The Security Champions Podcast

Hosted by Mike Burch

Technology News Education

Website RSS feed

Episodes

Latest episode

Jun 2026

Language

EN-US

About the show

Automation, Generative AI, Shift Left - the world of application security is evolving fast, and so are the conversations that shape it. Welcome to The Security Champions Podcast , the go-to resource for insights from the front lines of application security. The podcast is cohosted by Michael Burch, Director of Application Security for Security Journey, and Dustin Lehr, the Director of AppSec Advocacy. Each month, one of them shares a candid conversation with security leaders, engineering voices, and software experts. From championing secure development practices to navigating real-world challenges in modern SDLCs, this show explores how teams are scaling appsec, strategy and culture. New Episodes drop monthly, with even more security content at https://www.securityjourney.com/ Always remember: Security is a Journey, not a Destination. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This podcast is sponsored by Security Journey. FOLLOW US to stay up-to-date with new content! X (https://x.com/SecurityJourney) LinkedIn (https://www.linkedin.com/company/7574213) Instagram (https://www.instagram.com/securityjourney/?hl=en) YouTube (https://www.youtube.com/@UCBVPnBCNcZqx_WAuCsV6BuA ) Online (securityjourney.com) CONTACT: hello@securityjourney.com

Listen to episodes

31 recent

June 3, 2026Episode 544 min

Brandon Troche - Engaging the Next Generation of Security Champions

Brandon Troche is an OWASP chapter leader in Las Vegas with a unique path into the AppSec community. Before stepping into cybersecurity, Brandon built his career in sales and marketing within the health and fitness industry, bringing a people-first perspective to community building, relationship development, and security education.In this episode of The Security Champions Podcast, Brandon joins Michael Burch to discuss the role of OWASP chapters in creating stronger, more connected AppSec communities. They explore the importance of member feedback, in-person meetups, accessible events, and support networks that help security professionals learn, collaborate, and grow, regardless of their technical background.0:07 Welcome to The Security Champions Podcast~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com. FOLLOW US to stay up-to-date with new content!LinkedIn (linkedin.com/company/security-journey) Instagram (https://www.instagram.com/securityjourney)YouTube (youtube.com/c/securityjourney)Twitter (twitter.com/SecurityJourney)Online (securityjourney.com) CONTACT: hello@securityjourney.com Get your free VIBE Coding Field Guide: https://hubs.ly/Q043-zdS0

May 6, 2026Episode 41 hr 2 min

Spandana Sarala Gorantla - Scaling Security: How AI and Collaboration Transform Threat Modeling

Spandana Sarala Gorantla is a Senior Product Security Engineer at Adobe, specializing in product security, threat modeling, and secure development practices. She is passionate about making threat modeling collaborative, practical, and scalable, especially as AI and agentic systems reshape how teams build software.Spandana joined The Security Champions Podcast to discuss why threat modeling matters more than ever in the age of AI. In this episode, she shares how threat modeling became a central part of her security career, why collaboration across engineering, product, business, and security teams is essential, and how AI can help scale early risk identification without replacing human judgment. The conversation explores practical approaches to threat modeling, the role of Security Champions, and why frameworks like STRIDE and MAESTRO can help teams ask better questions about modern systems.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com. FOLLOW US to stay up-to-date with new content!LinkedIn (linkedin.com/company/security-journey) Instagram (https://www.instagram.com/securityjourney)YouTube (youtube.com/c/securityjourney)Twitter (twitter.com/SecurityJourney)Online (securityjourney.com) CONTACT: hello@securityjourney.com Get your free VIBE Coding Field Guide: https://hubs.ly/Q043-zdS0

April 8, 2026Episode 31 hr 3 min

Nariman Aga-Tagiyev - Understanding the EU Cyber Resiliency Act: What You Need to Know

Nariman Aga-Tagiyev is an application security expert with over two decades of experience in software development across diverse technology stacks, including cloud-native environments. Since 2016, he has been in charge of the Application Security program and the Secure Software Development Lifecycle, with deep expertise in frameworks such as BSIMM, OWASP SAMM, and NIST SSDF. In this episode, Nariman breaks down the EU Cyber Resilience Act (CRA) and why it’s far more than a regional regulation. It’s a global shift in how software security is expected to be built and maintained. He explains what the CRA requires, how it impacts software vendors and open source, and what “secure by design” really looks like in practice. The conversation also covers practical steps teams can take today to prepare, without overcomplicating their approach.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com. FOLLOW US to stay up-to-date with new content!LinkedIn (linkedin.com/company/security-journey) Instagram (https://www.instagram.com/securityjourney)YouTube (youtube.com/c/securityjourney)Twitter (twitter.com/SecurityJourney)Online (securityjourney.com) CONTACT: hello@securityjourney.com Get your free VIBE Coding Field Guide: https://hubs.ly/Q043-zdS0

