January meetup

Happy New Year! We’re kicking off the year with our first meetup at the beautiful Semgrep's office in San Francisco. Join us for the January Bay Area OWASP meetup, proudly sponsored by Semgrep.
Expect an evening filled with insightful security talks, engaging conversations, and great community networking all complemented by delicious food and drinks, generously provided by Semgrep..

5:00 PM : Doors open, Networking, food and drinks
5.30 PM :- Chapter introductions
5.45-6.30 PM :- What 127M Findings Reveal About Real-World AppSec
6.30-7.15 PM :- Using MCP (Model Context Protocol) on AWS for Security Assessment Automation
7.15-8.00 PM :- From Signal to Fix: Rebuilding Vulnerability Management with AI Assisted Cybersecurity

Talk #1: What 127M Findings Reveal About Real-World AppSec

Abstract: We analyzed 12 months of anonymized Semgrep scans, spanning both first-party and third-party production code, to understand how vulnerabilities are introduced into a codebase. We’ll explore which OWASP/CWE classes drive the highest fix rates, what gets remediated quickly vs. what tends to linger, and share strategies for closing the security debt backlog using proven tactics and AI.

Speaker: Braden Riggs, Senior Product Marketing Manager

Talk#2 Using MCP (Model Context Protocol) on AWS for Security Assessment Automation
Abstract: This talk demonstrates how to deploy a Model Context Protocol (MCP) server on AWS and run it remotely from an MCP client to automate security assessment workflows. We’ll walk through a practical setup using AWS Bedrock and Agent Core, showing how AI agents can interact with cloud resources and security tools to support scalable security assessments. The session focuses on practical deployment patterns and running MCP-based workflows from a remote client.
Speaker Illia Oleksiuk is a DevOps Engineer at Pow.bio, a biotech AI startup, with over 8 years of experience building secure, scalable infrastructure across fintech, AI, biotech, and telecom. At Pow.bio, he designed a hybrid cloud platform integrating AWS, on-prem systems, and IoT devices. Previously, he worked on security and automation initiatives at Ericsson. Illia is an active AI hackathon participant with five hackathon wins, including 1st place at the AWS-hosted DeveloperWeek AI/ML 2024 Hackathon.

Talk#3 :- From Signal to Fix: Rebuilding Vulnerability Management with AI Assisted Cybersecurity
Abstract: Vulnerability management at scale often breaks down because detection does not translate into real risk reduction. Large enterprises are overwhelmed by noisy findings, missing context, and prioritization models that fail to reflect real world exploitability, creating friction for developers and heavy manual load for security teams.
This framework presents a production proven Continuous Vulnerability Management approach that normalizes and enriches findings, automates ownership, and applies context driven prioritization with constrained AI assisted workflows. The result is faster remediation, reduced noise, and a security program that scales without becoming a delivery bottleneck.

Speaker: Ashwani Mahajan is a security engineer who spends most of his time figuring out how to make security programs actually work at scale. He focuses on cutting noise, automating the painful parts of vulnerability management, and helping developers fix the right issues faster without slowing teams down.