POPULARITY
Send us a textIn this must-listen episode of Relating to DevSecOps, Ken welcomes the ever-inspiring Tanya Janca, aka SheHacksPurple—author, AppSec expert, and champion of making security usable. Together, they dig into why so many application security policies fail, why developers ignore them, and how to make them actually work. Tanya shares real-world experiences from both dev and security perspectives, plus her journey from being ignored to lobbying governments for change.From communication failures and TL;DR policy pages to leveraging wikis and code reuse, this episode is a practical masterclass in creating impactful, developer-friendly security standards.
In this episode of Breaking Badness, we welcome back Tanya Janca, aka SheHacksPurple, to discuss her latest book, Alice and Bob Learn Secure Coding. Tanya dives deep into the fundamental principles of secure software development, the psychology behind developer incentives, and the often-overlooked importance of zero trust security.
In this episode of Breaking Badness, we sit down with Tanya Janca, aka SheHacksPurple, a cybersecurity educator, and author of the best-selling book Alice and Bob Learn Application Security. Tanya shares her journey from software developer to AppSec expert, dives into the unique challenges of teaching secure coding, and discusses the impact of cybersecurity breaches on industries and individuals. From her creative teaching methods to her advocacy for change in university curriculums, Tanya offers insights that resonate with developers, educators, and security professionals alike. Discover how Tanya is paving the way for accessible AppSec education, the role of AI in secure coding, and her mission to teach security as a fundamental skill for every developer.
Talk Python To Me - Python conversations for passionate developers
What do developers need to know about AppSec and building secure software? We have Tonya Janca (AKA SheHacksPurple) on the show to tell us all about it. We talk about what developers should expect from threat modeling events as well as concrete tips for security your apps and services. Episode sponsors Posit Bluehost Talk Python Courses Links from the show Tanya on X: @shehackspurple She Hacks Purple website: shehackspurple.ca White House recommends memory safe languages: whitehouse.gov Python Developer Survey Results: jetbrains.com Bandit: github.com Semgrep Academy: academy.semgrep.dev Watch this episode on YouTube: youtube.com Episode transcripts: talkpython.fm --- Stay in touch with us --- Subscribe to us on YouTube: youtube.com Follow Talk Python on Mastodon: talkpython Follow Michael on Mastodon: mkennedy
Application security is crucial for protecting sensitive data and ensuring the integrity and trustworthiness of software systems against cyber threats. In this episode, Tanya Janca, head of community and education at Semgrep discusses the importance of “shifting left” in the software development lifecycle, along with the best and worst practices in DevSecOps. Tanya has been coding and working in IT for more than 25 years and is the best-selling author of the book ‘Alice and Bob Learn Application Security'. You can follow Tanya on social media under the handle @SheHacksPurple. Resources: Semgrep website: https://semgrep.dev/ 'Alice and Bob Learn Application Security': https://www.amazon.com/Alice-Bob-Learn-Application-Security/dp/B097NJSSV8 'Alice and Bob Learn Secure Coding': https://www.wiley.com/en-us/Alice+and+Bob+Learn+Secure+Coding-p-9781394171705 SheHacksPurple YouTube: https://www.youtube.com/channel/UCyxbNw11fMUgoR3XpVYVPIQ SheHacksPurple website: https://shehackspurple.ca/ OWASP Global AppSec Conference: https://sf.globalappsec.org/ CISA Secure by Design: https://www.cisa.gov/securebydesign Tanya's RSAC Talk on DevSecOps worst practices: https://www.rsaconference.com/library/Presentation/USA/2023/DevSecOps%20Worst%20Practices RSAC Presentation: 'The End of DevSecOps?' by DJ Schleen: https://www.rsaconference.com/Library/presentation/usa/2024/the%20end%20of%20devsecops Executive Order on Improving the Nation's Cybersecurity (SBOMs): https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/
We're thrilled Tanya Janca (aka SheHacksPurple) joined us this week on the podcast! She and Kali Fencl discuss secure guardrails, Semgrep Academy, the process of writing two books, gardening, and so much more.
Join us for a conversation with Tanya Janka, also known as SheHacksPurple, as she discusses secure guardrails, the difference between guardrails and paved roads, and how to implement both in application security. Tanya, an award-winning public speaker and head of education at SEMGREP, shares her insights on creating secure software and teaching developers. Tanya also shares with us about her hobby farm and love for gardening. Mentioned in this episode:Tanya Janca – What Secure Coding Really Means Tanya Janca – Mentoring Monday - 5 Minute AppSec Tanya Janca and Nicole Becher – Hacking APIs and Web Services with DevSlopThe Expanse Series by James S.A. CoreyAlice and Bob Learn Application Security by Tanya Janca FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Summary The conversation discusses the extradition case of Julian Assange and the role of the US prison system in the decision. It also explores Tanya Janca's role at Semgrep and her passion for affordable cybersecurity education. Additionally, it touches on Tanya's experience in election security and the importance of transparency in the process. Tanya discusses her volunteer work with the Canadian government, where she helps educate students about cybersecurity. She talks about the importance of teaching young people about privacy, protecting digital devices, and understanding cyber threats. Tanya also mentions her involvement in the Cyber Titan competition and her efforts to promote cybersecurity as a career. She shares her experience writing the book 'Alice and Bob Learn Application Security' and her unique approach to making technical concepts accessible through stories and different learning styles. Tanya also talks about the importance of mentoring and how she has benefited from mentors throughout her career.Keywords Julian Assange, extradition, US prison system, cybersecurity education, Semgrep, election security, transparency, volunteer work, Canadian government, cybersecurity education, privacy, digital devices, cyber threats, Cyber Titan, promoting cybersecurity, career, Alice and Bob Learn Application Security, technical concepts, stories, learning styles, mentoringTakeawaysThe extradition case of Julian Assange highlights the differences in prison systems between the US and other Western democracies.Tanya Janca's role at Semgrep involves community management and education in the field of cybersecurity.Affordable cybersecurity education is crucial for organizations to effectively use security tools and integrate them into their programs.Election security requires centralization, knowledge sharing, and transparency to ensure public trust in the process. Volunteer work with the Canadian government focuses on educating students about cybersecurity, including topics like privacy and protecting digital devices.Promoting cybersecurity as a career is important, and initiatives like the Cyber Titan competition help engage high school students in learning about cybersecurity.Tanya's book 'Alice and Bob Learn Application Security' uses stories and different learning styles to make technical concepts accessible.Mentoring is valuable for personal and professional growth, and Tanya has both benefited from mentors and become a mentor herself.TitlesThe Importance of Transparency in Election SecurityCybersecurity as a Career: The Cyber Titan CompetitionThe Value of Mentoring: Tanya's Experience as a Mentor and MenteeSound Bites"I am head of community and education, which is a role they made up just for me.""They decided, I think in 2017, we need to make a task force to make sure they know cyber.""Defenders need to understand attacks or they can't be good at defending, right? Like we're teaching them ethics as we teach them how to hack.""Alice and Bob are going to learn secure coding this time."Chapters00:00 The Extradition Case of Julian Assange08:18 Affordable Cybersecurity Education at Semgrep30:40 Tanya's Volunteer Work with the Canadian Government31:35 Promoting Cybersecurity as a Career34:02 Making Technical Concepts Accessible: 'Alice and Bob Learn Application Security'39:45 The Value of Mentoring
Tanya Janca, also known as SheHacksPurple, is the head of community and education at Semgrep and the best-selling author of Alice and Bob Learn Application Security. With more than 25 years of experience in coding, application security, and IT, Tanya has dedicated herself to “securing all the things.” Tanya's career journey began in the Canadian government, […]
Colin Bell, Rob Cuddy and Kris Duer from HCL Software bring you another insightful application paranoia session.In this weeks episode our special guest is Tanya Janca who is helping the team discuss all things Security in the Devlopment space. Tanya Janca, also known as SheHacksPurple, is the author of ‘Alice and Bob Learn Application Security'. She is also the head of education and community at Semgrep! As the founder of We Hack Purple, Tanya is bringing her security training to Semgrep customers and beyond. Tanya has been coding and working in IT for over twenty years, won numerous awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). She has worn many hats; startup founder, pentester, CISO, AppSec Engineer, and software developer. She is an Advisor for NordSec and Katilyst and the Founder of We Hack Purple, OWASP DevSlop, WoSECShe and the very popular #CyberMentoringMonday. She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings on 6 continents. She values diversity, inclusion and kindness, which shines through in her countless initiatives.
