We Hack Purple Podcast

Episode 81 with Diana Kelley

In episode 81 of the We Hack Purple Podcast host Tanya Janca spoke to Diana Kelley, Chief Information Security Officer (CISO) at Protect AI. Diana and Tanya worked together at Microsoft, and to say that Diana is a pillar of the information security industry is somewhat of an understatement. Together they discussed problems with Large Language Models (LLMs) ingesting crappy code, and bad licenses, the OSSF (and it's goodness), and that sometimes people don't even realize they are breaking sof...

We Hack Purple Podcast Episode 80 with Ray Leblanc

In episode 80 of the We Hack Purple Podcast host Tanya Janca brings on her long-time friend Ray Leblanc of 'Hella Secure' blog. You may remember him from several Alice and Bob Learn streams, or from his cutting sarcasm on social media. Ray and Tanya discussed what they always discuss: AppSec. They compared AppSec responsibility versus business responsibility, how to "put it down" at the end of the day in order to avoid burn out, and that 'perhaps Tanya should learn to stay in her lane?' We ...

We Hack Purple Podcast Episode 79 with Isabelle Mauny

In episode 79 of the We Hack Purple Podcast host Tanya Janca spoke to Isabelle Mauny , Field CTO and founder of 42Crunch! Isabelle and Tanya met way back in 2018, at an API Security workshop in Britain, having no idea they would be friends for years to come! Isabelle is extremely passionate about securing APIs, and has volunteered for several different groups and projects in order to try to steer our industry in a more secure direction, including being president of the OpenAPI group and lend...

We Hack Purple Podcast Episode 78 with Jason Haddix

In episode 78 of the We Hack Purple Podcast host Tanya Janca brings Jason Haddix on to talk about artificial intelligence, and (of course) how to hack it! Jason discussed how to use AI for both defense and offence, using plain language (conversational), rather than code, and what a red teaming exercise looks for such a system. We talked about what a large language model looks like, cleaning up data, and how easy it is to get them to do bad things. Jason invited everyone to the AI Village at ...

We Hack Purple Podcast Episode 77 with Brendan Sheairs

In episode 77 of the We Hack Purple Podcast host Tanya Janca chats with Brendan Sheairs about her latest obsession; security champions! Brendan has significantly more experience in this area than anyone Tanya has met, so they dug in deep on this topic. We covered a lot in this episode, including;   •       What the heck are security champions? Why would someone want them? •    You need building blocks ◦                    Must haves: goals! Who will run it! What problem are they solving? ...

We Hack Purple Podcast Episode 72 with Scott Helme AGAIN

In episode 72 of the We Hack Purple Podcast host Tanya Janca brings Scott Helme back on because she just cannot get enough when it comes to security headers! You can watch and listen to his first episode here (https://wehackpurple.com/podcast/episode-69-with-scott-helme/). In this episode we focus on the “new” security headers from Scott’s great blog article where he first introduced the public to them (https://scotthelme.co.uk/coop-and-coep/). The new security header’s focus on protecting u...

We Hack Purple Podcast Episode 76 with Anshu Bansal

In episode 76 of the We Hack Purple Podcast host Tanya Janca brings Anshu Bansal, the CEO of CloudDefense.ai, back onto the show for a second time to discuss “solving problems in application security”. Tanya and Anshu have worked together quite a while, as Tanya has been an advisor at Cloud Defense since it was a drawing on the back of a napkin! We choose this topic because Anshu recently spoke at the OWASP Bay Area meetup chapter, and he told Tanya his talk was about "solving the AppSec pr...

We Hack Purple Podcast Episode 75 with Enno

In episode 75 of the We Hack Purple Podcast, host Tanya Janca interviews Enno, a security researcher from Semgrep. They discussed all things static analysis, including; how do we come up with SAST rules, what’s important to search for, important considerations when writing rules, testing rules before wider roll out, and writing rules specifically for Semgrep. We briefly got into The Official Docs, and content creation for both internal and external use, plus its importance when trying to sc...

