Category: AMA

Safety at #HackerSummerCamp

Posted on by Leave a comment
Image of Tanya saying "Ask me anything AppSec"

A few years ago, I wrote a blog post, Hacker Summer Camp 2019, about how to stay safe at #HackerSummerCamp (Def Con + Black Hat + Diana Initiative + B-Sides + everything else that week in Vegas). I made a video to add more details, clarity and ideas on how to have more fun and make more friends. You can watch it below!

Video about how to stay safe and have fun at Hacker Summercamp

AMA AppSec: What would you tell University Students about Application Security?

Posted on by

Content from the We Hack Purple Community!

In a recent ‘Ask Me Anything; Application Security’ live stream, Tanya Janca discusses ‘What would you tell University Students about Application Security?’ This video is approximately 9 minutes.

What would you tell University Students about Application Security?

Stream Summary:

  • There are over a million jobs in the security field for which there is no qualified security person available to fill; you will never be without work if you choose this field
  • I explained that learning how to use zap is easy, and breaking things is fun
  • Doing hands-on things right away is a good way to learn
  • I explained that I started THIS SITE. How meta of me to discuss it here. I also talked about my long term goals for the site; to create affordable training so that we can create AppSec and DevSecOp engineers, and find them their first job.
  • Discussion of two large problems in InfoSec; not enough highly skilled people to do all of the work and there is no clear career path to get into our field.
  • Plans for SheHacksPurple.dev: to create theory and hands-on lessons with security tools. Especially the “not free” tools, that you are more likely to be expected to use at work. I am currently contacting vendors to see how we can create a deal so my students can try their products for free or almost-free.
  • I describe how I want to teach my courses, how I hope to help people learn.
  • Then I nerd out about Vulnerability Management and Metrics, because I really like those topics.
  • Then someone in the chat changes the topic and that will be my very next post!

If you want to be invited to my free live streams sign up for my newsletter!

For this and more, check out my book, Alice and Bob Learn Application Security and my online training academy, We Hack Purple!
Posted in AMA

AMA: DevSecOps versus Secure SDLC

Posted on by

In a recent ‘Ask Me Anything’ live stream, Tanya Janca of We Hack Purple discusses ‘DevSecOps versus Secure SDLC’. This video is approximately 2.5 minutes.

  • DevSecOps is you as an AppSec professional, doing your job, in a DevOps environment.
  • A secure SDLC is when you add security activities to your system development lifecycle. Preferably in every phase of the SDLC, and formalized (devs cannot avoid it).
  • Examples of secure SDLC
  • Threat modelling during design
  • Adding security requirements & review during requirements gathering
  • Reviewing your design for security flaws and to ensure secure deign concepts are applied
  • Then Tanya gets off topic and talks about We Hack Purple.
For this and more, check out my book, Alice and Bob Learn Application Security and my online training academy, We Hack Purple!
Posted in AMA