We Hack Purple Podcast Episode 68 with guest Gagandeep Singh

03/28/23 • 24 min

In episode 68 of the We Hack Purple Podcast host Tanya Janca dives into Domain Driven Design (and development) with Gagandeep Singh. Gagandeep is an avid blogger, and Tanya read his article on DDD and just had to interview him. We discussed if Design Driven design or development are those the same thing (they aren’t!), the security advantages of DDD, how Trusted Types and Content Security Policy Header come into play! We discussed the concept of having the security of a feature be part of the design and feature itself, and the huge security advantages we can expect to see. To hear more, you need to see the episode!

Gagandeep’s Bio:

Gagandeep Juneja is an experienced Information Security professional working in the Information Technology and Services Industry. Working in Application Security domain, security assessment, threat modeling, architecture review, DevSecOps and guidelines for security technologies to develop effective secure solutions. In his opinion if we focus on securing code which will result in fewer vulnerabilities in the solution. Domain Driven Design sets the bar higher for software development, providing an efficient way to designing and developing a more secure IT solution.

His blog: https://securityintelligence.com/posts/secure-coding-domain-driven-design/

Very special thanks to our sponsor: The Diana Initiative!

A conference committed to helping all those underrepresented in Information Security - Monday August 7, 2023 In-Person at The Westin Las Vegas Hotel & Spa

Join We Hack Purple!

We have new courses in the We Hack Purple Academy! Join us in the We Hack Purple Community: A fun and safe place to learn and share your knowledge with other professionals in the field. Subscribe to our newsletter for even more free knowledge! You can find us, in audio format, on Podcast Addict, Apple Podcast, Overcast, Pod, Amazon Music, Spotify, and more!

Gagandeep’s Bio:

His blog: https://securityintelligence.com/posts/secure-coding-domain-driven-design/

Very special thanks to our sponsor: The Diana Initiative!

A conference committed to helping all those underrepresented in Information Security - Monday August 7, 2023 In-Person at The Westin Las Vegas Hotel & Spa

Join We Hack Purple!

Previous Episode

We Hack Purple Podcast Episode 67 with Jeremy Ventura

We Hack Purple Podcast Episode 67 with Jeremy Ventura

In this episode of the We Hack Purple podcast host Tanya Janca met with Jeremy Ventura of ThreatX, to discuss how we can help more people from underrepresented groups into tech and specifically into the field of Cybersecurity / InfoSec. How do we get them a seat at the table? How can we share knowledge and educate people en mass? Can we advocate for others? (Spoiler alert: Jeremy and I gave several examples of both sides of that equation) We talked about “Saying yes more often!” when we are asked to do something a bit outside our comfort zone, if it might bring us new opportunities. We talked about imposter syndrome, different learning styles, and that you can come from any career, education or background, and there’s a place for YOU in our field!

Jeremy also shared some links and events too!

#CyberMentoringMonday
EXploring Cyber Security - web cast Date unknown - early March
Article about #CyberMentoringMonday, read here: Article about mentoring and advocacy

Jeremy’s Bio:
Jeremy Ventura is a cybersecurity professional, specializing in advising organizations on information security best practices. He has years of experience in vulnerability management, email security, incident response and security center operations. At ThreatX, he is responsible for the development and presentation of thought leadership across all areas of cybersecurity. Ventura is an industry leader that can regularly be seen in media, blog posts, podcasts and at speaking events. Previously, Ventura worked at Gong, Mimecast, Tenable and IBM, among other security organizations. Ventura holds a Master’s Degree in Cybersecurity and Homeland Security.

Very special thanks to our sponsor: The Diana Initiative!

The Diana Initiative Is: A diversity-driven conference committed to helping all underrepresented people in Information Security. This year the theme is “Lead the Change.”

The Diana Initiative is seeking sponsors for their annual event happening Monday August 7, 2023 in Las Vegas - https://www.dianainitiative.org/sponsor/ for more information

The Diana Initiative Call For Presentations opens on March 1, if you have a topic you want to share submit at tdi. https://tdi.mobi/CFP

Join We Hack Purple!

Check out our brand new courses in We Hack Purple Academy. Join us in the We Hack Purple Community: A fun and safe place to learn and share your knowledge with other professionals in the field. Subscribe to our newsletter for even more free knowledge! You can find us, in audio format, on Podcast Addict, Apple Podcast, Overcast, Pod, Amazon Music, Spotify, and more!

Next Episode

We Hack Purple Podcast Episode 70 with Meghan Jacquot

In episode 70 of the We Hack Purple Podcast Host Tanya Janca speaks with Meghan Jacquot, who she met at OWASP Global AppSec in Dublin, Ireland. Tanya talked her into being on the podcast, and all of us get to hear about threat modelling (horizontally and vertically!), how women choose which conferences to attend, how to reduce physical risks when traveling, how to do security research and perform ‘good’ at the same time (“Cyber for good”), any her countless volunteer efforts to make our industry more welcoming. Meghan will be giving a talk at RSAC about how “You Are Not an Island - Threat Model as a Team”. With all of that, we somehow still had time to talk about interest span versus attention span. This is an episode you don’t want to miss!

Meghan’s Bio:

Meghan Jacquot is a Security Engineer with Inspectiv and focuses on vulnerabilities and attack surface management. She is particularly interested in cloud security, threat intelligence, investigating vulnerabilities, and the ethical use of data. Meghan shares her research via conferences and publications. Throughout the year, she helps a variety of organizations and folks including DEF CON as a SOC GOON, Diana Initiative, OWASP, SANS, and WiCyS. To relax she also spends time visiting national parks, gardening, and hanging with her chinchilla. She’s happy to connect with others on LinkedIn and Mastodon.

Meghan’s Links:

Meghan on LinkedIn

WiCyS has just opened their mentor and mentee program for the year and the applications close on March 22.

Meghan’s talk at #RSAC: You Are Not an Island - Threat Model as a Team

Women in Cyber WiCYS – 2 hour workshop on Threat Modelling a Conference (attending as a woman), with Jessica Robinson and Sumara (Link to slides coming soon)

Very special thanks to our sponsor: Women’s Society of Cyberjutsu!

Women’s Society of Cyberjutsu are hosting CYBERJUTSU CON 4.0 and the 10th Annual Cyberjutsu Awards on June 24, 2023!!! The con Con will consist of Hands-on Workshops, Capture The Flag (CTF) Competitions, Professional Headshots, Recruiting Opportunities, Celebration, and more. Participants will walk away with hands-on knowledge that can be applied immediately on the job. You can check out the event here: https://womenscyberjutsu.org/page/CyberCon2023

FYI the call for papers is still OPEN! Apply here: https://www.papercall.io/cyberjutsucon2023

And the nominations for the Annual Cyberjutsu Awards are here: https://womenscyberjutsu.org/page/AWARDS2023

Join We Hack Purple!

Check out our brand new courses in We Hack Purple Academy . Join us in the We Hack Purple Community: A fun and safe place to learn and share your knowledge with other professionals in the field. Subscribe to our newsletter for even more free knowledge! You can find us, in audio format, on Podcast Addict, Apple Podcast, Overcast, Pod, Amazon Music, Spotify, and more!