The We Hack Purple Podcast will help you find your career in Information Security via interviews with our host, Tanya Janca, and our guests from all different backgrounds and experiences. From CISOs and security architects, to incident responders and CEOs of security companies, we have it all. Learn how they got to where they are today! www.WeHackPurple.com
In episode 76 of the We Hack Purple Podcast host Tanya Janca brings Anshu Bansal, the CEO of CloudDefense.ai, back onto the show for a second time to discuss “solving problems in application security”. Tanya and Anshu have worked together quite a while, as Tanya has been an advisor at Cloud Defense since it was a drawing on the back of a napkin!
We choose this topic because Anshu recently spoke at the OWASP Bay Area meetup chapter, ...
In episode 75 of the We Hack Purple Podcast, host Tanya Janca interviews Enno, a security researcher from Semgrep. They discussed all things static analysis, including; how do we come up with SAST rules, what’s important to search for, important considerations when writing rules, testing rules before wider roll out, and writing rules specifically for Semgrep.
We briefly got into The Official Docs, and content creation for both inter...
In episode 74 of the We Hack Purple Podcast, host Tanya Janca talks to guest Ray Espinoza from Inspectiv! During the podcast we honed in on how to build a positive security culture, which has several important ingredients; Security Champions, Empathy, explaining ‘the why’, sharing information in both technical and non technical formats, and storytelling! We talked about training, we talked about metrics, we talked about how to get ...
In episode 71 of the We Hack Purple Podcast Host Tanya Janca speaks to the Ariel Shin from Twillio! Ariel does product security, and as you might imagine, Tanya had at least 100 questions for her. We discussed threat modelling, influence, persuasion and other communication skills needed to be an effective #AppSec person (or any security professional, for that matter). The conversation got really interesting as we dove into how to ...
In episode 70 of the We Hack Purple Podcast Host Tanya Janca speaks with Meghan Jacquot, who she met at OWASP Global AppSec in Dublin, Ireland. Tanya talked her into being on the podcast, and all of us get to hear about threat modelling (horizontally and vertically!), how women choose which conferences to attend, how to reduce physical risks when traveling, how to do security research and perform ‘good’ at the same time (“Cyber for...
In episode 68 of the We Hack Purple Podcast host Tanya Janca dives into Domain Driven Design (and development) with Gagandeep Singh. Gagandeep is an avid blogger, and Tanya read his article on DDD and just had to interview him. We discussed if Design Driven design or development are those the same thing (they aren’t!), the security advantages of DDD, how Trusted Types and Content Security Policy Header come into play! We discussed ...
We Hack Purple Podcast Episode 67 with Jeremy Ventura
In this episode of the We Hack Purple podcast host Tanya Janca met with Jeremy Ventura of ThreatX, to discuss how we can help more people from underrepresented groups into tech and specifically into the field of Cybersecurity / InfoSec. How do we get them a seat at the table? How can we share knowledge and educate people en mass? Can we advocate for others? (Spoiler alert: Jeremy...
In episode 69 of the We Hack Purple Podcast Host Tanya Janca speaks to the only person on earth who is more excited about security headers than she is: Scott Helme of Report URI! Scott talked about all the different security headers, how some are ‘new’, when and why we would use them. We spoke about why some security headers stopped being used, rogue certificate authorities, and so much more. In fact, at the end, we felt that didn’...
In episode 66 of the We Hack Purple Podcast Host Tanya Janca sits down with one of her colleagues from IANs Research, Wolfgang Goerlich! We talked about his work and AMAZING team at Cisco (Hi Wendy and Dave!), how they were originally part of Duo Security, and that they missed their chance for a fun rebrand of Duo + Cisco = Disco! Besides all the silly jokes, we talked about what security looks like beyond just vulnerabilities and ...
In this episode of the We Hack Purple podcast host Tanya Janca met with Anant Shrivastava! We talked about securing the entire software supply chain (including your CI/CD and where you get your packages from), and how it is more than just buying a software composition analysis (SCA) tool. He explained the new and very different risks of securing a mobile app versus a regular web app or an API, that’s he’s more of an ops than a...