March 18, 2026Episode 255 min

Roger Grimes - AI and the Future of Cybersecurity

Roger A. Grimes, CISO Advisor for KnowBe4, Inc., is the author of 16 books and more than 1,600 articles, with deep expertise in host security and defending against hacker and malware attacks. A frequent speaker at major cybersecurity conferences, Roger is known for his fast-paced, insight-driven presentations packed with practical recommendations.In this episode of The Security Champions Podcast, Roger joins the conversation to explore the impact of AI on cybersecurity, software development, and industry practices. He shares insights on the opportunities and challenges of AI integration, highlights emerging trends, and emphasizes the importance of responsible AI use alongside strong foundational security principles.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com. FOLLOW US to stay up-to-date with new content!LinkedIn (linkedin.com/company/security-journey) Instagram (https://www.instagram.com/securityjourney)YouTube (youtube.com/c/securityjourney)Twitter (twitter.com/SecurityJourney)Online (securityjourney.com) CONTACT: hello@securityjourney.com Get your free VIBE Coding Field Guide: https://hubs.ly/Q043-zdS0

February 4, 2026Episode 11 hr 1 min

John Benninghoff - Tapping Other Fields To Approach Security Differently

John Benninghoff is a long-time student and practitioner of managing information risk. His 25-year career in Cybersecurity and SRE spans financial services, retail, government, and health care. He founded Security Differently to advise organizations on how to integrate security into how work is done, quantify risk, improve performance, and make better decisions.John joins the podcast to explore what it means to treat security like other mature safety disciplines. Drawing on safety science, economics, and hands-on AppSec experience, he shares a practical perspective on security as decision support and how empowering developers with the right time and tools leads to stronger security outcomes.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com. FOLLOW US to stay up-to-date with new content!LinkedIn (linkedin.com/company/security-journey) Instagram (https://www.instagram.com/securityjourney)YouTube (youtube.com/c/securityjourney)Twitter (twitter.com/SecurityJourney)Online (securityjourney.com) CONTACT: hello@securityjourney.com Get your free VIBE Coding Field Guide: https://hubs.ly/Q043-zdS0

December 10, 2025Episode 111 hr 6 min

Dustin Lehr & Michael Burch - End of Year Recap 2025

It’s been a momentous year for security champions, developer empowerment, and cultivating security culture. In this special year-in-review episode, hosts Dustin Lehr and Michael Burch look back on the standout conversations and greatest moments from The Security Champions Podcast throughout 2025.Whether you're building a champion program, supporting developers, or shaping appsec strategy, this episode brings together the best of 2025 in one conversation.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com. FOLLOW US to stay up-to-date with new content!LinkedIn (linkedin.com/company/security-journey) Instagram (https://www.instagram.com/securityjourney)YouTube (youtube.com/c/securityjourney)Twitter (twitter.com/SecurityJourney)Online (securityjourney.com) CONTACT: hello@securityjourney.com Get your free VIBE Coding Field Guide: https://hubs.ly/Q043-zdS0

November 5, 2025Episode 1043 min

Mark McMillan - Leading with the Carrot: Building Security Culture, Not Just Compliance

Mark McMillan has been building and leading Information Security Champions programs for over five years and has spent nearly a decade shaping cybersecurity culture at Rocket. He's passionate about creating programs that empower, not punish, and help people understand their role in keeping data secure.In this episode of The Security Champions Podcast, Mark shares his journey into the field and what he has learned about fostering engaging and supportive security programs. He contrasts the outdated “stick” approach with a more empowering “carrot” method that fosters trust, ownership, and lasting behavior change. He breaks down how Champions Programs act as powerful networks of internal advocates, strategies for scaling and sustaining them over time, and the importance of continuous improvement and community support.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com. FOLLOW US to stay up-to-date with new content!LinkedIn (linkedin.com/company/security-journey) Instagram (https://www.instagram.com/securityjourney)YouTube (youtube.com/c/securityjourney)Twitter (twitter.com/SecurityJourney)Online (securityjourney.com) CONTACT: hello@securityjourney.com Get your free VIBE Coding Field Guide: https://hubs.ly/Q043-zdS0

