The Importance of API Security – Story of Software S02E22

Chuck Herrin, CTO at Wib and a long-term security practitioner, shares his insights on escalating cyber attacks and the growing importance of API security.

 

The Guest – Chuck Herrin, CTO at Wib

Chuck Herrin is the CTO at Wib, a platform providing a comprehensive solution for the full API software development lifecycle. He has over 18 years of experience as CISO in global financial services firms of all shapes and sizes.

Chuck shares some context about the growth of Wib, the latest threats to cybersecurity, especially in the API space, and the growing demand for solutions.

 

API Security Awareness

With APIs becoming a prominent part of how different online systems communicate, we have become more dependent on APIs than we realize. Today, 91% of all web traffic is APIs communicating within each other and we would not be able to get anything done online without them. So by design, APIs are designed to expose certain information to the outside world.

How do we deal with the increasing risks and attacks on APIs? Are there techniques and strategies that companies can adopt?

 

Some of the topics covered in this episode include:

  • Why APIs are so vulnerable to cyber attacks
  • The recently growing numbers of API attacks
  • How to analyze API vulnerabilities
  • Communicating vulnerabilities to different stakeholders

 

 

Chuck, how does a CTO take a company vision and distill that to make it as meaningful as possible for engineers?

I think there are a couple of things that I find important. The first is to set North Stars for every engineering team. So this is sort of a commander’s intent, this is your mission statement. If in doubt, go towards this, go towards this result…It’s important also to separate ‘the what’ from ‘the how’. So, ‘the what’ may be some specific objective, but too often our leaders lead with how, and they wind up boxing their teams in and curtailing their creativity… If you box people in with being overly prescriptive on how to do things, that defeats the purpose.

 

Listen to the Story of Software on:

Apple Podcasts, Spotify, Stitcher, Deezer, & any other podcast platform of your choice. The Story of Software Podcast is produced by Zartis. We hope you enjoy listening to this tech podcast and feel free to share any feedback with us: podcast@zartis.com

Zartis Tech Review

Your monthly source for AI and software related news