I am super excited to be heading back up north to Lansing, Michigan, which is right in between Grand Rapids and Detroit. You might be wondering why I would leave the comfort of Tennessee to head up the soon to be frozen north. It’s MISSECON or #missecon, which is a conference rising from the ashes of Converge and BSides Detroit post-pandemic. MISEC itself is a huge community of infosec professionals with multiple locations across Michigan. I’ve had the pleasure of getting to know several of the members and they’re all quality individuals. If you can make the trip I would recommend it!

This will be my final time speaking on API security. I’ve really enjoyed putting the talk together and refining it over the last few months. I’ve learned a lot and I hope others have as well from my presentations. I’ve put all the resources and content from the talk at https://www.exploresec.com/api. I am working on a blog post about Dynamic Application Security Testing (DAST) because it’s the one question I’ve been asked about after ever talk.

I’m already starting to think about what topic I’d like to present on next year. CFPs are already opening up for the spring. One consistent concept throughout my presentations over the year has been threat modeling but I’d also like to do something like security awareness. Both are really important for an organization. The problem is that it’s hard to get them accepted at conferences. My API talks were accepted because it was a hot topic in the community but also I believe it’s still a hot topic for companies internally. Another topic I’ve found really interesting is how ransomware gangs work. There’s a lot of research that’s come to light over the past few years that makes it a really good topic to present.

More to come! Hope to see you at MISSECON!

This blog post first appear on Exploring Information Security