Career Growth Advice from Tanya Janca, Tech Programming Leader | Career Tips for Women in Tech Programming
Listen to
2B Bolder Podcast – Episode 67
Featuring Tanya Janca
Episode Title: #67 Career Podcast Featuring Tanya Janca Developer Relations & Community at Bright Security, also known as SheHacksPurple : Women in Tech
Host: Mary Killelea
Guest: Tanya Janca
Mary Killelea (Host): Hi there. My name is Mary-Kill-Olea. Welcome to the To Be Bolder podcast, providing career insights for the next generation of women in business and tech. To Be Bolder was created out of my love for technology and marketing, my desire to bring together like-minded women, and my hope to be a great role model and source of inspiration for my two girls and other young women like you, encouraging you guys to show up and to be bolder and to know that anything you guys dream of, it's totally possible. So, sit back, relax, and enjoy the conversation.
Hi, thanks for tuning in. Today's guest is Tanya Janca, also known as She Hacks Purple. Tanya is currently the Director of Developer Relations and Community at Bright Security. She is the author of Alice and Bob Learn Application Security and also the founder of We Hack Purple, an online learning academy, community, and weekly podcast that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over 20 years, won numerous awards, and has been everywhere from startups to public service to tech giants like Microsoft, Adobe, and Nokia. Tanya has worn many hats, startup founder, pen tester, chief information security officer, AppSec engineer, and software developer. She is an award-winning public speaker, active blogger, and streamer, and has delivered hundreds of talks and training around the world. She values diversity, inclusion, and kindness, which is right up my alley. So, I am delighted, delighted to have you on the show today, Tanya. Thank you for joining.
Tanya Janca (Guest): Thank you so much for having me.
Mary Killelea: Okay, so the bio is so interesting to me, especially just security is so relevant to every business. Let's talk about your career journey. Can you tell us kind of how you got to where you are today?
Tanya Janca: I think that I had a very different start than a lot of little girls where when I think I was maybe 10, and my uncle made a computer for us, and this was back when computers were quite expensive, and he taught it to say our names. So I'd say, Hi, my name is Mikey. Hello, Tanya. And we found that awesome. And then when I was a teenager, I started programming. And then basically the moment I turned 18 years old, I started working at a tech company. And I told my family, I want to take computer science in college. What else would you take? All your uncles are computer scientists, both your aunts are computer scientists, your mom's a mathematician, chemist, your dad's a technologist. What would you take if you didn't take computer science? And then I started my first company when I was 23, which did not go that well, but I learned a lot. And so basically I've been doing this for as long as I have known how to do anything. So I don't think that normal little girls in the 80s were like, you're going to be a good little software developer when you grow up, sweetie.
Mary Killelea: Nobody's worked out beautifully for you.
Tanya Janca: Yeah, I really did.
Mary Killelea: That is so interesting. Tell us about your role right now with Bright Security.
Tanya Janca: Okay, so I founded my own company in February 2020, right? Best timing ever. And it was called WeHack Purple and we got acquired this year by Bright Security. Yeah.
Mary Killelea: Okay. Congratulations.
Tanya Janca: Yeah. Thank you. And so basically I run WeHack Purple on behalf of Bright and then I run developer relations on behalf of Bright. So WeHack Purple is this giant online community for people to learn about securing software and other areas of security, but I am obsessed with AppSec, so it's really heavily focused there. And then we have all these courses and trainings and events and stuff. And so I run all of that. And then I also speak at conferences on behalf of Bright and I create a ton of content on behalf of Bright. And then I also give them product feedback. Some people call it negging. I call it product feedback. But yeah, it's been really fun so far. And I have to say, I've talked to a lot of friends who have had other companies acquire them and they're like, oh, they're really nice to you all the time. I'm like, yeah, they're always nice.
Like a few months ago, I was at a conference and I wrote a book and I don't know if you know, but my book's heavy. And I had 40 books I had to carry and the CEO actually like ended a meeting and drove across town and carried the book.
Mary Killelea: Oh, that is very good supportive.
Tanya Janca: Yeah. I'm like, they're really, really nice to me. And they're like, well, that's not always the case when you get acquired. So you should count yourself very lucky. And I do.
Mary Killelea: Oh, that's awesome. So you mentioned you're obsessed with AppSec.
Tanya Janca: Yes.
Mary Killelea: Tell me why you're so obsessed with that.
