7MS #458: Interview with Tanya Janca
7 Minute Security11 Maalis 2021

7MS #458: Interview with Tanya Janca

Today we're super excited to share a featured interview with Tanya Janca of WeHackPurple!

Tanya has been in software development from the moment she was of legal age to work in Canada - beginning by working with some huge companies (Nokia/Adobe) before falling in love with application security and eventually starting a company of her own. Gh0sthax and I sat down with Tanya over Zoom to discuss:

  • How to overcome your fears and present at conferences, write blog posts and even start your own company!
  • How to deal with online jackwagons who troll you online at conferences
  • The importance of finding a mentor and mentoring others

Also, here are a bunch of handy links and hashtags Tanya shares throughout the interview:

  • Bob and Alice Learn Application Security - Tanya's book, available on Amazon
  • Women of Security (WoSEC)
  • We Hack Purple Podcast - weekly podcast with a diverse range of guests from all walks of infosec life
  • We Hack Purple Community - "a Canadian company dedicated to helping anyone and everyone create secure software."
  • Tanya's music on Spotify
  • #CyberMentoringMonday - a hashtag that Tanya and other security professionals monitor to help people connect with cyber mentors
  • InsiderPHd - has a safe space for bug bounty hunters to learn and collaborate
  • WeAreHackerz - "You are welcome to join WeAreHackerz if you identify as a person of a marginalized gender, including but not limited to non-binary individuals, women (trans and cis), trans men, genderqueer, etc. We welcome members across all nationalities, races, religions, ages, or other characteristics that make each of us unique."
  • Security in Color

Jaksot(695)

7MS #7: External Vulnerabilities that Byte (audio)

7MS #7: External Vulnerabilities that Byte (audio)

Episode lucky #7!!! In this episode I talk about external network vulnerabilities that we see in many of our assessments – some of which are pretty easy to clear up. Download: Episode 7: External Vulnerabilities that Byte (audio) Show notes: RC4 – a risk that we find just about anywhere SSL is used, but in…

15 Maalis 20147min

7MS #6: Fun Firewall Rules – part 2 (audio)

7MS #6: Fun Firewall Rules – part 2 (audio)

In this episode I continue talking about some basic firewall rules that many organizations don’t have in place. Download: Episode 6: Fun Firewall Rules – part 2 (audio) Show notes: Limit outbound DNS requests to just the ISP servers (or whatever external servers you use). Anytime a firewall rule is changed, perform a vulnerability scan…

8 Maalis 20147min

7MS #5: Fun Firewall Rules – part 1 (audio)

7MS #5: Fun Firewall Rules – part 1 (audio)

In this episode I talk about some basic firewall rules that many organizations don’t have in place. Download: Episode 5: Fun Firewall Rules – part 1 (audio) Show notes: Block outbound port TCP 25 for all devices except your mail server(s). If you use a third party mail filter like Postini or Securence, ensure that…

1 Maalis 20147min

7MS #4: Patch Strategies: Part Deux (audio)

7MS #4: Patch Strategies: Part Deux (audio)

In this episode I continue talking about some dos and donts of patch strategies – this time talking about enterprise level gear. Download: Episode 4: Patch Strategies: Part Deux (audio) Show notes: There are often two trains of thought in regards to enterprise gear patching (like routers, switches, firewalls). 1. If it ain’t broke, don’t…

22 Helmi 20146min

7MS #3: Patch Strategies: Part 1 (audio)

7MS #3: Patch Strategies: Part 1 (audio)

In this episode I talk about some trends (and problems) we’re seeing on the patching front – specifically OS and third-party apps. Download: Episode 3: Patch Strategies: Part 1 (audio) Show notes: Most organizations have the Microsoft side of the house patched well – but the third party apps (Java/Flash/Reader/etc.)? Not so much…but that’s just…

13 Helmi 20147min

7MS #2: The Importance of Logging and Alerting! (audio)

7MS #2: The Importance of Logging and Alerting! (audio)

In this episode I talk about how a client of ours learned a hard lesson: that the lack of logging/alerting makes for a pretty miserable investigation after they were breached. Download: Episode 2: The Importance of Logging and Alerting! (audio) Show notes: Public-facing terminal servers without 2FA basically have a sign on their back that…

1 Helmi 20147min

7MS #1: Epic Introduction! (audio)

7MS #1: Epic Introduction! (audio)

In this episode, I talk about the inspiration behind the 7MS podcast and my vision for it going forward. (Admittedly, my ulterior motive is to use this intro episode to figure out how in the heck to get this podcast submitted and visible on iTunes :-). Download Episode 1: Epic Introduction to 7MS (MP3) I’ll…

1 Helmi 20147min

Suosittua kategoriassa Politiikka ja uutiset

rss-ootsa-kuullut-tasta
aikalisa
ootsa-kuullut-tasta-2
politiikan-puskaradio
rss-podme-livebox
rss-vaalirankkurit-podcast
otetaan-yhdet
linda-maria
the-ulkopolitist
et-sa-noin-voi-sanoo-esittaa
rss-raha-talous-ja-politiikka
rss-hyvaa-huomenta-bryssel
mita-koulussa-ei-opetettu
positiivista-poditiikkaa-huff-lindgren
rss-lets-talk-about-hair
rss-mina-ukkola
rss-fingo-podcast
rss-tyolinjalla-pekka-sauri