In this episode of Secure Networks, Michael chats with Tanya Janka, aka SheHacksPurple, head of education and community at Semgrep and founder of We Hack Purple. Tanya discusses her transition from developer to security expert, the real issues behind the cybersecurity skills gap, and strategies for employee retention. She also dives into the implications of emerging technologies on security practices and the balance between automation and human expertise. Don't miss these valuable insights.Visit Tanya's websites: ► We Hack Purple - [https://wehackpurple.com/] ► Semgrep - [https://semgrep.dev/]
Tanya Janca, also known as SheHacksPurple, joins the Application Security Podcast again to discuss secure coding, threat modeling, education, and other topics in the AppSec world. With a rich background spanning over 25 years in IT, coding, and championing cybersecurity, Tanya delves into the essence of secure coding.Tanya highlights the difference between teaching developers about vulnerabilities and teaching them the practices to avoid these vulnerabilities in the first place. Instead of focusing on issues like SQL injection, she emphasizes the importance of proactive measures like input validation and always using parameterized queries. She believes teaching developers how to build secure applications is more effective than merely pointing out vulnerabilities.She also explains the importance of a secure system development life cycle (SDLC). Software companies often state "We take your security seriously." Tanya believes the phrase should only be used by companies that have a secure SDLC in place. Without it, the phrase is rendered meaningless.Discussing the intersection of coding and threat modeling, Tanya shares personal anecdotes that underscore the need to view systems with a critical eye, always anticipating potential vulnerabilities and threats. She recounts her initial reactions during threat modeling sessions, where she is surprised by the myriad ways applications can be exploited.One of her most crucial takeaways for developers is the principle of distrust and verification. Tanya stresses that when writing code, developers should not trust any input or connection blindly. Everything received should be validated to ensure its integrity and safety. This practice, she believes, not only ensures the security of applications but also makes the lives of incident responders easier.Toward the end of the podcast, Tanya recommends This is How They Tell Me the World Ends," which offers a deep dive into the zero-day industry. She lauds the book for its meticulous research and compelling narrative. The episode wraps up with Tanya encouraging listeners to stay connected with her work and to anticipate her upcoming book.Links:Alice and Bob Learn Application Security by Tanya Janca https://www.wiley.com/en-us/Alice+and+Bob+Learn+Application+Security-p-9781119687405This is How They Tell Me the World Ends by Nicole Perlroth https://thisishowtheytellmetheworldends.com/WeHackPurple https://wehackpurple.com/FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In this episode, we talk about application security with guest Tanya Janca. Hear our discussion on the tension between authentication and authorization, the prevalence of API security flaws, the upcoming open comment period for the new version of the OWASP Top Ten, and the inadequacy of API security measures. We also discussed the importance of designing an effective security program for different industry companies, the differences between CSPM and CASB, the use of tools, and the importance of keeping up with updates. Read the associated short blog on Application Security: https://www.horangi.com/blog/exploring-the-challenges-of-application-security - About Horangi Cybersecurity -- More information about the Ask A CISO podcast: https://www.horangi.com/resources/ask-a-ciso-podcast About Horangi Cyber Security: https://www.horangi.com - About the Guest -- Tanya's LinkedIn: https://www.linkedin.com/in/tanya-janca/ SheHacksPurple: https://shehackspurple.ca/ - Get Tanya's book here -- https://a.co/d/cY33RL0
Tanya Janca the Director of Developer Relations of Bright explains if developers care about security? Get more info at https://SheHacksPurple.ca, https://WeHackPurple.com/, & https://BrightSec.com/
2B Bolder Podcast : Career Insights for the Next Generation of Women in Business & Tech
In episode #67 of the 2B Bolder podcast Tanya Janca, Director of Developer Relations & Community at Bright Security, also known as SheHacksPurple is our featured woman in tech. Tanya is the best-selling author of Alice and Bob Learn Application Security. She is also the founder of We Hack Purple, an online learning academy, community, and podcast that teaches everyone to create secure software. Tanya has been coding and working in IT for over twenty years, won countless awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). She has worn many hats; startup founder, pentester, CISO, AppSec Engineer, and software developer. She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings worldwide. Tanya values diversity, inclusion, and kindness and is always looking for ways to open doors for others. Meeting Tanya and learning about today's various security roles was educational and a delight. Tune in to hear how her passions have led her to a fulfilling career. Connect with Tanya Janca on LinkedIn Advisor: Nord VPN, Cloud Defense, NeuraLegion, ICTC PACFounder: We Hack Purple, OWASP DevSlop, #CyberMentoringMonday, WoSECThe 2B Bolder Podcast provides first-hand access to some amazing women. Guests will include women from leading enterprise companies to startups, women execs, coders, account execs, engineers, doctors, and innovators.Listen to 2B Bolder for more career insights from women in tech and business. Support the show
Tanya Janca, also known as @SheHacksPurple, is the best-selling author of ‘Alice and Bob Learn Application Security'. She is also the founder of We Hack Purple, an online learning academy, community and podcast that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty years, won countless awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). She has worn many hats; startup founder, pentester, CISO, AppSec Engineer, and software developer. She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings on 6 continents. She values diversity, inclusion, and kindness, which shines through in her countless initiatives. https://wehackpurple.com BrakeSec is: Amanda Berlin @infosystir Brian Boettcher @boettcherpwned Bryan Brake @bryanbrake www.brakeingsecurity.com https://twitch.tv/brakesec
Tanya Janca, also known as @SheHacksPurple, is the best-selling author of ‘Alice and Bob Learn Application Security'. She is also the founder of We Hack Purple, an online learning academy, community and podcast that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty years, won countless awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). She has worn many hats; startup founder, pentester, CISO, AppSec Engineer, and software developer. She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings on 6 continents. She values diversity, inclusion, and kindness, which shines through in her countless initiatives. https://shehackspurple.ca/ BrakeSec is: Amanda Berlin @infosystir Brian Boettcher @boettcherpwned Bryan Brake @bryanbrake www.brakeingsecurity.com
Tanya Janca, also known as SheHacksPurple, is the author of ‘Alice and Bob Learn Application Security'. She is also the founder of We Hack Purple, an online learning academy, community and weekly podcast that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty years, won numerous awards, and has been everywhere from startups to public service to tech. She values diversity, inclusion, and kindness. LinkedIn: https://www.linkedin.com/in/tanya-janca/ Jobs in InfoSec: https://shehackspurple.ca/2022/01/01/jobs-in-information-security-infosec/ We Hack Purple Community: https://community.wehackpurple.com/ #CyberMentoringMonday: https://twitter.com/search?q=%23CyberMentoringMonday&src=typed_query&f=live
AppSec Stats Flash: A Monthly Podcast on the State of Application Security
The Alice and Bob characters were invented by Ron Rivest, Adi Shamir, and Leonard Adleman in their 1978 paper "A Method for Obtaining Digital Signatures and Public-key Cryptosystems". Alice and Bob were also joined by an additional cast of characters as needed to keep the explanation of cryptographic systems lively and relatable. The famous Cryptographic couple have now ventured into Application Security. In her book, "Alice and Bob Learn Application Security", my guest today Tanya Janca, has done a fantastic job of discussing 10 topics across 3 sections to address the subject of AppSec. Tune in to the podcast as we discuss the practitioner aspects of being a security minded developer.Special Guest: Tanya Janca, CEO and Founder of We Hack PurpleTanya Janca, also known as SheHacksPurple, is the best-selling author of ‘Alice and Bob Learn Application Security'. She is also the founder of We Hack Purple, an online learning academy, community and podcast that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty years, won countless awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). She has worn many hats; startup founder, pentester, CISO, AppSec Engineer, and software developer. She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings on 6 continents. She values diversity, inclusion, and kindness, which shines through in her countless initiatives.community.wehackpurple.comacademy.wehackpurple.comaliceandboblearn.comChecklists:Secure Design Conceptshttps://newsletter.wehackpurple.com/foundational-security-conceptsPCI-DSS for Devs!https://newsletter.wehackpurple.com/pci-dss-for-devsAPI Security Best Practiceshttps://newsletter.wehackpurple.com/api-securityApplication Security Activitieshttps://newsletter.wehackpurple.com/appsec-activitiesAzure Hardening Best Practicehttps://newsletter.wehackpurple.com/azure-hardeningError Handling and Logginghttps://newsletter.wehackpurple.com/errors-and-loggingSecure Coding Guidelineshttps://newsletter.wehackpurple.com/secure-coding-guidelinesTips For Getting Into InfoSechttps://newsletter.wehackpurple.com/getting-into-infosecWeb App Security Requirementshttps://newsletter.wehackpurple.com/web-app-security-requirementsMore Links!Check out other episodes of Security in the Fast Lane: https://www.whitehatsec.com/security-in-the-fastlane/Check out our other podcast, AppSec Stats Flash: https://www.whitehatsec.com/appsec-stats-flash/To learn more about NTT Application Security, visit us at www.whitehatsec.com
Tanya Janca, also known as SheHacksPurple, is the best-selling author of ‘Alice and Bob Learn Application Security'. She is also the founder of We Hack Purple, an online learning academy, community and podcast that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty years, won countless awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). She has worn many hats; startup founder, pentester, CISO, AppSec Engineer, and software developer. She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings on 6 continents. She values diversity, inclusion and kindness, which shines through in her countless initiatives. In this episode…. Tanya Janca comes from a family of mathematically-minded and computer-literate people. Her father was a technologist, her mother a mathematician chemist, and two aunts and three uncles were computer scientists. In many ways she was born into what she does. We Hack Purple is Tanya's company where she lives her passion for cyber security, teaching, and bringing developers together. Tanya is also an accomplished musician, she plays guitar, drums, and sings, and has been part of several bands. She hosts two podcasts, one of which features extensive exploration of every chapter in her book ‘Alice and Bob Learn Application Security'. She is an engaging, brilliant, and very personable teacher. In this episode of What CEOs Talk About, host Martin Hunter and Tanya Janca discuss how she got into cyber security and founded We Hack Purple. They discuss Tanya's journey through being a software developer, working for Microsoft, and failing at the very first company she founded. They also explore sexism in the industry, how best to teach security to developers, and Tanya's plans for Alice and Bob.
