Podcasts about owasp devslop

Colin Bell, Rob Cuddy and Kris Duer from HCL Software bring you another insightful application paranoia session.In this weeks episode our special guest is Tanya Janca who is helping the team discuss all things Security in the Devlopment space. Tanya Janca, also known as SheHacksPurple, is the author of ‘Alice and Bob Learn Application Security'. She is also the head of education and community at Semgrep!  As the founder of We Hack Purple, Tanya is bringing her security training to Semgrep customers and beyond. Tanya has been coding and working in IT for over twenty years, won numerous awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). She has worn many hats; startup founder, pentester, CISO, AppSec Engineer, and software developer. She is an Advisor for NordSec and Katilyst and the Founder of We Hack Purple, OWASP DevSlop, WoSECShe and the very popular #CyberMentoringMonday.  She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings on 6 continents. She values diversity, inclusion and kindness, which shines through in her countless initiatives.

In episode 79 of the We Hack Purple Podcast host Tanya Janca spoke to Isabelle Mauny , Field CTO and founder of 42Crunch! Isabelle and Tanya met way back in 2018, at an API Security workshop in Britain, having no idea they would be friends for years to come! Isabelle is extremely passionate about securing APIs, and has volunteered for several different groups and projects in order to try to steer our industry in a more secure direction, including being president of the OpenAPI group and lending her skills to the OWASP DevSlop project to fix up our Pixi app.Together they discussed several of the challenges when creating secure APIs, including: BOLA (Broken Object Level Authorization), bots, all sorts of other broken authentication (not just object-level), verbose error messages, the fact that APIs are *not* invisible to hackers, and so much more. Isabelle covered how to have a positive security culture, and build out a DevSecOps program that includes API security, what the OpenAPI protocol is, and several inspiring customer success stories. We also talked about her free IDE Plugin that gives you a score out of 100 for security, and how Tanya's first try at it she only got a score somewhere in the 20's to start! Of course, we also talked about the OWASP API Security Top Ten, and how that helped bring the important of securing APIs into the mainstream, rather than an obscure thing only AppSec people like Isabelle and Tanya obsess over.Isabelle also spoke about a webinar she will be on July 13, Mastering Secure API Development with GitHub and 42Crunch, you can sign up here: https://42crunch.com/mastering-secure-api-development-with-github-and-42crunch/Get to know Isabelle:Isabelle Mauny, co-founder and Field CTO of 42Crunch, is a technologist at heart. She worked at IBM, WSO2 and Vordel across a variety of roles, helping large enterprises design and implement integration solutions. At 42Crunch, Isabelle manages customer POCs , partners integrations and product training. She is a frequent speaker at conferences and a published author. Isabelle is passionate about APIs and enjoys sharing her experience in podcasts such as this one :)Isabelle Links!https://tools.openapis.orghttps://42crunch.com/mastering-secure-api-development-with-github-and-42crunch/https://apisecurity.iohttps://github.com/isamauny/codemotion2023/blob/main/RuggedAPIs-Codemotion-2023.pdfhttps://42crunch.com/blog/Very special thanks to our sponsor, Semgrep!Semgrep Supply Chain's reachability analysis lets you ignore the 98% of false positives in open source vulnerabilities and quickly find and fix the 2% of issues that are actually reachable.Get Your Free Trial Here! Semgrep also makes a ludicrously fast static analysis tool They have a free and paid version of this tool, which uses an open-source engine, and offers additional community created ruleset!

In episode #67 of the 2B Bolder podcast Tanya Janca, Director of Developer Relations & Community at Bright Security, also known as SheHacksPurple is our featured woman in tech.  Tanya is the best-selling author of Alice and Bob Learn Application Security. She is also the founder of We Hack Purple, an online learning academy, community, and podcast that teaches everyone to create secure software. Tanya has been coding and working in IT for over twenty years, won countless awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). She has worn many hats; startup founder, pentester, CISO, AppSec Engineer, and software developer. She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings worldwide. Tanya values diversity, inclusion, and kindness and is always looking for ways to open doors for others. Meeting Tanya and learning about today's various security roles was educational and a delight.  Tune in to hear how her passions have led her to a fulfilling career.   Connect with Tanya Janca on LinkedIn Advisor: Nord VPN, Cloud Defense, NeuraLegion, ICTC PACFounder: We Hack Purple, OWASP DevSlop, #CyberMentoringMonday, WoSECThe 2B Bolder Podcast provides first-hand access to some amazing women. Guests will include women from leading enterprise companies to startups, women execs, coders, account execs, engineers, doctors, and innovators.Listen to 2B Bolder for more career insights from women in tech and business. Support the show

