Tanya Janca | Shehackspurple

I’ve been working toward this for years, and it finally happened. Canada now has a parliamentary petition to require secure coding in federal software. If you care about cybersecurity, public safety, and better government tech, please sign: 👉 twp.ai/Imv9Jt 1/2

Heading to RSAC? Find your Calm-pliance with Vanta. RSAC can be… a lot. (Amazing, but a lot.) If you need a breather between sessions, you might want to swing by the Vanta booth (S-1827). They’re creating a surprisingly calm little corner in the middle of all the chaos. I’ve been learning more about what they’re building lately, and it’s pretty interesting. Vanta brings compliance, risk, and evidence together in one place, with a ton of integrations and automated checks so you’re not scrambling at audit time (we’ve all been there). They’re also hosting a kickoff event with food, drinks, music, and a space focused on the GRC community, which doesn’t always get the spotlight at conferences like this. If that sounds like your vibe, you can check out their events here: twp.ai/E6I2JO (Sponsored, but also genuinely think this could be a nice recharge spot during RSAC.)

If you were to automate one part of your AppSec pipeline today, what would it be and why? And if it’s not currently automated, why not? #AppSecThursday #talkAppSectome

RSAC 2026 is coming up fast, I’ll be in San Francisco March 23–26 and I’m speaking twice!! Mar 25: Threat Modeling Developer Behavior: The Psychology of Bad Code Mar 26: Insecure Vibes: Avoiding the Risks of AI-Assisted Development If you’ll be there, come say hi! I’d genuinely love to meet you. @RSAConference My sessions: twp.ai/uIH0o9 twp.ai/kuwWQ1 Tickets here: twp.ai/SAHXdl

I updated my training page and made a real brochure instead of “here’s a slide deck and blah” 😅 If you’re looking for secure-coding training that respects developers and actually sticks: 👉 twp.ai/SAEnQW Brochure: twp.ai/E6F3qK

Would you like to hire me for in-person, secure coding training? Here's my upcoming travel schedule for adding training dates: April: Denver, CO May: Toronto June: Vienna (can add anywhere in EU) August: Anywhere in EU Sept: Denver, CO tanya AT shehackspurple DOT ca Isn't the AI image creepy?

Fixed!

YES I broke my DNS. Sorry folks. twp.ai/Imx4VM AND a subdomain on Shehackspurple.ca because why not BOTH?!?!?!? One of those days...

This is what it looks like in my teleprompter when I'm recording something that is scripted (something formal, rather than improv). I have an iPad upside down in it, that sloooooooowly scrolls the text for me. #behindthescenes

Announcement: I'm the keynote for Sikkerhetsfestivalen (Security Festival) 2026, in Lillehammer, Norway! August 24 - 26, 2,000 of us will take over that tiny town to learn, party, and connect! Check out the link below to learn more. :-D twp.ai/ImwxSm

It’s #CyberMentoringMonday!!!! Are you looking for a professional mentor or to learn more about InfoSec? Are you experienced and willing to ‘give back’? Use this thread and hashtag to connect

@CroodSolutions I recently learned how to use my expresso machine. I'm now very good at making mocha lattes 🥳

@shehackspurple Looks delish!!

Made myself a treat. Happy Sunday! I hope you were kind to yourself today as well.

Without the right context, small mistakes can quietly cascade into major vulnerabilities. The risk is not bad code. The risk is plausible code that we stop questioning. 3/3

In this video, Tanya shares where vibe coding becomes a real security problem, including missing authorization checks, incorrect trust assumptions, and skipped security controls. AI does not understand your architecture, your threat model, or your internal policies. 2/3

The Psychology of Bad Code: When Vibe Coding Turns Into a Security Risk. twp.ai/4ivVg1 The biggest danger with AI-generated code is not that it looks broken. It’s that it looks believable. It looks good. 1/3

This is MY view when I'm on camera. It's SO bright, and I can barely see the teleprompter due to glare. #behindthescenes 3/3

In the next photo you can see how the green screen is wrinkled, I fixed that before the video. #behindthescenes 2/3

This is what my temp studio looks like from behind the camera. So I would be standing there on the mat in the middle. #behindthescenes 1/3

Join me, Katie Paxton-Fear (Semgrep), Joni Klippert (Stackhawk), Kurt Boberg, Derian Stenglein, and Diptendu Kar on April 15th, for a lively panel to kick off #SnowFroc 2026! "Agentically Engineered: How AI Agents Are Rewriting the DNA of AppSec". Note: seats are limited! twp.ai/ImwxQS