Enterprises manage thousands of Application Programming Interfaces (APIs). Many APIs are not routed through a proxy such as an API Gateway or Web Application Firewall (API); therefore, those APIs are not monitored, audited, and may be vulnerable to mistakes or bad actors. Enterprise security teams are playing catch-up when it comes to API security. How are CISOs and security leadership developing governance around API security and incident response readiness? In this talk, we will discuss: 1. What are APIs? 2. Why Should API security be top of mind to leadership? 3. API breaches making headlines. 4. API challenges 5. API Breach Examples 6. Approaches to API security Draft slide deck is attached, but this needs to be evolved as it is only in draft form and not enough for 1 hour speaking slot.