In this episode, Steve and Glenn are joined by Stefania Chaplin to talk about breaking down silos.BioStefania Chaplin's experience within Cybersecurity, DevSecOps and OSS governance means she's helped countless organisations understand and implement security throughout their SDLC. As a python developer at heart, Stefania is always optimising and improving efficiency wherever she goes by scripting & automating processes and creating integrations. Stefania is passionate about DevSecOps and cybersecurity, having spoken at many conferences including; RSA Conference, ADDO, OWASP, JavaZone, Women of Silicon Roundabout, Women in DevOps, DZone and many more. She is also an active member of OWASP DevSlop, hosting their technical shows.You can reach Stefania on Twitter, Instagram, and YouTube with the handle @devstefops, or on LinkedIn https://www.linkedin.com/in/stefania-chaplin.Useful linksDeming's 14 points:   https://deming.org/explore/fourteen-points/Your HostsSteve Giguere: https://www.linkedin.com/in/stevegiguere/Glenn Wilson: https://www.linkedin.com/in/glennwilson/DevSecOps - London GatheringKeep in touch with our events associated with this podcast.https://dsolg.comhttps://www.meetup.com/DevSecOps-London-Gathering/https://twitter.com/DevSecOps_LGhttps://www.youtube.com/c/DevSecOpsLondonGathering

Thank you for joining us for another candid conversation with one very special guest who's very well known in the industry: none other than Tanya Janca: she's an author, a CEO, a startup founder, a programmer, a hacker, and a philanthropist.In this episode, we're going to touch upon some really special aspects about who Tanya is and how she is making an impact on so many lives, including me. She is an author, a CEO and a startup founder, a programmer a hacker and a philanthropist. Tanya is very passionate about teaching everyone about the security of software and then helping people to become part of the cybersecurity field.She runs cyber mentoring Monday, so, if you look up that hashtag (#CyberMentoringMonday), you find a whole bunch of people. Try to connect people with professional mentors and try to connect as a mentor.GuestTanya Janca, Founder: We Hack Purple (Academy, Community and Podcast), WoSEC International (Women of Security), OWASP DevSlop, OWASP Victoria, #CyberMentoringMonday (@shehackspurple on Twitter)HostVandana VermaThis Episode's Sponsors:If you'd like to sponsor this or any other podcast episode on ITSPmagazine, you can learn more here: https://www.itspmagazine.com/podcast-series-sponsorshipsLearn more about Tanya Janca: https://shehackspurple.caBook | Alice and Bob Learn Application Security: https://www.amazon.com/dp/1119687357/For more podcast stories from Candid CyberSec With Vandana Verma: https://www.itspmagazine.com/candid-cybersec-podcastAre you interested in sponsoring an ITSPmagazine Channel?https://www.itspmagazine.com/podcast-series-sponsorships

What is AppSec, DevOps and DevSecOps? In this episode we discuss why defenders should know more about these terms and what the consequences are of ignoring these new and critical fields.Tanya Janca, also known as SheHacksPurple, is the best-selling author of ‘Alice and Bob Learn Application Security’. She is also the founder of We Hack Purple, an online learning academy, community and podcast that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty years, won countless awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). She has worn many hats; startup founder, pentester, CISO, AppSec Engineer, and software developer. She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings on 6 continents. She values diversity, inclusion and kindness, which shines through in her countless initiatives.Advisor: Nord VPN, Cloud Defense, NeuraLegion, ICTC PAC, WoSECFounder: We Hack Purple, WoSEC International (Women of Security), OWASP DevSlop, #CyberMentoringMondaySupport for the Blueprint podcast comes from the SANS Institute.Check out the constantly growing list of available courses at sansurl.com/blueteamopsFollow SANS Cyber Defense: Twitter | LinkedIn | YouTubeFollow John Hubbard: Twitter | LinkedIn

