Episode 80 with Ray Leblanc

11/07/2023 12:00 am

In episode 80 of the We Hack Purple Podcast host Tanya Janca brings on her long-time friend Ray Leblanc of 'Hella Secure' blog. You may remember him from several Alice and Bob Learn streams, or from his cutting sarcasm on social media.

Episode 81 with Diana Kelly

14/09/2023 12:00 am

In episode 81 of the We Hack Purple Podcast host Tanya Janca spoke to Diana Kelly, Chief Information Security Officer (CISO) at Protect AI. Diana and Tanya worked together at Microsoft, and to say that Diana is a pillar of the information security industry is somewhat of an understatement. Together they discussed problems with Large Langiage Models (LLMs) ingesting crappy code, and bad licenses, the OSSF (and it's goodness), and that sometimes people don't even realize they are breaking software licences when they use what an LLM has produced.

Episode 79 with Isabelle Mauny

19/06/2023 12:00 am

In episode 79 of the We Hack Purple Podcast host Tanya Janca spoke to Isabelle Mauny (https://www.linkedin.com/in/isamauny/), Field CTO and founder of 42Crunch (https://42crunch.com)! Isabelle and Tanya met way back in 2018, at an API Security workshop in Britain, having no idea they would be friends for years to come! Isabelle is extremely passionate about securing APIs, and has volunteered for several different groups and projects in order to try to steer our industry in a more secure direction, including being president of the OpenAPI group and lending her skills to the OWASP DevSlop project to fix up our Pixi app.

Episode 78 with Jason Haddix

10/06/2023 12:00 am

In episode 78 of the We Hack Purple Podcast host Tanya Janca brings Jason Haddix on to talk about artificial intelligence, and (of course) how to hack it! Jason discussed how to use AI for both defense and offence, using plain language (conversational), rather than code, and what a red teaming exercise looks for such a system. We talked bout what a large language model looks like, cleaning up data, and how easy it is to get them to do bad things. Jason invited everyone to the AI Village at Def Con this year, and so much more! There was also much love for Daniel Miessler, his articles on AI, and his newsletter Unsupervised Learning.

Episode 76 with Brendan Sheairs

02/06/2023 12:00 am

In episode 77 of the We Hack Purple Podcast host Tanya Janca chats with Brendan Sheairs about her latest obsession; security champions! Brendan has significantly more experience in this area than anyone Tanya has met, so they dug in deep on this topic.

Episode 72 with Scott Helme, AGAIN

12/05/2023 12:00 am

Episode 73 with Amanda Crawley

11/04/2023 12:00 am

In episode 73 of the We Hack Purple Podcast, host Tanya Janca talks to guest Amanda Crawley of 1Password! We talked about how developers need special tools to help them do their jobs, securely, then we chatted about several things that can help them, especially password managers! Developers are huge targets for malicious actors and Amanda shared TONS of ways devs can protect themselves

Episode 76 with Anshu Bansal

23/05/2023 12:00 am

In episode 76 of the We Hack Purple Podcast host Tanya Janca brings Anshu Bansal, the CEO of CloudDefense.ai, back onto the show for a second time to discuss “solving problems in application security”. Tanya and Anshu have worked together quite a while, as Tanya has been an advisor at Cloud Defense since it was a drawing on the back of a napkin!

Episode 75 with Enno

16/05/2023 12:00 am

In episode 75 of the We Hack Purple Podcast, host Tanya Janca interviews Enno, a security researcher from Semgrep. They discussed all things static analysis, including; how do we come up with SAST rules, what’s important to search for, important considerations when writing rules, testing rules before wider roll out, and writing rules specifically for Semgrep.

Episode 74 with Ray Espinoza

09/05/2023 12:00 am

In episode 74 of the We Hack Purple Podcast, host Tanya Janca talks to guest Ray Espinoza from Inspectiv! During the podcast we honed in on how to build a positive security culture, which has several important ingredients; Security Champions, Empathy, explaining ‘the why’, sharing information in both technical and non technical formats, and storytelling!

