66 episodes

The We Hack Purple Podcast will help you find your career in Information Security via interviews with our host, Tanya Janca, and our guests from all different backgrounds and experiences. From CISOs and security architects, to incident responders and CEOs of security companies, we have it all. Learn how they got to where they are today! www.WeHackPurple.com

We Hack Purple Podcast We Hack Purple!

    • Technology
    • 4.6 • 9 Ratings

The We Hack Purple Podcast will help you find your career in Information Security via interviews with our host, Tanya Janca, and our guests from all different backgrounds and experiences. From CISOs and security architects, to incident responders and CEOs of security companies, we have it all. Learn how they got to where they are today! www.WeHackPurple.com

    We Hack Purple Podcast Episode 65 with Frank Cipollone

    We Hack Purple Podcast Episode 65 with Frank Cipollone

    In this episode of the We Hack Purple podcast host Tanya Janca met with Frank from Phoenix Security in the UK! We talked about this latest white paper ‘SLAs are Dead, Long Live SLAs!’, how AppSec folks aren’t necessarily ‘great’ at maintaining their own SLAs, and how to empower a team to do their own governance and be responsible for their own risk. We talked about how to figure out the security maturity model you are looking for, and what kind of language we can use to help a client decide it for themselves. We also talked about how to get several industry experts to work on the same document together: spoiler alert, it’s hard! Listen to hear more!
    The White Paper: SLAs are Dead, Long Live SLAs! Data Driven Vulnerability Management
    Frank’s Podcast: Cyber Security and Cloud Podcast
    Several MORE White Papers from Phoenix Security:
    Priority: https://phoenix.security/whitepapers-resources/vulnerability-management-in-application-cloud-security/ 
    Vulnerability management and regulation: https://phoenix.security/whitepapers-resources/whitepaper-vulnerability-management-in-application-cloud-security/

    Upcoming Webinars with Frank!
    16/02 - 4m GMT - Brooks Shoenfield - SLA, application security and data driven programs : https://youtube.com/live/dfANH8WKavY?feature=share

    22/2 - 5 PM GMT - Chris Romeo - Data Driven Application security programs, how to measure maturity and scale : https://youtube.com/live/wqlC-cClqYE?feature=share


    Frank’s Bio:
    Francesco is a seasoned entrepreneur, CEO of the Application Security Risk based posture management Appsec Phoenix, author of several books, host of multi award Cyber Security & Cloud Podcast, speaker and known in the in the cybersecurity industry and recognized for his visionary views. He currently serves as Chapter Chair UK&I of the Cloud Security Alliance. Previously, Francesco headed the application and cloud security at HSBC and was Senior Security Consultant at AWS. Francesco has been keynoting at global conferences, have authored and co-authored of a number of books. Outside of work, you can find me running marathons, snowboarding on the Italian slopes, and enjoying single malt whiskeys in one of my favourite London clubs.


    Very special thanks to our sponsor: Phoenix Security!
    Phoenix Security ingests data from any security tool, cloud, or code, correlates vulnerabilities, contextualizes, prioritizes and translates into risk. Phoenix Algorithm selects the subset of vulnerabilities more likely to get exploited in the next 30 days, delivering them to the engineers' backlog.
    From Code to cloud contextualize, Prioritize enables security engineers to act on the risk that matters most without burning out.


    Join We Hack Purple!

    Join us in the We Hack Purple Community:  A fun and safe place to learn and share your knowledge with other professionals in the field. Subscribe to our newsletter for even more free knowledge! 

    You can find We Hack Purple Podcast, in audio format, on Podcast Addict, Apple Podcast, Overcast, Pod, Amazon Music, Spotify, and more!

    • 30 min
    DefectDojo, Taking your DevSecOps to 11, with Matt Tesauro and We Hack Purple

    DefectDojo, Taking your DevSecOps to 11, with Matt Tesauro and We Hack Purple

    A We Hack Purple Live Stream with Matt Tesauro of Defect Dojo Inc (https://www.defectdojo.com/). 

    Join We Hack Purple Community to be invited to awesome events like one! https://community.wehackpurple.com 

    Description: You’re tasked with ‘doing DevSecOps’ for your company and you’ve got more apps and issues than you know how to deal with. How do you make sense of the different tools outputs for all your different apps? DefectDojo is an open source platform that can be your single pane of glass by aggregating, distilling, and automating your AppSec and DevSecOps tools. DefectDojo was created by DevSecOps people for DevSecOps people. In this talk, you’ll learn about DefectDojo and how to make the most of the many features it offers including its REST-based API. DefectDojo can be your single pane of glass for discovered security vulnerabilities, report generation, aggregation of over 150+ different security tools, inventory of applications, tracking testing efforts / metrics on your AppSec program. DefectDojo was the heart of an AppSec automation effort that saw an increase in assessments from 44 to 414 in two years. Don't you want 9.4 times more output from your AppSec program? It's time to ditch spreadsheets and get DefectDojo. About Matt: Matt Tesauro is a DevSecOps and application security (AppSec) guru with specialization in creating security programs, leveraging automation to maximize team velocity and training emerging and senior professionals. When not writing automation code in Go, Matt is pushing for DevSecOps everywhere via his involvement in open-source projects, presentations, trainings and new technology innovation. Matt thrives on tackling technical problems, but his economics background gives him a unique understanding of business constraints and incentives around security initiatives. As a versatile engineer, Matt’s background spans software development (primarily web development), Linux system administration, penetration testing and application / cloud security. Additionally, he offers more than 13 years of experience with the internationally recognized AppSec and open-source nonprofit OWASP Foundation. At OWASP, Matt has served on the global board of directors and conducted several highly successful open-source projects, including a web testing environment with 300,000+ downloads in a single year and the OWASP DefectDojo vulnerability management platform with 10 million+ downloads. 

