Career Notes 3.26.23
Ep 142 | 3.26.23

Tanya Janca: Find a community who supports you. [CEO]


Tanya Janca: Hi, I'm Tanya Janca, and I am the CEO and founder of We Hack Purple, an online community for people who really wanna make secure software and new friends.

Tanya Janca: Both of my aunts and three out of five of my uncles are computer scientists and, my uncle made me a computer when I was quite young in the eighties that would say, hello, Tanya, I'm Mikey, and it would, we could type things in and then it would say things back to us and it could only say so many things, but he programmed it just for us and we thought that was pretty incredible, me and my little sister. 

Tanya Janca: So then fast forward to high school and my parents said, you know, you need to take one programing class, like we need you to just try everything. And I'm one of those weird people where I was good at everything. So I got awards for mathematics and drama. Um, and I remember when it came time to pick, to go to college or university, um, I got accepted to everything I applied for, I also had schools just offer me acceptance to things I hadn't applied for, which was pretty exciting and and my parents are like, so whatever you pick, you're gonna do that for a long time and so I thought about, and of all the classes that I was in, I really liked the people in my computer science class the best. And I was like, well, those are my people. So I'm going to study computer science in college and I loved it. Um, I was, I started working at a startup while I was still in college. I started my own company the moment I graduated with a bunch of other graduates. Like I was, this is the right place for me. 

Tanya Janca: While I was in high school, I already started working at an IT company called Nortel, and then, I worked at a couple different companies when I was in college and I tried starting my own company, it didn't work. And um, I started doing consulting and just, just programming, and then a friend got me into the Canadian government and it was very, very steady. So I got to do a lot of interesting stuff in the government. Um, I got to do anti-terrorism stuff, which I can't tell you about, but it's exciting to have your work, help save lives. I also got to be the CISO, the Chief Information Security Officer for the election in 2015 when we elected, uh, Justin Trudeau for the first time.

Tanya Janca: But I got to switch from programming over into security in the Canadian government. And so I got to learn in my opinion, like a lot of really cool things and so being able to go through fake security incidents with your peers and learn from each other and each other's experiences. And just being able to call someone at another department because you spent two days with them and saying like, listen, I need help with, like, have you seen this before? You've seen this on your network. I found that really amazing and that's the thing that like private industry doesn't do. 

Tanya Janca: So private industry does cool things too, just to be clear. Um, so eventually I left the Canadian government because I was recruited by Microsoft. So partway through my career in the government, I switched over to security and the security training costs of fortune. It is way more expensive than software developer training, like, like four x the cost. I started helping run the OWASP chapter in my city, the Open Web Application Security Project, and I started finding professional mentors within that community and then eventually I started becoming the leader of the chapter and my co-leader said, you know, Tanya, you should present and I was like, nope, and he's like, what are you afraid of? But eventually, like with his support and a whole bunch of other people's support in the community, I did a presentation and I remember, I was so scared. My heart was beating so loud. I was like, how will they even hear me speaking?

Tanya Janca: So I went up and I did it and it was not at all bad, everyone was lovely. And so this became my evil plan, for getting myself trained up and like learning all about AppSec. And so I just started speaking at conferences and that's how Microsoft ended up recruiting me. I was just like, this is incredible. And so I did that for a while and it was really fun and I got to travel basically the whole world, which was absolutely amazing. Um, but then at Microsoft, they're like, you know, we don't wanna fly you to literally every country on the planet and exhaust you. How can we make this scale? So I started doing online streams and they're like what if you write a blog post? So I was like, okay. And so then they kept saying like, how can we make this scale? Like, how can we help more people? And so then I was like, I'm gonna write a book. And they're like, yeah, you should do it. And then I was like, I'm gonna start my own company and they're like, oh no, that's not what we meant. Um. But they . Were just, so, I have to say like a lot of my colleagues were just like, so ridiculously, ridiculously supportive, like, they're like, we sad you're leaving, but we still think you're cool and so that was great. 

Tanya Janca: So then I started, We Hack Purple and We Hack Purple has, has grown and morphed and we now, I believe we have 6,700 people in our community and we have I think like 11 free courses. So at first it was just me presenting, but now we have community members present to each other and it's just been really beautiful to see that grow.

Tanya Janca: I've had some adversity, uh, I had some pretty intense harassment this summer and I actually got to the point where I had to phone the police and like get some video cameras and like add physical safety to my home because it was really quite terrifying and I reached out to the community and the community reached back. And so like I explained like I'm really afraid here, um, they've set up this Reddit page so that they can organize their harassment of me on multiple platforms. They're trying to figure out where I live, I have little ones at home, this is really upsetting and so many people had calls with me, sent me emails, sent me messages of support, and it was just like the community being like, this is not okay and we need to help make sure you're safe if we wanna have people like you who create content and events and stuff for and, and help make sure our community continues to exist.

Tanya Janca: I want the internet to be a safer place for everyone, not just security experts. I would hope that they found my work helpful, that I encourage them to do, in my opinion, the right thing, which is make more secure software and like take those extra steps. Fix that scary bug, do the test even though it's a pain in the butt to run the testing tool, but you need to know if it's okay. Like I don't want us to need to use a VPN when we co connect to a network in public. I don't want people to have to reset their Facebook settings 4,000 times because they've undone the privacy things you did. I want it to be naturally secure by default for every technology so that people like my mom, a mathematician chemist who's very, very smart, but she's not a technologist and want every person to be able to be safe on the internet and use technology safely.