Career Spotlight: Tanya Janca on Public Speaking, Mentoring and Women in InfoSec

Posted by Annabel Steele on Mar 30, 2021 11:31:00 AM

Tuesday, March 30, 2021

By Annabel Steele, Fuel HQ

Tanya Janca Image

Tanya Janca gazed out over the sea of expectant faces, her heart thumping so loudly she thought they could all probably hear it too. For a moment, she had one abstract, panicked thought:

Can you die of public speaking? Is that possible?!

But she took a deep breath and launched into her talk.

Janca was speaking at a BSides event at the urging of one of her friends. Her speech was on OWASP ZAP, and she had spent months refining it with the help of several friends from her OWASP chapter. The talk marked the culmination of a long process during which Janca embraced the information security (InfoSec) field — at first hesitantly, but then wholeheartedly.

Janca was speaking at a BSides event at the urging of one of her friends. Her speech was on OWASP ZAP, and she had spent months refining it with the help of several friends from her OWASP chapter. The talk marked the culmination of a long process during which Janca embraced the information security (InfoSec) field — at first hesitantly, but then wholeheartedly.

Janca’s initial exposure to the security field was less than ideal. As a software developer, she was involved in a counterterrorism effort for Canada’s government, and had a very unpleasant experience with the security professionals assigned to the project. As a result, Janca spent years avoiding security altogether — until she met a pentester who persuaded her to give it a chance.

“This pentester, as it turns out, was in a band, and I was in a band, so we became friends,” Janca says. “After a year and a half of him pestering me, I said, ‘Fine, I’ll learn about security.’”

After that, things moved quickly. Janca spent her days at her full-time job, where she eventually convinced her managers to let her join the security team. At night, she learned from her pentester friend, completing a yearlong apprenticeship with him during which she fell in love with the security field.

Industry Involvement

These days, Janca is so heavily involved in InfoSec it’s almost hard to believe she was ever apprehensive about it. She runs We Hack Purple, an online training and learning community for information technology professionals. As part of that effort, Janca hosts the We Hack Purple podcast, shares interesting articles and facilitates discussions among members of the community. Running We Hack Purple is Janca’s favorite thing to do, and she is especially proud of the community’s code of conduct and strict no-tolerance policy for harassment and hate.

“When I’m in We Hack Purple, everything’s safe and everyone’s accepted,” she says. “It’s like the opposite of gatekeeping.”

In addition to We Hack Purple, Janca is on the ICTC-PAC advisory board to the Canadian government to add cyber education to the primary and secondary school systems. She reviews curriculums, offers up her own content, and, in pre-pandemic times, booked InfoSec professionals to visit classrooms and teach for a day. Janca herself has been a guest lecturer at universities, often teaching students about application security.

Janca is also on advisory boards for three companies, and wrote a book called “Alice and Bob Learn Application Security.” She founded the international profit WoSEC, or Women of Security, and serves on the board.

Despite her initial nervousness about public speaking, Janca is now a mainstay on the InfoSec speaking circuit. After the success of her first talk at the BSides conference, Janca sought out more speaking opportunities. Over time, her nerves mostly faded, and now she says she’s more excited than anything else when she gets an opportunity to deliver a speech.

Plus, speaking at InfoSec conferences comes with its own special benefit.

“If you give talks at conferences, you get in for free,” Janca says. “I applied at every conference I could so I could get in for free because I did not have a budget to do that [otherwise].”

Janca has delivered talks and training on six different continents and relishes the opportunity to travel to interesting places. She’s had a number of wonderful experiences, including in Switzerland, her favorite place to visit.

Progressing Through the InfoSec Field

As far as Janca is concerned, one of the most important things an InfoSec professional can do is be welcoming — not necessarily just to visitors from different countries, but to the industry as a whole. That is because of how difficult it can be to break into the industry, she says. Janca believes mentorship is more important in the information security field than in other fields.

Unlike in other career paths, there is no clear, set path for people to follow when seeking a job in InfoSec. An applicant can do everything they believe is needed to qualify for a job, but then face letdown after letdown when hiring managers ask for completely different certifications and experience.

“Mentors can be that hand up to make sure you actually make it, and then help you absolutely excel,” Janca says.

Mentoring is especially important for women in the field, who are outnumbered by their male colleagues and often have to navigate difficult situations without the assistance and advice of female peers. Janca’s WoSEC community exploded in popularity after she founded the first chapter, and has become a welcome refuge for women in the field to discuss their experiences, seek advice and build connections.

In addition to seeking out a professional mentor, Janca advises members of the InfoSec field to join communities related to their topics of interest, like OWASP or We Hack Purple. But she cautions that there must be genuine involvement and connection before professionals try to use those communities to their advantage.

“If you become a part of the community first and then you end up needing a job, everyone will bend over backwards to help you. But if you show up and say, ‘I would like to take, and I am a stranger,’ it’s not going to go the way you want,” Janca says.

Janca advises InfoSec professionals to get creative in how they seek out training and education opportunities. For people on a tight budget, offering to deliver a speech at a conference is a great way to get in for free, Janca says. Other options include volunteering at conferences, which also often results in free admission.

Fuel members looking for education and resources can make use of archived webinars and presentations to brush up on various elements of InfoSec. Past webinars are available on topics ranging from data security to encryption, application security and more, allowing Fuel members to seek out education on their own time and at their own convenience.

Ultimately, Janca says, InfoSec professionals should broaden their horizons when it comes to finding ways to learn, train and grow in the field.

“There are a lot of different opportunities that exist and when we’re creative, we might see them,” Janca says.

InfoSec Resources

For more, in-depth content related to InfoSec, be sure to check out these resources:

  • YouTube

  • Udemy

  • CBTNuggets

  • Your local college (both classes and degree programs)

  • Meetup groups

More to Explore

Check out these Fuel blog posts for further reading:

Topics: Tanya Janca, InfoSec, Information Security

Posts by Topic

see all

Subscribe to Blog Updates

Recent Posts

Posts by Topic

see all