Video

APIs Are a Massive Problem - We Just Don’t Know How Massive

CyberEdBoard Panelists Call for Reallocation of Budgets, More DevOps Accountability
Chase Cunningham, the Doctor of Zero Trust and ISMG global content contributor, and Richard Bird, chief security officer at Traceable AI

API vulnerabilities are the largest unmitigated security risk not being addressed despite the size and scale of API breaches being described as "staggering," according to CyberEdBoard panelists Chase Cunningham, the Doctor of Zero Trust and ISMG global content contributor, and Richard Bird, chief security officer at Traceable AI.

See Also: 6 Critical Capabilities for an Application GRC Solution

People know there's a serious problem but are not moving fast to fix it, the panelists said. Among the challenges: siloed software developers and security professionals and no real budget for API security across the stakeholders of IT teams, developers, business units and security.

Developers need to implement API security technology, including using zero trust approaches, the two said. They also advised repurposing part of the budget from other layers of the technology stack to API security.

In this video of a panel discussion sponsored by CyberEdBoard and recorded at RSA Conference 2023, Cunningham and Bird discuss:

  • The criticality of quantifying API security risk;
  • Who owns API security in the organization;
  • How to prioritize budgets and security structures to mitigate API risks.

Cunningham, aka the Doctor of Zero Trust, serves as the advisory board member of Akeyless. Prior to Akeyless, he was the chief strategy officer at Ericom Software, where he shaped the company's strategic vision, road map and key partnerships. He also served as vice president and principal analyst at Forrester Research, providing strategic guidance on zero trust, artificial intelligence, machine learning and security architecture design for security leaders worldwide.

Bird is a cybersecurity and IT operations industry veteran with nearly 30 years of experience. He has been a CIO and a CISO and he is also the former global head of identity for JPMorgan Chase. Bird has held multiple C-level roles advising organizations of all sizes, while serving as the chief customer information officer for Ping Identity, building security solutions for the market as a chief product officer.


CyberEdBoard is ISMG's premier members-only community of senior-most executives and thought leaders in the fields of security, risk, privacy and IT. CyberEdBoard provides executives with a powerful, peer-driven collaborative ecosystem, private meetings and a library of resources to address complex challenges shared by thousands of CISOs and senior security leaders located in 65 different countries worldwide.

Join the Community - CyberEdBoard.io.

Apply for membership


About the Author

Tom Field

Tom Field

Senior Vice President, Editorial, ISMG

Field is responsible for all of ISMG's 28 global media properties and its team of journalists. He also helped to develop and lead ISMG's award-winning summit series that has brought together security practitioners and industry influencers from around the world, as well as ISMG's series of exclusive executive roundtables.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing fraudtoday.io, you agree to our use of cookies.