Tanya Janca: Okay, so I was a software developer forever. So, I was programming for a few years before I got my first job. And then for 17 years, I did software development and I did all sorts of different programming jobs that I really liked. And then I also was a professional musician. So I would play in bars all over town. I would play songs, sing my singing and play my guitar. And then eventually I learned drums. And briefly I did comedy because I was like, how can I make less money than music? Right. And so, then I met this guy at my office and I'm very, very extrovert and I just have to make friends with everyone. And I met this guy and he was a penetration tester. So he did security testing and I made the apps, right? And I was like, you're in a band? He's like, you're in a band? I'm like, let's be friends. And he's like, yes. And then he kept trying to convince me to join security. And I was like, no, security is lame, man. I make something out of nothing all day long. I just create these amazing things and I make my clients so happy and that really feeds my soul. And he's like, no, you'd be so good at security. I bet he was joking. Like he's like, it'll be scorched earth when you're done. I'm like, I don't want to destroy. I want to create. But then he kept showing me cool stuff. And then he introduced me like unbeknownst to me, he introduced me to like at least half of the security people in Ottawa, like bit by bit. And I ran this little lunch and learn program for my dev team. And so I had like eight different security topics and each one I was like, I must learn how to do this. And I became more and more curious.
And after a year and a half of him just hassling me, I was like, fine, I will allow you to mentor me, which is the exact opposite way that every other person gets. And I joined the local community called OWASP and their leader, his name, Sharif Kusa, and we're still friends to this day. And very quickly, he's like, you are a leader, Tanya, like whether you mean to or not you're a leader. So why don't we lead this together? And he let me select a lot of the topics that we would cover so I could learn them. And he mentored me quite a bit and still does to this day, because he runs his own business. He's very successful. And so then I stumbled into this giant community that's international called OWASP. So the Open Web Application Security Project. And I started an open source project with this friend named Nicole. And I remember we met on the Internet because she had made this demo and it was broken. And I just sent this email out into the void of all the leaders across the planet. So like 700 people, I'm like, hey, this is down and I'm supposed to be giving a demo for work in two hours. Does anyone know what happened? And she wrote back and said, try now, which is the most software developer thing to ever do. And I'm like, what did you do? She's like, nothing. And then it worked. And then I ended up meeting her in person and we became friends. And one day she's like, do you want to start an open source project with me? And I was like, you had me at Hello. And like, she's amazing. And I just kept meeting more and more amazing human beings through this just amazing community. So I think there's 350 chapters around the world. And I can't tell you like how welcoming they were and just every person wanting to help. And I just became more and more fascinated by like, why can't we solve this problem? And then I was a penetration tester at first, but that's very solo type of work. And it's very good work. It's very important work. But I'm a social butterfly. And I found it a little lonely. And I was like, really, I just like hanging out with other devs. And so AppSec is where you help with all the security stuff. And sometimes you do testing, but sometimes you do teaching and sometimes you just meet and brainstorm. And sometimes you are analyzing and drawing pictures and just helping to solve problems. And I was like, this feeds my social butterfiness and also my curiosity for security and also how I love helping. And so that became the best place for me. I didn't even know it was a job. Like when you go to school, they don't tell you all this stuff exists, right? And it turns out it's a job and it's a job that pays well, like just as much or even maybe more as a software developer. So I was like, oh, wow, this is awesome.
Mary Killelea: This is a fantastic conversation. And all the things that you're bringing up are so relevant to the listeners because you're, you're demonstrating how your personality is infectious, which I just love this. But you're also saying like you chose this path because it meets my values and my personality and I can excel naturally in it. And I think to your point, so many of careers, so many roles within companies aren't exposed properly to young women who are interested in tech. They think, oh, I'm going to be in a dark room or, oh, I'm going to be siloed or it's not for me or there's just men in this, you know. So help break down some more myths, if you will.
Tanya Janca: Yeah, like when I wanted, so this guy was my first professional mentor in security. I thought there were only three jobs in security. And I thought one was that guy that changes the firewall rules that's always grouchy when I ask him for stuff. There's the penetration tester who seems really cool because he has an earring and he has like a snake tattooed on his arm and he like kind of knows some kung fu with the computer. I'm like, that guy's pretty cool. And then there's the grouchy dude where that does like governance, compliance and risk, who's always trying to make me do a lot of paperwork and fill out checklists. And when I ask for help says you should know. And I was like, well, I don't think I'm really meant to be a firewall person. And, you know, those checklists aren't really doing it for me. So I'm like, I guess I'm the guy with the snake tattoo on his arm. I guess that's me. I used to be in punk bands. I have a bunch of tattoos. I'm like, I guess that's where I fit into security.
But then I discovered, like, I had no idea, Mary. So I started a podcast called the We Hack Purple podcast. And for the first year, so for we have 50 episodes, one per week with a different person because there's that many jobs in information security. I had no idea. Right. And there are, and first of all, I've learned that, you know, the GRC checklist people are actually pretty frustrated with everyone else. And I learned a lot more about what they do and how they offer value. And we interviewed someone where she actually made me really excited about that. I learned about basically there's just so many different jobs, like investigating incidents, teaching software developers how to fix bugs. Like, there's just so many different jobs. And so I was really passionate about showing everyone because I didn't know. And I basically spent a year training myself, then another year and a half in the role that I wasn't right for me. And I wasn't right for them. Like, I remember my boss, like, poor Alfred. He'd be like, why are you taking 14 days to do a pen test? Like, everyone else can do it in 10. And I'm like, oh, well, because we needed to do a threat model. And then I helped them fix this bug. And he's like, that's not your job, Tanya. And I feel like I might have been a difficult employee, like not on purpose, not that I was rude or disrespectful, but I'm like, they need me. Right.
