We Hack Purple Podcast
The We Hack Purple Podcast is pre-recorded and released on both YouTube and (in audio-only format) every major podcast platform. We feature a diverse range of guests for all walks of InfoSec, to talk about their careers, jobs, and how they got to where they are today. Featuring host Tanya Janca.
Join us to learn more about information security!
Episode 80 with Ray Leblanc
11/07/2023 12:00 am
In episode 80 of the We Hack Purple Podcast host Tanya Janca brings on her long-time friend Ray Leblanc of 'Hella Secure' blog. You may remember him from several Alice and Bob Learn streams, or from his cutting sarcasm on social media.
Episode 81 with Diana Kelly
14/09/2023 12:00 am
In episode 81 of the We Hack Purple Podcast host Tanya Janca spoke to Diana Kelly, Chief Information Security Officer (CISO) at Protect AI. Diana and Tanya worked together at Microsoft, and to say that Diana is a pillar of the information security industry is somewhat of an understatement. Together they discussed problems with Large Langiage Models (LLMs) ingesting crappy code, and bad licenses, the OSSF (and it's goodness), and that sometimes people don't even realize they are breaking software licences when they use what an LLM has produced.
Episode 79 with Isabelle Mauny
19/06/2023 12:00 am
In episode 79 of the We Hack Purple Podcast host Tanya Janca spoke to Isabelle Mauny (https://www.linkedin.com/in/isamauny/), Field CTO and founder of 42Crunch (https://42crunch.com)! Isabelle and Tanya met way back in 2018, at an API Security workshop in Britain, having no idea they would be friends for years to come! Isabelle is extremely passionate about securing APIs, and has volunteered for several different groups and projects in order to try to steer our industry in a more secure direction, including being president of the OpenAPI group and lending her skills to the OWASP DevSlop project to fix up our Pixi app.
Episode 78 with Jason Haddix
10/06/2023 12:00 am
In episode 78 of the We Hack Purple Podcast host Tanya Janca brings Jason Haddix on to talk about artificial intelligence, and (of course) how to hack it! Jason discussed how to use AI for both defense and offence, using plain language (conversational), rather than code, and what a red teaming exercise looks for such a system. We talked bout what a large language model looks like, cleaning up data, and how easy it is to get them to do bad things. Jason invited everyone to the AI Village at Def Con this year, and so much more! There was also much love for Daniel Miessler, his articles on AI, and his newsletter Unsupervised Learning.
Episode 76 with Brendan Sheairs
02/06/2023 12:00 am
In episode 77 of the We Hack Purple Podcast host Tanya Janca chats with Brendan Sheairs about her latest obsession; security champions! Brendan has significantly more experience in this area than anyone Tanya has met, so they dug in deep on this topic.
Episode 73 with Amanda Crawley
11/04/2023 12:00 am
In episode 73 of the We Hack Purple Podcast, host Tanya Janca talks to guest Amanda Crawley of 1Password! We talked about how developers need special tools to help them do their jobs, securely, then we chatted about several things that can help them, especially password managers! Developers are huge targets for malicious actors and Amanda shared TONS of ways devs can protect themselves
Episode 76 with Anshu Bansal
23/05/2023 12:00 am
In episode 76 of the We Hack Purple Podcast host Tanya Janca brings Anshu Bansal, the CEO of CloudDefense.ai, back onto the show for a second time to discuss “solving problems in application security”. Tanya and Anshu have worked together quite a while, as Tanya has been an advisor at Cloud Defense since it was a drawing on the back of a napkin!
Episode 75 with Enno
16/05/2023 12:00 am
In episode 75 of the We Hack Purple Podcast, host Tanya Janca interviews Enno, a security researcher from Semgrep. They discussed all things static analysis, including; how do we come up with SAST rules, what’s important to search for, important considerations when writing rules, testing rules before wider roll out, and writing rules specifically for Semgrep.
Episode 74 with Ray Espinoza
09/05/2023 12:00 am
In episode 74 of the We Hack Purple Podcast, host Tanya Janca talks to guest Ray Espinoza from Inspectiv! During the podcast we honed in on how to build a positive security culture, which has several important ingredients; Security Champions, Empathy, explaining ‘the why’, sharing information in both technical and non technical formats, and storytelling!
Episode 71 with Ariel Shin
18/04/2023 12:00 am
In episode 71 of the We Hack Purple Podcast Host Tanya Janca speaks to the Ariel Shin from Twillio! Ariel does product security, and as you might imagine, Tanya had at least 100 questions for her. We discussed threat modelling, influence, persuasion and other communication skills needed to be an effective #AppSec person (or any security professional, for that matter). The conversation got really interesting as we dove into how to communicate with an executive, versus an engineer, versus a non-tech person, and how we can communicate and advocate for security (effectively) in the process. She talked about breaking down an argument into multiple pieces, to ensure you get the message across the best possible way. If you are someone who has struggled with convincing the rest of IT to patch or fix bugs, she breaks down how to do this in a way Tanya plans to adopt from now on. Take a listen at the links below!
