Breaking Badness Exposing Your Attack Surface on Purpose: API Chaos, AI Risk, and Quantum Reality
Jun 26, 2025
The discussion delves into the speaker's journey from penetration testing to becoming a CISO, emphasizing API security challenges. It touches on complexities organizations face in multi-cloud environments. The rapid evolution of AI technology is scrutinized, with concerns over its misuse and geopolitical implications. The importance of adapting cybersecurity practices to manage evolving attack surfaces is highlighted, alongside proactive strategies for critical infrastructure. The need for effective communication and foundational practices in security is underscored.
AI Snips
Chapters
Transcript
Episode notes
Chuck Heron's Career Journey
- Chuck Heron shared his career journey from penetration tester to CISO, then to startup CTO in API security, and now field CISO at F5.
- He emphasized his focus on API attack surfaces and customer advocacy in product development.
Complexity and Quantum Threats
- The biggest concern is the complexity and poor understanding of attack surfaces, especially unmanaged APIs in multi-cloud environments.
- The race condition with quantum computing means existing encryption threats could emerge unexpectedly, stressing defenders.
AI Empowers Attackers Broadly
- Attackers leverage AI to enhance effectiveness in both common and niche attack methods like phishing and social engineering.
- AI lowers language barriers, allowing attackers to craft convincing attacks in any language.