OPEN TALK (API): The Real World, API Security Edition: When Best Practices Stop Being Polite and Start Being Real


Michael Isbitski
Salt Security, Technical Evangelist

Michael Isbitski is Technical Evangelist at Salt Security, helping to improve awareness and technical understanding in the area of API security. Prior to joining Salt, Michael was a Senior Director Analyst at Gartner for Technical Professionals (GTP). He researched and advised on a range of application security and infrastructure security topics including API security, security testing, secure design, secure SDLC, application protection, container security, Kubernetes security and secure continuous delivery. Michael also has more than 20 years of hands-on practitioner and leadership experience in the fields of application security, vulnerability management, risk assessment, enterprise architecture, and systems engineering.


API security has emerged as a top priority for protecting vital data and services. Unfortunately, many organizations are just one vulnerable API away from a privacy incident or data breach, and it’s an area where many companies lack expertise.

This “real world” episode shares six essential techniques, drawn straight from the trenches of customer deployments, to help guide your API security best practices.

Join us for a discussion of these key areas:

- API documentation, discovery, and cataloging to improve awareness of your API attack surface
- Runtime protection to prevent sensitive data exposure and protect your APIs from abuse
- API-centric security operations so you're prepared in the event of an API incident or breach

This session will also share ways to make it easier and more automatic to address the many elements of API security.

Come find out what happens…when APIs stop being vulnerable. And start getting secure.