Adopting Zero Trust

API security is currently in its early stages and there is a need for organizations to prioritize it. APIs are knowable, meaning their behavior can be understood and tracked against their baseline design. It is crucial for organizations to know what APIs they have, where they reside, and what they are supposed to be doing. Understanding that APIs can be leveraged to perform unintended actions is important for establishing proper security measures. To enhance API security, continuous monitoring and behavior tracking are necessary. It is imperative for organizations to prioritize API security and allocate resources to protect their APIs.

Introduction

4min

Introductions and Backgrounds

7min

The Importance of API Security in the Cybersecurity Landscape

15min

Lost Knowledge and Sacrificed Solutions: A Reflection on Enterprise World and Cybersecurity Complexity

2min

The Importance of Simplifying API Security

7min

Testing Defenses in Cybersecurity and API Infrastructure

2min

Season two, episode 15: We talk ZT History and API security with the godfather of Zero Trust, Dr Zero Trust, and Richard Bird.

Catch this episode on YouTube, Apple, Spotify, Amazon, or Google. You can read the show notes here.

In the past few years, supply chain attacks and their impacts have or will soon overtake that of the damage done by ransomware. It’s of no surprise then that APIs are a critical attack vector that threat actors like to exploit, yet many organizations do not have a good understanding of how many doors they have running into their data.

This week we chat with the godfather of Zero Trust, Dr. Zero Trust, and a chief security officer about the current state of API security maturity. Considering our guests, we, of course, also took the opportunity to chat a bit about Zero Trust's history.

This week we have three very special guests:

John Kindervag, the creator (godfather) of Zero Trust
Chase Cunningham, AKA Dr Zero Trust, and the now VP of Market Research for G2
Richard Bird, Traceable AI’s Chief Security Officer

Key Takeaways

Like any other cybersecurity concept, APIs must have an asset inventory
There is enough margin of error tied to the intended use of APIs that require continuous monitoring/verification
There is a current maturity gap associated with securing the use of APIs in the name of speed and innovation, and often there is not a well-established owner

Editors Note

We will be taking a publishing break for the month of September as my daughter has arrived, and I will need to catch up on all the sleep I can get. We should be back in October and run through until the holiday break before we wrap season two. I’m also working on a few experimental podcast series during my parental leave, so stay tuned. At least one in particular should be of interest to our audience here. Also, if you work for a cybersecurity org and are interested in launching a podcast, slide into my inbox if you need a hand.

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

Adopting Zero Trust

AZT: API Security with John Kindervag, Chase Cunningham, and Richard Bird

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

API security and the importance of knowing APIs

The significance of reducing API attack surface

The need for organizations to focus on API security

The importance of continuous improvement and quality control in API security

Remember Everything You Learn from Podcasts