The unprecedented growth and adoption of connected devices has created numerous threats for organizations, manufacturers, and consumers, while presenting opportunities for hackers. To effectively hack connected devices through APIs, defenders must possess valuable skillsets, including API testing expertise. The role of defenders has evolved in this domain, with a growing emphasis on API testing and collaboration with the security research community. Fitbit's bug bounty program, which has paid over $30K to researchers, is an example of this evolution, demonstrating the importance of working with security experts to identify vulnerabilities and improve overall security.