Tanya Janca, also known as SheHacksPurple, is the author of ‘Alice and Bob Learn Application Security.’ She is also the founder of We Hack Purple, an online learning academy, community, and podcast that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty years, won numerous awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). She has worn many hats: startup founder, pentester, CISO, AppSec Engineer, and software developer. She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings on 6 continents. She values diversity, inclusion, and kindness, which shines through in her countless initiatives.
Founder: We Hack Purple (Academy, Community, and Podcast), WoSEC International (Women of Security), OWASP DevSlop, OWASP Victoria, #CyberMentoringMonday
Part of security is teaching security
Started in software development, then starting meeting hackers, and decided to switch to security.
Tanya is extremely scholastically inclined
She comes from a family full of women computer scientists, technologists, and mathematicians!
Her aunt was the FIRST to graduate in CS from Ontario.
Her mother was a mathematician.
She had four uncles in computer science.
Tanya's Quick List For Getting Into Infosec
Responsibility of a mentee: [30:29]
Have energy and time
Respect your mentor's time
Need to have already looked for the answer online before you ever ask them for something
They are not a free consultant; you shouldn't ask them to do your work
You shouldn't stand them up for meetings
Recognize and have gratitude for the fact that this person has a crap-ton of knowledge in their brain that they're sharing with you for free. They're taking the time out. You're not their daughter or son. You're not their friend. You're a person in their industry, and they're trying to pay it forward.
You want to actually do the exercises that your mentor gives you
Choose your mentor wisely
Do not expect your mentor to find you a job
"We're graduating people who don't know how to make secure software, but they do know how to make software! So that ends up being insecure software." [4:57]
"So if I [were] going to teach a software security course at a university, they would pay me as an adjunct professor, and they would pay me almost nothing. It would almost be equivalent to volunteer work." [5:35]
"I thought I really wanted to be a penetration tester until I discovered that there is this weird spot… in between red team and blue team." [10:17]
"A lot of penetration testers get a little depressed."[11:07]
"People just don't know how many super awesome cool things there are out there!" [15:11]
"The people I liked the best are the people in my computer science class." [22:24]
"Honestly, I just smoked a lot of weed and just showed up and would ace things." [22:12]
"You don't have to spend money at the beginning necessarily." [31:58]
"Which certification should I get so that I can be a good pentester?" [31:34]
"I don't know enough to be a mentor." [31:50]
Personal Site: https://dev.to/shehackspurple
Pushing Left Series: https://code.likeagirl.io/pushing-left-like-a-boss-part-1-80f1f007da95
NICE Framework: https://www.nist.gov/itl/applied-cybersecurity/nice/nice-cybersecurity-workforce-framework-resource-center
Franziska Bühler https://twitter.com/bufrasch
Getting Into Infosec
Breaking IN: A Practical Guide to Starting a Career in Information Security: https://www.amazon.com/dp/B07N15GTPC/
T-Shirts, Mugs, and more: https://gettingintoinfosec.com/shop/
Sign up for sneak peeks, updates, and commentary: https://pages.gettingintoinfosec.com/subscribe
See omnystudio.com/listener for privacy information.