Tanya Janca walks us through how her need for community inspired her to develop one of her own.Join us for an inclusive conversation on how to navigate a male-dominated field and how to create your own success.Tanya Janca, also known as SheHacksPurple, is the author of ‘Alice and Bob Learn Application Security'. She is also the founder of We Hack Purple, an online learning academy, community and weekly podcast that revolves around teaching everyone to create secure software.Tanya has been coding and working in IT for over twenty years, won numerous awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). She has worn many hats; startup founder, pentester, CISO, AppSec Engineer, and software developer. She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings on 6 continents.GuestTanya Janca, Founder: We Hack Purple (Academy, Community and Podcast), WoSEC International (Women of Security), OWASP DevSlop, OWASP Victoria, #CyberMentoringMonday (@shehackspurple on Twitter)HostsJaclyn (Jax) Scott | Erika McDuffie | Jon HelmusThis Episode's SponsorsIf you'd like to sponsor this or any other podcast episode on ITSPmagazine, you can learn more here: https://www.itspmagazine.com/podcast-series-sponsorshipsResourcesLinks for Tanya Janca:https://shehackspurple.cahttps://www.youtube.com/shehackspurplehttps://dev.to/shehackspurplehttps://medium.com/@shehackspurplehttps://www.twitch.tv/shehackspurplehttps://github.com/shehackspurple/https://www.slideshare.net/TanyaJanca/Links for We Hack Purple:https://wehackpurple.comhttps://twitter.com/wehackpurplehttps://www.youtube.com/wehackpurplehttps://linkedin.com/company/wehackpurpleAlice and Bob Learn Application Security: https://www.amazon.com/dp/1119687357/For more podcast stories from Hackerz And Haecksen with Jaclyn (Jax) Scott, Erika McDuffie, and Jon Helmus, visit: https://www.itspmagazine.com/hackerz-and-haecksen-podcastAre you interested in sponsoring an ITSPmagazine Channel?https://www.itspmagazine.com/podcast-series-sponsorships

In this show Steve speaks with application security specialist and educator Tanya Janca to talk about her new book "Alice and Bob Learn Application Security",as well as the struggles to educate developers about secure development, creating a positive and inclusive community and a slice of just about everything else.The Book!https://www.amazon.com/Alice-Bob-Learn-Application-Security/dp/1119687357https://www.wiley.com/en-us/Alice+and+Bob+Learn+Application+Security-p-9781119687351Who are Allison and Bobhttps://en.wikipedia.org/wiki/Alice_and_BobTanya gets a book!https://www.youtube.com/watch?v=6OaYA5nuI4A&ab_channel=SheHacksPurpleMeet Tanya JancaTanya Janca, also known as WehackPurple, is the author of ‘Alice and Bob Learn Application Security'.  She is also the founder of We Hack Purple, an online learning academy, community and podcast that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty years, won numerous awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). She has worn many hats; startup founder, pentester, CISO, AppSec Engineer, and software developer. She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings on 6 continents. She values diversity, inclusion, and kindness, which shines through in her countless initiatives.Founder: We Hack Purple (Academy, Community, and Podcast), WoSEC International (Women of Security), OWASP DevSlop, OWASP Victoria, #CyberMentoringMondayFollow Tanya on Twitter: https://twitter.com/shehackspurpleFollow Tanya on LinkedIn:https://www.linkedin.com/in/tanya-jancaFollow Tanya on Medium: https://medium.com/@shehackspurpleFollow Tanya on YouTube:https://www.youtube.com/shehackspurpleFollow Tanya on Twitch:https://www.twitch.tv/shehackspurpleCoSeCast is powered by StackRox SecurityThe only Kubernetes-native container security platformStackRox has set the standard in container and Kubernetes security, protecting cloud-native apps across the full life cycle — build, deploy, and runtime.Steve GiguereSteve is the Director of Solutions and Community for EMEA for StackRox.He is a serial podcaster having hosted his solo editorial podcast called Codifyre, as well as podcasts for Synopsys and Aqua Security called Hacking Security and BeerSecOps.He's a fun and entertain public speaker on application, cloud native and kubernetes security and when he's not doing that he loves music.  He's composed and played the theme music for this and each of his other podcasts.Learn more...https://stevegiguere.com/

