Tanya Janca on Secure Coding, AppSec, and Breaking Barriers in Cybersecurity
In this episode of Breaking Badness, we sit down with Tanya Janca, aka SheHacksPurple, a cybersecurity educator, and author of the best-selling book Alice and Bob Learn Application Security. Tanya shares her journey from software developer to AppSec expert, dives into the unique challenges of teaching secure coding, and discusses the impact of cybersecurity breaches on industries and individuals. From her creative teaching methods to her advocacy for change in university curriculums, Tanya offers insights that resonate with developers, educators, and security professionals alike.
Discover how Tanya is paving the way for accessible AppSec education, the role of AI in secure coding, and her mission to teach security as a fundamental skill for every developer.
Tanya Janca’s Journey into Cybersecurity
Tanya Janca, aka SheHacksPurple, is no stranger to the cybersecurity world. With 17 years as a software developer and over a decade in InfoSec, she has transformed from pen tester to AppSec educator and author. As the head of education and community at Semgrep, Tanya uses her expertise to help others navigate the complexities of secure coding and application security. In this episode, she reflects on her journey and discusses how her passion for teaching drives her work.
“You build something out of nothing, delight people by solving their problems, and bring them joy. That’s why I loved software development—and why I still love helping secure it.” – Tanya Janca
“Every App is a Snowflake”: Why AppSec is Unique
Tanya highlights what makes application security different from other areas of InfoSec. While infrastructure vulnerabilities are often repetitive, application vulnerabilities are as unique as the software they inhabit.
“If you build a to-do app and I build a to-do app, they’re going to be completely different. Every app is a snowflake, and every security assessment feels different because of it.” – Tanya Janca
This uniqueness fuels her passion for AppSec and underscores the importance of teaching developers how to write secure code from the ground up.
Breaking Down Barriers: Why Secure Coding Isn’t Taught in Schools
One of Tanya’s frustrations is the lack of secure coding education in universities and colleges. Despite advances in cybersecurity education, many curriculums still fail to address the basics of writing secure code.
“We’re still teaching software engineering without a single secure coding class. It’s like teaching someone to build a house without mentioning fire safety.” – Tanya Janca
She discusses her outreach to universities and the barriers posed by outdated policies and underfunded adjunct teaching roles. Instead of waiting for change, Tanya has taken matters into her own hands by offering free secure coding courses on her YouTube channel.
Resource: Check out Tanya’s free secure coding courses on her YouTube channel.
AI in AppSec: The Promise and the Risks
Tanya also explores the growing role of AI in software development and security. While AI tools hold great potential for tasks like threat modeling and code analysis, they also come with risks.
“AI can be a fantastic assistant, but right now, it’s still giving insecure coding advice. I use AI-generated code as examples of what not to do in my classes.” – Tanya Janca
The Human Side of AppSec: Empowering Developers
Throughout the conversation, Tanya emphasizes the importance of empathy and creativity in AppSec education. She shares how her personal struggles with dyslexia and ADD shaped her teaching style, inspiring her to create resources for all learning types.
“I explain concepts in multiple ways—technical, visual, through stories—because people learn differently. My goal is to make secure coding as accessible as possible.” – Tanya Janca
Tanya also discusses her use of humor and storytelling to make security lessons memorable, such as her recent parody music video advocating for penetration tests.
The Future of AppSec Education: Tanya’s Vision
Looking ahead, Tanya hopes to see secure coding become a standard part of computer science curriculums. In the meantime, she continues to write books, create training programs, and advocate for a culture of security in development teams.
Her upcoming book, Alice and Bob Learn Secure Coding, expands on the principles of her first book while offering practical guidance for software developers.
“If we teach secure coding from the start, we’ll have fewer fires to put out later. It’s about shifting left in the most fundamental way.” – Tanya Janca
Watch on YouTube
That’s about all we have for this week, you can find us on Mastodon and Twitter/X @domaintools, all of the articles mentioned in our podcast will always be included on our podcast recap. Catch us Wednesdays at 9 AM Pacific time when we publish our next podcast and blog.
*A special thanks to John Roderick for our incredible podcast music!
