CISOs shift from perimeter security to API security

Bill Doerrfeld | March 30, 2026

My first-ever contribution to CSO Online looks at the shifting landscape, from perimeter-based security to API security, and how CISOs are responding.

API attacks are on the rise. But traditional security approaches like endpoint detection and response (EDR) can miss this vector entirely.


Excited to share my first-ever contribution to CSO Online today, which looks at the shifting landscape, from endpoint security to API security, and how CISOs are responding. You can read it here.


In a nutshell, malicious traffic may look like normal traffic, but legacy perimeter-based defenses miss business logic gaps and systemic authentication and authorization issues.


To respond, CISOs are using a combination of API governance frameworks, inventory management, API gateways, strong identity and authorization, and other techniques.


I'd love to write more for this publication, but it takes connecting with the right sources. If you're a CISO or work with one and have an interesting perspective to share, feel free to get in touch.

Read: APIs are the new perimeter: Here’s how CISOs are securing them

Other Blog Posts

Using agentic AI to accelerate sales teams

By Bill Doerrfeld May 13, 2026
My latest for CIO Online features real results form CIOs actively deploying AI agents to empower sales and revenue teams.

Avoid hastily bolting AI into existing products

By Bill Doerrfeld May 12, 2026
Reports say consumers are souring on AI everywhere, all the time. So, at the risk of losing trust, or even potential business, is adding AI to an existing product really worth it?

Agentic rebuilds are the new forking

By Bill Doerrfeld May 1, 2026
Cloudflare rebuilt Next.js over a weekend using agentic coding.

Agentic AI requires new systems thinking

By Bill Doerrfeld April 20, 2026
My InfoWorld feature reviews the key building blocks in agentic systems and with real-world examples from Shopify, Block, and others.

What goes into a solid MCP registry?

By Bill Doerrfeld March 31, 2026
My latest InfoWorld feature explores what makes an enterprise MCP registry effective, from semantic discovery to governance and security for AI agents.

Fixing the AI slop problem in open source

By Bill Doerrfeld March 29, 2026
My latest feature for The New Stack looks into solutions being proposed to fix open source Slopmageddon.
A digital pattern of rounded rectangular blocks in shades of blue and purple, arranged in an interlocking layout.

Agentic AI is reshaping platform engineering at Squarespace

By Bill Doerrfeld March 27, 2026
My latest DirectorPlus looks at how agentic AI is reshaping platform engineering at Squarespace: less shared code and more developer experience focus.

5 impressive API monetization models

By Bill Doerrfeld March 19, 2026
Usage-based pricing is reshaping the API economy. Discover 5 API monetization success stories, including OpenAI, Plaid, and AssemblyAI.
A lightbulb against a purple background, containing a human brain with an

Why event-driven APIs matter for AI workflows

By Bill Doerrfeld March 18, 2026
Why event-driven APIs matter for AI workflows, enabling real-time data, scalable systems, and responsive agent behavior.

Exploring frontier models for physical AI

By Bill Doerrfeld February 28, 2026
While hardware usually gets the spotlight in physical AI, the real differentiator won't be hardware. It'll be the models.