Tanya Janca — CEO of SheHacksPurple Consulting
Application security, developer education, and a crusade for the world's first secure-coding law. Interviewed by Frank Victory.
Our featured guest this month is Tanya Janca, known across the industry as SheHacksPurple, CEO of SheHacksPurple Consulting and best-selling author of Alice and Bob Learn Application Security. With 25+ years in IT and software development, Tanya joins Frank Victory for a deep dive into global security policy, developer workflows, and the gap between checked compliance boxes and truly defensive software engineering.
Plus, the segment that opens every episode: a roundup of Colorado security and tech news, this month covering the state OIT restructuring, Colorado's watered-down AI law, and fresh threat-intel and AI research from community sponsors.
= In this episode
- The policy vs. security gap. Why frameworks and initiatives like the U.S. SBOM executive order often favor visibility and tooling over actual vulnerability remediation.
- Shifting left & secure guidelines. Why the industry catches vulnerabilities late through pen testing instead of setting secure requirements at the design phase.
- The secure-coding law crusade. Tanya's petition in the Canadian House of Commons for an accountability-driven secure-coding law that could set a global baseline.
= This month in Colorado security
The news & resources segment.
- Colorado overhauls state IT office, lays off 173 employees after negative feedback Colorado Sun
- Colorado's fierce two-year fight over AI regulation ends with watered-down law Colorado Sun
- How Lares thinks about Mythos-class AI in offensive security Lares
- The security risks of Agent-to-Agent (A2A) communication zvelo
- We surveyed 300+ security leaders on AI identity — the findings are counterintuitive FusionAuth