    As a recognized thought leader, Matt has presented at conferences multiple times per year since 2009 and has facilitated training around the world. Some of his noteworthy speaking engagements include a DHS Software Assurance Workshop; OpenStack Summit; SANS AppSec Summit; and AppSec US, EU and LATAM. He has also taught computer security courses at Texas A&M and the University of Texas at the undergraduate and graduate level. Matt leads by example and rolls up his sleeves to help teams reach their goals. He is a supportive and collaborative leader who mentors and motivates others to realize their potential. Colleagues note that Matt is fiendishly clever when solving problems and refreshingly honest in his work. In 2021, Matt was recruited for the role of Distinguished Engineer at Noname Security. His priority is to evangelize Noname’s ground-breaking API security platform and API security in general. He works closely with the product team to ensure that Noname’s platform addresses the application and product security issues that impact customers. Before joining Noname, Matt rolled out AppSec automation at USAA and founded 10Security. His early career includes tenures as Director of Community and Operations at the OWASP Foundation, Senior AppSec Engineer at Duo Security, Senior Software Security Engineer at Pearson and Senior Product Security Engineer at Rackspace. Matt received a master’s degree in management information systems and a bachelor’s degree in economics from Texas A&M Univers

    • 37 min
    We Hack Purple Podcast Episode 63 with Guest Mick Douglas

    We Hack Purple Podcast Episode 63 with Guest Mick Douglas

    In this episode of the We Hack Purple podcast host Tanya Janca met with her colleague from IANs Faculty: Mick Douglas, founder of InfoSec Innovations! We talked about EVERYTHING AppSec and definitely could haveeasily  talked at least 2 more hours! He explained what honey pots/honey files/honey links are, and how to use them. Creating a "tamper evident" network and system, as well as how marketing people have really messed up the term "shift left" for the rest of us. Not only that, but the episode had TONS of laughs! 


    Mick's Bio:
    Mick Douglas has over 10 years of experience in information security and is currently the Managing Partner for InfoSec Innovations. He specializes in PowerShell, Unix, Data Visualization, Hardware, and Radio Hacking and teaches SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling and SEC555: SIEM with Tactical
     
    Very special thanks to our sponsor: Luta Security!
    Luta Security is the global leader in transforming how governments and organizations work with friendly hackers to bolster their security. LutaSecurity can manage end-to-end vulnerability disclosure and bug bounty programs or train your existing staff to maximize your security investment. Visit LutaSecurity.com/services to get started today!


    Join us in the We Hack Purple Community:  A fun and safe place to learn and share your knowledge with other professionals in the field. Subscribe to our newsletter for even more free knowledge! You can find us, in audio format, on Podcast Addict, Apple Podcast, Overcast, Pod, Amazon Music, Spotify, and more!

    #appsec #wehackpurple #shehackspurple

    • 56 min
    We Hack Purple Podcast Episode 62 with Guest Olivia Rose

    We Hack Purple Podcast Episode 62 with Guest Olivia Rose

    In this episode of the We Hack Purple Podcast we meet Olivia Rose, founder Rose CISO Group,  www.RoseCISOGroup.com.
    We talked about the fact that "consulting rules!", mentoring opportunities, and how CISOs and AppSec people have to fight to do their jobs all day, every day. Olivia dove into how to translate what do you, as a cyber security expert, to the executive board and other folks who are brilliant, but not-so-technical. She also gave us the secrets for how to make leadership care about the security work you do, the goals you have, and so much more!
    She told us all about about her mentoring program, and that the deadline to apply is December 30, 2022 (for mentors)! Mentees have until January 21, 2023. So get crackin' on those applications. You can apply here to be a mentor or a mentee. Or both!
    Olivia also gave us the heads up on her newest adventure, the Rose CISO Group! Her new company offers virtual Chief Information Security Officer (CISO) services, boardroom and leadership communications, assessment services, keynote speaking, event presentations; and career and executive coaching... All led by experienced enterprise CISOs!
    Join us in the We Hack Purple Community:  A fun and safe place to learn and share your knowledge with other professionals in the field. Subscribe to our newsletter for even more free knowledge! You can find us, in audio format, on Podcast Addict, Apple Podcast, Overcast, Pod, Amazon Music, Spotify, and more!