Host Tanya Janca learns what it's like to do Cybersecurity Product testing and reviews at Security Weekly Labs with guest Adrian Sanabria! Thank you to our sponsor Checkmarx! https://www.checkmarx.com/ Buy Tanya's new book on Application Security: Alice and Bob learn Application Security Don't forget to check out We Hack Purple Academy's NEW courses, Join our Cyber Security community: https://community.wehackpurple.com/ A safe place to learn and share your knowledge with other professionals in the field. Subscribe to our newsletter here: https://newsletter.wehackpurple.com/ Find us on Apple Podcast, Overcast + Pod
Join us for a Season 3 kickoff Episode, This season we are switching gears from SASE and doing a deep dive in Application Security. We truly believe that Application security is one of the most overlooked domains in cybersecurity. Recent supply chain attacks are great examples of why we decided to bring awareness to the subject. You can learn more about how to maximize the value you get from the various solutions by listening to the kickoff episode regardless if you are a big company or a smaller one We already recorded several great vendors such as Neuralegion Snyk.io Clouddefense.ai, Garantir.io and looking to record several more great vendors We are honored to have Tanya Janca, also known as SheHacksPurple, is the best-selling author of Alice and Bob Learn Application Security. She is also the founder of We Hack Purple, an online learning academy, community and podcast that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty years, won countless awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). Video episode Kickoff (security-architecture.org) Please subscribe to our podcast and follow our work on Linkedin: https://www.linkedin.com/company/secarchpodcast More about Tanya: https://www.linkedin.com/in/tanya-janca/ To promote our work and support the podcast, please review us here: https://www.podchaser.com/podcasts/security-architecture-podcast-1313281
Host Tanya Janca learns what it's like to found and run a small business (Zimana Analytics) focused on data analytics, with guest Pierre DeBois! Thank you to our sponsor Checkmarx! https://www.checkmarx.com/ Buy Tanya's new book on Application Security: Alice and Bob learn Application Security Don't forget to check out We Hack Purple Academy's NEW courses, Join our Cyber Security community: https://community.wehackpurple.com/ A safe place to learn and share your knowledge with other professionals in the field. Subscribe to our newsletter here: https://newsletter.wehackpurple.com/ Find us on Apple Podcast, Overcast + Pod
Host Tanya Janca learns what it's like to be a physical penetration tester, with guest Deviant Ollam. Famous for hacking banks, elevators and basically any physical security device, he will share how he got to where he is today! Check out his Twitter while you're at it! Thank you to our sponsor 10SecurityNEW Secure coding Course here!Buy Tanya's new book on Application Security: Alice and Bob learn Application Security. Don't forget to check out We Hack Purple Academy's NEW courses, #AppSec Foundations taught by Tanya Janca! https://academy.wehackpurple.com/Join our Cyber Security community: https://community.wehackpurple.com/A fun and safe place to learn and share your knowledge with other professionals in the field. Subscribe to our newsletter! Sponsorship info: info@wehackpurple.com . Find us on Apple Podcast, Overcast + Pod
Host Tanya Janca learns from Sunny Wear about penetration testing with a live demonstration! Sunny shows off her custom app, Burp Tool Buddy, which shows you how to use and configure burp suite Pro. And it's a STEAL at $4.99!! https://twitter.com/SunnyWear Thank you to our sponsor 10SecurityNEW Secure coding Course here!Buy Tanya's new book on Application Security: Alice and Bob learn Application Security. Don't forget to check out We Hack Purple Academy's NEW courses, #AppSec Foundations taught by Tanya Janca! https://academy.wehackpurple.com/Join our Cyber Security community: https://community.wehackpurple.com/A fun and safe place to learn and share your knowledge with other professionals in the field. Subscribe to our newsletter! Sponsorship info: info@wehackpurple.com . Find us on Apple Podcast, Overcast + Pod
Host Tanya Janca meets Ron Brash. He is a well-known technical expert in the ICS community, with a long-standing history in oil and gas from a young age, but also by engaging in difficult-to-solve industry solution development questions. Today, he has a Master's degree in Computer Science, a Bachelor's in Technology, over a decade of experience with industrial networks and technologies, embedded systems, systems design, risk advisory, and in several different domains ranging from aviation, energy, gas & more. Currently, he is a director at Verve Industrial Protection where his role as Director of Cybersecurity Insights includes product ownership, risk analysis, vulnerability research, reverse engineering, and facilitating relationships in IT & OT divisions of organizations. Check out his Twitter! Thank you to our sponsor 10SecurityNEW Secure coding Course here!Buy Tanya's new book on Application Security: Alice and Bob learn Application Security. Don't forget to check out We Hack Purple Academy's NEW courses, #AppSec Foundations taught by Tanya Janca! https://academy.wehackpurple.com/Join our Cyber Security community: https://community.wehackpurple.com/A fun and safe place to learn and share your knowledge with other professionals in the field. Subscribe to our newsletter! Sponsorship info: info@wehackpurple.com . Find us on Apple Podcast, Overcast + Pod
Host Tanya Janca learns what it's like to be an offensive Engineer at @zoom, as well as a PluralSight author & mentor. Maril Vernon is always helping peeps break into cybersecurity. https://twitter.com/shewhohacks Thank you to our sponsor 10SecurityNEW Secure coding Course here!Buy Tanya's new book on Application Security: Alice and Bob learn Application Security. Don't forget to check out We Hack Purple Academy's NEW courses, #AppSec Foundations taught by Tanya Janca! https://academy.wehackpurple.com/Join our Cyber Security community: https://community.wehackpurple.com/A fun and safe place to learn and share your knowledge with other professionals in the field. Subscribe to our newsletter! Sponsorship info: info@wehackpurple.com . Find us on Apple Podcast, Overcast + Pod
Host Tanya Janca meets Leif Dreizler who manages the Product Security team at Segment. The ProdSec Team is focused on partnering with software engineering teams to design and implement security features for the Segment product. Leif got his start in the security industry at Redspin doing security consulting work and was later an early employee at Bugcrowd. He helps organize the Bay Area OWASP Chapter, the AppSec California Conference and LocoMocoSec. Thank you to our sponsor 10SecurityBuy Tanya's new book on Application Security: Alice and Bob learn Application Security. Don't forget to check out We Hack Purple Academy's NEW courses, #AppSec Foundations taught by Tanya Janca! https://academy.wehackpurple.com/Join our Cyber Security community: https://community.wehackpurple.com/A fun and safe place to learn and share your knowledge with other professionals in the field. Subscribe to our newsletter! Sponsorship info: info@wehackpurple.com . Find us on Apple Podcast, Overcast + Pod
Host Tanya Janca talks with guest Jessica Dodson to learn what it's like to be a Customer Engineer (CE) in Security & Identity Modernization @ Microsoft. You can learn more about Jess here: https://girl-germs.com/ or follow her on Twitter. https://linktr.ee/girlgerms https://www.linkedin.com/in/jrdodson/ https://twitter.com/girlgerms Thank you to our sponsor #10Security! https://www.10security.com/ Buy Tanya's new book on Application Security: Alice and Bob learn Application Security. Don't forget to check out We Hack Purple Academy's NEW courses, #AppSec Foundations taught by Tanya Janca! https://academy.wehackpurple.com/Join our Cyber Security community: https://community.wehackpurple.com/A fun and safe place to learn and share your knowledge with other professionals in the field. Subscribe to our newsletter! Sponsorship info: info@wehackpurple.com . Find us on Apple Podcast, Overcast + Pod
Host Tanya Janca learns what it's like to be a BISO (Business Information Security Officer)! Alyssa Miller has had a very exciting career, and has a LOT to share with us on how to climb the career ladder in Cyber! https://twitter.com/AlyssaM_InfoSec Thank you to our sponsor Thread Fix! Buy Tanya's new book on Application Security: Alice and Bob learn Application Security. Don't forget to check out We Hack Purple Academy's NEW courses, #AppSec Foundations taught by Tanya Janca! https://academy.wehackpurple.com/Join our Cyber Security community: https://community.wehackpurple.com/A fun and safe place to learn and share your knowledge with other professionals in the field. Subscribe to our newsletter! Sponsorship info: info@wehackpurple.com . Find us on Apple Podcast, Overcast + Pod