Episode 70 with Meghan Jacquot
04/04/2023 12:00 am
In episode 70 of the We Hack Purple Podcast Host Tanya Janca speaks with Meghan Jacquot about threat modelling (horizontally and vertically!), how women choose which conferences to attend, how to reduce physical risks when traveling, how to do security research and perform ‘good’ at the same time (“Cyber for good”), any her countless volunteer efforts to make our industry more welcoming
Episode 69 with Scott Helme
02/03/2023 12:00 am
In episode 69 of the We Hack Purple Podcast Host Tanya Janca speaks to the only person on earth who is more excited about security headers than she is: Scott Helme of Report URI! Scott talked about all the different security headers, how some are ‘new’, when and why we would use them. We spoke about why some security headers stopped being used, rouge certificate authorities, and so much more. In fact, at the end, we felt that didn’t get to finish all the things we wanted to say. There was so much more to dive into, meaning this is part 1 of a 2 part episode!
Episode 68 with Gagandeep Singh
03/03/2023 12:00 am
In episode 68 of the We Hack Purple Podcast host Tanya Janca dives into Domain Driven Design (and development) with Gagandeep Singh. Gagandeep is an avid blogger, and Tanya read his article on DDD and just had to interview him. We discussed if Design Driven design or development are those the same thing (they aren’t!), the security advantages of DDD, how Trusted Types and Content Security Policy Header come into play! We discussed the concept of having the security of a feature be part of the design and feature itself, and the huge security advantages we can expect to see. To hear more, you need to see the episode!
Episode 67 with Jeremy Ventura
09/03/2023 12:00 am
In this episode of the We Hack Purple podcast host Tanya Janca met with Jeremy Ventura of ThreatX, to discuss how we can help more people from underrepresented groups into tech and specifically into the field of Cybersecurity/ InfoSec. How do we get them a seat at the table? How can we share knowledge and educate people en mass? Can we advocate for others? (Spoiler alert: Jeremy and I gave several examples of both sides of that equation) We talked about “Saying yes more often!” when we are asked to do something a bit outside our comfort zone, if it might bring us new opportunities. We talked about imposter syndrome, different learning styles, and that you can come from any career, education or background, and there’s a place for YOU in our field!
Episode 66 with Wolfgang Goerlich
23/02/2023 12:00 am
In episode 66 of the We Hack Purple Podcast Host Tanya Janca sits down with one of her colleagues from IANs Research, Wolfgang Goerlich! We talked about his work and AMAZING team at Cisco (Hi Wendy and Dave!), how they were originally part of Duo Security, and that they missed their chance for a fun rebrand of Duo + Cisco = Disco! Besides all the silly jokes, we talked about what security looks like beyond just vulnerabilities and trying to keep the bad guys out. We zeroed in on legitimate users that misuse systems, and dug into how Threat modelling and diversity could be used to prevent situations such as the infamous apple AirTags misuse. We talked about including privacy as part of threat modelling, Cara Bloom’s Mitre Privacy Framework, ‘least data collection’, as well as using nudge economics to promote positive security and privacy culture change. This conversation was AWESOME.
Episode 64 with Anant Shrivastava
09/02/2023 12:00 am
In this episode of the We Hack Purple podcast host Tanya Janca met with Anant Shrivastava! We talked about securing the entire software supply chain (including your CI/CD and where you get your packages from), and how it is more than just buying a software composition analysis (SCA) tool. He explained the new and very different risks of securing a mobile app versus a regular web app or an API, that’s he’s more of an ops than a dev person, and how the risks are all coming together now that many of us are doing DevOps.
Episode 65 with Frank Cipollone
28/01/2023 12:00 am
In this episode of the We Hack Purple podcast host Tanya Janca met with Frank from Phoenix Security in the UK! We talked about this latest white paper ‘SLAs are Dead, Long Live SLAs!’, how AppSec folks aren’t necessarily ‘great’ at maintaining their own SLAs, and how to empower a team to do their own governance and be responsible for their own risk.
Episode 63 with Guest Mick Douglas
12/01/2023 12:00 am
In this episode of the We Hack Purple podcast host Tanya Janca met with her colleague from IANs Faculty: Mick Douglas, founder of InfoSec Innovations! We talked about EVERYTHING AppSec and definitely could haveeasily talked at least 2 more hours! He explained what honey pots/honey files/honey links are, and how to use them. Creating a "tamper evident" network and system, as well as how marketing people have really messed up the term "shift left" for the rest of us. Not only that, but the episode had TONS of laughs!