In our inaugural episode, we sit down with Tanya Janca, founder of WeHackPurple, to discuss her expertise in solving for Race Condition vulnerabilities during her career as both a software engineer and application security professional. We spend some time talking through the most common types of Race Conditions, review a few real-world hacks and vulnerabilities, and present actionable tips security and technology teams can make to solve this class of vulnerability.  About our Guest: Tanya Janca, also known as SheHacksPurple, is the author of ‘Alice and Bob Learn Application Security’. She is also the founder of We Hack Purple, an online learning academy, community and weekly podcast that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty years, won numerous awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). She has worn many hats; startup founder, pentester, CISO, AppSec Engineer, and software developer. She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings on 6 continents. She values diversity, inclusion and kindness, which shines through in her countless initiatives.Founder: We Hack Purple (Academy, Community and Podcast), WoSEC International (Women of Security), OWASP DevSlop, OWASP Victoria, #CyberMentoringMonday Resources: About the vulnerabilities discussed: The Starbucks infinite credit race condition: https://www.schneier.com/blog/archives/2015/05/race_condition_.html (https://www.schneier.com/blog/archives/2015/05/race_condition_.html) The Gitlab ‘merge any pull request’ race condition: https://www.cvedetails.com/cve/CVE-2019-11546/ (https://www.cvedetails.com/cve/CVE-2019-11546/) The Dirty Cow vulnerability: https://dirtycow.ninja/ (https://dirtycow.ninja/) with the research paper: http://www.iiisci.org/journal/CV$/sci/pdfs/SA025BU17.pdf (http://www.iiisci.org/journal/CV$/sci/pdfs/SA025BU17.pdf) The Spurious DB race condition, impacting all major operating systems: https://www.triplefault.io/2018/05/spurious-db-exceptions-with-pop-ss.html (https://www.triplefault.io/2018/05/spurious-db-exceptions-with-pop-ss.html) Tools discussed: Safe Rust race condition guarantees: https://doc.rust-lang.org/nomicon/races.html#data-races-and-race-conditions (https://doc.rust-lang.org/nomicon/races.html#data-races-and-race-conditions) GoLang race detector: https://blog.golang.org/race-detector (https://blog.golang.org/race-detector) Testing race conditions on REST APIs: https://github.com/TheHackerDev/race-the-web (https://github.com/TheHackerDev/race-the-web) Links for Tanya: Tanya's book Alice and Bob Learn Application Security: https://www.amazon.com/dp/1119687357/ (https://www.amazon.com/dp/1119687357/) https://shehackspurple.ca/ (https://shehackspurple.ca) https://twitter.com/shehackspurple (https://twitter.com/shehackspurple) https://www.youtube.com/shehackspurple (https://www.youtube.com/shehackspurple)   https://dev.to/shehackspurple (https://dev.to/shehackspurple) https://medium.com/@shehackspurple (https://medium.com/@shehackspurple)  https://www.youtube.com/shehackspurple (https://www.youtube.com/shehackspurple)   https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.twitch.tv%2Fshehackspurple&data=02%7C01%7CTanya.Janca%40microsoft.com%7C07d4df77a23e4530bbec08d606f82846%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636704060233537602&sdata=M1gR%2BErMWUyDGu0OxeFWXP1XcgsPEloCVKdraOmaLm4%3D&reserved=0 (https://www.twitch.tv/shehackspurple) https://www.linkedin.com/in/tanya-janca (https://www.linkedin.com/in/tanya-janca) https://github.com/shehackspurple/ (https://github.com/shehackspurple/) https://www.slideshare.net/TanyaJanca/ (https://www.slideshare.net/TanyaJanca/) Tanya mentioned she’s also a professional musician, you can find her...

