In episode 71 of the We Hack Purple Podcast Host Tanya Janca speaks to the Ariel Shin from Twillio! Ariel does product security, and as you might imagine, Tanya had at least 100 questions for her. We discussed threat modelling, influence, persuasion and other communication skills needed to be an effective #AppSec person (or any security professional, for that matter). The conversation got really interesting as we dove into how to communicate with an executive, versus an engineer, versus a non-tech person, and how we can communicate and advocate for security (effectively) in the process. She talked about breaking down an argument into multiple pieces, to ensure you get the message across the best possible way. If you are someone who has struggled with convincing the rest of IT to patch or fix bugs, she breaks down how to do this in a way Tanya plans to adopt from now on. Take a listen at the links below!
Ariel Shin is a product security team lead at Twilio. Ariel started her career as a penetration tester, specializing in web and mobile security, before moving into the product security space. Ariel enjoys building relationships with developers through secure code reviews, threat modeling, security training, and vulnerability management. Currently, Ariel is working on rolling out and expanding Self-Service Threat Models for the Twilio Org.
Ariel’s Social Media: linkedin.com/in/arielshin/
Link to the great podcast episode Ariel spoke about: “Hacker Explains One Concept in 5 Levels of Difficulty” by WIRED Podcast, featuring Samy Kamkar.
Very special thanks to our sponsor: Women’s Society of Cyberjutsu!
Women’s Society of Cyberjutsu are hosting CYBERJUTSU CON 4.0 and the 10th Annual Cyberjutsu Awards on June 24, 2023!!! The Con will consist of Hands-on Workshops, Capture The Flag (CTF) Competitions, Professional Headshots, Recruiting Opportunities, Celebration, and more. Participants will walk away with hands-on knowledge that can be applied immediately on the job. You can check out the event here: https://womenscyberjutsu.org/page/CyberCon2023
FYI the call for papers is still OPEN! Apply here: https://www.papercall.io/cyberjutsucon2023
Join We Hack Purple!
Check out our brand new courses in We Hack Purple Academy. Join us in the We Hack Purple Community: A fun and safe place to learn and share your knowledge with other professionals in the field. Subscribe to our newsletter for even more free knowledge! You can find us, in audio format, on Podcast Addict, Apple Podcast, Overcast, Pod, Amazon Music, Spotify, and more!