Episode 71 with Ariel Shin

18/04/2023 12:00 am

In episode 71 of the We Hack Purple Podcast Host Tanya Janca speaks to the Ariel Shin from Twillio! Ariel does product security, and as you might imagine, Tanya had at least 100 questions for her.  We discussed threat modelling, influence, persuasion and other communication skills needed to be an effective #AppSec person (or any security professional, for that matter). The conversation got really interesting as we dove into how to communicate with an executive, versus an engineer, versus a non-tech person, and how we can communicate and advocate for security (effectively) in the process. She talked about breaking down an argument into multiple pieces, to ensure you get the message across the best possible way. If you are someone who has struggled with convincing the rest of IT to patch or fix bugs, she breaks down how to do this in a way Tanya plans to adopt from now on. Take a listen at the links below! 

Episode 70 with Meghan Jacquot

04/04/2023 12:00 am

In episode 70 of the We Hack Purple Podcast Host Tanya Janca speaks with Meghan Jacquot about threat modelling (horizontally and vertically!), how women choose which conferences to attend, how to reduce physical risks when traveling, how to do security research and perform ‘good’ at the same time (“Cyber for good”), any her countless volunteer efforts to make our industry more welcoming

Episode 69 with Scott Helme

02/03/2023 12:00 am

In episode 69 of the We Hack Purple Podcast Host Tanya Janca speaks to the only person on earth who is more excited about security headers than she is: Scott Helme of Report URI! Scott talked about all the different security headers, how some are ‘new’, when and why we would use them. We spoke about why some security headers stopped being used, rouge certificate authorities, and so much more. In fact, at the end, we felt that didn’t get to finish all the things we wanted to say. There was so much more to dive into, meaning this is part 1 of a 2 part episode!

Episode 68 with Gagandeep Singh

03/03/2023 12:00 am

In episode 68 of the We Hack Purple Podcast host Tanya Janca dives into Domain Driven Design (and development) with Gagandeep Singh. Gagandeep is an avid blogger, and Tanya read his article on DDD and just had to interview him. We discussed if Design Driven design or development are those the same thing (they aren’t!), the security advantages of DDD, how Trusted Types and Content Security Policy Header come into play! We discussed the concept of having the security of a feature be part of the design and feature itself, and the huge security advantages we can expect to see. To hear more, you need to see the episode!

Episode 67 with Jeremy Ventura

09/03/2023 12:00 am

In this episode of the We Hack Purple podcast host Tanya Janca met with Jeremy Ventura of ThreatX, to discuss how we can help more people from underrepresented groups into tech and specifically into the field of Cybersecurity/ InfoSec. How do we get them a seat at the table? How can we share knowledge and educate people en mass? Can we advocate for others? (Spoiler alert: Jeremy and I gave several examples of both sides of that equation) We talked about “Saying yes more often!” when we are asked to do something a bit outside our comfort zone, if it might bring us new opportunities. We talked about imposter syndrome, different learning styles, and that you can come from any career, education or background, and there’s a place for YOU in our field!

Episode 66 with Wolfgang Goerlich

23/02/2023 12:00 am

In episode 66 of the We Hack Purple Podcast Host Tanya Janca sits down with one of her colleagues from IANs Research, Wolfgang Goerlich! We talked about his work and AMAZING team at Cisco (Hi Wendy and Dave!), how they were originally part of Duo Security, and that they missed their chance for a fun rebrand of Duo + Cisco = Disco! Besides all the silly jokes, we talked about what security looks like beyond just vulnerabilities and trying to keep the bad guys out. We zeroed in on legitimate users that misuse systems, and dug into how Threat modelling and diversity could be used to prevent situations such as the infamous apple AirTags misuse. We talked about including privacy as part of threat modelling, Cara Bloom’s Mitre Privacy Framework, ‘least data collection’, as well as using nudge economics to promote positive security and privacy culture change. This conversation was AWESOME.

Episode 64 with Anant Shrivastava

09/02/2023 12:00 am

In this episode of the We Hack Purple podcast host Tanya Janca met with Anant Shrivastava! We talked about securing the entire software supply chain (including your CI/CD and where you get your packages from), and how it is more than just buying a software composition analysis (SCA) tool. He explained the new and very different risks of securing a mobile app versus a regular web app or an API, that’s he’s more of an ops than a dev person, and how the risks are all coming together now that many of us are doing DevOps.

