Reflecting on 2025
For me this was a big year. At the beginning of the year, I knew that change was in store and that I wouldn’t be in my corporate position much longer. My career was on a clear trajectory and then something I referred to as “the shadowy cabal” started taking place. My trajectory flatlined into stagnation and achievements were no longer adequate. After I left in March it the shadowy cabal was revealed: private equity. When leadership is optimizing for a transaction, people can become cells in a spreadsheet, and the safest move is to change nothing.
I made great connections. I picked up the skills to consistently perform business development activities, reorient my perspective of sales, and build long-term client relationships.
I support my family with my work, so with a wife, three daughters, a dog, mortgage and car payments starting off on my own was daunting to say the least. Jumping off of a cliff and hoping for the best. Thankfully, due to genuinely positive relationships I’ve developed over the years, I had clients to support hAPI Labs from day one.
Bill Bowman reached out to see if I could help develop services to better test and secure mergers and acquisitions. I renewed my efforts with APIsec and the APIsec University with Dan Barahona and Faizel Lakhani. Scott Bly with SIS Cyber reached out to work together. Baptiste and Mehdi with APIdays reached out to see if I wanted to run the Hacking APIs Conference. Additionally, several well-known organizations across the US reached out to see if we could thoroughly test their APIs, web apps, AI apps, and networks.
Yes, yes to everything and thanks.
These incredible clients, customers, friends, helped hAPI Labs have a runway to keep failure at bay and success on the horizon. Enough clients and enough work transitioned into too much to do on my own. My amazing wife, Kristin Ball, took on the role of CFO/CMO/best partner in crime ever. I pursued my right-hand man, Jordon Cornellier, to take the next step in his career to become the Director of Cybersecurity consulting with me at hAPI Labs. I also took on a few pentest interns to begin growing out a team.
Together we have developed a solid foundation of services with the goal of providing the highest quality security assessments with results tailored to the individual organization.
This year I believe I set my own PR for speaking opportunities. I spoke at all of the following conferences:
DefCon Red Team Village, Hacking APIs Conference NY/London/Paris, APIdays Munich, OWASP Leira, BSides Portland, and APIsec Con. Additionally, I got to meet with PortSwigger, F5, Qualys, Nestle, National Geographic Society, Raices Cyber Org, attended RSA. I also designed and released One Request to Rule Them All, APISec Power User course, and the Model Context Protocol Security Fundamentals course.
My reading this year primarily focused on startup education, private equity, improvement, and Sci Fi.
Books Read: Blitzscaling, Sell with a Story, The Story Selling Method, Startup CEO, Startup, CXO, The AI Driven Leader, The AI Edge, Children of Time, The Three Body Problem, Build, Qualityland, Sympathy Tower Tokyo, Elementary, The Founder’s Dilemma, Zero to One, Black Holes, The Player of Games, The State of the Art, Influence, The Ruthless Elimination of Hurry, Butter, Beyond Entrepreneurship 2.0, The Private Equity Playbook, The Lies of Lock Lamora, Never Split the Difference, Mastering Private Equity, When the Moon Hits Your Eyes, How to Make a Few Billion Dollars, Co-Intelligence, Secrets of Sand Hill Road, Consider Phlebas, The Odyssey, The Rise of Endymion, The Case for Mars, Strange Houses, Start Scale Exit Repeat, Private Equity Operational Due Diligence, The NVIDIA Way, The Ultimate Guide to Mastering AI for Leaders
Recommended Reading: Butter, Strange Houses, The Player of Games, The Lies of Lock Lamora, Zero to One, Black Holes, Influence, Never Split the Difference, the entire Hyperion series, and the AI Driven Leader.
Games: Balatro (100%) and Hollow Knight (100%)
Notable Achievements:
· We gave away over 200 copies of Hacking APIs this year.
· APIsec U grew to over 130,000 students
· hAPI Labs grew from 0 to 1,500 followers
· The Hacking APIs Conference had incredible keynotes including Chris Roberts, Isabelle Mauny, David Meece, Katie Paxton-Fear and Ben Sadeghipour
AND
Sponsors including PortSwigger, Upstream, Aikido, Akamai, OWASP, AppSentinels, and No Starch Press.
Now I’m looking ahead to taking some time to chill off in Hokkaido, Japan and come back to hit the ground running in 2026. After a year of building from zero while supporting a family of five, I've earned some quiet snow, ice fishing, Jingisukan, Wagyu, and good ramen. But I'd be lying if I said that I wasn’t already scheming for 2026. We're launching our Continuous Pentest Partner program, deepening relationships with PE firms who've seen what fast, thorough assessments actually look like and growing the team that made this year possible. Back in March, what felt like a cliff turned out to be the next step.
Cheers!
