Our featured guest this month is Tanya Janca, CEO of SheHacksPurple Consulting, board member for the Forte Group, and former keynote speaker at the Snow Frog conference, interviewed by Frank Victory. We break down the stark differences between privacy and cybersecurity policy globally, the uncomfortable gap between compliance frameworks and real-world risk, and her personal crusade to institute the world's first secure coding law. Plus, we dive into the major Colorado OIT restructuring, local development updates at DIA, and the latest threat intel and AI insights from Zvelo, Red Canary, Optiv, FusionAuth, and Lares!
Our featured guest this month is Tanya Janca, widely known across the industry as SheHacksPurple. Tanya is the CEO of SheHacksPurple Consulting, a board member for the Forte Group, a former keynote speaker at the SnowFroc conference, and the best-selling author of Alice and Bob Learn Application Security. With over 25 years of IT and software development experience, Tanya joins Frank Victory for a candid, deep-dive exploration into the intersection of global security policy, developer workflows, and the massive disconnect between checked compliance boxes and truly defensive software engineering.
Check out the full episode where we discuss:
The Policy vs. Security Gap: Why international frameworks and high-visibility initiatives like the US SBOM Executive Order often favor visibility and tooling purchases over actual vulnerability remediation and code-level security.
Shifting Left and Secure Guidelines: Why the industry routinely relies on catching vulnerabilities late via adversary simulation and penetration testing rather than establishing secure requirements, guardrails, and clear guidelines at the design phase.
The Secure Coding Law Crusade: Tanya details her current petition in the Canadian House of Commons to establish a strict, accountability-driven secure coding law that could set a global baseline for how governments and private enterprises hold software to a true safety standard.
Come join us on the Colorado = Security Slack channel to meet old and new friends.
Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. If you have any questions or comments, or any organizations or events we should highlight, contact Alex and Robb at info@colorado-security.com.
This Month's News & Resources
Colorado overhauls state IT office, lays off 173 employees after negative feedback (Colorado Sun)
Colorado’s fierce two-year fight over AI regulation ends with watered-down law, little fanfare (Colorado Sun)
Denver ranks among ‘most exciting U.S. cities to drink in right now’ (Westword)
Denver airport plans pedestrian walkways between concourses (Ground News / DIA)
Denver-area inflation increases to 5%. Blame energy costs. (Colorado Sun)
How Lares Thinks About Mythos-Class AI in Offensive Security (Lares)
The Security Risks of Agent-to-Agent (A2A) Communication (zvelo)
Red Canary May Threat Intel Highlights (Red Canary)
Advanced AI Protections for CISOs: A Practical Punch List (Optiv)
We Surveyed More Than 300 Security Leaders on AI Identity. The Findings Are Counterintuitive (FusionAuth)
Secure Coding Guidelines — Tanya’s free, boiled-down 84-item guide referenced in the episode.
Upcoming Events
Rocky Mountain Information Security Conference (RMISC) - 6/23-25.
ISC2 Pikes Peak - 6/24.
ISSACOS Biergarten - 6/25
Thanks to CJ Adams for our intro and exit! If you need any voiceover work, you can contact him here at carrrladams@gmail.com. Check out his other voice work here.
Intro and exit song: "The Language of Blame" by The Agrarians is licensed under CC BY 2.0