Tanya Janca, also known as SheHacksPurple, is the author of ‘Alice and Bob Learn Application Security’. She is also the founder of We Hack Purple, an online learning academy, community and weekly podcast that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty years, won numerous awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). She has worn many hats; startup founder, pentester, CISO, AppSec Engineer, and software developer. She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings on 6 continents. She values diversity, inclusion and kindness, which shines through in her countless initiatives.Founder: We Hack Purple (Academy, Community and Podcast), WoSEC International (Women of Security), OWASP DevSlop, OWASP Victoria, #CyberMentoringMonday. Chapter List: 00:00:20 Opening00:00:47 About @SheHacksPurple00:01:55 Tanya is here!00:02:21 Red Team, Blue Team, Purple Team00:04:20 Purple Trait: Empathy00:05:02 Purple Trait: Advocacy00:06:50 Young Coding00:08:04 Childhood and parents00:08:37 "The Shirt Story"00:09:12 Discovering that Code should be secure00:11:20 Educating Students00:12:15 "Cross Site Scripting" meaning00:13:52 Introducing WeHackPurple.com00:16:52 "DevSecOps" Definition00:19:02 Public Speaking00:19:54 Meet WOSEC00:22:45 Big Shoutout to Chloé Messdaghi00:24:22 Cyber Mentoring Monday00:26:15 Mentee Responsibilities00:28:25 Everyone needs a mentor00:29:56 Salary negotiations00:32:40 Less Traveling is good.00:34:30 Management vs. Leadership00:37:10 Diversity and Inclusion00:37:40 Shout out to Jane Franklin and Tara Wheeler00:42:22 Cookies!!!00:43:20 Advice to a younger Tanya00:46:34 Tribe of Hackers: Security Leaders00:49:00 Signing off, parting wisdom from Tanya

In this episode, we talk with the unique Tanya Janca she hacks purple. Tanya Janca launched she hack purple some time ago and now launched the new line of more inclusive training We Hack Purple. Tanya is a friend and a reference figure for appsec around the globe. The podcast is brought you by the generosity of NSC42 Ltd, your cybersecurity partner. Cybersecurity is a complex and different for every organization, and you need the best-tailored service to make sure your customer's data is safe and sound so that you can focus on what's important, focusing on your clients and bringing the best and safest experience. 
NSC42 Ltd can help you during your cloud transformation, cybersecurity assessment for your compliance checklist on-premises and on the cloud. Want to know more? Visit www.nsc42.co.uk to get your free quote.   Tanya Janca, also known as ‘SheHacksPurple', is the founder, security trainer and coach of https://SheHacksPurple.dev, specializing in software and cloud security. Her obsession with securing software runs deep, from starting her company, to running her own OWASP chapter for 4 years in Ottawa, co-founding a new OWASP chapter in Victoria, and co-founding the OWASP DevSlop open-source and education project. With her countless blog articles, workshops and talks, her focus is clear. Tanya is also an advocate for diversity and inclusion, co-founding the international women's organization WoSEC, starting the online #MentoringMonday initiative, and personal mentoring, advocating for and enabling countless other women in her field. As a professional computer geek of 20+ years, she is a person who is truly fascinated by the ‘science' of computer science. Francesco is an Executive, Public Speaker, out of the box thinker. Francesco is the Executive director of NSC42 Ltd a UK based cybersecurity consultancy. As an executive, he loves to stay close to the technology but to keep it simple. Francesco is data and result-driven Cyber Security Executive/vCISO highly regarded for planning and executing strategic infosec improvement programs that protect data and technical assets, reduce security risks, and align with long-term organisational goals. Francesco is a well-known speaker, Head of the Cloud security alliance UK, and Director of the cyber security consultancy NSC42   https://www.shehackspurple.dev/   Social Media Links Follow us on social media to get the latest episodes: Website: www.cybersecuritycloudpodcast.com Youtube: https://www.youtube.com/SheHacksPurple You can listen to this podcast on your favourite player: Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463  
Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ  Linkedin: https://www.linkedin.com/company/35703565/admin/  
Twitter: https://twitter.com/podcast_cyber   
Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/ 

