Tanya Janca - From Insecure Developer to Appsec and Diversity/Inclusion Advocate and Mentor

Listen to the full episode here:


Tanya Janca, also known as ‘SheHacksPurple’, is the founder, security trainer and coach of SheHacksPurple.dev, specializing in software and cloud security. Her obsession with securing software runs deep, from starting her company, to running her own OWASP chapter for 4 years in Ottawa, founding a new OWASP chapter in Victoria, and founding the OWASP DevSlop open-source and education project. With her countless blog articles, workshops and talks, her focus is clear. Tanya is also an advocate for diversity and inclusion, co-founding the international women’s organization WoSEC, starting the online #MentoringMonday initiative, and personally mentoring, advocating for and enabling countless other women in her field. As a professional computer geek of 20+ years, she is a person who is truly fascinated by the ‘science’ of computer science.


• Part of security is teaching security
• Started in software development then starting meeting hackers, and decided to switch into security.
• Tanya is extremely scholastically inclined
• She comes from a family full of Woman Computer Scientists and Mechanics
• Tanya's Quick List For Getting Into Infosec:
• Responsibility of a mentee: [30:29]• Have energy and time
• Respect your mentor's time
• Need to have already looked for the answer online before you ever ask them for something
• They are not a free consultant, you shouldn't ask them to do your work
• You shouldn't stand them up for meetings
• Recognize and have gratitude for the fact that this person has a crap-ton of knowledge in their brain that they're sharing with you for free. They're taking the time out. You're not their daughter or son. You're not their friend. You're a person in their industry and they're trying to pay it forward.
• You want to actually do the exercises that your mentor gives you
• Choose your mentor wisely
• Do not expect your mentor to find you a job


• "We're graduating people who don't know how to make secure software, but they do know how to make software!  So that ends up being insecure software. [2:52]
• "So if I was going to teach a software security course at a university, they would pay me as an adjunct professor and they would pay me almost nothing. It would almost be equivalent to volunteer work." [3:30]
• "I thought I really wanted to be a penetration tester until I discovered that there is this weird spot… in between red team and blue team." [8:12]
• "A lot of penetration testers get a little depressed."[9:02]
• "People just don't know how many super awesome cool things there are out there!" [13:06]
• "The people I liked the best are the people in my computer science class." [20:19]
• "Honestly, I just smoked a lot of weed and just showed up and would ace things." [20:07]
• "You don't have to spend money at the beginning necessarily." [29:53]
• "Which certification should I get so that I can be a good pentester?" [29:29]


• Tanya Online
• NICE Framework: https://www.nist.gov/itl/applied-cybersecurity/nice/nice-cybersecurity-workforce-framework-resource-center
• OWASP: https://owasp.org/
• WoSec: https://wearetechwomen.com/wosec-women-of-security/
• Franziska Bühler https://twitter.com/bufrasch

Getting Into Infosec:

• Breaking IN: A Practical Guide to Starting a Career in Information Security: https://www.amazon.com/dp/B07N15GTPC/
• T-Shirts, Mugs, and more: https://gettingintoinfosec.com/shop/
• Sign up for sneak peaks, updates, and commentary: https://pages.gettingintoinfosec.com/subscribe