Mary Killelea: Right. Best of intentions.
Tanya Janca: Right. And so one day someone's like, I'm going to be like, one day someone's like, OK, so Tanya, the job you keep doing is called AppSec. Lots of people. And it's a full time job. It's not usually a consulting job. And so you can stay the whole time and fix the whole thing because I had trouble letting go when our clients were done. And he's like, please stop doing that. And that's totally his, like, he was just to be clear, the problem wasn't him. Right.
Mary Killelea: You know, that's so good that you're saying this, though, because you were doing a job that you didn't even know existed. And I love that you are aligned and so passionate about it. It makes thank you for explaining that to me. So obviously, a huge success in your life. And it takes career resilience. Let's talk about career resilience and what it means to you. I've had a lot of very interesting things in my career compared to some people like I've had a lot of different types of jobs and had the opportunity to work in public sector, private sector, startups and then like giant huge companies like Microsoft. I think I've had a lot of opportunity. And honestly, I think a lot of it is because I'm very, very extroverted and I love human beings. And I have no nervous nervousness at all about just like calling one of my old colleagues from Microsoft or the government or wherever and saying, I'm having this like super weird technical problem. And like of all the people I've ever met, I feel like you can feel my pain. And there's lots of people where they could call me, but they don't because they're not that extroverted type of person. Not that they should not call, but they feel they shouldn't call.
I feel like some of my resilience has come just because I'm, I'm social. So if I've worked somewhere, I've been unhappy because I have had some instances where I'm like, this is not the place for me. Nope, nope, nope. And so being able to just make a bunch of phone calls and have a bunch of job offers is not something most people can have. And I am on year 26, I guess now I'm just, I just passed my 25 year anniversary in July of being in tech, which is exciting.
Mary Killelea: Yes.
Tanya Janca: But most people don't have a resume that long as well. Right. I also feel like. So I was a musical performer, like I said, for a very long time. And this is this might sound odd, but I started doing public speaking and everyone's like, well, of course you would be good at it. I'm like, no, I'm gonna die of a heart attack. I'm so nervous. I will die. And I didn't, clearly. But the person that I was leading the chapter with his name Sharif, I was like, why don't we ever have any women present? He's like, Tanya, I've invited tons. They all say no. I'm like, why? And he's like, do you want to speak? I was like, no. And he's like, answer your own question, Missy. And so him and a bunch of other people in my local community just kept encouraging me. And finally I was like, okay, I'm going to do it. This is really scary. And they like let me practice on them. They helped over my slides with me. And I presented at a meetup. And I thought I would die. I did not die. I presented at work, which was also very scary because presenting in front of people who you really, really respect is so much more scary for me than strangers. Like speaking at the OWASP meetup, I'm like, oh look, you are my peers. I really care what you think. But if I go speak out of town at some conference where I don't know anyone, I'm like, well, I don't know any of you.
Mary Killelea: It's amazing what our mind does, isn't it?
Tanya Janca: Yeah. But then as I started doing more public speaking, I figured out I could get into a conference for free if I wrote the talk for it. And so, I just started applying everywhere. I'm like, oh, that conference is awesome. I wish I could get a free ticket to that. And then I started writing a blog because a colleague double dared me, which was ridiculous. But he's that guy. And he's like, I dare you to start a blog. And I was like, no. And he's like, if you don't have 40 readers after three months, I'll buy you dinner. And I was like, well, Brock, it's online. And then he was totally right. I had like 400 readers by then. And he's like, haha, you have a blog now, Tonya.
But being but writing a blog and doing all of these talks opened so many doors for me that I was not expecting. Like the doors I wanted opened were that I get to go and sit and listen to all the other smart people at the conference. I'm like, I'm writing this blog, I'm going to learn more and research more by writing this blog. And then people will comment. And I would learn more because they'd be like, oh, what about this? And I'm like, what about that? And I was like, I'm going to learn for free. Haha. But then it turned out that turned into sort of my resume, if that makes sense.
Mary Killelea: Yes, absolutely. No, the creator economy and like learning through doing and the momentum that that creates for you and your career is really astounding. And while you're doing it, you don't even know it's happening. But then you wake up one day and you go, oh, my gosh, look at everything that I just did and all these new doors that are open because I just did what was really uncomfortable. But it's a fascinating domino effect, if you will.