Our special guest today is Tanya Janca, also known as ‘SheHacksPurple'. She is the founder, security trainer and coach of SheHacksPurple.dev, specializing in software and cloud security. Her obsession with securing software runs deep, from starting her company, to running her own OWASP chapter for 4 years in Ottawa, co-founding a new OWASP chapter in Victoria, and co-founding the OWASP DevSlop open-source and education project. With her countless blog articles, workshops and talks, her focus is clear. Tanya is also an advocate for diversity and inclusion, co-founding the international women’s organization WoSEC, starting the online #CyberMentoringMonday initiative, and personally mentoring, advocating for and enabling countless other women in her field. As a professional computer geek of 20+ years, she is a person who is truly fascinated by the ‘science’ of computer science. Tanya's Links:https://shehackspurple.devhttps://mailchi.mp/e2ab45528831/shehackspurplehttps://twitter.com/shehackspurplehttps://dev.to/shehackspurplehttps://medium.com/@shehackspurple https://www.youtube.com/shehackspurple https://www.twitch.tv/shehackspurplehttps://www.linkedin.com/in/tanya-jancahttps://github.com/shehackspurple/Tanya is interviewed by Kendra Ash and John L. WhitemanAudio production and introduction by Shayne MorganFollow us, join us:https://owasp.org/www-chapter-portland/https://twitter.com/portlandowasp?lang=enhttps://www.meetup.com/OWASP-Portland-Chapterhttps://www.linkedin.com/groups/4223013/ Support the show (https://www.owasp.org/index.php/Membership#tab=Other_ways_to_Support_OWASP)

Recast Link for sharing your favorite snippet: https://recast.simplecast.com/7d083a66-6e0a-4d1a-957e-cdf5afc99bb4BIO:Tanya Janca, also known as ‘SheHacksPurple’, is the founder, security trainer and coach of SheHacksPurple.dev, specializing in software and cloud security. Her obsession with securing software runs deep, from starting her company, to running her own OWASP chapter for 4 years in Ottawa, founding a new OWASP chapter in Victoria, and founding the OWASP DevSlop open-source and education project. With her countless blog articles, workshops and talks, her focus is clear. Tanya is also an advocate for diversity and inclusion, co-founding the international women’s organization WoSEC, starting the online #MentoringMonday initiative, and personally mentoring, advocating for and enabling countless other women in her field. As a professional computer geek of 20+ years, she is a person who is truly fascinated by the ‘science’ of computer science.Notes:Part of security is teaching securityStarted in software development then starting meeting hackers, and decided to switch into security.Tanya is extremely scholastically inclinedShe comes from a family full of Woman Computer Scientists, Technologists, and Mathematicians!Her aunt was the FIRST to graduate in CS from Ontario.Her mother was a mathematician.She had four uncles in Computer Science.Tanya's Quick List For Getting Into Infosec:Responsibility of a mentee: [30:29]Have energy and timeRespect your mentor's timeNeed to have already looked for the answer online before you ever ask them for somethingThey are not a free consultant, you shouldn't ask them to do your workYou shouldn't stand them up for meetingsRecognize and have gratitude for the fact that this person has a crap-ton of knowledge in their brain that they're sharing with you for free. They're taking the time out. You're not their daughter or son. You're not their friend. You're a person in their industry and they're trying to pay it forward.You want to actually do the exercises that your mentor gives youChoose your mentor wiselyDo not expect your mentor to find you a jobQuotes:"We're graduating people who don't know how to make secure software, but they do know how to make software!  So that ends up being insecure software." [4:57]"So if I was going to teach a software security course at a university, they would pay me as an adjunct professor and they would pay me almost nothing. It would almost be equivalent to volunteer work." [5:35]"I thought I really wanted to be a penetration tester until I discovered that there is this weird spot… in between red team and blue team." [10:17]"A lot of penetration testers get a little depressed."[11:07]"People just don't know how many super awesome cool things there are out there!" [15:11]"The people I liked the best are the people in my computer science class." [22:24]"Honestly, I just smoked a lot of weed and just showed up and would ace things." [22:12]"You don't have to spend money at the beginning necessarily." [31:58]"Which certification should I get so that I can be a good pentester?" [31:34]"I don't know enough to be a mentor." [31:50]Links:Tanya OnlinePersonal Site: https://dev.to/shehackspurpleTwitter: https://twitter.com/shehackspurplePushing Left Series: https://code.likeagirl.io/pushing-left-like-a-boss-part-1-80f1f007da95NICE Framework: https://www.nist.gov/itl/applied-cybersecurity/nice/nice-cybersecurity-workforce-framework-resource-centerOWASP: https://owasp.org/WoSec: https://wearetechwomen.com/wosec-women-of-security/Franziska Bühler https://twitter.com/bufraschGetting Into Infosec:Breaking IN: A Practical Guide to Starting a Career in Information Security: https://www.amazon.com/dp/B07N15GTPC/T-Shirts, Mugs, and more: https://gettingintoinfosec.com/shop/Sign up for sneak peaks, updates, and commentary: https://pages.gettingintoinfosec.com/subscribe

