardize best practices.
• Building a library of quick wins and integrating them into development workflows.

We'll also discuss the iterative journey of building guardrails, from laying foundational safety nets to developing contextual and strategic controls that align with your organization's evolving security maturity.

Speaker: Srajan Gupta, Dave, Senior Security Engineer. An avid threat modeling practitioner and advocate of secure design practices