The Hacking APIs Conference: 80% Preparation, 20% Chaos
API security has plenty of problems and the only way to solve them is to share knowledge. At your average conference, you might catch an API security talk somewhere in between a threat intel panel and a cloud security talk. Meanwhile every app, every AI model, every third-party integration depends on APIs. When secure, all is well. When they’re not… disaster.
That's where the Hacking APIs Conferences (New York, London, and Paris) come in. This is a dedicated in-person space where students, practitioners, bug bounty hunters, and executives spend a full day talking about nothing else.
2026 is off to the races and we are getting ready to run the second year of the Hacking APIs Conference. Have you ever wondered what it is like to run a conference? It is 80% preparation and 20% chaos management.
When you run a conference, your goals consist of filling the space with a variety of attendees who are drawn to be there by the community and a set of all-star speakers, who all make the sponsors happy enough to continue participating in future events.
Not enough speakers and you’ll be up on stage with an accordion and a drum set trying to keep people entertained until your next speakers. In all seriousness, I usually keep two presentations ready to go, just in case.
Not enough decision makers and you’ll have your sponsors filled with regret. Not enough attendees and you’ll have your speakers filled with regret (maybe some relief for those with stage fright).
The chaos begins. You’ll have sponsors that love the idea, say yes to everything, and ghost you at the signature. All-stars that want triple the total conference budget in gold/silver/dollars, first-class tickets, and the bougiest hotel room in the bougiest hotel. No shade at those all-stars, I’m sure you are worth it and I hope plenty of others are paying those costs, but my budget is quite a bit tighter than that (maybe next year!). Attendees that ask if the slides will be available months before the conference.
60 days and earlier until the event: you’re making the rounds posting your Call for Everything! Sponsors, speakers, attendees! At this point marketing and branding are complete. You are shouting the event to the world and seeing who will respond. Hopefully, there isn’t too much competition for the date that your event lands on. This is typically the great filter for potential all-stars.
30 days until the event: You have all of your speakers lined up. Now you are starting to cement the tracks. For the Hacking APIs Conference this is when our speaker competition begins. You’re putting on your marketing hat, advertising the event, all-stars, and proving the value that will be provided to your audience.
“You never know what things will come up, but you need to be able to roll with the punches!”
48-24 hours until the event: Time to travel to the event while keeping a close eye on LinkedIn Messages, email, and text for agents of entropy. The typical agents include travel issues, nerves getting the best of the all-stars, sickness, and pet wellbeing.
Last year, 12 hours before HAC London I received an image of a dog in a cast! The keynote speaker’s dog had a leg injury that prevented her physical presence. You never know what things will come up, but you need to be able to roll with the punches!
I went early to the conference location, tested the network connection, put up a zoom meeting and tested the audio to make sure that a remote presentation would work. Chaos averted! All went well. The keynote delivered. The dog recovered. Be on the lookout for the next entropic swipe.
So, it begins! Regardless of your expertise in IT, technology, and cybersecurity you could be up on a stage sweating and praying to all the powers of the universe that the third time you plug in the HDMI cable to the laptop that it will work. Test everything beforehand. Bring a backup laptop. Learn from my mistakes.
Next you could be the closest thing to a therapist, promising a nervous speaker that it will all be okay. Bring them up on stage with excitement, they’ll surely deliver, and their talk will be so good that it will continue and migrate into the conference halls.
Then you’ll be participating in a panel for one of your sponsors only to thank the sponsor by their leading competitor’s name. Apologize, correct the mistake, apologize again and then try to scrub the flub from your memory.
“Despite the chaos and stress, it is all worth it to connect with a community of diverse individuals who all want to continuously learn, discover cool findings, and help secure one of the world’s leading attack vectors. Build Break Defend!”
Just like that, your final speaker wraps up, you thank everyone for participating and it is over in a blur. Enjoy the moment, take a breath, and begin planning the next one.
Despite the chaos and stress, it is all worth it to connect with a community of diverse individuals who all want to continuously learn, discover cool findings, and help secure one of the world's leading attack vectors. Build Break Defend!
The Hacking APIs Conference New York Call for Everything is coming soon!