In this episode of the We Hack Purple podcast host Tanya Janca met with Frank from Phoenix Security in the UK! We talked about this latest white paper ‘SLAs are Dead, Long Live SLAs!’, how AppSec folks aren’t necessarily ‘great’ at maintaining their own SLAs, and how to empower a team to do their own governance and be responsible for their own risk. We talked about how to figure out the security maturity model you are looking for, ...
A We Hack Purple Live Stream with Matt Tesauro of Defect Dojo Inc (https://www.defectdojo.com/).
Join We Hack Purple Community to be invited to awesome events like one! https://community.wehackpurple.com
Description: You’re tasked with ‘doing DevSecOps’ for your company and you’ve got more apps and issues than you know how to deal with. How do you make sense of the different tools outputs for all your different ...
In this episode of the We Hack Purple podcast host Tanya Janca met with her colleague from IANs Faculty: Mick Douglas, founder of InfoSec Innovations! We talked about EVERYTHING AppSec and definitely could haveeasily talked at least 2 more hours! He explained what honey pots/honey files/honey links are, and how to use them. Creating a "tamper evident" network and system, as well as how marketing people have really messed...
In this episode of the We Hack Purple Podcast we meet Olivia Rose, founder Rose CISO Group, www.RoseCISOGroup.com.
We talked about the fact that "consulting rules!", mentoring opportunities, and how CISOs and AppSec people have to fight to do their jobs all day, every day. Olivia dove into how to translate what do you, as a cyber security expert, to the executive board and other folks who are brilliant, but not-so-technic...
The importance of open source security management made headlines in 2017 when the Equifax breach resulted in the compromise of the personal information of millions of users. The breach was attributed to the use of a known vulnerable version of the Apache Struts open source framework. Since then, we’ve seen a rise in the disclosure (and exploitation) of vulnerabilities in open source software, such as the famous Log4Shell vulnerabil...
In this episode of the We Hack Purple Podcast we meet Gemma Moore , co-founder and director of Cyberis. Gemma is an expert in penetration testing and red teaming. She started her career in cyber security nearly twenty years ago, working her way up from a junior penetration tester to running the penetration testing practice in a specialist consultancy by 2011. She is a founding director of the information security consultancy, Cyber...
In this episode of the We Hack Purple Podcast we meet Anshuman Bhartiya, a Principal Security Engineer who also happens to be an avid AppSec blogger (https://www.anshumanbhartiya.com/) and conference speaker.
We talked about how the SAST industry seems to be divided into two camps, as well as “the old guard” who used to say no to everything, versus newer ways of working towards better AppSec, such as using empathy and enablement, ra...
In this episode of the We Hack Purple Podcast we meet Vitaly Unic, the head of AppSec Research at Bright. We talked about creating an application security program with realistic goals, what works and what does not work. We dove into how to roll out a tool and get the most value, and then took a deep dive into how DASTs are built. How does a DAST find vulnerabilities, how does it discover the attack surface, and what, exactly, is an...
In this episode of the We Hack Purple Podcast we meet one of host Tanya Janca’s professional mentors; Sherif Koussa of Software Secured and Reshift Security.
In this episode we talked about how we could prevent the next Log4J. We covered government regulations, industry compliance, tooling, SBOMs, inventory, incident response, and more! Check it OUT!
Join us in the We Hack Purple Community: A fun and safe plac...
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations.
If you can never get enough true crime... Congratulations, you’ve found your people.
In order to tell the story of a crime, you have to turn back time. Every season, Investigative journalist Delia D'Ambra digs deep into a mind-bending mystery with the hopes of reigniting interest in a decades old homicide case.
It’s a lighthearted nightmare in here, weirdos! Morbid is a true crime, creepy history and all things spooky podcast hosted by an autopsy technician and a hairstylist. Join us for a heavy dose of research with a dash of comedy thrown in for flavor.
Unforgettable true crime mysteries, exclusive newsmaker interviews, hard-hitting investigative reports and in-depth coverage of high profile stories.