Episode 65 with Frank Cipollone

28/01/2023 12:00 am

In this episode of the We Hack Purple podcast host Tanya Janca met with Frank from Phoenix Security in the UK! We talked about this latest white paper ‘SLAs are Dead, Long Live SLAs!’, how AppSec folks aren’t necessarily ‘great’ at maintaining their own SLAs, and how to empower a team to do their own governance and be responsible for their own risk.

Episode 63 with Guest Mick Douglas

12/01/2023 12:00 am

In this episode of the We Hack Purple podcast host Tanya Janca met with her colleague from IANs Faculty: Mick Douglas, founder of InfoSec Innovations! We talked about EVERYTHING AppSec and definitely could haveeasily  talked at least 2 more hours! He explained what honey pots/honey files/honey links are, and how to use them. Creating a "tamper evident" network and system, as well as how marketing people have really messed up the term "shift left" for the rest of us. Not only that, but the episode had TONS of laughs!

Episode 62 with Guest Olivia Rose

22/12/2022 12:00 am

Bonus Episode! Securing Open Source Dependencies It’s Not Just Your Code That You Need to Secure, With Rana Khalil

20/12/2022 12:00 am

Image of Rana Khalil discusses the importance of securing open source libraries in this WHP Streams bonus episode!

Episode 61 with Guest Gemma Moore

12/12/2022 12:00 am

In this episode of the We Hack Purple Podcast we meet Gemma Moore , co-founder and director of Cyberis. Gemma is an expert in penetration testing and red teaming. She started her career in cyber security nearly twenty years ago, working her way up from a junior penetration tester to running the penetration testing practice in a specialist consultancy by 2011. She is a founding director of the information security consultancy, Cyberis.

Episode 59 with Guest Vitaly Unic

10/11/2022 12:00 am

Episode 58 with Guest Anshuman Bhartiya

14/10/2022 12:00 am

Episode 57 with Guest Sherif Koussa

26/08/2022 12:00 am

Episode 56 with Guest Yael Nagler

21/07/2022 12:00 am

Episode 55 with James Tabron

23/06/2022 12:00 am

Episode 54 with Caroline Wong

31/05/2022 12:00 am

Episode 53 with Guest Nicole Dove

13/05/2022 12:00 am

Episode 52 with Sherif Mansour

12/05/2022 12:00 am

WHP Streams: Cloud Security, Not Someone Else’s Problem

In this episode of the We Hack Purple Podcast we will host WHP community member Gabriel Wierzbieniec, to talk about: Cloud Security - Not Someone Else's Problem!

Episode 51 with Ashley Burke

15/02/2022 12:00 am

Episode 50 with Adam Shostack

15/01/2022 12:00 am

Episode 49 with Guest Adrian Sanabria

05/08/2021 6:00 pm

Learn what it's like to do Cybersecurity Product testing and reviews at Security Weekly Labs with guest Adrian Sanabria!

Episode 48 with Guest Pierre DeBois

29/07/2021 6:00 pm

Learn what it's like to found and run a small business (Zimana Analytics) focused on data analytics, with guest Pierre DeBois!

Episode 47 with Deviant Ollam

22/07/2021 6:00 pm

Learn what it's like to be a physical penetration tester, with guest Deviant Ollam. Famous for hacking banks, elevators and basically any physical security device, he will share how he got to where he is today! Check out his Twitter while you're at it!

Episode 46 with guest Sunny Wear

15/07/2021 6:00 pm

Host Tanya Janca learns from Sunny Wear about penetration testing with a live demonstration! Sunny shows off her custom app, Burp Tool Buddy, which shows you how to use and configure burp suite Pro.

Episode 44 with Guest Maril Vernon

01/07/2021 6:00 pm

Learn what it's like to be an offensive Engineer at @zoom, as well as a PluralSight author & mentor. Maril Vernon is always helping peeps break in to cybersecurity.

Episode 45 with Guest Ron Brash

08/07/2021 6:00 pm

Learn what it's like to be a director at Verve Industrial Protection as the Director of Cybersecurity Insights!

Episode 42 with Guest Jessica Dodson

17/06/2021 12:00 am

Join host Tanya Janca to talk with guest Jessica Dodson to learn what it's like to be a Customer Engineer (CE) in Security & Identity Modernization @ Microsoft.

Episode 43 with Guest Leif Dreizler

24/06/2021 6:00 pm

Leif manages the Product Security team at Segment. The ProdSec Team is focused on partnering with software engineering teams to design and implement security features for the Segment product.