Host Tanya Janca learns what it's like to be a PhD, S-CISO, CISSP, AND the Head of Cyber Risk Consulting at Marsh Singapore! She's also a leader for WoSEC Singapore, has run many security events such as CTFs for girls and women, and so, so much more. Join us to listen in! https://twitter.com/m49D4ch3lly Thank you to our sponsor Thread Fix! Buy Tanya's new book on Application Security: Alice and Bob learn Application Security. Don't forget to check out We Hack Purple Academy's NEW courses, #AppSec Foundations taught by Tanya Janca! https://academy.wehackpurple.com/Join our Cyber Security community: https://community.wehackpurple.com/A fun and safe place to learn and share your knowledge with other professionals in the field. Subscribe to our newsletter! Sponsorship info: info@wehackpurple.com . Find us on Apple Podcast, Overcast + Pod
Host Tanya Janca learns what it's like to be the executive Vice President at F5, with Haiyan Song! She has had a very long career in security and Tanya is looking forward to delving into Haiyan's career path, and tips she has to share! https://twitter.com/SplunkHaiyan Thank you to our sponsor Thread Fix! Buy Tanya's new book on Application Security: Alice and Bob learn Application Security. Don't forget to check out We Hack Purple Academy's NEW courses, #AppSec Foundations taught by Tanya Janca! https://academy.wehackpurple.com/Join our Cyber Security community: https://community.wehackpurple.com/A fun and safe place to learn and share your knowledge with other professionals in the field. Subscribe to our newsletter! Sponsorship info: info@wehackpurple.com . Find us on Apple Podcast, Overcast + Pod
With our guest being unable to make it, host Tanya Janca gave a lesson on API security best practices. She also shared a twitter link with a list of API security testing tools, as well as a downloadable PDF about the best practices discussed.Thank you to our sponsor Thread Fix! Buy Tanya's new book on Application Security: Alice and Bob Learn Application Security. Don’t forget to check out We Hack Purple Academy’s NEW courses, #AppSec Foundations taught by Tanya Janca! https://academy.wehackpurple.com/Join our Cyber Security community: https://community.wehackpurple.com/A fun and safe place to learn and share your knowledge with other professionals in the field. Subscribe to our newsletter! Sponsorship info: info@wehackpurple.com . Find us on Apple Podcast, Overcast + Pod
Host Tanya Janca learns what it's like to be a Open Source Intelligence Analyst, with Ritu Gill, AKA OSINT Techniques! https://twitter.com/OSINTtechniques Thank you to our sponsor Thread Fix! Buy Tanya's new book on Application Security: Alice and Bob learn Application Security. Don’t forget to check out We Hack Purple Academy’s NEW courses, #AppSec Foundations taught by Tanya Janca! https://academy.wehackpurple.com/Join our Cyber Security community: https://community.wehackpurple.com/A fun and safe place to learn and share your knowledge with other professionals in the field. Subscribe to our newsletter! Sponsorship info: info@wehackpurple.com . Find us on Apple Podcast, Overcast + Pod
Host Tanya Janca learns what it's like to be a Chief Product Officer (CPO) of a DevSecOps Product startup, with Abhi Arora! His startup is called Cloud Defense.Thank you to our sponsor Thread Fix! Buy Tanya's new book on Application Security: Alice and Bob learn Application Security. Don’t forget to check out We Hack Purple's Academy and Community! A fun and safe place to learn and share your knowledge with other professionals in the field. Subscribe to our newsletter while you're at it! Sponsorship info: info@wehackpurple.com Find us on Apple Podcast, Overcast + Pod
Host Tanya Janca learns what it's like to be the CEO of Zag Communications, with Zenobia Godschalk! Zenobia is the founder and CEO of ZAG Communications, a digital marketing, PR, and IR firm that has launched and scaled global, multi-billion dollar enterprise tech companies, focused on cybersecurity. https://twitter.com/zenobiaZAG Thank you to our sponsor Thread Fix! Buy Tanya's new book on Application Security: Alice and Bob learn Application Security. Don’t forget to check out We Hack Purple Academy’s NEW courses, #AppSec Foundations taught by Tanya Janca! https://academy.wehackpurple.com/Join our Cyber Security community: https://community.wehackpurple.com/A fun and safe place to learn and share your knowledge with other professionals in the field. Subscribe to our newsletter! Sponsorship info: info@wehackpurple.com . Find us on Apple Podcast, Overcast + Pod
After a scheduling snafu with our guest, host Tanya Janca decided to do a deep dive on WordPress security best practices, and how she performed a security assessment on the brand-new We Hack Purple website. Plus (of course) a sneak-peak at the site! Check it out! Thank you to our sponsor Thread Fix! Buy Tanya's new book on #ApplicationSecurity: Alice and Bob learn Application Security. Don’t forget to check out #WeHackPurple Academy’s NEW courses, #AppSec Foundations taught by Tanya Janca! https://academy.wehackpurple.com/Join our Cyber Security community: https://community.wehackpurple.com/A fun and safe place to learn and share your knowledge with other professionals in the field. Subscribe to our newsletter! Sponsorship info: info@wehackpurple.com . #TanyaJanca #SheHacksPurple #DevSecOps #CyberTraining Find us on Apple Podcast, Overcast + Pod
Host #TanyaJanca learns what it's like to be a Infrastructure Test Engineer, with Annie Hedgpeth! Through configuration management, provisioning infrastructure as code, integration testing and compliance automation through Hashicorp, and CI/CD, Annie’s aim is always to make the right thing to do the easy thing to do https://twitter.com/anniehedgie Thank you to our sponsor Thread Fix! Buy Tanya's new book on #ApplicationSecurity: Alice and Bob learn Application Security. Don’t forget to check out #WeHackPurple Academy’s NEW courses, #AppSec Foundations taught by Tanya Janca! https://academy.wehackpurple.com/Join our Cyber Security community: https://community.wehackpurple.com/A fun and safe place to learn and share your knowledge with other professionals in the field. Subscribe to our newsletter! Sponsorship info: info@wehackpurple.com . #TanyaJanca #SheHacksPurple #DevSecOps #CyberTraining Find us on Apple Podcast, Overcast + Pod
Host Tanya Janca Learns what it's like to be an Engineering Manager, in Detection and Response! Swathi Joshi leads Netflix's Detection and Response team which focuses on managing the inevitable security incidents that arise and building detection pipelines to minimize risk to Netflix. Prior to Netflix, she was an Engagement Manager and Escalations Manager at Mandiant/FireEye, helping companies defend against Advanced Persistent Threats (APT). Swathi was born in Mangalore, India. She received her Master's degree in Information Security and Assurance from George Mason University and sits on the board of https://sdie.org Thank you to our sponsor Thread Fix! Buy Tanya's new book on #ApplicationSecurity: Alice and Bob learn Application Security. Don’t forget to check out #WeHackPurple Academy’s NEW courses, #AppSec Foundations taught by Tanya Janca! https://academy.wehackpurple.com/Join our Cyber Security community: https://community.wehackpurple.com/A fun and safe place to learn and share your knowledge with other professionals in the field. Subscribe to our newsletter! Sponsorship info: info@wehackpurple.com . #TanyaJanca #SheHacksPurple #DevSecOps #CyberTraining Find us on Apple Podcast, Overcast + Pod
What is AppSec, DevOps and DevSecOps? In this episode we discuss why defenders should know more about these terms and what the consequences are of ignoring these new and critical fields.Tanya Janca, also known as SheHacksPurple, is the best-selling author of ‘Alice and Bob Learn Application Security’. She is also the founder of We Hack Purple, an online learning academy, community and podcast that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty years, won countless awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). She has worn many hats; startup founder, pentester, CISO, AppSec Engineer, and software developer. She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings on 6 continents. She values diversity, inclusion and kindness, which shines through in her countless initiatives.Advisor: Nord VPN, Cloud Defense, NeuraLegion, ICTC PAC, WoSECFounder: We Hack Purple, WoSEC International (Women of Security), OWASP DevSlop, #CyberMentoringMondaySupport for the Blueprint podcast comes from the SANS Institute.Check out the constantly growing list of available courses at sansurl.com/blueteamopsFollow SANS Cyber Defense: Twitter | LinkedIn | YouTubeFollow John Hubbard: Twitter | LinkedIn
Host Tanya Janca has had over 30 AppSec & #infosec professionals on the We Hack Purple podcast so far. In this episode, she tries to boil down all of the great advice that has been given by our brilliant and successful guests.Thank you to our sponsor Thread Fix! Buy Tanya's new book on #ApplicationSecurity: Alice and Bob learn Application Security. Don’t forget to check out #WeHackPurple Academy’s NEW courses, #AppSec Foundations taught by Tanya Janca! https://academy.wehackpurple.com/Join our Cyber Security community: https://community.wehackpurple.com/A fun and safe place to learn and share your knowledge with other professionals in the field. Subscribe to our newsletter! Sponsorship info: info@wehackpurple.com . #TanyaJanca #SheHacksPurple #DevOps #CyberTraining Find us on Apple Podcast, Overcast + Pod