Episode 61 with Guest Gemma Moore
12/12/2022 12:00 am
In this episode of the We Hack Purple Podcast we meet Gemma Moore , co-founder and director of Cyberis. Gemma is an expert in penetration testing and red teaming. She started her career in cyber security nearly twenty years ago, working her way up from a junior penetration tester to running the penetration testing practice in a specialist consultancy by 2011. She is a founding director of the information security consultancy, Cyberis.
Episode 47 with Deviant Ollam
22/07/2021 6:00 pm
Learn what it's like to be a physical penetration tester, with guest Deviant Ollam. Famous for hacking banks, elevators and basically any physical security device, he will share how he got to where he is today! Check out his Twitter while you're at it!
Episode 29 with Guest O’Shea Bowens
Learn what it's like to be a CEO of a cyber security company, with O'Shea Bowens! O'Shea is a cyber security enthusiast who background is primarily security analytics & DFIR. He also focuses on cloud and application security.
Episode 28 with Guest Jarrod Overson
Learn what it's like to be a Director of Engineering, with Jarrod Overson! Jarrod is a developer, speaker, and author who most recently led development of Shape Security's application defense platform which was recently acquired by F5 for $1 billion.
Episode 27 with Guest Davin Jackson
Learn what it's like to be a Application Penetration Tester, with Davin Jackson! We talked about his long career, the hard work to change careers, and how rewarding it has been. We also talked about his awesome hoodies and how amazing InfoSec Unplugged is !
Episode 26 with Guest Barbara Schachner
Learn what it's like to be a Security Architect, with Barbara Schachner! Barbara is a Security Architect at Dynatrace. She has spent half of her 15 years of experience in the security industry on the defensive side and has built and led the Red Team at Siemens.
Episode 21 with Guest Sasha Rosenbaum
Learn what it's like to be a People Manager, with Sasha Rosenbaum! Sasha is a Sr. Manager, Managed OpenShift Black Belts at Red Hat. In her career, Sasha has worked in development, operations, consulting, and cloud architecture. Sasha is an organizer, above all else. This episode was sponsored by Ubiq Security!
Episode 23 with Guest Allie Mellen
Learn what it's like to be a Security Strategist, with Allie Mellen! In her own words: I've spent several years in cybersecurity and have been recognized globally for my security research. Over the past ten years, I've held various engineering, development, and consulting roles in the technology sector and received a B.S. degree in Computer
Episode 22 with Guest Talesh Seeparsan
Learn what it's like to be an eCommerce security educator and auditor, with Talesh Seeparsan! Originally an eCommerce PHP developer, Talesh has pivoted his career into eCommerce security. Specifically building more defensible eCommerce.
Episode 20 with Guest Brian Anderson
Learn what it's like to be a Information Security Officer\Service Delivery and Operations Manager, with Brian Anderson! In Brian's own words: "I'm an InfoSec Manager who straddles both Security and pure IT roles. I've been in IT and InfoSec for almost 20 years. I fell into this by accident, couldn't dig my way out, so I decided to dig in." We are in for a treat!
Episode 17 with Guest Shelly Giesbrecht
Learn what it's like to be a Principal Consultant doing Incident Response, with Shelly Giesbrecht! A long-time admirer of smart people, PowerShelly works hard to surround herself in people she can learn from. This is particularly easy to do in her day job as a Principal Consultant (IR) for CrowdStrike. She is frequently found wearing a bow-tie and some for reason.
Episode 12 with Guest Tyrone E. Wilson
Learn what it's like to be a Founder & President of a Cyber Security Company, with Tyrone E. Wilson! He is a passionate information security professional with 24 years of experience in information technology and has a mission to improve as many lives as possible through education in cybersecurity. Join us to hear what his business does, how he started it, his meetup (D.C. Cybersecurity Professionals ) and so more!
Episode 8 with Tracie Martin!
Learn what it's like to be a Principal Security Engineer for IoT with Tracie Martin! She's had a weird and interesting career doing things like protecting missile systems, working for counterintelligence at NATO and now is passionate about protecting the internet of Things.
Episode 6 with Guest Marie Moe
Learn what it's like to be a Cyborg, Scientist, Infosec Consultant, and an Associate Professor II at NTNU, with Marie Moe! Marie is well-known for her TED talk, "Can hackers break my heart?", where she details how she hacked her own pacemaker, while it was inside her.
Episode 38 API Security Best Practices
20/05/2021 6:00 pm
With our guest being unable to make it, host Tanya Janca gave a lesson on API security best practices. She also shared a twitter link with a list of API security testing tools, as well as a downloadable PDF about the best practices discussed.