Episode 41 with Guest Alyssa Miller

10/06/2021 6:00 pm

Learn what it's like to be a BISO (Business Information Security Officer)! Alyssa Miller has had a very exciting career, and has a LOT to share with us on how to climb the career ladder in Cyber!

Episode 30 with Guest Veronica Schmitt

Learn what it's like to be a Assistant Professor and Security Research who specializes in medical devices, with Veronica Schmitt!

Episode 29 with Guest O’Shea Bowens

Learn what it's like to be a CEO of a cyber security company, with O'Shea Bowens! O'Shea is a cyber security enthusiast who background is primarily security analytics & DFIR. He also focuses on cloud and application security.

Episode 28 with Guest Jarrod Overson

Learn what it's like to be a Director of Engineering, with Jarrod Overson! Jarrod is a developer, speaker, and author who most recently led development of Shape Security's application defense platform which was recently acquired by F5 for $1 billion.

Episode 27 with Guest Davin Jackson

Learn what it's like to be a Application Penetration Tester, with Davin Jackson! We talked about his long career, the hard work to change careers, and how rewarding it has been. We also talked about his awesome hoodies and how amazing InfoSec Unplugged is !

Episode 26 with Guest Barbara Schachner

Learn what it's like to be a Security Architect, with Barbara Schachner! Barbara is a Security Architect at Dynatrace. She has spent half of her 15 years of experience in the security industry on the defensive side and has built and led the Red Team at Siemens.

Episode 25 with Guest Troy Hunt!

Learn what it's like to be... TROY HUNT! He has had an incredibly interesting career, arguably unlike any other. Join us to learn more!

Episode 21 with Guest Sasha Rosenbaum

Learn what it's like to be a People Manager, with Sasha Rosenbaum! Sasha is a Sr. Manager, Managed OpenShift Black Belts at Red Hat. In her career, Sasha has worked in development, operations, consulting, and cloud architecture. Sasha is an organizer, above all else. This episode was sponsored by Ubiq Security!

Episode 24 with Guest Stephanie Black

Learn what it's like to be a Cybersecurity Account Manager, with Stephanie Black! Want to learn about sales from an Electronic and Telecommunication Engineer working in cyber? Join us!

Episode 23 with Guest Allie Mellen

Learn what it's like to be a Security Strategist, with Allie Mellen! In her own words: I've spent several years in cybersecurity and have been recognized globally for my security research. Over the past ten years, I've held various engineering, development, and consulting roles in the technology sector and received a B.S. degree in Computer

Episode 22 with Guest Talesh Seeparsan

Learn what it's like to be an eCommerce security educator and auditor, with Talesh Seeparsan! Originally an eCommerce PHP developer, Talesh has pivoted his career into eCommerce security. Specifically building more defensible eCommerce.

Episode 20 with Guest Brian Anderson

Learn what it's like to be a Information Security Officer\Service Delivery and Operations Manager, with Brian Anderson! In Brian's own words: "I'm an InfoSec Manager who straddles both Security and pure IT roles. I've been in IT and InfoSec for almost 20 years. I fell into this by accident, couldn't dig my way out, so I decided to dig in." We are in for a treat!

Episode 18 with Guest Mehidia Afrin Tania

Learn what it's like to be a Bug bounty hunter, with Mehidia Afrin Tania!

Episode 17 with Guest Shelly Giesbrecht

Learn what it's like to be a Principal Consultant doing Incident Response, with Shelly Giesbrecht! A long-time admirer of smart people, PowerShelly works hard to surround herself in people she can learn from. This is particularly easy to do in her day job as a Principal Consultant (IR) for CrowdStrike. She is frequently found wearing a bow-tie and some for reason.

Episode 16 with Guest Gabrielle Botbol

Learn what it's like to be a Penetration Tester, with Gabrielle Botbol! Pentester, cybersecurity blogger and podcaster!

Episode 15 with Guest Teuta Hyseni

Learn what it's like to be an Application Security Engineer, with Teuta Hyseni!

Episode 14 with Guest Shira Shamban

Learn what it's like to be a CEO of the cyber startup Solvo, with Shira Shamban! She tells of us her military service, what it's like to start a company in Israel, what rapid growth is like, and when you know your company is 'real'.