Tanya Janca walks us through how her need for community inspired her to develop one of her own.Join us for an inclusive conversation on how to navigate a male-dominated field and how to create your own success.Tanya Janca, also known as SheHacksPurple, is the author of ‘Alice and Bob Learn Application Security'. She is also the founder of We Hack Purple, an online learning academy, community and weekly podcast that revolves around teaching everyone to create secure software.Tanya has been coding and working in IT for over twenty years, won numerous awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). She has worn many hats; startup founder, pentester, CISO, AppSec Engineer, and software developer. She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings on 6 continents.GuestTanya Janca, Founder: We Hack Purple (Academy, Community and Podcast), WoSEC International (Women of Security), OWASP DevSlop, OWASP Victoria, #CyberMentoringMonday (@shehackspurple on Twitter)HostsJaclyn (Jax) Scott | Erika McDuffie | Jon HelmusThis Episode's SponsorsIf you'd like to sponsor this or any other podcast episode on ITSPmagazine, you can learn more here: https://www.itspmagazine.com/podcast-series-sponsorshipsResourcesLinks for Tanya Janca:https://shehackspurple.cahttps://www.youtube.com/shehackspurplehttps://dev.to/shehackspurplehttps://medium.com/@shehackspurplehttps://www.twitch.tv/shehackspurplehttps://github.com/shehackspurple/https://www.slideshare.net/TanyaJanca/Links for We Hack Purple:https://wehackpurple.comhttps://twitter.com/wehackpurplehttps://www.youtube.com/wehackpurplehttps://linkedin.com/company/wehackpurpleAlice and Bob Learn Application Security: https://www.amazon.com/dp/1119687357/For more podcast stories from Hackerz And Haecksen with Jaclyn (Jax) Scott, Erika McDuffie, and Jon Helmus, visit: https://www.itspmagazine.com/hackerz-and-haecksen-podcastAre you interested in sponsoring an ITSPmagazine Channel?https://www.itspmagazine.com/podcast-series-sponsorships
Host Tanya Janca Learns what it's like to be a Assistant Professor and #SecurityResearch who specializes in medical devices, with Veronica Schmitt! https://veronica-schmitt.com/ Thank you to our sponsor Thread Fix! Buy Tanya's new book on #ApplicationSecurity: Alice and Bob learn Application Security. Don’t forget to check out #WeHackPurple Academy’s NEW courses, #AppSec Foundations taught by Tanya Janca! https://academy.wehackpurple.com/Join our Cyber Security community: https://community.wehackpurple.com/A fun and safe place to learn and share your knowledge with other professionals in the field. Subscribe to our newsletter! Sponsorship info: info@wehackpurple.com . #TanyaJanca #SheHacksPurple #DevOps #CyberTraining Find us on Apple Podcast, Overcast + Pod
Host Tanya Janca Learns what it's like to be a CEO of a cyber security company, with O'Shea Bowens! O'Shea is a cyber security enthusiast whose background is primarily security analytics & DFIR. He also focuses on cloud and application security. Thank you to our sponsor Thread Fix! Buy Tanya's new book on #ApplicationSecurity: Alice and Bob learn Application Security. Don’t forget to check out #WeHackPurple Academy’s NEW courses, #AppSec Foundations taught by Tanya Janca! https://academy.wehackpurple.com/Join our Cyber Security community: https://community.wehackpurple.com/A fun and safe place to learn and share your knowledge with other professionals in the field. Subscribe to our newsletter! Sponsorship info: info@wehackpurple.com . #TanyaJanca #SheHacksPurple #DevSecOps #CyberTraining Find us on Apple Podcast, Overcast + Pod
Host Tanya Janca learns what it's like to be a Director of Engineering, with Jarrod Overson! Jarrod is a developer, speaker, and author who most recently led development of Shape Security's application defense platform which was recently acquired by F5 for $1 billion. Thank you to our sponsor Thread Fix! Buy Tanya's new book on #ApplicationSecurity: Alice and Bob learn Application Security. Don’t forget to check out #WeHackPurple Academy’s NEW courses, #AppSec Foundations taught by Tanya Janca! https://academy.wehackpurple.com/Join our Cyber Security community: https://community.wehackpurple.com/A fun and safe place to learn and share your knowledge with other professionals in the field. Subscribe to our newsletter! Sponsorship info: info@wehackpurple.com . #AppSec #SheHacksPurple #DevSecOps #CyberTraining Find us on Apple Podcast, Overcast + Pod
Host Tanya Janca Learns what it's like to be a Security Architect, with Barbara Schachner! Barbara is a Security Architect at Dynatrace. She has spent half of her 15 years of experience in the security industry on the defensive side and has built and led the Red Team at Siemens. After moving to the defensive side, she has worked as a security officer at Siemens before joining Dynatrace where she is passionate about working with people to find easy-to-use but reliable ways to improve security in architecture, code and #devops workflows. Thank you to our sponsor Thread Fix! Buy Tanya's new book on #ApplicationSecurity: Alice and Bob learn Application Security. Don’t forget to check out #WeHackPurple Academy’s NEW courses, #AppSec Foundations taught by Tanya Janca! https://academy.wehackpurple.com/Join our Cyber Security community: https://community.wehackpurple.com/A fun and safe place to learn and share your knowledge with other professionals in the field. Subscribe to our newsletter! Sponsorship info: info@wehackpurple.com . #TanyaJanca #SheHacksPurple #DevOps #CyberTraining Find us on Apple Podcast, Overcast + Pod
Learn what it's like to be... TROY HUNT! He has had an incredibly interesting career, arguably unlike any other. Follow him on twitter! Thank you to our sponsor Thread Fix! https://threadfix.it/ Buy Tanya's new book on #ApplicationSecurity: Alice and Bob learn Application Security. Don’t forget to check out #WeHackPurple Academy’s NEW courses, #AppSec Foundations taught by Tanya Janca! Subscribe to our newsletter! Sponsorship info: info@wehackpurple.com . #TanyaJanca #SheHacksPurple #DevOps #CyberTraining Find us on Apple Podcast, Overcast + Pod
In episode 21 of the We Hack Purple podcast host Tanya Janca learns what it's like to be a People Manager and how to do Enterprise Sales, with Sasha Rosenbaum! Sasha is a Sr. Manager, Managed OpenShift Black Belts at Red Hat. In her career, Sasha has worked in development, operations, consulting, and cloud architecture. Sasha is an organizer, above all else.Follow Sasha on Twitter! Her website is here.Thank you to our sponsor UBIQ Security! They now have a free tier of their product for developers, which you should definitely check out! Buy Tanya's new book on Application Security: Alice and Bob learn Application Security Don’t forget to check out We Hack Purple Academy’s NEW certification program, Application Security Foundations! Subscribe to our newsletter for free content and other goodness! For live virtual corporate training contact info@wehackpurple.com
Episode 20 of the We Hack Purple podcast has host Tanya Janca Learns what it's like to be an Information Security OfficerService Delivery and Operations Manager, with Brian Anderson! In Brian's own words: "I'm an InfoSec Manager who straddles both Security and pure IT roles. I've been in IT and InfoSec for almost 20 years. I fell into this by accident, couldn't dig my way out, so I decided to dig in." This episode was an absolute treat! Follow Brian on Twitter! Thank you to our sponsor Thread Fix! Buy Tanya's new book on Application Security: Alice and Bob learn Application Security Don’t forget to check out We Hack Purple Academy’s NEW certification program, Application Security Foundations! Subscribe to our newsletter for free content and other goodness! For corporate virtual training contact info@wehackpurple.com
Here in Episode 9, I speak with Tanya Janca, also known as SheHacksPurple. Tanya is the best-selling author of ‘Alice and Bob Learn Application Security'. She is also the founder of We Hack Purple, an online learning academy, community and weekly podcast that revolves around teaching everyone to create secure software. In this conversation, Tanya explains how she worked out early on that software developers were her tribe, and how speaking publicly led to further opportunities, first in-house and then as her own boss. The power of community and generosity of people is a theme that runs throughout this episode, and one that is music to my ears, in the spirit of abundance. Tanya goes on to explain how there is a long way to go before secure software development gets sufficient recognition and presence academically, and how she is aiming to drive this change. Her best advice is to make sure there is a market for whatever it is you want to offer. Enjoy!