We Hack Purple Podcast Episode 74 with Ray Espinoza

In episode 74 of the We Hack Purple Podcast, host Tanya Janca talks to guest Ray Espinoza from Inspectiv! During the podcast we honed in on how to build a positive security culture, which has several important ingredients; Security Champions, Empathy, explaining ‘the why’, sharing information in both technical and non technical formats, and storytelling! We talked about training, we talked about metrics, we talked about how to get your point across in an effective way, without scaring people...

We Hack Purple Podcast Episode 73 with Amanda Crawley

In episode 73 of the We Hack Purple Podcast, host Tanya Janca talks to guest Amanda Crawley of 1Password! We talked about how developers need special tools to help them do their jobs, securely, then we chatted about several things that can help them, especially password managers! Developers are huge targets for malicious actors and Amanda shared TONS of ways devs can protect themselves, and their companies they work for: • Keep everything up to date - phones, computers, routers, all softwar...

We Hack Purple Podcast Episode 71 with Ariel Shin

In episode 71 of the We Hack Purple Podcast Host Tanya Janca speaks to the Ariel Shin from Twillio! Ariel does product security, and as you might imagine, Tanya had at least 100 questions for her.  We discussed threat modelling, influence, persuasion and other communication skills needed to be an effective #AppSec person (or any security professional, for that matter). The conversation got really interesting as we dove into how to communicate with an executive, versus an engineer, versus a n...

We Hack Purple Podcast Episode 70 with Meghan Jacquot

In episode 70 of the We Hack Purple Podcast Host Tanya Janca speaks with Meghan Jacquot, who she met at OWASP Global AppSec in Dublin, Ireland. Tanya talked her into being on the podcast, and all of us get to hear about threat modelling (horizontally and vertically!), how women choose which conferences to attend, how to reduce physical risks when traveling, how to do security research and perform ‘good’ at the same time (“Cyber for good”), any her countless volunteer efforts to make our indu...

We Hack Purple Podcast Episode 68 with guest Gagandeep Singh

In episode 68 of the We Hack Purple Podcast host Tanya Janca dives into Domain Driven Design (and development) with Gagandeep Singh. Gagandeep is an avid blogger, and Tanya read his article on DDD and just had to interview him. We discussed if Design Driven design or development are those the same thing (they aren’t!), the security advantages of DDD, how Trusted Types and Content Security Policy Header come into play! We discussed the concept of having the security of a feature be part of th...

We Hack Purple Podcast Episode 67 with Jeremy Ventura

We Hack Purple Podcast Episode 67 with Jeremy Ventura In this episode of the We Hack Purple podcast host Tanya Janca met with Jeremy Ventura of ThreatX, to discuss how we can help more people from underrepresented groups into tech and specifically into the field of Cybersecurity / InfoSec. How do we get them a seat at the table? How can we share knowledge and educate people en mass? Can we advocate for others? (Spoiler alert: Jeremy and I gave several examples of both sides of that equation...

Secret Invasion Stream

We Hack Purple Podcast Episode 69 with Scott Helme

In episode 69 of the We Hack Purple Podcast Host Tanya Janca speaks to the only person on earth who is more excited about security headers than she is: Scott Helme of Report URI! Scott talked about all the different security headers, how some are ‘new’, when and why we would use them. We spoke about why some security headers stopped being used, rogue certificate authorities, and so much more. In fact, at the end, we felt that didn’t get to finish all the things we wanted to say. There was so...

We Hack Purple Podcast Episode 66 with guest Wolfgang Goerlich

In episode 66 of the We Hack Purple Podcast Host Tanya Janca sits down with one of her colleagues from IANs Research, Wolfgang Goerlich! We talked about his work and AMAZING team at Cisco (Hi Wendy and Dave!), how they were originally part of Duo Security, and that they missed their chance for a fun rebrand of Duo + Cisco = Disco! Besides all the silly jokes, we talked about what security looks like beyond just vulnerabilities and trying to keep the bad guys out. We zeroed in on legitimate u...