    #appsec #wehackpurple #shehackspurple

    • 25 min
    We Hack Purple Streams! Securing Open Source Dependencies Its Not Just Your Code That You Need to Secure With Rana Khalil

    We Hack Purple Streams! Securing Open Source Dependencies Its Not Just Your Code That You Need to Secure With Rana Khalil

    The importance of open source security management made headlines in 2017 when the Equifax breach resulted in the compromise of the personal information of millions of users. The breach was attributed to the use of a known vulnerable version of the Apache Struts open source framework. Since then, we’ve seen a rise in the disclosure (and exploitation) of vulnerabilities in open source software, such as the famous Log4Shell vulnerability that was dubbed as the “worst security flaw of the decade”. 

    This resulted in studies being conducted and determining that open-source components make up more than half of an application codebase. The security implications of such a ratio can be significant. While organizations spend considerable time and effort ensuring that the custom code developed by them is secure, usually little to no consideration is put into evaluating the security of the used open-source components. This presentation will introduce Software Composition Analysis (SCA) - the process of identifying vulnerabilities in open-source dependencies. We’ll discuss the criteria you should consider when selecting an SCA solution and the importance of integrating such tools in your DevOps pipelines. 

    Rana is an application security engineer consultant currently working at C3SA. She has a diverse professional background with experience in software development, quality assurance and pentesting. She holds a Bachelor and Master’s degree in Mathematics and Computer Science from the University of Ottawa. She has spoken about her research and work at several local and international conferences. In her non-existent free time, you can find her posting educational videos and holding workshops through her Academy and YouTube channel. She has received several awards and honorable mentions for her research and contributions to the cybersecurity community. 

    Speaker Links: 
    Youtube Channel: https://www.youtube.com/c/RanaKhalil101 
    Academy: https://ranakhalil.com/ 
    Twitter: https://twitter.com/rana__khalil 
    LinkedIn: https://www.linkedin.com/in/ranakhalil1/ 
    Medium Blog: https://ranakhalil101.medium.com/

    • 53 min
    We Hack Purple Podcast Episode 61 with Guest Gemma Moore

    We Hack Purple Podcast Episode 61 with Guest Gemma Moore

    In this episode of the We Hack Purple Podcast we meet Gemma Moore , co-founder and director of Cyberis. Gemma is an expert in penetration testing and red teaming. She started her career in cyber security nearly twenty years ago, working her way up from a junior penetration tester to running the penetration testing practice in a specialist consultancy by 2011. She is a founding director of the information security consultancy, Cyberis.
    Over her career, she has held CREST certifications in Infrastructure, Applications and Simulated Attack, and now focuses most of her efforts on planning, running and executing red team and purple team exercises.
    In recognition of her outstanding level of commitment to the technical information security industry and the highest level of excellence in CREST examinations, Gemma was selected to receive a lifetime CREST Fellowship award in 2017.  
    Gemma was a contributing author to the BCS’ “Penetration Testing: A guide for business and IT managers”  
    Gemma was named “Best Ethical Hacker” in the 2018 Security Serious Unsung Heroes industry awards, and has been honoured by SC Magazine as one of its 50 Most Influential Women in Cybersecurity, and by IT Security Guru magazine as one of its Most Inspiring Women in Cyber.  
    We talked about everything to do with Red Teaming and PenTester, especially what the difference was between the two, risks involved, setting scope, and several funny and scary stories! We also talked about what people are trying to achieve with a red teaming exercise, and how things can go terribly wrong when we blame everything on the user. This was through and through a fantastic conversation.
    You can learn more by reading in Gemma’s blog!
    Join us in the We Hack Purple Community:  A fun and safe place to
    learn and share your knowledge with other professionals in the field.
    Subscribe to our newsletter! 
    Find us on Apple Podcast, Overcast + Pod
    #TanyaJanca #SheHacksPurple #AppSec #CyberSecurity 

    • 26 min

Customer Reviews

4.6 out of 5
9 Ratings

9 Ratings

Clement2020 ,

Diverse guests in AppSec & Cyber

My favourite guests so far have been #12 Tyrone, #20 Brian and #5 Ashish.

Anyone working in security is going to laugh, cry and rage over the stories in these podcasts... its like family.

Tanya wrote the book on AppSec (literally, check out Alice and Bob Learn application security) so you are in for a treat with this podcast

Rick Norman ,

Best InfoSec Podcast

Today I had a chance to attend this awesome podcast where the guest was Crowdstrike Incident Manager. I am so overwhelmed by the content and quality of the podcast. It’s the podcast for you, where you are heard, where you have chance to meet your career superstars and ask questions. Highly recommend this podcast to the ones who wants to excel in the field of Cybersecurity!

Tanya in Canada ,

Fun and educational

We Hack Purple is at it again, making security education fun!

Top Podcasts In Technology

Lex Fridman
Jason Calacanis
The Cut & The Verge
The New York Times
Jack Rhysider
Andreessen Horowitz

You Might Also Like

CyberWire Inc.
CISO Series
CyberWire, Inc.
Graham Cluley & Carole Theriault
Johannes B. Ullrich
ITWC