Once a year, Sacha Labourey and I sit down to discuss the past year and what the coming year looks like for DevOps and Jenkins. As CEO of CloudBees, Sacha has broad visibility into the progress of the DevOps/DevSecOps communities. We started our talk this year, commenting on the growth of the Jenkins World conference, with over 2000 attendees... what does Sacha attribute that to and does it coincide with the growth within the DevOps community. We continued our discussion by examining how cultural transformation within a company must align with the tools that are available to help with that transformation. Along the way we touched on where cultural transformation comes from within an enterprise, the question of whether DevOps has yet to jumped the chasm, the tipping point for a company's full acceptance of DevOps patterns, and what does Sacha hope to accomplish in the coming year All Day DevOps: A Supporter of DevSecOps Podcast If you're listening to this podcast, you've probably heard of All Day DevOps. This year, All Day DevOps has expanded to 150 sessions, including 9 sessions dedicated to OWASP projects such as Seba talking about DevOps Assurance with OWASP SAMMv2, the OWASP Security Knowledge Framework with Glen & Ricardo ten Cate, DevSecOps in Azure with OWASP DevSlop featuring Tanya Janca, and an overview of the OWASP Top 10 with Caroline Wong. Simon talking about the OWASP ZAP HUD project is another session not to be missed. All Day DevOps is a free, community event, sponsored and supported by hundreds of organizations like yours from around the world. Registration is free. Go to All Day DevOps dot com to register and start building your schedule. All Day DevOps. All live. All online. All free.

Tanya Janca, also known as SheHacksPurple, is a senior cloud advocate for Microsoft, specializing in application and cloud security; evangelizing software security and advocating for developers and operations folks alike through public speaking, her open source project OWASP DevSlop, … The post From The Source – Ep 10: Cloud Advocate Tanya Janca appeared first on Michelle Brenner.

Tanya Janca (@shehackspurple)   DevOps Tools for free/cheap.     They are all on github right, so they are all free?     Python, Docker, k8s, Jenkins     Licensing can be a problem     Free-mium software, or trialware is useful? OWASP DevSlop     Module     Nicole Becker         Pixie - insecure instagram “Betty Coin” SSLlabs - Qualys   Mentoring Monday:     What is “Mentoring Monday”?     What does it take to be a good mentor?     Should a mentee have a goal in mind?         Something other than “I want to be just like you”?     Do you assist in creating the relationship?         What if they don’t meld?         Are there any restrictions?     Any place in someone’s career?     How do you apply?     Advocating - Leading Cyber Ladies: https://twitter.com/LadiesCyber WoSec International - https://twitter.com/WoSECtweets     19 Chapters worldwide         Africa, No. America, Europe     Goal? (hacker workshops)     Submitting talks at cons     Outreaching (how would people get involved)     Mentorship involved in this?   Global AppSec   Videos on youtube:     OWASP DevSlop: https://www.youtube.com/channel/UCSmjcWvgVBqF3x_7e5rfe3A     https://www.youtube.com/channel/UCSmjcWvgVBqF3x_7e5rfe3A Blog Site: https://dev.to/shehackspurple Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

