Relating to DevSecOps Episode #078: 🔥 Burn Your 30-page Policies: Tanya’s Got Better Ideas
Apr 22, 2025
In this engaging chat, Tanya Janca, known as SheHacksPurple, shares her insights as an AppSec expert and author. She discusses why traditional security policies often flop and how to make them more effective. Bridging the gap between developers and policy writers is key—Tanya emphasizes the need for practical, simplified guidelines. She also touches on her advocacy work in enhancing cybersecurity within government sectors. Tune in for her tips on empowering developers and making security accessible!
AI Snips
Chapters
Books
Transcript
Episode notes
Developer Ignored Overwhelming Policies
- Tanya Janca shared how as a developer she was clueless about the many unread policies enforced on her team.
- When she wrote new secure coding policies with dev feedback, the team finally found them helpful and practical.
Policy Writing Requires Evangelism
- Write policies with lots of developer feedback and multiple consultations before socializing them.
- Promote policies actively through presentations, workshops, and easy wiki access to maximize awareness and adoption.
Use TL;DR for Better Reading
- Keep policies extremely short with a TL;DR page featuring key points to encourage reading.
- Accept some need to read more, but shorter concise documents achieve better developer engagement.
