Room to diversify—and specialize
Since joining the firm four years ago, Ball has emerged as a leading expert on API security, a rapidly growing field that involves authenticating programs or individuals that are using an API, a software interface that allows computer programs to communicate with each other.
In 2022, Ball published an award-winning book, Hacking APIs: Breaking Web Application Programming Interfaces. Earlier this year, he founded APIsec University—where he serves as chief hacking officer—and the API Penetration Testing certification program, the first hands-on API security testing certifications.
Ball credits Moss Adams’ leaders for helping drive the success of his various endeavors. He decided to specialize in API security, he said, after one of the partners asked him to take the lead researching opportunities in the field.
“I was captivated by how APIs are a vital aspect of the digital economy, how prevalent APIs are—83% of all web traffic is API-related—and the lack of information that was available to security researchers. The combination of these three elements spelled a lot of API-related doom and gloom to me,” Ball says.
As a result of his research, Moss Adams launched a new API penetration testing service for clients.
A well-examined life
The father of three daughters, Ball spends his free time playing chess, collecting board games, and re-reading philosophy texts he was introduced to in college as a philosophy and English double major.
Ball said balancing his diverse interests and obligations takes “really deliberate time management.” He emphasized the complementary nature of his various projects.
Training the Moss Adams team on API security and bouncing ideas off talented colleagues helped him gain confidence in his work and flesh out the ideas for his book. So did working with APIs in financial technology, health care, banking and, most recently, crypto exchanges.
“There is a wide variety of this one technology across different industries, and they each have a different business logic that is important to understand,” Ball said.
Writing the book, in turn, has helped attract new clients to the firm.
Supporting clients, professional development, and a safer internet
The mutually beneficial relationship between Ball’s consulting role and burgeoning personal security brand continues to yield new opportunities. Ball has more than a decade of cybersecurity experience under his belt, having served as security operations manager for an employee benefits firm and a company that provides security services to large solar and wind energy providers.
Baked into his current position as a senior manager is a sales component, a novel responsibility that has turned out to be immensely satisfying and aligns with his broader professional interests and goals.
“I believe the exposure that the rapid adoption of APIs has introduced is a serious threat to businesses and the internet at large,” he explained. “So doing what I can to evangelize how to test them properly is important to me. Educating clients and building new client relationships has turned out to be a really positive experience.”
Ball said wearing many hats comes naturally to him, and he’s grateful for the flexibility of his consulting position and the path to partnership. “There is a free form to it,” he said.