We Hack Purple Podcast Episode 64 with guest Anant Shrivastava

In this episode of the We Hack Purple podcast host Tanya Janca met with Anant Shrivastava! We talked about securing the entire software supply chain (including your CI/CD and where you get your packages from), and how it is more than just buying a software composition analysis (SCA) tool. He explained the new and very different risks of securing a mobile app versus a regular web app or an API, that’s he’s more of an ops than a dev person, and how the risks are all coming together now that m...

We Hack Purple Podcast Episode 65 with Frank Cipollone

In this episode of the We Hack Purple podcast host Tanya Janca met with Frank from Phoenix Security in the UK! We talked about this latest white paper ‘SLAs are Dead, Long Live SLAs!’, how AppSec folks aren’t necessarily ‘great’ at maintaining their own SLAs, and how to empower a team to do their own governance and be responsible for their own risk. We talked about how to figure out the security maturity model you are looking for, and what kind of language we can use to help a client decide ...

DefectDojo, Taking your DevSecOps to 11, with Matt Tesauro and We Hack Purple

A We Hack Purple Live Stream with Matt Tesauro of Defect Dojo Inc (https://www.defectdojo.com/).  Join We Hack Purple Community to be invited to awesome events like one! https://community.wehackpurple.com  Description: You’re tasked with ‘doing DevSecOps’ for your company and you’ve got more apps and issues than you know how to deal with. How do you make sense of the different tools outputs for all your different apps? DefectDojo is an open source platform that can be your single pane of g...

Episode 63 with Guest Mick Douglas

In this episode of the We Hack Purple podcast host Tanya Janca met with her colleague from IANs Faculty: Mick Douglas, founder of InfoSec Innovations! We talked about EVERYTHING AppSec and definitely could haveeasily  talked at least 2 more hours! He explained what honey pots/honey files/honey links are, and how to use them. Creating a "tamper evident" network and system, as well as how marketing people have really messed up the term "shift left" for the rest of us. Not only that, but the ep...

We Hack Purple Podcast Episode 63 with Guest Mick Douglas

In this episode of the We Hack Purple podcast host Tanya Janca met with her colleague from IANs Faculty: Mick Douglas, founder of InfoSec Innovations! We talked about EVERYTHING AppSec and definitely could haveeasily  talked at least 2 more hours! He explained what honey pots/honey files/honey links are, and how to use them. Creating a "tamper evident" network and system, as well as how marketing people have really messed up the term "shift left" for the rest of us. Not only that, but the ep...

We Hack Purple Podcast Episode 62 with Guest Olivia Rose

In this episode of the We Hack Purple Podcast we meet Olivia Rose, founder Rose CISO Group,  www.RoseCISOGroup.com. We talked about the fact that "consulting rules!", mentoring opportunities, and how CISOs and AppSec people have to fight to do their jobs all day, every day. Olivia dove into how to translate what do you, as a cyber security expert, to the executive board and other folks who are brilliant, but not-so-technical. She also gave us the secrets for how to make leadership care abou...

We Hack Purple Streams! Securing Open Source Dependencies Its Not Just Your Code That You Need to Secure With Rana Khalil

The importance of open source security management made headlines in 2017 when the Equifax breach resulted in the compromise of the personal information of millions of users. The breach was attributed to the use of a known vulnerable version of the Apache Struts open source framework. Since then, we’ve seen a rise in the disclosure (and exploitation) of vulnerabilities in open source software, such as the famous Log4Shell vulnerability that was dubbed as the “worst security flaw of the decade...

We Hack Purple Podcast Episode 61 with Guest Gemma Moore

In this episode of the We Hack Purple Podcast we meet Gemma Moore , co-founder and director of Cyberis. Gemma is an expert in penetration testing and red teaming. She started her career in cyber security nearly twenty years ago, working her way up from a junior penetration tester to running the penetration testing practice in a specialist consultancy by 2011. She is a founding director of the information security consultancy, Cyberis. Over her career, she has held CREST certifications in In...

