165: Tanya
Darknet Diaries
Jack Rhysider
4.9 • 8.6K Ratings
🗓️ 4 November 2025
⏱️ 52 minutes
🧾️ Download transcript
Summary
Tanya Janca is a globally recognized AppSec (application security) expert and founder of We Hack Purple. In this episode, she shares wild stories from the front lines of cybersecurity. She shares stories of when she was a penetration tester to an incident responder.
You can sign up for her newsletter at https://newsletter.shehackspurple.ca/
Sponsors
Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com.
This episode is sponsored by Hims. Hims offers access to ED treatment options ranging from trusted generics that cost up to 95% less than brand names to Hard Mints, if prescribed. To get simple, online access to personalized, affordable care for ED, Hair Loss, Weight Loss, and more, visit https://hims.com/darknet.
Support for this show comes from Drata. Drata is the trust management platform that uses AI-driven automation to modernize governance, risk, and compliance, helping thousands of businesses stay audit-ready and scale securely. Learn more at drata.com/darknetdiaries.
Books
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hey, it's Jack, host of the show. |
| 0:02.6 | For a while, I worked out a big company doing security engineering. |
| 0:06.3 | And every year, someone would come in and do an audit on us, and they would ask us the same |
| 0:10.5 | question, do you have a security policy? |
| 0:14.0 | Yes, of course we do. |
| 0:15.4 | Is it available for all of your employees to find? |
| 0:19.0 | Yep, it's right there on SharePoint. |
| 0:21.6 | But this got me thinking, yeah, sure, it was right there in SharePoint, |
| 0:25.6 | but it was called something ridiculous, like ISP underscore overview, or something like that. |
| 0:31.6 | ISP stood for information security policy. |
| 0:34.6 | And it made me wonder if this document was so important that we would be audited |
| 0:38.8 | to check to see if we had it and make sure all our employees had access to it, could any of them |
| 0:45.0 | actually find it if they needed it? Like this policy said stuff like, what are our security objectives? |
| 0:50.4 | Who are the people that we escalate things to? What's acceptable in our network and not? Who should be able to access what, as well as what we should do when there's an incident, how often our security training should be, and what our security standards are? |
| 1:02.6 | So one day, when I was feeling feisty, I decided to do something to make a point. I asked everyone on shift in our network operations center, hey, you have 15 minutes to find the company's security policy. |
| 1:14.6 | Winner gets a free item in the vending machine. |
| 1:17.6 | Go. |
| 1:18.6 | And everyone started looking. |
| 1:19.6 | First, they typed security policy in our department's portal. |
| 1:22.6 | And that actually brought up security policies for some of our customers, |
| 1:25.6 | which I thought was really cool that our customers were taking their security policy so seriously that they wanted to make sure that their partners had copies of it. |
| 1:32.6 | But that wasn't our policy. |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from Jack Rhysider, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of Jack Rhysider and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2025.