I was on Talk Python to Me, with Michael Kennedy, and, just like last time, it was GREAT! We talked about the #OWASP Top Ten, and so much more. Listen here: https://twp.ai/9OVU07
Also: OMG that face I'm making! :P
Brochure only: https://twp.ai/ImvSBt
Feedback welcome. Always.
2/2
I finally put all my secure-coding training into one place 👀
New brochure is up, with what I actually teach, who it’s for, and what teams get out of it.
If you’re curious (or responsible for training devs):
👉 https://twp.ai/9Paxnl
1/2
Every time we install a dependency, copy a snippet, grab something from Stack Overflow, or accept AI-generated code, we are making a trust decision. Let’s make those decisions carefully. Watch the full podcast episode to learn why this matters and how to think about it more safely.
1/2
It’s #CyberMentoringMonday!!!! Are you looking for a professional mentor or to learn more about InfoSec? Are you experienced and willing to ‘give back’? Use this thread and hashtag to connect
That's my new podcast! 🎉
Guess who got a sunburn gardening today and couldn't be happier? 🌞
Tickets here: https://twp.ai/NTbMJZ
More information on my session here: https://twp.ai/9PbcjN
2/2
Toronto friends, I’m coming back. I’m excited to be speaking at NDC Toronto, May 5–8!
My talk is: “Threat Modeling Developer Behavior: The Psychology of Bad Code.”
We’re going to make threat modeling feel more usable for real dev teams, with practical takeaways you can apply right away.
1/2
Hi! If you are Canadian, I NEED YOUR HELP. Please call your member of parliament and ask them to vote YES on petition e-7115. Watch the video to learn more!
https://twp.ai/NSV5BK
Petition: https://twp.ai/E5AanC
Thank YOUuuuuuu
Announcement: I'm the keynote for Sikkerhetsfestivalen (Security Festival) 2026, in Lillehammer, Norway! August 24 - 26, 2,000 of us will take over that tiny town to learn, party, and connect! Check out the link below to learn more. :-D
https://twp.ai/4ixNLp
This was the best speaker's gift of all time. 🥰🥰🥰🥰
Sometimes you bear witness to something you doubt people would believe you saw in person.
Congrats to two of my favorite people in AppSec, Tonya Janca and Jason Haddix, for being immortalized as Funko at the same #SnowFROC
Dwayne, can you send me this one? I want to print it!!
💜💜💜
I was on Smashing Security with Graham Cluley and, well... It was SMASHING!
Episode 463: This AI company leaked its own code. It's also built something terrifying.
https://twp.ai/9OVTzg
More streams coming May 10th for Chapter 2!
Join my nerd-a-licious mailing list so you don’t miss the next one:
👉 https://twp.ai/NSUrPf
Thank you to everyone who came. I appreciate you.
2/2
The first Alice and Bob Learn Secure Coding book stream -> SUCCESS 💜
Huge thanks to Dr. Gerald Auger (Simply Cyber) for being amazing!
We covered:
secure defaults, least privilege, supply chain, AI risks… and career advice.
Watch us: https://twp.ai/9OV7pT
1/2
Man puts duct tape on giant aquarium leaking water. The tape says "AI" on it.
If only this were not 100% true.
If you’re attending, come say hi and introduce yourself! I love meeting the community in person.
https://twp.ai/9OVMFK
2/2
Vancouver, I’m coming for you. 😄
I’ll be at B-Sides Vancouver on May 31 + June 1 with two different sessions:
May 31 (half-day training): OWASP API Security Top Ten
June 1 (talk): Threat Modeling Developer Behaviour: The Psychology of Bad Code
1/2
Developers do not need more shame about security. We need better systems. Software supply chain risk is something we can prevent with secure defaults. Watch the full podcast episode at the link below to learn how!
https://twp.ai/9OVJxY
Would you like to hire me for in-person, secure coding training? Here's my upcoming travel schedule for adding training dates:
June: Vienna (can add anywhere in EU)
August: Anywhere in EU
Sept: Denver, CO
tanya AT shehackspurple DOT ca
Isn't the AI image creepy?
It’s interactive, you can ask questions live, and everyone is welcome, whether you’re new or experienced.
👉 RSVP here:
https://twp.ai/gDA3yK
Or just show up: https://twp.ai/S9AKO8
4/4
cryptography and protecting sensitive data
modern browser security features and headers
If you’ve ever wondered what “secure by design” actually looks like in practice, this is the chapter where it starts to click.
3/4
This chapter is packed with the core practices every developer should know, including:
following a secure SDLC
input validation and output encoding (with real examples)
authentication, authorization, and session management
secrets and password management
2/4
The cover of the book, alice and bob learn secure coding
I’m hosting another live book stream, and this one is all about the foundations of secure coding.
On May 10, 11 am-1 pm PST, I’ll be joined by Ray LeBlanc to walk through Chapter 2 of Alice and Bob Learn Secure Coding.
https://twp.ai/9OVLbs
1/4
