Relating to DevSecOps

Episode #078: 🔥 Burn Your 30-page Policies: Tanya’s Got Better Ideas

Apr 22, 2025
In this engaging chat, Tanya Janca, known as SheHacksPurple, shares her insights as an AppSec expert and author. She discusses why traditional security policies often flop and how to make them more effective. Bridging the gap between developers and policy writers is key—Tanya emphasizes the need for practical, simplified guidelines. She also touches on her advocacy work in enhancing cybersecurity within government sectors. Tune in for her tips on empowering developers and making security accessible!
Ask episode
AI Snips
Chapters
Books
Transcript
Episode notes
ANECDOTE

Developer Ignored Overwhelming Policies

  • Tanya Janca shared how as a developer she was clueless about the many unread policies enforced on her team.
  • When she wrote new secure coding policies with dev feedback, the team finally found them helpful and practical.
ADVICE

Policy Writing Requires Evangelism

  • Write policies with lots of developer feedback and multiple consultations before socializing them.
  • Promote policies actively through presentations, workshops, and easy wiki access to maximize awareness and adoption.
ADVICE

Use TL;DR for Better Reading

  • Keep policies extremely short with a TL;DR page featuring key points to encourage reading.
  • Accept some need to read more, but shorter concise documents achieve better developer engagement.
Get the Snipd Podcast app to discover more snips from this episode
Get the app