Episode 13 with Guest Kim Crawley

Learn what it's like to be a Cybersecurity writer and researcher, with Kim Crawley! Kim has written blogs of the biggest brands in our industry. Now she's researching behind the scenes and looking for threat intel work.

Episode 12 with Guest Tyrone E. Wilson

Learn what it's like to be a Founder & President of a Cyber Security Company, with Tyrone E. Wilson! He is a passionate information security professional with 24 years of experience in information technology and has a mission to improve as many lives as possible through education in cybersecurity. Join us to hear what his business does, how he started it, his meetup (D.C. Cybersecurity Professionals ) and so more!

Episode 11 with Anshu Bansal

Learn what it's like to be a Chief Executive Officer (CEO) of a DevSecOps product startup, with Anshu Bansal of CloudDefense.ai!

Episode 10 with a Dominique West

Join host Tanya Janca and guest Dominique West to learn what it's like to be a Senior Cloud Security Consultant!

Episode 9 with Guest Katie Paxton-Fear

Learn what it's like to be a PhD student, Bug Hunter & Educational Youtuber, with Katie Paxton-Fear! She is a full time PhD student, part time educational youtube and occassional bug bounty hunter.

Episode 8 with Tracie Martin!

Learn what it's like to be a Principal Security Engineer for IoT with Tracie Martin! She's had a weird and interesting career doing things like protecting missile systems, working for counterintelligence at NATO and now is passionate about protecting the internet of Things.

Episode 7 with Juliet U Okafor

Learn what it's like to be a CEO of a Cyber Security Company, with Juliet U Okafor!

Episode 6 with Guest Marie Moe

Learn what it's like to be a Cyborg, Scientist, Infosec Consultant, and an Associate Professor II at NTNU, with Marie Moe! Marie is well-known for her TED talk, "Can hackers break my heart?", where she details how she hacked her own pacemaker, while it was inside her.

Episode 5 with Guest Ashish Rajan

Learn what it's like to be a Head of Security & Host of Cloud Security Podcast, with Ashish Rajan!

Episode 4 with Guest Kim Lamoureux

Learn what it's like to be a Security Analyst, with Kim Lamoureux!

Episode 40 With Guest Magda Chelly

03/06/2021 6:00 pm

Learn what it's like to be a PhD, S-CISO, CISSP, AND the Head of Cyber Risk Consulting at Marsh Singapore!

Episode 39 With Guest Haiyan Song

27/04/2021 6:00 pm

Learn what it's like to be the executive Vice President at F5, with Haiyan Song!

Episode 38 API Security Best Practices

20/05/2021 6:00 pm

With our guest being unable to make it, host Tanya Janca gave a lesson on API security best practices. She also shared a twitter link with a list of API security testing tools, as well as a downloadable PDF about the best practices discussed.

Episode 37 With Guest Ritu Gill

13/05/2021 6:00 pm

Host Tanya Janca learned what it is like to work in Open Source Intelligence (OSINT) with her guest, Ritu Gill!

Episode 36 With Guest Abhi Arora

06/05/2021 6:00 pm

Host Tanya Janca  learns what it's like to be a Chief Product Officer (CPO) of a DevSecOps Product startup, with Abhi Arora! His startup is called Cloud Defense.

Episode 35 With Zenobia Godschalk

29/04/2021 6:00 pm

Learn what it's like to be the CEO of Zag Communications, with Zenobia Godschalk!

Episode 34 WordPress Security!

22/04/2021 6:00 pm

With a last minute guest cancellation Host Tanya Janca provided a sneak peak for the new website, reviewing WordPress Security Best Practices.

Episode 33 With Annie Hedgpeth

15/04/2021 6:00 pm

Learn what it's like to be a Senior Cloud Automation Engineer, with Annie Hedgpeth!

Episode 32 With Swathi Joshi

08/04/2021 6:00 pm

Learn what it's like to be an Engineering Manager, in Detection and Response!

Episode 3 with Mari Galloway

Learn what it's like to be a Senior Security Architect, with Mari Galloway!

Episode 2 with Guest Mario Platt

Learn what it's like to be a Director of Strategy, with Mario Platt!

Episode 1 With Guest Melissa Benua

Learn what it's like to be a Director of Engineering, with Melissa Benua!