Preview Mode Links will not work in preview mode

Feb 19, 2017

Joel Scambray joined us this week to discuss good app design, why it's so difficult, and what can be done to fix it when possible.

Joel also co-authored many of the "Hacking Exposed" series of books. We ask him about other books that could come from the well known series.

We also ask about why the #infosec person often feels like they need to protect their organization to the expense of our own position (or sanity) and how we as an industry should be not 'in front of the train', but guiding the train to it's destination, one of prosperity and security. Conversely, we also discuss why some positions in security are so short-lived, such as the role of CISO.


From SC magazine (

"Security expert and author, Joel Scambray, has joined NCC Group as technical director. He will be based at the Austin, US office.

Scambray has more than 20 years of experience in information security. In his new role, he will work with some of the company's biggest clients using his experience in business development, security evangelism and strategic consultancy."

Direct Link:

iTunes (generic link, subscribe for podcast):

Brakesec Youtube Channel:


Bsides London is accepting Call for Papers starting 14 Febuary 2017, as well as a Call for Workshops. You can find out more information at


HITB announcement:

“Tickets are on sale, And entering special code 'brakeingsecurity' at checkout gets you a 10% discount". Brakeing Down Security thanks #Sebastian Paul #Avarvarei and all the organizers of #Hack In The Box (#HITB) for this opportunity! You can follow them on Twitter @HITBSecConf. Hack In the Box will be held from 10-14 April 2017. Find out more information here:


Join our #Slack Channel! Sign up at


#Google Play Store:



Comments, Questions, Feedback:

Support Brakeing Down Security Podcast on #Patreon:

#Twitter: @brakesec @boettcherpwned @bryanbrake

#Player.FM :

#Stitcher Network:

#TuneIn Radio App:



Show Notes:


Joel Scambray


In a bio:

    Joel’s words of security wisdom: Security is a type of risk management, which is about informing a decision. The security professional’s challenge is to bring the most evidence possible to support those decisions, both technical and non.”


Building and maintaining a security program

    Which is better?

starting with a few quick wins

Or having an overarching project to head where you want to go


Starting companies (buyouts / stock options / lessons learned)


Hacking Exposed

    Will you stop at ‘7’?

    Will there be a “hacking exposed: IoT”?

        Medical devices


What leadership style works best for you?


Things we couldn’t cover due to time:

Security Shift from network layer to app layer

    Software defined networking, for example

        How to set policies to keep your devs from running amok