Episode #078: 🔥 Burn Your 30-page Policies: Tanya’s Got Better Ideas

Update: 2025-04-22

Description

In this must-listen episode of Relating to DevSecOps, Ken welcomes the ever-inspiring Tanya Janca, aka SheHacksPurple—author, AppSec expert, and champion of making security usable. Together, they dig into why so many application security policies fail, why developers ignore them, and how to make them actually work. Tanya shares real-world experiences from both dev and security perspectives, plus her journey from being ignored to lobbying governments for change.

From communication failures and TL;DR policy pages to leveraging wikis and code reuse, this episode is a practical masterclass in creating impactful, developer-friendly security standards.

Comments

In Channel

Episode #081: Burnout by Budget Season: Surviving Q4 in Security

2025-10-2921:57

Episode #080: Patch Me If You Can: Compliance, SLAs, and Other Fairytales

2025-08-2534:05

Episode #079: CISOver It: When Dashboards Replace Direction

2025-06-1037:00

Episode #078: 🔥 Burn Your 30-page Policies: Tanya’s Got Better Ideas

2025-04-2246:48

Episode #077: Is Google Eating the Cloud? 🔥 Wiz.io Acquisition Hot Takes

2025-03-2431:59

Episode #076: ShmooBalls & Open Source Brawls: DevSecOps, Risk, and the Final ShmooCon

2025-02-0433:32

Episode #075: Ghosts of DevSecOps: Past, Present, and Future

2024-12-2436:08

Episode #074: Battling Budgets in Security

2024-12-0936:11

Episode #073: Staffing Security in DevSecOps

2024-10-2137:10

Episode #072: Measuring the Immeasurable: The Power and Pitfalls of Metrics in DevSecOps

2024-08-2833:48

Episode #071: Retro Vibes with Retrospectives

2024-06-1925:32

Episode: #070: Putting da BOM in SBOM and SCA

2024-05-0839:32

Episode #069: Your SaaS is Grass

2024-03-2032:38

Episode #068: Data Breaches and DevSecOps

2024-02-2134:17

Episode #067: Welcome to 2024! AppSec Resolutions and A Smhoocon Recap

2024-01-2635:27

Episode #066: Exploration of the Shifting Definition of Shifting Left

2023-12-0542:33

Episode #065: LASCON 2023 Recap - AI, a Misunderstood Menace or Magic Bullet

2023-11-1033:11

Episode #064: Don't Instigate, Mitigate!

2023-09-2531:32

Episode #063: Unscrambling CloudSecSoup with CSPM, Vuln Management, SIEMs, and Log Aggregators

2023-09-0537:56

Episode #062: Cyber Sentinels: Ken and Mike in the DevSecOps Labyrinth

2023-08-0740:21

00:00

Episode #078: 🔥 Burn Your 30-page Policies: Tanya’s Got Better Ideas

#box-pro-ellipsis-176444068623082{-webkit-line-clamp:2;}Episode #078: 🔥 Burn Your 30-page Policies: Tanya’s Got Better Ideas

Episode #078: 🔥 Burn Your 30-page Policies: Tanya’s Got Better Ideas

Ken Toler and Tanya Janca

Episode #078: 🔥 Burn Your 30-page Policies: Tanya’s Got Better Ideas