I’m pleased to announce that I have officially joined the Traceable AI team! If you follow me this news probably doesn’t come as a surprise, I’ve worked with the Traceable team for a few years externally on webinars, blog posts and videos. So, I’m really pleased to be joining the team as an API security content creator!

You might have seen some of them already, but here’s my favorite: API Hacking Toolbox w/ Dr. Katie Paxton-Fear

I’m sure I don’t need to tell you why API security is important, but: It’s easy to sink into a sea of API endpoints, with no idea if that small information disclosure iceberg is hiding a huge access control failure app-wide.

API security can’t be fixed with a WAF slapped on at the very end of the deployment with zero context in how an API is supposed to work. You need a solution that’s API-specific and that speaks the same business logic as the application.

I’ve always said API hacking isn’t special and it’s just a web application which I stand behind, but I do think on the blue team API security is HARD, with random endpoints being deployed every day, API management tools, ever-changing API frameworks and design patterns on top of the usual DevSecOps – it’s a lot! Not to mention that a complex API could be handling 100x the amount of traffic on a single application.

A lot of you might be wondering why Traceable. I’ve been really fortunate that I’ve worked on projects with the team over time, so I’ve got to see the product develop and change. While also working with a fantastic team with an energizing culture. But to the product: My partner is a developer, and my benchmark is always “Could I imagine him using this product in his day job”, there are a lot of tools on the market that have tons of really cool niche features but ultimately are unusable in a production environment.

Every time I met with the team, there was another new feature, integration and use case. Each time I see it slot into existing workflows.


Their data-driven approach with the Traceable threat lake can take all the traffic, good and malicious and start to understand where those outliers are, an AI made up of statistics and algorithms, not random API calls to ChatGPT ;).

Anyone who knows me also knows that teaching is my passion, and it was very important to me to work with a company that had a strong push towards education and community.

I’m really hyped to continue to do what I love (teaching you all about security and hacking), giving back to the security community (with quality, free, content you can trust), and experimenting with more types of content creation (videos, short-form, blogs, whitepapers…). Whilst also getting to dive into API security on the defence and forensics side as well as the hacking side.

So does that mean I no longer will make YouTube videos? Nope! Hopefully it’ll mean I will make MANY more! And attend even more events, do even more API security workshops. But…You should follow the Traceable YouTube channel too to make sure you catch everything. And you know we’ll go deep into API security, from hacking them to defending them!

I ❤️ API security and if you follow me I bet you do too, so keep your eyes out for even more API hacking from me.