165: Tanya

165: Tanya

Nov 4, 2025 47m

AI Summary Available

Get the full experience! Sign up to access transcripts, personalized summaries, and more features.

Episode Description

Tanya Janca is a globally recognized AppSec (application security) expert and founder of We Hack Purple. In this episode, she shares wild stories from the front lines of cybersecurity. She shares stories of when she was a penetration tester to an incident responder.

You can sign up for her newsletter at https://newsletter.shehackspurple.ca/

Sponsors

Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com.

This episode is sponsored by Hims. Hims offers access to ED treatment options ranging from trusted generics that cost up to 95% less than brand names to Hard Mints, if prescribed. To get simple, online access to personalized, affordable care for ED, Hair Loss, Weight Loss, and more, visit https://hims.com/darknet.

Support for this show comes from Drata. Drata is the trust management platform that uses AI-driven automation to modernize governance, risk, and compliance, helping thousands of businesses stay audit-ready and scale securely. Learn more at drata.com/darknetdiaries.

View all active sponsors.

Books

AI-Generated Summary

Introduction to Tanya Janca

In this episode, Jack welcomes Tanya Janca, a prominent AppSec expert and founder of We Hack Purple. Tanya discusses her journey from a software developer to understanding critical vulnerabilities like SQL injections, fostering a passion for application security.

The Importance of Security Policies

Jack shares a personal anecdote about an ineffective security policy at his previous workplace. The episode highlights the challenges of retrieving crucial documents buried deep in corporate file systems. A live challenge among technicians illustrates how policies can remain unread and how important documents can remain inaccessible.

Tanya’s Initiation into Security

Tanya recounts her early experiences with penetration testing and how a significant exploit led her to transition from development to security. Her passion grows as she learns from a mentor and becomes fascinated with vulnerabilities like SQL injections.

Incident Response and Struggles in Cybersecurity

As a leader in incident management, Tanya shares gripping stories from her time handling security incidents, including a data breach scenario. She dives into the challenges of recognizing security incidents and the processes required to remedy them.

Challenges of Communication and Education

Tanya addresses the barriers in communication between security and development teams. Her initiative to create training to help helpdesk staff identify security incidents underscores the critical need for clear communication in mitigating security risks.

Closing Thoughts and Resources

The episode concludes with a powerful discussion on the importance of collaboration in cybersecurity. Tanya shares additional resources for improving application security and offers insights into keeping up with the ever-evolving landscape of cyber threats.