We Hack Purple Podcast Episode 58 with Guest Anshuman Bhartiya

In this episode of the We Hack Purple Podcast we meet Anshuman Bhartiya, a Principal Security Engineer who also happens to be an avid AppSec blogger (https://www.anshumanbhartiya.com/) and conference speaker. We talked about how the SAST industry seems to be divided into two camps, as well as “the old guard” who used to say no to everything, versus newer ways of working towards better AppSec, such as using empathy and enablement, rather than a stick. Anshuman is a huge fan of automation (I ...

We Hack Purple Podcast Episode 59 with Guest Vitaly Unic

In this episode of the We Hack Purple Podcast we meet Vitaly Unic, the head of AppSec Research at Bright. We talked about creating an application security program with realistic goals, what works and what does not work. We dove into how to roll out a tool and get the most value, and then took a deep dive into how DASTs are built. How does a DAST find vulnerabilities, how does it discover the attack surface, and what, exactly, is an endpoint? Listen to learn more! Join us in the We Hack Purp...

We Hack Purple Episode 57 with Guest Sherif Koussa

 In this episode of the We Hack Purple Podcast we meet one of host Tanya Janca’s professional mentors; Sherif Koussa of Software Secured and Reshift Security. In this episode we talked about how we could prevent the next Log4J. We covered government regulations, industry compliance, tooling, SBOMs, inventory, incident response, and more! Check it OUT! Thank you so much to our sponsor, Bright Security! Check out their amazing #DAST! https://brightsec.com/ Join us in the We Hack Purple C...

We Hack Purple Podcast Episode 57 with Guest Sherif Koussa

 In this episode of the We Hack Purple Podcast we meet one of host Tanya Janca’s professional mentors; Sherif Koussa of Software Secured and Reshift Security. In this episode we talked about how we could prevent the next Log4J. We covered government regulations, industry compliance, tooling, SBOMs, inventory, incident response, and more! Check it OUT!  Join us in the We Hack Purple Community: A fun and safe place to learn and share your knowledge with other professionals in the field. ...

We Hack Purple Podcast Episode 56 with Guest Yael Nagler

In this episode of the We Hack Purple Podcast we meet another of host Tanya Janca’s friends; Yael Nagler , founder of Yass Partners! Yael has built a career advising large businesses about processes and risk. In this episode she covered: - How to use Situational Awareness - Ten Steps to win at corporate! - How to talk so CISOs will listen. How to listen so CISOs will talk. - What are CISOs being asked. - Why helping others is the best feeling in the entire world. Join us in the We Hack Pur...

We Hack Purple Podcast Episode 56 with Guest Yeal Nagler

In this episode of the We Hack Purple Podcast we meet another of host Tanya Janca’s friends; Yael Nagler , founder of Yass Partners! Yael has built a career advising extremely large businesses about processes and risk. In this episode she covered: - How to use Situational Awareness - Ten Steps to win at corporate! - How to talk so CISOs will listen. How to listen so CISOs will talk. - What are CISOs being asked. - Why helping others is the best feeling in the entire world. Thank you so muc...

WeHackPurple Podcast Episode 55 with Guest James Tabron

In this episode of the We Hack Purple Podcast we meet James Tabron the director of Engineering at Twilio! James switched from security to engineering recently, and wanted to share how startups and large companies can both start their SOC2 compliance programs. He shed a lot of light on where to start, common challenges, how much value can be gained from SOC two, and even how to automate the process. He also confirmed our on-going assumptions that good soft skills and specifically empathy we...

We Hack Purple Podcast Episode 54 with Caroline Wong

 In this episode of the We Hack Purple Podcast we meet another of host Tanya Janca’s friends; Caroline Wong of Cobalt Security! Caroline  has worked in security, and specialized in AppSec, for a very long time. She explained what Pentesting-as-a-Service actually is, how to hire a good pentester, and when this service might be your best choice. Tanya quizzed her quite a bit, but Caroline really is the expert; she even wrote a book on the topic! This episode also covers; defending against ra...

We Hack Purple Podcast Episode 53 with Guest Nicole Dove

 In this episode of the We Hack Purple Podcast we meet another of host Tanya Janca’s friends; Nicole Dove of Riot Games! Nicole is a BISO (Business Information Security Officer) and told us everything we need to know about this role, including; how to get this job, how to be great at it, and the huge value that it provides to companies. We also talked about software supply chain security, SBOMS, the LinkedIn Learning Course she just made, and how she’s going to be speaking at RSA Conferenc...