In this episode our host Tanya Janca (also known as SheHacksPurple), talks to our guest Teuta Hyseni, to learn what it's like to be an Application Security Engineer. We have an amazing conversation covering all aspects of her job and what it takes to get there!This episode sponsored by Thread Fix! Don’t forget to check out We Hack Purple Academy’s NEW Application Security Foundations certification program! The course textbook is Alice and Bob Learn Application Security!Subscribe to our newsletter here: https://newsletter.wehackpurple.com/ For corporate virtual training contact info@wehackpurple.com
In this episode our host Tanya Janca (also known as SheHacksPurple), talks to our guest Shira Shamban of Solvo, to learn what it's like to be a founder and CEO of a rapidly growing cloud security product company in Israel. She tells of us her military service, what it's like to start a company, and when you know your company is 'real'.This episode sponsored by Thread Fix! Don’t forget to check out We Hack Purple Academy’s NEW Application Security Foundations certification program! The course textbook is Alice and Bob Learn Application Security!Subscribe to our newsletter here: https://newsletter.wehackpurple.com/ For corporate virtual training contact info@wehackpurple.com
In this episode our host Tanya Janca (also known as SheHacksPurple), talks to our guest Kim Crawley an independent cyber security writer and researcher to learn what it's like to write, find contracts, make a name for yourself, and more! We also talked about her conference, Disinfosec . Kim Crawley can be found here: Twitter, her book the Penetration Tester's Blueprint , her conference she founded Disinfosec , and you can read many writing samples here. Sponsored by Ubiq Security! Don’t forget to check out We Hack Purple Academy’s NEW course, Application Security Foundations! On top of that there is so much awesome content you can subscribe to for only 7$ a month! Also, check out Tanya's book, Alice and Bob Learn Application Security!Subscribe to our newsletter here: https://newsletter.wehackpurple.com/ For corporate virtual training contact info@wehackpurple.com
In this episode our host Tanya Janca (also known as SheHacksPurple), talks to our guest Tyrone E. Wilson of cover6solutions.com, to learn what it's like to be a Founder & President of a Cyber Security Company! Also, we talk about his amazing meetup, D.C. Cybersecurity Professionals .This episode sponsored by Thread Fix! Don’t forget to check out We Hack Purple Academy’s NEW course, Application Security Foundations! On top of that there is so much awesome content you can subscribe to for only 7$ a month! Also, check out Tanya's book, Alice and Bob Learn Application Security!Subscribe to our newsletter here: https://newsletter.wehackpurple.com/ For corporate virtual training contact info@wehackpurple.com
In this episode our host Tanya Janca (also known as SheHacksPurple), talks to our guest Anshu Bansal of CloudDefense.ai, to learn what it's like to be a Chief Executive Officer (CEO) of a DevSecOps product startup!This episode sponsored by Thread Fix! Don’t forget to check out We Hack Purple Academy’s NEW course, Application Security Foundations! On top of that there is so much awesome content you can subscribe to for only 7$ a month! Subscribe to our newsletter here: https://newsletter.wehackpurple.com/ For corporate virtual training contact info@wehackpurple.com
In this episode our host Tanya Janca (also known as SheHacksPurple), talks to our guest Dominique West, to learn what it's like to be a Senior Cloud Security Consultant! She also hosts an awesome podcast called Security In Color , and she tells us all about it!You can follow Dominique on Twitter, subscribe to her amazing YouTube Channel, or visit her awesome Security in Color website!This episode sponsored by Thread Fix! Don’t forget to check out We Hack Purple Academy’s NEW course, Application Security Foundations! On top of that there is so much awesome content you can subscribe to for only 7$ a month! Subscribe to our newsletter here: https://newsletter.wehackpurple.com/ For corporate virtual training contact info@wehackpurple.com
In our inaugural episode, we sit down with Tanya Janca, founder of WeHackPurple, to discuss her expertise in solving for Race Condition vulnerabilities during her career as both a software engineer and application security professional. We spend some time talking through the most common types of Race Conditions, review a few real-world hacks and vulnerabilities, and present actionable tips security and technology teams can make to solve this class of vulnerability. About our Guest: Tanya Janca, also known as SheHacksPurple, is the author of ‘Alice and Bob Learn Application Security’. She is also the founder of We Hack Purple, an online learning academy, community and weekly podcast that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty years, won numerous awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). She has worn many hats; startup founder, pentester, CISO, AppSec Engineer, and software developer. She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings on 6 continents. She values diversity, inclusion and kindness, which shines through in her countless initiatives.Founder: We Hack Purple (Academy, Community and Podcast), WoSEC International (Women of Security), OWASP DevSlop, OWASP Victoria, #CyberMentoringMonday Resources: About the vulnerabilities discussed: The Starbucks infinite credit race condition: https://www.schneier.com/blog/archives/2015/05/race_condition_.html (https://www.schneier.com/blog/archives/2015/05/race_condition_.html) The Gitlab ‘merge any pull request’ race condition: https://www.cvedetails.com/cve/CVE-2019-11546/ (https://www.cvedetails.com/cve/CVE-2019-11546/) The Dirty Cow vulnerability: https://dirtycow.ninja/ (https://dirtycow.ninja/) with the research paper: http://www.iiisci.org/journal/CV$/sci/pdfs/SA025BU17.pdf (http://www.iiisci.org/journal/CV$/sci/pdfs/SA025BU17.pdf) The Spurious DB race condition, impacting all major operating systems: https://www.triplefault.io/2018/05/spurious-db-exceptions-with-pop-ss.html (https://www.triplefault.io/2018/05/spurious-db-exceptions-with-pop-ss.html) Tools discussed: Safe Rust race condition guarantees: https://doc.rust-lang.org/nomicon/races.html#data-races-and-race-conditions (https://doc.rust-lang.org/nomicon/races.html#data-races-and-race-conditions) GoLang race detector: https://blog.golang.org/race-detector (https://blog.golang.org/race-detector) Testing race conditions on REST APIs: https://github.com/TheHackerDev/race-the-web (https://github.com/TheHackerDev/race-the-web) Links for Tanya: Tanya's book Alice and Bob Learn Application Security: https://www.amazon.com/dp/1119687357/ (https://www.amazon.com/dp/1119687357/) https://shehackspurple.ca/ (https://shehackspurple.ca) https://twitter.com/shehackspurple (https://twitter.com/shehackspurple) https://www.youtube.com/shehackspurple (https://www.youtube.com/shehackspurple) https://dev.to/shehackspurple (https://dev.to/shehackspurple) https://medium.com/@shehackspurple (https://medium.com/@shehackspurple) https://www.youtube.com/shehackspurple (https://www.youtube.com/shehackspurple) https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.twitch.tv%2Fshehackspurple&data=02%7C01%7CTanya.Janca%40microsoft.com%7C07d4df77a23e4530bbec08d606f82846%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636704060233537602&sdata=M1gR%2BErMWUyDGu0OxeFWXP1XcgsPEloCVKdraOmaLm4%3D&reserved=0 (https://www.twitch.tv/shehackspurple) https://www.linkedin.com/in/tanya-janca (https://www.linkedin.com/in/tanya-janca) https://github.com/shehackspurple/ (https://github.com/shehackspurple/) https://www.slideshare.net/TanyaJanca/ (https://www.slideshare.net/TanyaJanca/) Tanya mentioned she’s also a professional musician, you can find her...
