New Episode of Darknet Diaries: EP 165: Tanya

In this episode, Jack Rhysider, the podcast host, shares a personal anecdote about the difficulty of accessing his company's security policy, despite it being available on SharePoint. This experience highlights the importance of making security documents easily accessible and understandable for all employees. Jack then introduces Tanya Janca, an application security expert, who tells her story and experiences in the field of cybersecurity. Tanya begins by explaining how she transitioned from software development to security after a colleague showed her an SQL injection vulnerability in one of her applications. This demonstration sparked her curiosity and drove her to learn to hack applications to better secure them. She recounts an anecdote where, as an intern, she accidentally caused a production server to crash by exploiting a vulnerability, leading to the server being restored from backups. Tanya then shares an experience where she discovered that data from her government organization was being sold on the dark web. After a thorough investigation, she realized that the data was public but included internal identifiers, indicating a security breach. The incident highlighted the importance of maintaining an accurate inventory of applications and monitoring security logs. Another notable incident involved a false malware alert in a satellite office, caused by all employees streaming the Olympics live, saturating the network. Tanya explains how she resolved the issue and trained the support team to better handle security incidents in the future. Tanya also tells a poignant story where a support technician discovered explicit images of minors on a computer and deleted them, ruining the chain of evidence and preventing legal prosecution. This incident underscored the importance of training support teams to recognize and properly report security incidents. Finally, Tanya shares her experience as an application security manager, where she faced resistance from development teams. She explains how her superior used a transparent approach to raise awareness among developers about the importance of security, leading to better collaboration and more secure applications. In conclusion, this episode highlights the challenges and successes of application security, emphasizing the importance of training, collaboration, and transparency in creating more secure environments.