Tanya Janca: Yeah. And also, I think that some people learn very well by teaching something to someone else. And it turns out I'm one of those people. And I used to when I was a software developer, I would always like mentor the co-op students. And I was always mentor the junior because I enjoy that. And it makes me happy. And then my team will be awesome. Right. And so then people were like, well, will you mentor me and security? I'm like, me? I'm so new. And sometimes you don't even realize how far you've come, how quickly. And so people will ask me a question. And if I don't know the answer, I usually get really super excited about it. And then I'm like, well, I have to write a blog post now. It's on.
Mary Killelea: What do you tell other women who have a hard time finding their voice or and finding their voice to advocate for themselves and take ownership and claim responsibility for successful projects? Or they use the we when it's really them? What kind of advice do you have for women like that?
Tanya Janca: So in some cases, I am a little bad for always saying we because I'm constantly trying to give the people below me credit because a lot of managers are like, my team did this and I did that. And I'm always trying to make my juniors shine. But I tend to tell women like, if you can gather up your confidence in a safer place, then you'll feel more confident in less safe places. So for instance, I'm part of this group called the Forte group. And it's a private group that's been around for a long time. And I'll tell them present here first, because all of us think you're awesome already. All of us are going to give you positive feedback or highly constructive feedback like, hey, that was awesome. It's awesome. It's awesome. If you did this, right, all of us are going to like your post on Twitter. All of us are going to introduce you or show off the thing that you did like this article is amazing. And then you can go to the next group and say, hey, I'm going to give you positive feedback. And so when I started the we have purple community, we have a code of conduct, and we intentionally try really, really hard to encourage first time speakers. And we have a code of conduct that we have to give to people who are interested in this. And so we really build each other up in this very positive way. And so when I started the we have purple community, we have a code of conduct, and we intentionally try really, really hard to encourage first time speakers. And yes, maybe only six or 10 people show up, but they'll be the nicest people you've ever met. And they'll say the nicest thing. And it's very friendly and safe. And so if you can be in a space that's very safe to start and build up your confidence and then go to like a slightly less familiar space and move from there, then eventually you can speak in front of a whole audience.
And the first time I spoke at a conference, one of my professional mentors had basically announced on Twitter, Tonya speaking at besides Ottawa next year, and I was like, what? No, he's like, here, Tonya, you can do this. And so when I went to go on stage, I was so nervous. He actually came up on stage with me and just stood beside me the whole time. He just stood beside me and said nothing because I was so afraid. Like I'm so afraid. He's like, I'm not going anywhere. I'm like, what do you mean? He's like, I'll just stand here beside you so you know you're safe. And I was just like, oh my god, you're so amazing.
Mary Killelea: Wow.
Tanya Janca: So awkward for him. He's like, I don't give a shit what other people think.
Mary Killelea: That's amazing.
Tanya Janca: Yeah. And then later, so my demo failed. I was super embarrassed. And it turned out someone else had hacked that website that I was demoing on that morning and just brought it down. So it wasn't my fault. But it doesn't matter because I still look dumb. And then later that afternoon, another speaker insulted my talk during his talk. And the whole audience was angry with that speaker. She's doing her best, you big jerk. He came up to me and apologized later and was like, that was a misunderstanding. English is my second language. That's not what I meant. I'm so sorry. But people made it clear to him like insulting a first time speaker like her demo failed. She's doing her best. Like you're, that's not okay. And so, he was propelled to apologize, which was really nice to see the community around that. And then the next year, they invited me back to speak again. And the following year, I was the keynote.
Mary Killelea: Oh, wow. That's amazing.
Tanya Janca: Yeah. And, and I did befriend the person that said the bad thing about my talk eventually and he swears that it was a language issue and that's fine. And I'm totally willing to accept that. But I feel like if you can start, like if you have allies, like a person that stands beside you on stage awkwardly so that you don't have a meltdown, that's a pretty wonderful human being.
Mary Killelea: Absolutely. No, that is a gift. And I love your community that you're surrounding yourself either from your organization with the women, but so much of what you're saying, I hope listeners are really taking in because it's so important. And the vulnerability that you're willing to do each time to grow is so key. What has been the best career advice that you've received?
