A few months after Corey Ball started working for Moss Adams, the cybersecurity consultant performed what is known as a physical penetration test, in which he broke into a supposedly secure building. Donning a hard hat and visor, Ball assumed the guise of a utility worker checking on a reported gas leak at the building occupied by his client.
The vulnerabilities were immediately apparent. An employee ushered him in through a side door, “bypassing security and into the high-security area,” said Ball, who described the test as fun and a good-risk assessment experiment.
Ethically breaking and entering is all in a day’s work for Ball, who, as the senior manager of penetration testing, provides a variety of real-world and networked risk management services for clients in the energy, financial, legal, and health care sectors.
The opportunity to work directly with companies across industry sectors was one of the reasons he decided in 2019 to take the position with Moss Adams. Another draw was the ability to carve out his own career path – inside and outside the firm.
“From early on at Moss Adams, I was told, ‘You own your schedule, and you own the quality of your work and client relationships,’” Ball said. His interest in hands-on tech dates back to a computer sales and repair service he co-founded at age 15.
“Entrepreneurship has always been important to me. So, I was a huge fan of their approach.”
Since joining the firm four years ago, Ball has emerged as a leading expert on API security, a rapidly growing field that involves authenticating programs or individuals that are using an API, a software interface that allows computer programs to communicate with each other.
In 2022, Ball published an award-winning book, Hacking APIs: Breaking Web Application Programming Interfaces. Earlier this year, he founded APIsec University—where he serves as chief hacking officer—and the API Penetration Testing certification program, the first hands-on API security testing certifications.
Ball credits Moss Adams’ leaders for helping drive the success of his various endeavors. He decided to specialize in API security, he said, after one of the partners asked him to take the lead researching opportunities in the field.
“I was captivated by how APIs are a vital aspect of the digital economy, how prevalent APIs are—83% of all web traffic is API-related—and the lack of information that was available to security researchers. The combination of these three elements spelled a lot of API-related doom and gloom to me,” Ball says.
As a result of his research, Moss Adams launched a new API penetration testing service for clients.
The father of three daughters, Ball spends his free time playing chess, collecting board games, and re-reading philosophy texts he was introduced to in college as a philosophy and English double major.
Ball said balancing his diverse interests and obligations takes “really deliberate time management.” He emphasized the complementary nature of his various projects.
Training the Moss Adams team on API security and bouncing ideas off talented colleagues helped him gain confidence in his work and flesh out the ideas for his book. So did working with APIs in financial technology, health care, banking and, most recently, crypto exchanges.
“There is a wide variety of this one technology across different industries, and they each have a different business logic that is important to understand,” Ball said.
Writing the book, in turn, has helped attract new clients to the firm.
The mutually beneficial relationship between Ball’s consulting role and burgeoning personal security brand continues to yield new opportunities. Ball has more than a decade of cybersecurity experience under his belt, having served as security operations manager for an employee benefits firm and a company that provides security services to large solar and wind energy providers.
Baked into his current position as a senior manager is a sales component, a novel responsibility that has turned out to be immensely satisfying and aligns with his broader professional interests and goals.
“I believe the exposure that the rapid adoption of APIs has introduced is a serious threat to businesses and the internet at large,” he explained. “So doing what I can to evangelize how to test them properly is important to me. Educating clients and building new client relationships has turned out to be a really positive experience.”
Ball said wearing many hats comes naturally to him, and he’s grateful for the flexibility of his consulting position and the path to partnership. “There is a free form to it,” he said.
At Moss Adams, we believe in the power of possible to empower our clients and people to pursue success however they define it. Explore stories about our professionals, including their personal achievements, at our Beyond the Desk page.
Thank you. Your contact request has been received. We will be in touch soon.