Blog

Quite often clients ask me “Which API Security Tool should I buy?”, and as you might have guessed I answer “It depends”, then proceed to ask them a dozen questions. Recently I asked a colleague at Semgrep if they felt this process might be of value to my readers, …

Right now, the concept of the software supply chain and securing it is quite trendy. After the solar winds breach, the attack on the crypto wallet, at the log4J fiasco, the entire world appears to be focused on securing the software supply chain. I’m not complaining. If anything, as an application security …

For those of you who are aware, every August for the past 30 years or so, hackers have been meeting in the dead heat of summer in Las Vegas Nevada to host multiple learning and community events. It started with Def Con, a conference dedicated to hackers & hacker …

My nails and dress were matchy-matchy for my first day! Since I've been keeping this giant secret for so long, I'm very excited to finally be able to share all of my good news. This blog post is going to be all about my first week at Semgrep. We …

Hello my friends! It's me, Tanya Janca from We Hack Purple, and I am beyond thrilled to announce that we are joining forces with Semgrep to take the world of application security by storm! As the new Head of Education and Community, bringing We Hack Purple community and content …

Many years ago, when I was a software developer, a very smart boss said to me: “Tanya, it’s always operations first. Projects after.” At first, I was confused, how will I make any progress on my projects if I’m always doing operations? And, what the HECK is “operations” anyway? …

I want to get something straight: you do not need to put a dynamic scanning tool into your CI/CD pipeline in order to do DevSecOps properly. You don't even necessarily need to use automated dynamic analysis at all, to be doing DevSecOps. I do regular consulting via IANs Research …

A few years ago, I wrote a blog post, Hacker Summer Camp 2019, about how to stay safe at #HackerSummerCamp (Def Con + Black Hat + Diana Initiative + B-Sides + everything else that week in Vegas). I made a video to add more details, clarity and ideas on …

As you might have been aware if you read my blog, I spoke at B-Sides San Francisco and RSA Conference 2023, and it was GREAT! Below is a report about my trip, and all the wonderful people, places, and activities I saw and participated in from April 21-28, 2023. …

If you’ve been following the #WeHackHealth hashtag, quite a few people who work in the field of information security have been sharing health tips, encouraging each other to focus on their own health, and showing progress reports on their efforts. Several people I know have been following it closely, …

https://www.youtube.com/watch?v=ILQGZIdvy7s Hello folks! I will be speaking both B-Sides San Francisco and #RSAC this year, the last week of April 2023, in San Francisco. I would love to have a chance to meet some of you in person. If you see me, and feel comfortable, please say hello! I'm …

When I started programming in the 90's the security of software wasn't on everyone's mind like it is now. I took no security classes in my 3-year college computer science program, and it never even came up as a subject. I was taught to save the connection string for …

Recently I had the pleasure of being one of the keynote speakers at OWASP Global AppSec, in Dublin Ireland. In this post I’m going to give a brief overview of some of the talks I saw while I was there, and the TONS of fun I had. I didn’t …

I have run an informal mentoring program, every single Monday, since 2018. It's very simple; I use the hashtag #CyberMentoringMonday on Twitter and Mastadon, to try to help people find each other.

Working in the information technology (IT) field means you need to be comfortable with things at work constantly changing and the need to continue to learn as your career grows. Working in information security (InfoSec) means you not only need to keep up with all sorts of IT trends, …

You may not be aware but Canada's Public Safety department put out a call to Canadian Citizens (sorry brilliant people who are not Canadian), asking for ideas, suggestions and thoughts on what they should prioritize next for the Canadian Government for InfoSec. I WAS SO EXCITED WHEN I SAW …

I haven’t written in my personal blog in a while, and I have good reasons (I moved to a new city, the new place will be a farm, I restarted my international travel, something secret that I can’t announce yet, and also did I mention I was a bit …

For those who are not aware, I used to be a professional musician. I went both under my name (Tanya Janca, folk singer) and was in several different musical groups including Couchwrecked, who wrote the song Hottawa. I just released another parody video and thought I would share it. …

Three years ago I decided that I would share most of my talk content with my community (everything that I am not currently applying to conferences with). At the time, I only shared one, because…. I ran out of time. Now it's time to share the second talk, "Security …

Almost all of the people who respond to my #CyberMentoringMonday tweets each week say that they want to “get into InfoSec” or “become a Penetration Tester”; they rarely choose any other jobs or are more specific than that. I believe the reason for this is that they are not aware of …