CyberWire Daily - Tanya Janca: Find a community who supports you. [CEO] [Career Notes]
Episode Date: March 26, 2023Tanya Janca, CEO and Founder of We Hack Purple, sits down to talk about her exciting path into the field of cybersecurity. Trying several different paths in high school, she soon found she was good at... computer science. When it came to picking a college, she knew that was the field she wanted to get into. After college, she was able to use her skills to work at a couple of different organizations, eventually getting into the Canadian government. While there, she held the position of CISO for the Canadian election in 2015 when Justin Trudeau was elected, but she knew she wanted to try something new. She switched from programming to security and after working at Microsoft as a presenter, she eventually found that she wanted to start her own company, saying "at first it was just me presenting, but now we have community members present to each other and it's just been really beautiful to see that grow." She hopes that with her and her community's help, nobody is left feeling unsafe when it comes to being online. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. and VPNs, yet breaches continue to rise by an 18% year-over-year increase in ransomware attacks
and a $75 million record payout in 2024. These traditional security tools expand your attack
surface with public-facing IPs that are exploited by bad actors more easily than ever with AI tools.
It's time to rethink your security. Thank you. Learn more at zscaler.com slash security. Both of my aunts and three out of five of my uncles are computer scientists.
And my uncle made me a computer when I was quite young in the 80s that would say,
Hello, Tanya, I am Mikey.
And we could type things in and then it would say things hello, Tanya, I am Mikey. And we could type things in
and then it would say things back to us.
And it could only say so many things,
but he programmed it just for us.
And we thought that was pretty incredible,
me and my little sister.
And so then fast forward to high school
and my parents said, you know,
you need to take one program in class.
We need you to just try everything. And I'm one of those weird people where I was good at everything. So I got
awards for mathematics and drama. And I remember when it came time to pick to go to college or
university, I got accepted to everything I applied for. But I also had schools just offer me acceptance
to things I hadn't applied for, which was pretty exciting.
And my parents are like, so whatever you pick, you're going to do that for a long time.
And so I thought about it.
And of all the classes that I was in, I really liked the people in my computer science class the best.
And I was like, well, those are my people.
So I'm going to study computer science in college. And I was like, well, those are my people. So I'm going to study computer
science in college. And I loved it. I was, I would start working at a startup while I was still in
college. I started my own company. The moment I graduated with a bunch of other graduates, like
this is the right place for me.
While I was in high school, I already started working at an IT company called Nortel.
And then I worked at a couple different companies when I was in college. And I tried starting my own company.
It didn't work.
And I started doing consulting and just programming.
And then a friend got me into the Canadian government. And it was very, very steady. So I
got to do a lot of interesting stuff in the government. I got to do anti-terrorism stuff,
which I can't tell you about, but it's exciting to have your work help save lives. I also got to
be the CISO, the Chief Information Security Officer for the
election in 2015 when we elected Justin Trudeau for the first time. But I got to switch from
programming over into security in the Canadian government. And so I got to learn, in my opinion,
like a lot of really cool things. And so being able to go through fake security incidents with
your peers and learn from each other and each other's experiences and just being able to call
someone at another department because you spent two days with them and saying like, listen, I need
help. Like, have you seen this before? Are you seeing this on your network? I found that really
amazing. And that's the thing that like private industry doesn't do. So private industry does
cool things too, just to be clear. So eventually I left the Canadian government because I was recruited by Microsoft.
So partway through my career in the government, I switched over to security and the security
training costs a fortune.
It is way more expensive than software developer training, like 4x the cost. And so
I started helping run the OWASP chapter in my city, the Open Web Application Security Project.
And I started finding professional mentors within that community. And then eventually I started
becoming the leader of the chapter. And my co-leader said, you know, Tanya, you should
present. And I was like, nope.
And he's like, what are you afraid of? But eventually like with his support and a whole
bunch of other people's support in the community, I did a presentation. And I remember I was so
scared. My heart was being so loud. I was like, how will they even hear me speaking? So I went up
and I did it and it was not at all bad. Everyone was lovely. And so this became my evil plan for getting myself trained up and learning all about AppSec.
And so I just started speaking at conferences and that's how Microsoft ended up recruiting me.
They're like, hey, this is incredible.
And so I did that for a while and it was really fun.
And I got to travel basically the whole world, which was absolutely amazing.
But then at Microsoft, they're like, you know, we don't want to fly you to literally every
country on the planet and exhaust you.
How can we make this scale?
So I started doing online streams and they're like, what if you write a blog post?
So I was like, okay.
And so then they kept saying like, how can we make the scale?
Like, how can we help more people? And so then I was like, I'm going to write a book. And they're like, yeah. And so then they kept saying like, how can we make the scale? Like, how can we help more people?
And so then I was like, I'm going to write a book.
And they're like, yeah, you should do it.
And then I was like, I'm going to start my own company.
And they're like, oh no, that's not what we meant.
But they were just, so I have to say like,
a lot of my colleagues were just like so ridiculously,
ridiculously supportive.
Like they're like, we're sad you're leaving,
but we still think you're cool.
And so that was great.
And so then I started We Hack Purple.
And We Hack Purple has grown and morphed.
And we now, I believe we have 6,700 people in our community.
And we have, I think like 11 free courses.
So at first it was just me presenting,
but now we have community members present to each other. And it's just been really beautiful
to see that grow. I've had some adversity. I had some pretty intense harassment this summer. And I actually got
to the point where I had to phone the police and like, get some video cameras and like add
physical safety to my home because it was really quite terrifying. And I reached out to the
community and the community reached back. And so like I explained, like, I'm really afraid here.
They've set up this Reddit page so that they can organize their harassment of me on multiple platforms.
They're trying to figure out where I live.
I have little ones at home.
Like this is this is really upsetting.
And so many people had calls with me, sent me emails, sent me messages of support.
And it was just like the community being like, this is not OK.
Like the community being like, this is not okay.
And we need to help make sure you're safe if we want to have people like you who create content and events and stuff and help make sure our community continues to exist. I want the internet to be a safer place for everyone, not just security experts.
experts. I would hope that they found my work helpful, that I encouraged them to do, in my opinion, the right thing, which is make more secure software. Like take those extra steps,
fix that scary bug, do the test, even though it's a pain in the butt to run the testing tool,
but you need to know if it's okay. I don't want us to need to use a VPN when we connect to a
network in public. I don't want people to have to reset their Facebook settings 4,000 times because
they've undone the privacy things you did. I want it to be naturally secure by default for every technology so that people like my mom,
a mathematician chemist, who's very, very smart, but she's not a technologist.
I want every person to be able to be safe on the internet and use technology safely. The End
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe and compliant.