How Security Practitioners Master API Security in the Regulatory Landscape

In this episode, host Dani Woolf is joined by Sue Bergamo, James Azar, and Chuck Herrin to discuss the challenges of API security in the context of digital transformation. They highlight the lack of visibility, tools, and control in organizations when it comes to API security. The panel emphasizes the importance of understanding the data flowing through APIs, having a clear ownership structure, and implementing secure development practices. They also discuss the impact of regulations and compliance on API security and the need for organizations to educate themselves and align their language with developers and application owners. In addition, the guests stress the importance of communication, collaboration, and education in addressing API security challenges.

Guests at a Glance:

• Sue Bergamo: Sue Bergamo is a longtime CIO and CISO who currently works as an executive advisor for BTE Partners. She advises innovative CEOs on cybersecurity and is passionate about protecting and securing data.

• James Azar: James Azar is the CTO and CSO of AP4 Group, a critical infrastructure company. He is responsible for the internal technology and security practices of the company and works with power plants, oil and gas companies, and aviation organizations.

• Chuck Herrin: Chuck Herrin is the CTO of an API security company called Wib. He has decades of experience as an attacker and defender and has served as a CISO multiple times. He is passionate about API security and helping organizations protect their data.

Key Takeaways:

• Lack of visibility, tools, and control are major challenges in API security.
• Organizations need to understand the data flowing through APIs and implement secure development practices.
• Ownership and accountability for API security should be clearly defined within organizations.
• Regulations and compliance frameworks are starting to specifically address API security.
• Security vendors should focus on eliminating false positives and providing guidance on addressing API vulnerabilities.
• Communication and collaboration between security teams and application owners are crucial for effective API security.

Join Audience 1st Newsletter Today

Join 1700+ cybersecurity marketers and sellers mastering security buyer research to better understand their audience and turn them into loyal customers: https://www.audience1st.fm/newsletter