Two talks: Throw away the Vibes | AI-Powered Security Analysis

Melb.NET is pleased to host two great talks by Dasith Wijesiriwardena (Senior Software Engineer at Microsoft) and Ross Miles (Senior Software Engineer at Microsoft)

Doors open at 5:30pm, and we kick off the night at 6pm. Food and drinks provided in-person.

Agenda:

• Introductions and few words from our Sponsors (10 min)
• Talk 1 - Throw Away The Vibes: Context Engineering Is All You Need
• QnA - grab some more food/drinks (10 min)
• Talk 2: AI-Powered Security Analysis with VEX Generation

Talk 1: Throw Away The Vibes: Context Engineering Is All You Need (by Dasith Wijesiriwardena)
We've all been there: GitHub Copilot promises to be your coding companion, but instead feels more like that overeager intern who confidently writes brilliant code for the wrong problem. As AI-assisted development tools become ubiquitous, the industry narrative promises revolutionary productivity gains. Yet many practitioners find themselves playing an exhausting game of context whack-a-mole—constantly explaining, re-explaining, and fixing what their AI "partner" confidently got wrong.

Having spent considerable time wrestling with this gap between AI promises and reality, I've discovered that the real challenge isn't prompt engineering—it's context engineering. This talk explores why "vibe coding" is fundamentally broken and introduces the systematic discipline that separates magical AI experiences from expensive disappointments. Through the constraint-context matrix and real examples like the Breadcrumb Protocol, I'll demonstrate why human expertise in scaffolding, steering, and domain understanding isn't just relevant—it's the secret ingredient that makes AI actually work. You'll leave with practical strategies for engineering context systematically and a framework for building sustainable human-AI collaboration that leverages both your skills and the machine's capabilities.

Talk 2: AI-Powered Security Analysis with VEX Generation (by Ross Miles)
Traditional vulnerability scanners overwhelm security teams with noisy CVE reports that lack critical context—alerting on every theoretical vulnerability without considering actual exploitability in your specific environment. This talk introduces an innovative approach that combines automated security scanning with AI-powered exploitability analysis to generate industry-standard VEX (Vulnerability Exploitability eXchange) documents.

We'll explore how this automated workflow transforms vulnerability management from reactive CVE catalog matching to proactive, evidence-based risk assessment through comprehensive code reachability analysis, attack surface mapping, and environmental protection evaluation. Through live demonstrations, we'll show how this system generates three key deliverables: executive summaries, detailed technical reports with remediation guidance, and OpenVEX-compliant documentation for transparent vulnerability communication. By shifting focus from vulnerability presence to actual exploitability, this methodology helps security teams allocate resources effectively, reduce alert fatigue, and build evidence-based security programs that address real risks rather than theoretical possibilities.

Key Takeaways: Practical implementation of AI-driven vulnerability analysis, OpenVEX standard adoption, and strategies for reducing security noise while improving risk assessment accuracy.

Hosts:
William Liebenberg - Microsoft .NET MVP | Consultant at Arinco

Location:
In-Person at Microsoft Melbourne - Level 5 / 4 Freshwater Place, Southbank VIC 3006.

🗣 Apply to speak now: https://bit.ly/melb-dotnet-cfp

Sponsors:
We have some amazing sponsors that help make this event possible:

• Arinco
• Microsoft Melbourne
• Dotnet Foundation