October 16, 2025Episode 943 min

Dustin Lehr & Michael Burch - Security Champions Summit Recap

In this episode of The Security Champions Podcast, hosts Dustin Lehr and Michael Burch discuss the recent success of the first annual Security Champions Summit.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com. FOLLOW US to stay up-to-date with new content!LinkedIn (linkedin.com/company/security-journey) Instagram (https://www.instagram.com/securityjourney)YouTube (youtube.com/c/securityjourney)Twitter (twitter.com/SecurityJourney)Online (securityjourney.com) CONTACT: hello@securityjourney.com Get your free VIBE Coding Field Guide: https://hubs.ly/Q043-zdS0

September 3, 2025Episode 81 hr 0 min

Ariel Shin - Beyond Breaking: From Pen Tester to Problem Solver

Ariel Shin is a Security Engineer at Stripe, specializing in threat modeling and proactively identifying and mitigating potential security risks. She is passionate about scaling application security while reducing engineering burdens and strives to create foundations that seamlessly integrate security practices into the development lifecycle.Ariel joined The Security Champions Podcast to share her journey from penetration testing to building scalable, developer-friendly security practices. In this episode, she dives into the often-overlooked "glue work" that holds teams together, challenges common assumptions about threat modeling, and explores how AI is changing the security landscape. From practical strategies to forward-looking insights, Ariel offers a thoughtful perspective on how organizations can embed security into their culture without slowing down innovation.Resources: The Security Champions Summit - https://events.zoom.us/ev/AtVdnJITWfhMUFnsW_M1i4ZmOOhCAmScdyS69xg0oR4tS4iB6WO3~ArhXmQ4WPfpu5UoldBPL0lWGMfMj3PAOBs_PvjGyJLrTp_TfOMbweudy8pDHhHm-Ure1Ej4jX3S_bz70EsiKmB8W4g~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com. FOLLOW US to stay up-to-date with new content!LinkedIn (linkedin.com/company/security-journey) Instagram (https://www.instagram.com/securityjourney)YouTube (youtube.com/c/securityjourney)Twitter (twitter.com/SecurityJourney)Online (securityjourney.com) CONTACT: hello@securityjourney.com Get your free VIBE Coding Field Guide: https://hubs.ly/Q043-zdS0

August 6, 2025Episode 71 hr 4 min

Eva Benn - Embracing Your Own Cybersecurity Identity

Eva Benn is a Principal Security Program Manager for the Microsoft Security and Response Center. She is deeply involved in the security community, having served/serving on the leadership boards of the OWASP Seattle Chapter, WiCyS Western Washington, ISACA Puget Sound Chapter, the EC Council CEH Advisory Board, and the GIAC Advisory Board. She is also a Co-Chair of the Microsoft Women in Security and Co-Founder of Women in Tech Global. Eva joined The Security Champions Podcast to discuss the multitude of pathways into cybersecurity. The conversation dived into overcoming imposter syndrome, reshaping cybersecurity culture, and building a mindset where everyone sees themselves as defenders. Eva highlights the role of psychology in learning and the importance of gamification. Resources: The Security Champions Summit https://events.zoom.us/ev/AtVdnJITWfhMUFnsW_M1i4ZmOOhCAmScdyS69xg0oR4tS4iB6WO3~ArhXmQ4WPfpu5UoldBPL0lWGMfMj3PAOBs_PvjGyJLrTp_TfOMbweudy8pDHhHm-Ure1Ej4jX3S_bz70EsiKmB8W4gTactical AppSec: The Security Champions' Field Guide: https://info.securityjourney.com/tactical-appsec-field-guide~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com. FOLLOW US to stay up-to-date with new content!LinkedIn (linkedin.com/company/security-journey) Instagram (https://www.instagram.com/securityjourney)YouTube (youtube.com/c/securityjourney)Twitter (twitter.com/SecurityJourney)Online (securityjourney.com) CONTACT: hello@securityjourney.com Get your free VIBE Coding Field Guide: https://hubs.ly/Q043-zdS0