Announcements: InfoSec Campout Conference (Eventbrite, social contract, etc): https://www.infoseccampout.com All Day Devops (https://www.alldaydevops.com) free talks online... Next conference starts 06 November 2019 ------ Tanya Janca (@shehackspurple) @wosectweets - Women of Security DevOps Tools for free/cheap.     They are all on github right, so they are all free?     Python, Docker, k8s, Jenkins     Licensing can be a problem     Free-mium software, or trialware is useful? OWASP DevSlop     Module     Nicole Becker         Pixie - insecure instagram “Betty Coin” SSLlabs - Qualys   Mentoring Monday:     What is “Mentoring Monday”?     What does it take to be a good mentor?     Should a mentee have a goal in mind?         Something other than “I want to be just like you”?     Do you assist in creating the relationship?         What if they don’t meld?         Are there any restrictions?     Any place in someone’s career?     How do you apply?     Advocating and being a good ally Leading Cyber Ladies: https://twitter.com/LadiesCyber WoSec International - https://twitter.com/WoSECtweets     19 Chapters worldwide         Africa, No. America, Europe     Goal? (hacker workshops)     Submitting talks at cons     Outreaching (how would people get involved)     Mentorship involved in this?   Global AppSec   Videos on youtube:     OWASP DevSlop: https://www.youtube.com/channel/UCSmjcWvgVBqF3x_7e5rfe3A     https://www.youtube.com/channel/UCSmjcWvgVBqF3x_7e5rfe3A Blog Site: https://dev.to/shehackspurple   Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

Based on demand, Seth and Ken are joined by Tanya Janca (@shehackspurple) to talk about all things OWASP, travel, and experinces. Topics include OWASP DevSlop, diversity, and inclusion

Based on demand, Seth and Ken are joined by Tanya Janca (@shehackspurple) to talk about all things OWASP, travel, and experinces. Topics include OWASP DevSlop, diversity, and inclusion

There's on-call in nearly every aspect of the tech industry, in this episode we will focus on Security. Tanya Janca is a senior cloud advocate for Microsoft, specializing in application and cloud security; evangelizing software security and advocating for developers and operations folks alike through public speaking, her open source project OWASP DevSlop, and various forms of teaching via workshops, blogs and community events. As an ethical hacker, OWASP Project and Chapter Leader, Women in Security and Technology (WIST) chapter leader, software developer and professional computer geek of 20+ years, she is a person who is truly fascinated by the ‘science’ of computer science.   https://twitter.com/shehackspurple https://medium.com/@shehackspurple (blog) DevSlop.co

Tanya Janca is a senior cloud security advocate for Microsoft, specializing in application and cloud security; evangelizing software security and advocating for developers and operations folks alike through public speaking, her open source project OWASP DevSlop, and various forms of teaching via workshops, blogs and community events. As an ethical hacker, OWASP Project and Chapter Leader, Cyber Ladies Ottawa founder and leader, software developer and professional computer geek of 20+ years, she is a person who is truly fascinated by the ‘science' of computer science.

In today's podcast, we hear about the US national cyber security strategy, and developing international norms, calling out bad actors, establishing a credible deterrent, and imposing consequences are important parts of it. The State Department blacklists thirty-three Russian bad actors. GCHQ is standing up a 4000-person cyber operations group to counter Russian activity. A cryptocurrency heist in Tokyo. Hacking Senatorial Gmail. And some notes on crime and punishment.  Emily Wilson from Terbium Labs on Dark Web exit scamming. Guest is Tanya Janca from Microsoft on her OWASP DevSlop project. Extended interview with Tanya Janca -  https://www.patreon.com/posts/21559930 OWASP DevSlop show on Twitch -  https://www.twitch.tv/videos/307974412 For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_09_21.html

Tanya (@shehackspurple), is a former developer turned security person. She speaks regularly at conferences around the globe. The topics often focus on working with developers to improve security, which is something I believe in. She's a project lead for OWASP DevSlop.In this episode we discuss:Why working with the developers is importantHow to talk to developersWhat are the benefits of working with developers?What are the top recommendations for talking to developers

Welcome back to the Cyber Life podcast. We kick off Season 2 by speaking with Tanya Janca, an AppSec and development expert, and the CEO of Security Sidekick ( https://www.securitysidekick.dev/ ).Tanya gives some great career and life advice. You also get to learn about the special project she was working on the day we recorded the interview.Connect with her:https://www.linkedin.com/in/tanya-janca/Find out more about the OWASP DevSlop project here:https://www.owasp.org/index.php/OWASP_DevSlop_ProjectSupport this podcast at — https://redcircle.com/cyber-life/donations