Tanya Janca: Okay, so I have this mentor named Kim. So I have a few mentors, and I wanted to start. So I was at Microsoft, and I was like, this is awesome. Like I got to work with some, let's face it, pretty astoundingly amazing human beings who are like super brilliant. And it was like, I'm getting paid well. I have lots of opportunity, right, but I was like, I really, really, really want to start my own business, but I'm afraid. And so we met in Toronto, and she has founded two of the really big security companies in Canada, she's very successful person. And she's like, do you have a lot of like gambling debt or anything and I was like, no. And she's like, do you have some lavish expensive lifestyle you need to maintain I was like, no, I live in an apartment. Also, I just like pile the money in the bank and don't know, I just retirement stuff like I'm not a spender. And she's like, do you have like a bunch of kids depending on you and like, you're trying to put braces on them or something like big expense and I was like, no. And she's like, she asked like a bunch of other questions like that. I'm like, no, she's like, okay, so. So, so there's nothing there's no like financial reason that you can't just like basically not work for like a year or two if you want to and I was like, yeah, I guess I guess that'd be okay. And she's like, so you've got like basically an endless runway forever but yeah, it's I got pretty darn good runway and she's like, so. Okay, so what's the worst that could happen if you start your company I'm like, what if I start a company and it fails and it's embarrassing. She's like, most startups fail lots of startups failed. Do you think that everyone remembers my startups that failed no they remember my two awesome ones that are super successful giant ass companies that's what they remember. And I was like, oh, and she's like, worst case scenario you start your company and it fails she's like, and then you just find an extremely high paying job. She's like, do you understand how well known you are she's like Tonya if you tweeted, I'm looking for a job on Twitter, Twitter would break. That’s not true! And she's like, seriously she's like, what are you afraid of and I was just like, you know, like what if I make mistakes she's like everyone does if you don't make any mistakes literally you must be a god. Everyone makes mistakes I make mistakes like CEOs of giant companies they make mistakes she's like, the point is you learn from it and you do better next time and you ask lots of smart people before you make a giant decision and take the best advice you can.
So after this conversation like I think I'm going to do it and she's like, awesome and then she like snaps her fingers she's like champagne. I had champagne and like the middle of the day I had champagne with him. And she's like to your new company and I was like, oh my god I'm gonna cry you're just, she's so amazing as a human being. It's like oh my gosh.
Mary Killelea: I love that. When you think about today's career or market for women in tech, and all the jobs that aren't even around right now because the way technology is advancing and innovation is happening. So, who would you advise people to start to learn or educate themselves or, or, how can they future proof themselves I guess.
Tanya Janca: So, cybersecurity is not going away. Every year it's getting bigger and bigger. I did a bunch of research in 2020, because I was pitching, not investors I was part of like this contest for Canada thing or whatever. But in 2020, $6 billion was lost to cyber crime that we're aware of. Right tons of it's not even reported it's probably seven or $8 billion. Right? And then the cybersecurity industry is also billions of dollars I think it's, I think it's $2 billion this year or something, it's growing and growing and growing. And so, as much as like I would love to promise everyone don't worry I'm going to fix it this year. I learned that's not true, even if my intention is that. And so I think there's going to be jobs in all areas of cybersecurity for a very long time.
I also think that there's going to be jobs in data science, which I find utterly fascinating in machine learning in artificial intelligence. I don't mean Skynet is going to take over. I mean teaching computers to be slightly smarter so that they serve ads they aren't like, what is this. Like whenever they're people are like, AI is going to take over and like, yeah, you should see the ads they serve me. And so I feel like there's going to be a lot of jobs and there's always going to be people needed to program those things, no matter what there's going to be people that need to be able to be patient and kind and help people troubleshoot things. And I think that just tech is exploding I think it's going to explode for a long time but especially the jobs where you're creating something new. I think that's going to be something exciting for a very long time. If you're customizing things for someone, I think that's going to be a role where people are constantly trying to hire people. And if you have decent social skills, and you have decent technical skills, you can work anywhere. If you have excellent social skills and or excellent technical skills, like people will. I used to joke when I left Microsoft, I was like yeah someone's going to come up with a white van and kidnap me and throw me in, and they're just going to want me to secure their apps, because it's so hard to hire people that know how to do this. I see people switching from all sorts of different careers. And I know that we're still going to need health care workers and all of that but I know tech, the best so that I am rising on the topic I know but I don't think we're going to run out of tech jobs, anytime soon.
Mary Killelea: No. Do you think people need to leave companies in order to increase wages, and I know that seems like a weird question. But
Tanya Janca: No, that's not a weird question.
Mary Killelea: It kind of seems to be the case because inner, inner company roles or moves don't tend to see that same pace fight. Would you agree?
Tanya Janca: Yes. So, except for quite recently, every single time I've had a promotion it's because I've changed companies. Because why would they pay me more to do what they've already tricked me into doing. A lot of places I've worked I just end up taking on more and more because I know it needs to get done. And one day I'm just like you know what I'm actually doing that whole job and why aren't I getting paid for it and then it's on my resume and then someone offers me it and I'm like either you promote me or I'm leaving and they're like, well, I'm like bye. Too slow. Yeah. I feel like, as well, that women are promoted slower. And then any time I remember, I joined the Canadian government and I'd already worked in industry eight years. Right, and I had to join at level one, and I couldn't speak French, and in Canada bilingualism is a really big deal in the government so that close some jobs to me. So, I remember I’m speaking. So there were two men of color. Every single other programmer was a man. And then there's me. And I remember talking to one of the men of color and I'm like, have you noticed you and I are the only level ones, and everyone else is level two. And he's like, well you know this and that blah blah blah I'm like no I should have been promoted a long time ago. That's what's going on. He's like, you know you're so overqualified I'm like no I wasn't promoted when I should have been that's what's happening. And so each job they'd be like you're so overqualified I'm like no I'm under promoted. It's inappropriate that I have like this many level years of experience, and haven't been promoted you're getting a super steal of a deal. Right. And then I even and they're like why are you leaving and I'm like, get your foot on the way out. And in some places, like I don't think that they're like hey she's a woman let's promote her later, I think that part of it is like, maybe I'm not demanding it the way a man would, maybe I'm not demanding the same things that a man would. I've had situations where they're like well we're going to promote you but not give you the title, or we're going to promote you and give you the title but not the pay. Oh, that's unattractive. Right. And even just knowing the number.
