Whether on stage at a large conference or at a table at her local OWASP Chapter, Tanya Janca brings an enthusiasm for teaching developers about security. Her work highlights empowering devs with tools and knowledge to make apps more secure for everyone.
In a recent episode of the Humans of Infosec podcast, I had the chance to spend some time with Tanya and chat about her current work and the path that brought her to this point. She’s a senior cloud advocate for Microsoft, specializing in application security. She’s also an OWASP Project and Chapter Leader.
Tanya has spent most of the last year at conferences and meetups, where she speaks about bringing security into the DevOps process. She’s given the opening keynote at DevSecCon Singapore, the closing keynote at the Diana Initiative, and in between has continued to build an active, inclusive OWASP Chapter in Ottawa. Her OWASP DevSlop project is creating content for developers to learn cloud security basics. And her blog covers a spectrum of advice from preparing presentations to securing the SDLC.
Red teams try to break systems. Blue teams try to build them. The perspectives are at odds with each other, they don’t have to be antagonistic. Tanya’s choice of purple team mixes the experiences of red and blue to create collaborations and knowledge sharing that build better software.
Please take a moment to listen to our conversation, then check out some of the other episodes as well!