Tanya Janca, also known as SheHacksPurple, is the author of ‘Alice and Bob Learn Application Security’. She is also the founder of We Hack Purple, an online learning academy, community and weekly podcast that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty years, won numerous awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). She has worn many hats; startup founder, pentester, CISO, AppSec Engineer, and software developer. She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings on 6 continents. She values diversity, inclusion and kindness, which shines through in her countless initiatives.Founder: We Hack Purple (Academy, Community and Podcast), WoSEC International (Women of Security), OWASP DevSlop, OWASP Victoria, #CyberMentoringMonday. Chapter List: 00:00:20 Opening00:00:47 About @SheHacksPurple00:01:55 Tanya is here!00:02:21 Red Team, Blue Team, Purple Team00:04:20 Purple Trait: Empathy00:05:02 Purple Trait: Advocacy00:06:50 Young Coding00:08:04 Childhood and parents00:08:37 "The Shirt Story"00:09:12 Discovering that Code should be secure00:11:20 Educating Students00:12:15 "Cross Site Scripting" meaning00:13:52 Introducing WeHackPurple.com00:16:52 "DevSecOps" Definition00:19:02 Public Speaking00:19:54 Meet WOSEC00:22:45 Big Shoutout to Chloé Messdaghi00:24:22 Cyber Mentoring Monday00:26:15 Mentee Responsibilities00:28:25 Everyone needs a mentor00:29:56 Salary negotiations00:32:40 Less Traveling is good.00:34:30 Management vs. Leadership00:37:10 Diversity and Inclusion00:37:40 Shout out to Jane Franklin and Tara Wheeler00:42:22 Cookies!!!00:43:20 Advice to a younger Tanya00:46:34 Tribe of Hackers: Security Leaders00:49:00 Signing off, parting wisdom from Tanya
In this episode of the Virtual Coffee with Ashish edition, we spoke with Tanya Janca, Founder, SheHacksPurple & WeHackPurple. Host: Ashish Rajan - Twitter @hashishrajan Guest: Tanya Janca - Linkedin Tanya & Ashish spoke about Who is Tanya Janca? :) What was your path into CyberSecurity or your current role? What has professional life been after leaving Microsoft? What does Cloud Security mean for you? What is Application Security or AppSec? Tanya Janca’s Book - “Alice and Bob learn Application Security” How can someone start in Application Security, specially if they are trying to move laterally? What is Static Code Analysis? What is DevSecOps What is CI/CD Pipeline? Loss of AppSec knowledge when people move on? How do you find the motivation to continue? What is an AppSec Program and how can one make it successful? What does a Mature AppSec Program look like? Are there any tools used for Threat Modelling or is it conducted separately? What’s the most difficult piece of AppSec discipline to explain to others again and again? How do I get buy in from management? How do you do Threat Modelling in CI/CD Pipeline or automate it? What soft skills do you need to be an Application Security person? How do you merge AppSec risk in the infrastructure risk to get a wholistic view? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai
In this episode, we talk with the unique Tanya Janca she hacks purple. Tanya Janca launched she hack purple some time ago and now launched the new line of more inclusive training We Hack Purple. Tanya is a friend and a reference figure for appsec around the globe. The podcast is brought you by the generosity of NSC42 Ltd, your cybersecurity partner. Cybersecurity is a complex and different for every organization, and you need the best-tailored service to make sure your customer's data is safe and sound so that you can focus on what's important, focusing on your clients and bringing the best and safest experience. NSC42 Ltd can help you during your cloud transformation, cybersecurity assessment for your compliance checklist on-premises and on the cloud. Want to know more? Visit www.nsc42.co.uk to get your free quote. Tanya Janca, also known as ‘SheHacksPurple', is the founder, security trainer and coach of https://SheHacksPurple.dev, specializing in software and cloud security. Her obsession with securing software runs deep, from starting her company, to running her own OWASP chapter for 4 years in Ottawa, co-founding a new OWASP chapter in Victoria, and co-founding the OWASP DevSlop open-source and education project. With her countless blog articles, workshops and talks, her focus is clear. Tanya is also an advocate for diversity and inclusion, co-founding the international women's organization WoSEC, starting the online #MentoringMonday initiative, and personal mentoring, advocating for and enabling countless other women in her field. As a professional computer geek of 20+ years, she is a person who is truly fascinated by the ‘science' of computer science. Francesco is an Executive, Public Speaker, out of the box thinker. Francesco is the Executive director of NSC42 Ltd a UK based cybersecurity consultancy. As an executive, he loves to stay close to the technology but to keep it simple. Francesco is data and result-driven Cyber Security Executive/vCISO highly regarded for planning and executing strategic infosec improvement programs that protect data and technical assets, reduce security risks, and align with long-term organisational goals. Francesco is a well-known speaker, Head of the Cloud security alliance UK, and Director of the cyber security consultancy NSC42 https://www.shehackspurple.dev/ Social Media Links Follow us on social media to get the latest episodes: Website: www.cybersecuritycloudpodcast.com Youtube: https://www.youtube.com/SheHacksPurple You can listen to this podcast on your favourite player: Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463 Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ Linkedin: https://www.linkedin.com/company/35703565/admin/ Twitter: https://twitter.com/podcast_cyber Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/
TANYA JANCA Tanya Janca, also known as ‘SheHacksPurple’, is the founder, security trainer and coach of SheHacksPurple.dev, specialising in software and cloud security. Her obsession with securing software runs deep, from starting her company, to running her own OWASP chapter for 4 years in Ottawa, co-founding a new OWASP chapter in [...]
Tanya Janca is a Founder, Trainer and Coach in the world of DevSecOps and Application Security. She is an expert in this field having a successful career with the Canadian Federal Government and Microsoft. She currently leverages her knowledge and experience by offering training and coaching through her company, SheHacksPurple.dev She can be found on Twitter - @shehackspurple Subscribe to our YouTube channel! - https://www.youtube.com/darylandbuu?sub_confirmation=1 Daryl Montgomery and Buu Lam are the F5 Account Team based in Vancouver, British Columbia covering valued clients across British Columbia, Northwest Territories, Yukon and Nunavut. This weekly show covers recent topics in the world of F5 and information technology in Vancouver. Please consider Subscribing and enabling Notifications. These weekly shows will be released at the beginning of each week. Buu's Hour Live Streams are released throughout the week. Podcast format on Apple Podcast, Google Play Podcast and Spotify Instagram - https://www.instagram.com/buushour/ LinkedIn - https://www.linkedin.com/in/daryl-montgomery-8876752/ https://www.linkedin.com/in/buulam/ Buu's Hour B Roll Channel - https://www.youtube.com/channel/UCRSFdUbMRvX925MU7_knxSw Website - http://darylandbuu.com
Want to learn how to get started with Info Security, Application Security, and more? In this episode, Tanya Janca, Founder of SheHacksPurple, will share her thoughts on multiple security topics you need to know about. Discover some tips and resources to help jump-start your AppSec efforts. You’ll also hear about some cool initiatives like WoSec and CyberMentoringMonday. Listen up!
Github actions - https://github.com/features/actions How are these written? It looks like a marketplace format? How do they maintain code quality? What does it take setup the actions? It looks like IFTTT for DevOps? What kind of integrations does it allow for? Will it handle logins or API calls for you? Is it moderated in some way? What’s the acceptance criteria for these? What are you trying to accomplish by using Github Actions? What are the benefits of using these over XX product? What is gained by using this? Mention twitch Channel and when (join the mailing list) Github actions “Twitch.tv/shehackspurple” Coaching, Project Management, Scrum Management Alice and Bob learn Application Security - Wylie - Fall/Winter 2020 Links: https://shehackspurple.dev https://mailchi.mp/e2ab45528831/shehackspurple https://twitter.com/shehackspurple https://dev.to/shehackspurple https://medium.com/@shehackspurple https://www.youtube.com/shehackspurple https://www.twitch.tv/shehackspurple https://www.linkedin.com/in/tanya-janca https://github.com/shehackspurple/ Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #Pandora: https://pandora.app.link/p9AvwdTpT3 #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec
Tanya's AppSec Course https://www.shehackspurple.dev/server-side-request-forgery-ssrf-defenses https://www.shehackspurple.dev Server-side request forgery - https://portswigger.net/web-security/ssrf What are differences between Stored XSS and SSRF? This requires a MITM type of issue? Doesn’t stored XSS get stored on the server? What conditions must exist for SSRF to be possible? What mitigations need to be in place for mitigation of SSRF? CORS? CSP? Would a WAF or mod_security be effective? Can it be completely mitigated or are there still ways around it? Part2 -next week Github actions - https://github.com/features/actions How are these written? It looks like a marketplace format? How do they maintain code quality? What does it take setup the actions? It looks like IFTTT for DevOps? What kind of integrations does it allow for? Will it handle logins or API calls for you? Is it moderated in some way? What’s the acceptance criteria for these? What are you trying to accomplish by using Github Actions? What are the benefits of using these over XX product? What is gained by using this? Mention twitch Channel and when (join the mailing list) Github actions “Twitch.tv/shehackspurple” Coaching, Project Management, Scrum Management Alice and Bob learn Application Security - Wylie - Fall/Winter 2020 Links: https://shehackspurple.dev https://mailchi.mp/e2ab45528831/shehackspurple https://twitter.com/shehackspurple https://dev.to/shehackspurple https://medium.com/@shehackspurple https://www.youtube.com/shehackspurple https://www.twitch.tv/shehackspurple https://www.linkedin.com/in/tanya-janca https://github.com/shehackspurple/ Tanya Janca https://SheHacksPurple.dev Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #Pandora: https://pandora.app.link/p9AvwdTpT3 #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec
Steve Giguere @_SteveGiguere_ of Aqua Security @aquasecteam met with fellow Canadian and application security thought leader Tanya Janca @SheHacksPurple! They talk about how the current global pandemic is affecting us and our industry, her career path into application security, past initiatives like Women in Security (WoSec) and SheHacksPurple, and finally her new passion in creating educational content for developers and tech enthusiasts on security.