So, I got offered a contract to do something and I'm not going to say what the thing is because it will be very clear which giant company this was with, but they also hired a white male that I know very well and he happens to be one of my mentors. So, I wrote him and I was like, oh I'm being offered a contract to do this. And he's like, yeah I know I might have recommended you. And I was like, okay and I'm like, how much do I ask for and he's like, they put into my contract then legally not telling anyone how much I asked for. And I was like, okay he's like, ask for the moon. And I was like, uh, so I asked for $40,000 and they're like sure sign here. And I was like, clearly, there should have, it should have been at least double that. Right? And, but at first, because I didn't know what number to say, I was like, I want to get paid what he's getting paid and they're like he's more famous than you. I'm like he's more famous with this group. I'm more famous with that group. We have different things we offer and I also have this I'm a best-selling author I'm all these other things that he's not. And they're like, we're not paying you what he's getting paid. And they're like, you don't even know what he's getting paid. I'm like, I'm pretty sure it's good. And they're like, no, you have to name a number, and I just, I had no idea and when they immediately agreed and they set the contract like two seconds later I was like, I have failed. I have asked way way too little. This was a mistake. And I did the contract and that's fine and $40,000 is still quite a lot of money in my opinion, but I'm pretty sure that he had like quadruple that at least. And for the same for the exact same thing, and I was like, Yeah, that sucks.
Mary Killelea: And then that's one of those learning lessons and I love that you're asking others for like what should I ask for, because I think women don't tend to do that enough. I think today's there's resources so much more readily available to us than in the past.
Tanya Janca: I asked a bunch of women and all of them are like you should ask 10. You should ask 12 you should ask 15 and then I asked a bunch of men and they're like, ask 100 ask 200. I know and then one of the guys was like what's the lowest you'd be willing to do it for. And I'm like, I don't know, like if it's not 20 it's not even worth doing it's a lot of work. And he's like okay double that ask for that. And I was like, okay, I'll ask for 40 and I assumed they would try to bargain and they're like, where do we sign. And, but like all the women. So, I was telling some of the women I'm thinking of asking 40 and they all discouraged me across the board there that's too much Oh my god they're not going to take you Tanya. Yeah. And these are like people who really like me a lot. Like these are people who are offering the best advice they had and so I got way more than any of the other women would have, but way less than all of the men I asked, and I'm like wow this is a really weird place.
Mary Killelea: Interesting. If you were starting out in tech today, is there anything you would do differently.
Tanya Janca: Yeah, I probably would have started learning, I probably would have started speaking at conferences earlier because I didn't know I would love it. It brings me great joy. Like I like developing content I like sharing ideas. And I absolutely love the part at the end where people ask really super smart questions that make me think hard. And also, I really like people so it's like this opportunity for me to meet so many human beings that I wouldn't have the chance to meet so I probably would have started giving talks almost right away. Because the amount of joy that has brought me is just, it's almost like playing music, except like you know you probably shouldn't be drunk when you do it. Playing music in a bar is quite different. Like a punk festival or something like that, you know where people have never had a mosh pit at one of my talks so far. So far, people have not got up and like slow dance together or anything like that but that's okay. No, I can still shoot for these goals. I feel like I didn't know this was a thing that could make me so happy if that makes sense. And I would learn so much. Because even if I speak at a meetup, I sit and I watch the other speaker, and maybe I wouldn't have gone to that meetup. Right. And then I see this other person's point of view and learn a new thing. And I'm like, well, this is awesome.
Mary Killelea: Speaking of awesome, let's talk about your book, Alice and Bob Learn Application Security. Tell me about it tell me about the idea, and what can someone learn by picking up the book?
