May Meetup

Join us for the May Bay Area OWASP meetup, proudly sponsored by Doppel.
Expect an evening filled with insightful security talks, engaging conversations, and great community networking — all complemented by delicious food and drinks, generously provided by Doppel. Thank you very much Postmark Inc for providing us the space.

5:00 PM : Doors open, Networking, food and drinks
5.30 PM :- Chapter introduction
5.45-6.30 PM :- Social Engineering Attack Chain: A New Standard for Unified Defense
6.30-7.15 PM :- More Packages, More Problems: AI, npm, and the New Economics of Supply Chain Attacks
7.15-8.00 PM :- AppSec in the age of AI.

Talk#1 Social Engineering Attack Chain: A New Standard for Unified Defense

Description: This session reframes social engineering as a coordinated, AI‑driven attack chain that spans email, chat, SMS, voice, and video. Attendees will learn how attackers design cross‑channel campaigns, what Human Risk Management looks like in practice, and how to build a unified, human‑centric defense model that aligns security controls, processes, and business stakeholders.

Speaker: Alvin Lin is the Director of Product Marketing at Doppel, where he leads go-to-market strategy for the company’s AI-native Social Engineering Defense platform. He has spent over a decade scaling hypergrowth leaders like Okta, Cloudflare, and Cloudera through defining expansion chapters and global revenue tiers. He specializes in bridging the gap between deep-tech and executive value to drive upmarket adoption.

Talk#2 More Packages, More Problems: AI, npm, and the New Economics of Supply Chain Attacks

Description:
Malicious npm package activity surged over the past year, and AI is changing the economics behind it. Attackers are using large language models to generate convincing packages, craft realistic documentation, and scale typo squatting campaigns faster than manual review can keep up. Meanwhile, traditional supply chain compromises targeting developer endpoints, credentials, and cryptocurrency wallets are growing more sophisticated on their own.
The session closes with a practical defender's playbook covering development environment hardening, package vetting workflows, and building organizational muscle around supply chain hygiene. Whether you work in application security, platform engineering, or security operations, you will walk away with a realistic picture of the threat and concrete steps to act on it.

Speaker: Mohit Bansal is a Senior Manager of Security Operations Engineering at Webflow with over 12 years of experience in cybersecurity. His work spans software supply chain security, cloud infrastructure security, AI agent security, and building developer security programs at scale. Previously, he spent nearly six years at Okta, a major identity platform leading Application Security and Vulnerability Management. Mohit has led incident response efforts against real-world npm supply chain compromises and brings firsthand forensic experience to the threat patterns covered in this talk. He is an active researcher and speaker on the intersection of AI, attacker economics, and developer workflow risks.

Talk#3 AppSec in the age of AI.
Description: AI is eating software. It is also changing fundamentally application security. Advanced models like Mythos are identifying vulnerabilities faster if not better than human counterparts. They are also writing code (hopefully secure code), faster than human counterparts. This leaves existing app sec vendors into an existential crisis.
At the same time, if AI is at the heart of every application of the future, who is securing AI? Can we really trust an unpredictable blackbox with our most sensitive workloads? Anthropic and OpenAI will have you believe that their models are perfect but reality is different.
We discuss the future of AppSec in the AI era

Speaker: Saurabh Shintre is the founder & CEO of Realm Labs, an AI security startup. Realm Labs was one of the 10 RSAC Innovation Sandbox finalist this year. Before Realm, Saurabh led AI research at Symantec and Splunk.