David Scrobonia - Lifelong builder, Appsec Engineer, Creator of ZAP Heads Up Display

Listen to the full episode here:

From Zero to One, David is a lifelong builder. Wherever he goes he just builds things. From an electric car to adhoc android apps to ZAP HUD, an awesome heads up display for ZAP Proxy, a game changer imho. We discuss the lack of UX in the security tooling community, how contributing to Open Source got him his job, and even about imposter syndrome.


David Scrobonia is part of the Security Engineering team at Segment working to secure modern web apps and AWS infrastructure. He contributes to open source in his spare time and leads development for the OWASP ZAP Heads Up Display project.


• Mostly interested in architecture and mechanical engineering when younger.

• Built his own electric car with his dad, out of a Porsche 914!!

• David explains XSS and why certain languages are better than others, such as react.

• David gets lost in El Segundo. Yes.


• "It's just a program that listens on these silly protocols."

• "Playing with my hands I wanted to do more hands on stuff, quickly fell in love with the coding side as a lot of people do."

• "I was like... what's GET? what's POST? What do you mean?"

• "Before you know it right it seems so daunting."

• "Still plenty of opportunities out there. Will be a long time before the world is perfect and secure."

• "With all those things, I've been working in the security industry, but I didn't really feel part of any security community."

• "I have nothing but good things to say about the open source community."

• "...they're (security tools) just not built with user experience first."

• "I think people underestimate what they are able to contribute."


• David on Twitter: https://twitter.com/david_scrobonia

• Rube Goldberg Machine: https://en.wikipedia.org/wiki/Rube_Goldberg_machine

• Dan Boneh's Cryptography Course: https://crypto.stanford.edu/~dabo/courses/OnlineCrypto/

• OWASP Appsensor Project: https://www.owasp.org/index.php/OWASP_AppSensor_Project

• Zap Proxy Heads Up Display (HUD): https://github.com/zaproxy/zap-hud

• Article by David on Zap HUD: https://segment.com/blog/hacking-with-a-heads-up-display/

• Brakeman Pro: https://brakemanpro.com/


• My talk at Sam's class: https://www.youtube.com/watch?v=KJvPHZGtGdM

Intro: Cascadia by Trash80 (https://trash80.com ) Licensed Under Creative Commons

Outro: Cancun by Topher Mohr and Alex Elena

Getting Into Infosec

Twitter: https://twitter.com/coffeewithayman

YouTube: https://www.youtube.com/channel/UCg6gV_gdfc188HZdN8LUx4A

Book: https://www.amazon.com/Breaking-Step-Step-Starting-Information-ebook/dp/B07N15GTPC/