Tanya Janca: So I started writing a blog because of Brock daring me. And Brock if you hear this, you're right I'm wrong. And basically, people start writing me and they're like you should write a book like I'm a publisher are you interested and I was like, I don't know what I'm doing. I don't know how to write a book. And they're, they're like, Oh, it looks like you know what you're doing. I'm like, No, no, no. And I wrote like this long blog series based off of a talk I gave. And I got tons of wonderful feedback and this one guy named Dominique, who became my technical editor for that book. He would read everyone and then he would critique it he'd be like well Tanya there's this one nuance you missed or there's this one thing and I was like, Oh man like you're making me a way, way better writer. And so, this this one company wrote me called Wiley and they're my publisher now and this guy named Jim wrote me and he's like, if you could write a book for yourself. Book you wish you had because when I started application security there was no book about app sec. There wasn't one you could read. There wasn't a course you could take. And, like there were a few blogs by a few awesome humans but there was nothing like, I take this learning and I am an app sec engineer is really right tag all over the place, and he's like, write the book for yourself. And so, I've always used Alice and Bob from the beginning of security, because they were the examples used to explain encryption to normal people back in 1978 they're like Alice wants to tell Bob a secret. And so, when she do that and make sure no one else can know. And so, they would use those to explain so whenever I would explain anything I'd be like it's not Alice's fault there was a safeguard missing and I always use those names because people who are my age and older tend to know who they are. And there's kind of like a secret little inside joke.
And so then when I went to go write a book I was like I'm thinking I don't know if this is crazy but I'm thinking of writing Alice and Bob learn application security and he's like I love it and I'm like I want to have stories in the book. I'm learning disabled I'm dyslexic. And I hate textbooks. I hate them because they're really hard to read because I'm dyslexic. But I want all that knowledge in my head. And so, I learned French as an adult, because I worked in the public service. And so, I spent two years in night school and then several months full time at a special school for dyslexic adults and they taught me that there's 21 different ways that people learn. And the ones that were right for me, and how to teach myself things. And they're like when adults get older, the longer they've been out of the learning phase they forget how to learn. And so, when I designed my teachings. I was always like, I'm going to tell a story, I'm going to show some code, I'm going to explain the principle, and then I'm going to give an example. And when I do that, everyone gets it like there's no one that's like I read this whole book and I learned nothing. And I was like I want my book to be weird is that okay and they're like yeah that's cool with us. Yeah, I took it. So for one year I kind of researched what I wanted to be in it and Wiley and I were like we're both on the same page they're like, go. And so I foolishly started my startup and wrote my book at the same time which, just to be clear is dumb. I made my significant other make me promise not to do that again I get to write a book or start a company each year. And yeah, I’ve just had person after person tell me it was easy to read and understand that that was my number one goal. People said it was enjoyable; they were like I never thought I would read a textbook and laugh out loud.
And I’ve recently started my next book called Alice & Bob Learn Secure Coding. And so I've already written chapter one and I've had the weirdest trouble attracting a technical editor. I put like a comment out saying that I'm looking for one and I've had close to 100 people offer and then unfortunately they're all awesome. And so I'm very, very, very grateful and lucky to be like, oh my gosh, how do I choose all of you are amazing. I've narrowed it down to I think like six or seven now. And I've hired one so far. And we're going to just go with three, but I am so grateful to have people be interested in being part of this project because I don't know if you know Mary, you do not make money writing a book.
Mary Killelea: Yes.
Tanya Janca: And I personally sold 50% of the copies of my book myself because each student of my academy would get a book, and then I would go teach secure coding and they're like send us 40 books. And so I actually sold at least half of all of my books so my publishers like, yeah, you're not a normal author they don't people don't usually actually personally sell them and personally mail hundreds of copies to people. I'm like, well how will I get rid of these thousands of stickers I bought. There's not money and writing books just in case anyone was wondering you should go become a Walmart greeter you will make more money.
Mary Killelea: You know that's funny because I'm taking a book writing class right now, and they covered that and publishing 101 is like do not come thinking you are going to get rich by writing a book. You can hear the crickets on the on the line of all the other students going, oh, yeah, but it opens doors.
Tanya Janca: Absolutely. It opens thousands of doors and this might sound really silly but I reference my own book when I'm working all the time I'm like oh cool page 98 I know it's on there. And I can tell people like okay so go to chapter six, and then read this section, and then you're good. And now. So, I told you my company was bought by bright security so part of the deal was that I wanted my courses to become free for anyone, because I had people offer to buy them but they wanted to charge away more. And I was like oh no I want the opposite of that I want the information to be available for everyone. And so now I can say to people like, oh okay so go into the academy take this course, do these sections and then you'll be prepared for that. And it's just wonderful to be able to share with everyone and also be able to pay my bills so thank you Bright Security. Because you can't run a business and give everything away for free. I, you can't do that I've learned.
Mary Killelea: What are you most proud of.
Tanya Janca: Helping people. Helping people has made me feel pretty darn fantastic like when someone writes me, and they're like, I was a nurse working nights. And then I read your book I took your courses, and I just got my first job doing app sec stuff like that just. I fills my cup all the way to the top. Every time.
Mary Killelea: That's amazing. What is to be bolder mean to you.
