Feb. 23, 2020

Tanya Janca - From Insecure Developer to Appsec, Diversity/Inclusion Advocate, and Mentor

Tanya is an awesome, giving person. She's a huge proponent of mentoring, diversity and inclusion, and application security. She's quite involved in the community, from starting her own company to running her own OWASP chapter for 4 years in Ottawa, founding a new OWASP chapter in Victoria, and co-founding the international women’s organization WoSEC.


Tanya Janca, also known as SheHacksPurple, is the author of ‘Alice and Bob Learn Application Security.’ She is also the founder of We Hack Purple, an online learning academy, community, and podcast that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty years, won numerous awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). She has worn many hats: startup founder, pentester, CISO, AppSec Engineer, and software developer. She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings on 6 continents. She values diversity, inclusion, and kindness, which shines through in her countless initiatives.

Founder: We Hack Purple (Academy, Community, and Podcast), WoSEC International (Women of Security), OWASP DevSlop, OWASP Victoria, #CyberMentoringMonday


  • Part of security is teaching security
  • Started in software development, then starting meeting hackers, and decided to switch to security.
  • Tanya is extremely scholastically inclined
  • She comes from a family full of women computer scientists, technologists, and mathematicians!
    • Her aunt was the FIRST to graduate in CS from Ontario.
    • Her mother was a mathematician.
    • She had four uncles in computer science.

Tanya's Quick List For Getting Into Infosec

  • Responsibility of a mentee: [30:29]
    • Have energy and time
    • Respect your mentor's time
    • Need to have already looked for the answer online before you ever ask them for something
    • They are not a free consultant; you shouldn't ask them to do your work
    • You shouldn't stand them up for meetings
    • Recognize and have gratitude for the fact that this person has a crap-ton of knowledge in their brain that they're sharing with you for free. They're taking the time out. You're not their daughter or son. You're not their friend. You're a person in their industry, and they're trying to pay it forward.
    • You want to actually do the exercises that your mentor gives you
    • Choose your mentor wisely
    • Do not expect your mentor to find you a job


  • "We're graduating people who don't know how to make secure software, but they do know how to make software!  So that ends up being insecure software." [4:57]
  • "So if I [were] going to teach a software security course at a university, they would pay me as an adjunct professor, and they would pay me almost nothing. It would almost be equivalent to volunteer work." [5:35]
  • "I thought I really wanted to be a penetration tester until I discovered that there is this weird spot… in between red team and blue team." [10:17]
  • "A lot of penetration testers get a little depressed."[11:07]
  • "People just don't know how many super awesome cool things there are out there!" [15:11]
  • "The people I liked the best are the people in my computer science class." [22:24]
  • "Honestly, I just smoked a lot of weed and just showed up and would ace things." [22:12]
  • "You don't have to spend money at the beginning necessarily." [31:58]
  • "Which certification should I get so that I can be a good pentester?" [31:34]
  • "I don't know enough to be a mentor." [31:50]


Getting Into Infosec

Follow Ayman on Twitter

Breaking IN: A Practical Guide to Starting a Career in Information Security