We Hack Purple Podcast Episode 52 with Sherif Mansour

In this episode of the We Hack Purple Podcast we meet Sherif Mansour, ex-chair of the OWASP Board of Directors. Having recently finished his 4-year term of volunteering for the largest application security community on the planet, he had a tiny bit of spare time for our host, Tanya Janca. Sherif talked about some of his favourite accomplishments within OWASP, his career and a special project with the OpenSSF: The Alpha-Omega Project to Improve Software Supply Chain Security for 10,000 OS...

We Hack Purple Podcast Episode 51 with Ashley Burke

Welcome back to season 2 of the We Hack Purple Podcast! In this episode We Hack Purple Community member Ashely Burke takes us on a non-technical journey into #InfoSec.  Learn about navigating the job market, figuring out your special skills, how to handle imposter syndrome and much more.  Join us in the We Hack Purple Community: A fun and safe place to learn and share your knowledge with other professionals in the field.  Subscribe to our newsletter!

We Hack Purple Podcast Episode 50 with Adam Shostack

Welcome back to season 2 of the We Hack Purple Podcast! In this episode host Tanya Janca  learns about Threat Modelling with guest Adam Shostack.  He covers his new white paper (Fast, Cheap and Good: An Unusual Tradeoff Available in Threat Modeling) about how to do threat modeling that is cheap, fast AND good! Adam's WhitePapers: https://shostack.org/resources/whitepapers  Adam's "New Thing" newsletter: https://shostack.org/contact Join the We Hack Purple Cyber Security Community: https...

AppSec Tools - Contrast Security Serverless Scanner

 Jeff Williams from Contrast Security takes our questions about their new Serverless Scanning Tool and gives a demo to show just how easy it is.  Video demo can be found here: https://youtu.be/R4NkfbNw5Ys Learn more here: https://www.contrastsecurity.com/contrast-serverless-application-security  Join our online community here: community.wehackpurple.com  Our online courses in #AppSec and Secure Coding: academy.wehackpurple.com 

How to Build Security Champions

All too often, the AppSec team or security team is a person of one.  How can you add more people to the team with out a massive increase to the budget? Persuasion! This talk was given at SecTor (Toronto) Nov 2021.  Scaling your Team is part of our Application Security Program at Academy.WeHackPurple.Com 

How to Build Security Champions

All too often, the AppSec team or security team is a person of one.  How can you add more people to the team with out a massive increase to the budget? Persuasion! This talk was given at SecTor (Toronto) Nov 2021.  Scaling your Team is part of our Application Security Program at Academy.WeHackPurple.Com 

We Hack Purple Podcast Episode 49 with guest Adrian Sanabria

 Host Tanya Janca   learns what it’s like to do Cybersecurity Product testing and reviews at Security Weekly Labs with guest Adrian Sanabria!  Thank you to our sponsor Checkmarx! https://www.checkmarx.com/ Buy Tanya's new book on Application Security: Alice and Bob learn Application Security Don’t forget to check out We Hack Purple Academy’s NEW courses, Join our Cyber Security community: https://community.wehackpurple.com/ A safe place to learn and share your knowledge with other pr...

We Hack Purple Podcast Episode 49 with guest Adrian Sanabria

 Host Tanya Janca   learns what it’s like to do Cybersecurity Product testing and reviews at Security Weekly Labs with guest Adrian Sanabria!  Thank you to our sponsor Checkmarx! https://www.checkmarx.com/ Buy Tanya's new book on Application Security: Alice and Bob learn Application Security Don’t forget to check out We Hack Purple Academy’s NEW courses, Join our Cyber Security community: https://community.wehackpurple.com/ A safe place to learn and share your knowledge with other pr...