Tanya Janca: Oh, doing the thing that makes you scared, asking for the thing that you're worried you might not get. I remember. There's this conference called Atlantic sec con in Halifax I really really like, and I sitting talking to this awesome human being named Mark, and he's like, next year you should be the keynote and I was like oh my gosh like maybe they'll ask me you don't know he's like, you're gonna ask. And I was like, Oh, no, I'm not. And then he's like Travis, and like, he's having a what he's like come on over he's like Tanya something to ask you I'm like, So my talk went pretty well he's like there was a standing ovation Tanya is pretty darn good yeah and I was like, so I don't know if maybe like, maybe he's like marks like me on like elbowing me in the lift. I don't know if you can't next year, but maybe and he's like, Oh my gosh yes you should be the keynote next year. I must have been so I'm wearing a bright red shirt right now you can hear me but you can't see me I was definitely the color of my shirt and I was like, it's on and I, you know that that conference that. Yes, so now I've learned like the worst thing they can say is no and so sometimes I read conferences. And they have the whole thing already set up and I'll write and I'll say like, Hey, I know that the call for papers is closed. But if there's anyone that sick or can't make it or anything like I just want you to know I'm really interested I apologize I did apply on time or I did apply and I got rejected but I want you to know I really really really like your conference and like if there's a chance and some of them have said yes I've had some of them they're like, there's a there's a panel we're making you can come and be on the panel or like this person, it turns out they're sick they can't make it so you can replace them and I've just learned if you ask really nicely and humbly so never tell someone that's rude. Right. But if you just say the truth like I just really really love your concert and I'm an idiot and I missed the call for papers by a week because I the reminder my calendar was the wrong day and I'm so sorry and I actually wrote a whole thing just for this conference and I'm ridiculous and please for your consideration and they say no a lot but lots of them say yes and I've just kind of learned if they say no that's no right now. But it might be yes next year. It might be your end and it might never be us like I apply to DEF CON and black every year and every year they're like you are not a badass hacker you're a very cute defender. You don't belong here and I'm like, maybe next year. It's like I don't care. I can try again. And that's okay. That's fine. So I learned not to take that stuff personally and do the thing you're afraid of anyway.
Mary Killelea: I love it. I love it. So, in closing, I know diversity is a very important topic for you. What can we as women do to support each other and encourage each other in tech or careers?
Tanya Janca: I remember another woman sent me a gift of this and it's a woman holding the door for another woman. And then that woman holds the door for another woman and she's like this is how I try to live my life. And so, when I started speaking at conferences and Microsoft like they would pay for like these big nice hotels. And sometimes I would write other women and be like you want to share my hotel room with me so you can afford to go. And I feel like oh my gosh yes now I can go and so I started talking to conferences and saying like what you can say to me and saying like what you consider like you're inviting me to be your keynote and I say yes. But as a personal favor to me will you just consider accepting this lesser known women on like a side stage. And so, they started accepting more women and so every time I'm on a podcast I have this list of women who are lesser known than me. And I say like for your consideration here are women that I recommend who are amazing but way less famous than I am. Like just consider and lots of them have gotten opportunities from that and then when they're well known enough I'm like you're off the list now you've got this. And so I just keep trying to hold the door for other women and so sometimes in a meeting I'll be like hey Amanda you haven't said anything yet. I usually have great ideas. What are you thinking? And she looks at me like Tanja, but then she has all these awesome ideas. Yeah right. And so if we can try to share our privilege. Does that make sense? So like you have a certain level of success like hold the door for someone else and sometimes you like you don't even realize it like oh I wrote this man that I'm friends with. I'm like hey you're giving this training at this this conference and he's like yeah do you want to see and I was like you do but can someone else sit in my seat. You know there's this woman and she does all these awesome volunteer things and she's this amazing human. And we convinced her work to pay for a flight and she's going to stay in my hotel room and then like and she was telling me about your course and she follows you online and he's like done. And then that woman today is now rather famous with like 30,000 followers of her own. And I feel like we can hold the door for each other all the time and not like I'm not losing anything.
Mary Killelea: Right. Right.
Tanya Janca: Just like, like I got asked finally to speak at DEF CON. Like at a village. And I couldn't make it because I'd already switched my flight so many times I was like oh my gosh my boss is going to murder me if I switch my flight again and he has more late fees from me. And I was like, you know, there's this other woman, and so then they ended up booking her. So I feel like it takes extra effort. But it's very satisfying to see someone else kind of spread their wings and soar.
Mary Killelea: 100% agree. It is lovely meeting you. It is fantastic having you here and sharing your career path and story and encouraging words with other women. Thank you for being on the show.
Tanya Janca: Thank you so much for having me and thank you for making the space in general.
Mary Killelea: You're welcome. It's my pleasure. Thanks for listening to the episode today. It was really fun chatting with my guest. If you liked our show, please like it and share it with your friends. If you want to learn what we're up to, please go check out our website at 2bbolder.com. That's the number two, little bbolder.com.