2017-006- Joel Scambray, infosec advice, staying out from in front of the train, and hacking exposed

Manage episode 172752318 series 58350
By Discovered by Player FM and our community — copyright is owned by the publisher, not Player FM, and audio streamed directly from their servers.

Joel Scambray joined us this week to discuss good app design, why it's so difficult, and what can be done to fix it when possible.

Joel also co-authored many of the "Hacking Exposed" series of books. We ask him about other books that could come from the well known series.

We also ask about why the #infosec person often feels like they need to protect their organization to the expense of our own position (or sanity) and how we as an industry should be not 'in front of the train', but guiding the train to it's destination, one of prosperity and security. Conversely, we also discuss why some positions in security are so short-lived, such as the role of CISO.

From SC magazine (https://www.scmagazineuk.com/joel-scambray-joins-ncc-group-as-technical-director/article/634098/):

"Security expert and author, Joel Scambray, has joined NCC Group as technical director. He will be based at the Austin, US office.

Scambray has more than 20 years of experience in information security. In his new role, he will work with some of the company's biggest clients using his experience in business development, security evangelism and strategic consultancy."

Direct Link: http://traffic.libsyn.com/brakeingsecurity/2017-006-Joel_scambray-infosec_advice-hacking_exposed.mp3

iTunes (generic link, subscribe for podcast): https://itunes.apple.com/us/podcast/brakeing-down-security-podcast/id799131292?mt=2

Brakesec Youtube Channel: https://www.youtube.com/channel/UCZFjAqFb4A60M1TMa0t1KXw

Bsides London is accepting Call for Papers starting 14 Febuary 2017, as well as a Call for Workshops. You can find out more information at https://www.securitybsides.org.uk/


HITB announcement:

“Tickets are on sale, And entering special code 'brakeingsecurity' at checkout gets you a 10% discount". Brakeing Down Security thanks #Sebastian Paul #Avarvarei and all the organizers of #Hack In The Box (#HITB) for this opportunity! You can follow them on Twitter @HITBSecConf. Hack In the Box will be held from 10-14 April 2017. Find out more information here: http://conference.hitb.org/hitbsecconf2017ams/


Join our #Slack Channel! Sign up at https://brakesec.signup.team #RSS: http://www.brakeingsecurity.com/rss #Google Play Store: https://play.google.com/music/m/Ifp5boyverbo4yywxnbydtzljcy?t=Brakeing_Down_Security_podcast

SoundCloud: https://www.soundcloud.com/bryan-brake

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast on #Patreon: https://www.patreon.com/bds_podcast

#Twitter: @brakesec @boettcherpwned @bryanbrake

#Player.FM : https://player.fm/series/brakeing-down-security-podcast

#Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr

#TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/


Show Notes:

Joel Scambray

In a bio:

“Joel’s words of security wisdom: Security is a type of risk management, which is about informing a decision. The security professional’s challenge is to bring the most evidence possible to support those decisions, both technical and non.”

Building and maintaining a security program

Which is better?

starting with a few quick wins

Or having an overarching project to head where you want to go

Starting companies (buyouts / stock options / lessons learned)

Hacking Exposed

Will you stop at ‘7’?

Will there be a “hacking exposed: IoT”?

Medical devices

What leadership style works best for you?

Things we couldn’t cover due to time:

Security Shift from network layer to app layer

Software defined networking, for example

How to set policies to keep your devs from running amok


217 episodes available. A new episode about every 7 days averaging 61 mins duration .