We Hack Purple Podcast Episode 48 with Pierre DeBois

 Host Tanya Janca  learns what it’s like to found and run a small business (Zimana Analytics) focused on data analytics, with guest Pierre DeBois! Thank you to our sponsor Checkmarx! https://www.checkmarx.com/ Buy Tanya's new book on Application Security: Alice and Bob learn Application Security Don’t forget to check out We Hack Purple Academy’s NEW courses, Join our Cyber Security community: https://community.wehackpurple.com/ A safe place to learn and share your knowledge with othe...

We Hack Purple Podcast Episode 47 with Deviant Ollam

 Host Tanya Janca  learns what it’s like to be a physical penetration tester, with guest Deviant Ollam. Famous for hacking banks, elevators and basically any physical security device, he will share how he got to where he is today! Check out his Twitter while you’re at it! Thank you to our sponsor 10Security NEW Secure coding Course here! Buy Tanya's new book on Application Security: Alice and Bob learn Application Security. Don’t forget to check out  We Hack Purple Academy’s NEW course...

We Hack Purple Podcast Episode 46 with Sunny Wear

 Host Tanya Janca learns from Sunny Wear about penetration testing with a live demonstration! Sunny shows off her custom app, Burp Tool Buddy, which shows you how to use and configure burp suite Pro. And it's a STEAL at $4.99!! https://twitter.com/SunnyWear Thank you to our sponsor 10Security NEW Secure coding Course here! Buy Tanya's new book on Application Security: Alice and Bob learn Application Security. Don’t forget to check out  We Hack Purple Academy’s NEW courses, #AppSec Foun...

We Hack Purple Podcast Episode 45 with Ron Brash

 Host Tanya Janca meets Ron Brash. He is a well-known technical expert in the ICS community, with a long-standing history in oil and gas from a young age, but also by engaging in difficult-to-solve industry solution development questions. Today, he has a Master’s degree in Computer Science, a Bachelor’s in Technology, over a decade of experience with industrial networks and technologies, embedded systems, systems design, risk advisory, and in several different domains ranging from aviation, ...

We Hack Purple Podcast Episode 44 with Maril Vernon

Host Tanya Janca  learns what it’s like to be an offensive Engineer at @zoom, as well as a PluralSight author & mentor. Maril Vernon is always helping peeps break into cybersecurity. https://twitter.com/shewhohacks Thank you to our sponsor 10Security NEW Secure coding Course here! Buy Tanya's new book on Application Security: Alice and Bob learn Application Security. Don’t forget to check out  We Hack Purple Academy’s NEW courses, #AppSec Foundations taught by Tanya Janca! https://acad...

We Hack Purple Podcast Episode 43 with Leif Dreizler

Host Tanya Janca meets Leif Dreizler who manages the Product Security team at Segment. The ProdSec Team is focused on partnering with software engineering teams to design and implement security features for the Segment product. Leif got his start in the security industry at Redspin doing security consulting work and was later an early employee at Bugcrowd. He helps organize the Bay Area OWASP Chapter, the AppSec California Conference and LocoMocoSec. Thank you to our sponsor 10Security Bu...

We Hack Purple Podcast Episode 42 with guest Jessica Dodson

 Host Tanya Janca talks with guest Jessica Dodson to learn what it’s like to be a Customer Engineer (CE) in Security & Identity Modernization @ Microsoft. You can learn more about Jess here: https://girl-germs.com/ or follow her on Twitter. https://linktr.ee/girlgerms https://www.linkedin.com/in/jrdodson/ https://twitter.com/girlgerms Thank you to our sponsor #10Security! https://www.10security.com/ Buy Tanya's new book on Application Security: Alice and Bob learn Application Securi...

We Hack Purple Podcast Episode 42 with guest Jessica Dodson

 Host Tanya Janca talks with guest Jessica Dodson to learn what it’s like to be a Customer Engineer (CE) in Security & Identity Modernization @ Microsoft. You can learn more about Jess here: https://girl-germs.com/ or follow her on Twitter. https://linktr.ee/girlgerms https://www.linkedin.com/in/jrdodson/ https://twitter.com/girlgerms Thank you to our sponsor #10Security! https://www.10security.com/ Buy Tanya's new book on Application Security: Alice and Bob learn Application Securi...