Open Web Application Security Project (OWASP) - Portland, Oregon Chapter
Our special guest today is Tanya Janca, also known as ‘SheHacksPurple'. She is the founder, security trainer and coach of SheHacksPurple.dev, specializing in software and cloud security. Her obsession with securing software runs deep, from starting her company, to running her own OWASP chapter for 4 years in Ottawa, co-founding a new OWASP chapter in Victoria, and co-founding the OWASP DevSlop open-source and education project. With her countless blog articles, workshops and talks, her focus is clear. Tanya is also an advocate for diversity and inclusion, co-founding the international women’s organization WoSEC, starting the online #CyberMentoringMonday initiative, and personally mentoring, advocating for and enabling countless other women in her field. As a professional computer geek of 20+ years, she is a person who is truly fascinated by the ‘science’ of computer science. Tanya's Links:https://shehackspurple.devhttps://mailchi.mp/e2ab45528831/shehackspurplehttps://twitter.com/shehackspurplehttps://dev.to/shehackspurplehttps://medium.com/@shehackspurple https://www.youtube.com/shehackspurple https://www.twitch.tv/shehackspurplehttps://www.linkedin.com/in/tanya-jancahttps://github.com/shehackspurple/Tanya is interviewed by Kendra Ash and John L. WhitemanAudio production and introduction by Shayne MorganFollow us, join us:https://owasp.org/www-chapter-portland/https://twitter.com/portlandowasp?lang=enhttps://www.meetup.com/OWASP-Portland-Chapterhttps://www.linkedin.com/groups/4223013/ Support the show (https://www.owasp.org/index.php/Membership#tab=Other_ways_to_Support_OWASP)
Recast Link for sharing your favorite snippet: https://recast.simplecast.com/7d083a66-6e0a-4d1a-957e-cdf5afc99bb4BIO:Tanya Janca, also known as ‘SheHacksPurple’, is the founder, security trainer and coach of SheHacksPurple.dev, specializing in software and cloud security. Her obsession with securing software runs deep, from starting her company, to running her own OWASP chapter for 4 years in Ottawa, founding a new OWASP chapter in Victoria, and founding the OWASP DevSlop open-source and education project. With her countless blog articles, workshops and talks, her focus is clear. Tanya is also an advocate for diversity and inclusion, co-founding the international women’s organization WoSEC, starting the online #MentoringMonday initiative, and personally mentoring, advocating for and enabling countless other women in her field. As a professional computer geek of 20+ years, she is a person who is truly fascinated by the ‘science’ of computer science.Notes:Part of security is teaching securityStarted in software development then starting meeting hackers, and decided to switch into security.Tanya is extremely scholastically inclinedShe comes from a family full of Woman Computer Scientists, Technologists, and Mathematicians!Her aunt was the FIRST to graduate in CS from Ontario.Her mother was a mathematician.She had four uncles in Computer Science.Tanya's Quick List For Getting Into Infosec:Responsibility of a mentee: [30:29]Have energy and timeRespect your mentor's timeNeed to have already looked for the answer online before you ever ask them for somethingThey are not a free consultant, you shouldn't ask them to do your workYou shouldn't stand them up for meetingsRecognize and have gratitude for the fact that this person has a crap-ton of knowledge in their brain that they're sharing with you for free. They're taking the time out. You're not their daughter or son. You're not their friend. You're a person in their industry and they're trying to pay it forward.You want to actually do the exercises that your mentor gives youChoose your mentor wiselyDo not expect your mentor to find you a jobQuotes:"We're graduating people who don't know how to make secure software, but they do know how to make software! So that ends up being insecure software." [4:57]"So if I was going to teach a software security course at a university, they would pay me as an adjunct professor and they would pay me almost nothing. It would almost be equivalent to volunteer work." [5:35]"I thought I really wanted to be a penetration tester until I discovered that there is this weird spot… in between red team and blue team." [10:17]"A lot of penetration testers get a little depressed."[11:07]"People just don't know how many super awesome cool things there are out there!" [15:11]"The people I liked the best are the people in my computer science class." [22:24]"Honestly, I just smoked a lot of weed and just showed up and would ace things." [22:12]"You don't have to spend money at the beginning necessarily." [31:58]"Which certification should I get so that I can be a good pentester?" [31:34]"I don't know enough to be a mentor." [31:50]Links:Tanya OnlinePersonal Site: https://dev.to/shehackspurpleTwitter: https://twitter.com/shehackspurplePushing Left Series: https://code.likeagirl.io/pushing-left-like-a-boss-part-1-80f1f007da95NICE Framework: https://www.nist.gov/itl/applied-cybersecurity/nice/nice-cybersecurity-workforce-framework-resource-centerOWASP: https://owasp.org/WoSec: https://wearetechwomen.com/wosec-women-of-security/Franziska Bühler https://twitter.com/bufraschGetting Into Infosec:Breaking IN: A Practical Guide to Starting a Career in Information Security: https://www.amazon.com/dp/B07N15GTPC/T-Shirts, Mugs, and more: https://gettingintoinfosec.com/shop/Sign up for sneak peaks, updates, and commentary: https://pages.gettingintoinfosec.com/subscribe
Tanya Janca, also known as SheHacksPurple, is a senior cloud advocate for Microsoft, specializing in application and cloud security; evangelizing software security and advocating for developers and operations folks alike through public speaking, her open source project OWASP DevSlop, … The post From The Source – Ep 10: Cloud Advocate Tanya Janca appeared first on Michelle Brenner.
Tanya Janca (@shehackspurple) DevOps Tools for free/cheap. They are all on github right, so they are all free? Python, Docker, k8s, Jenkins Licensing can be a problem Free-mium software, or trialware is useful? OWASP DevSlop Module Nicole Becker Pixie - insecure instagram “Betty Coin” SSLlabs - Qualys Mentoring Monday: What is “Mentoring Monday”? What does it take to be a good mentor? Should a mentee have a goal in mind? Something other than “I want to be just like you”? Do you assist in creating the relationship? What if they don’t meld? Are there any restrictions? Any place in someone’s career? How do you apply? Advocating - Leading Cyber Ladies: https://twitter.com/LadiesCyber WoSec International - https://twitter.com/WoSECtweets 19 Chapters worldwide Africa, No. America, Europe Goal? (hacker workshops) Submitting talks at cons Outreaching (how would people get involved) Mentorship involved in this? Global AppSec Videos on youtube: OWASP DevSlop: https://www.youtube.com/channel/UCSmjcWvgVBqF3x_7e5rfe3A https://www.youtube.com/channel/UCSmjcWvgVBqF3x_7e5rfe3A Blog Site: https://dev.to/shehackspurple Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec
Announcements: InfoSec Campout Conference (Eventbrite, social contract, etc): https://www.infoseccampout.com All Day Devops (https://www.alldaydevops.com) free talks online... Next conference starts 06 November 2019 ------ Tanya Janca (@shehackspurple) @wosectweets - Women of Security DevOps Tools for free/cheap. They are all on github right, so they are all free? Python, Docker, k8s, Jenkins Licensing can be a problem Free-mium software, or trialware is useful? OWASP DevSlop Module Nicole Becker Pixie - insecure instagram “Betty Coin” SSLlabs - Qualys Mentoring Monday: What is “Mentoring Monday”? What does it take to be a good mentor? Should a mentee have a goal in mind? Something other than “I want to be just like you”? Do you assist in creating the relationship? What if they don’t meld? Are there any restrictions? Any place in someone’s career? How do you apply? Advocating and being a good ally Leading Cyber Ladies: https://twitter.com/LadiesCyber WoSec International - https://twitter.com/WoSECtweets 19 Chapters worldwide Africa, No. America, Europe Goal? (hacker workshops) Submitting talks at cons Outreaching (how would people get involved) Mentorship involved in this? Global AppSec Videos on youtube: OWASP DevSlop: https://www.youtube.com/channel/UCSmjcWvgVBqF3x_7e5rfe3A https://www.youtube.com/channel/UCSmjcWvgVBqF3x_7e5rfe3A Blog Site: https://dev.to/shehackspurple Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec
This week, we welcome Tanya Janca, also known as SheHacksPurple, a senior cloud advocate for Microsoft, specializing in application, cloud security, and more! Tanya is joining us on the show to talk about DevSecOps and Securing Software Supply Chains! In the Application Security News, "Waiting for the worms to come." -- Pink Floyd and RDP's CVE-2019-0708. Even the NSA warns about the population of exposed systems, A patch commands attention for mail servers, In macOS Catalina and iOS 13, Apples finds a way to find devices and not lose privacy, iOS App Transport Security has strong benefits, but weak adoption, and much more! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode64 Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Tanya Janca, also known as SheHacksPurple, a senior cloud advocate for Microsoft, specializing in application, cloud security, and more! Tanya is joining us on the show to talk about DevSecOps and Securing Software Supply Chains! In the Application Security News, "Waiting for the worms to come." -- Pink Floyd and RDP's CVE-2019-0708. Even the NSA warns about the population of exposed systems, A patch commands attention for mail servers, In macOS Catalina and iOS 13, Apples finds a way to find devices and not lose privacy, iOS App Transport Security has strong benefits, but weak adoption, and much more! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode64 Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Tanya Janca, also known as SheHacksPurple, is a senior cloud advocate for Microsoft, specializing in application, cloud security, and more! Tanya is joining us on the show to talk about DevSecOps and Securing Software Supply Chains! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode64 Follow us on Twitter: https://www.twitter.com/securityweekly
Tanya Janca, also known as SheHacksPurple, is a senior cloud advocate for Microsoft, specializing in application, cloud security, and more! Tanya is joining us on the show to talk about DevSecOps and Securing Software Supply Chains! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode64 Follow us on Twitter: https://www.twitter.com/securityweekly