The Security Champions Podcast

Mike Burch
  • 5.0 (1)
  • TECHNOLOGY
  • UPDATED BIWEEKLY

Automation, Generative AI, Shift Left - the world of application security is evolving fast, and so are the conversations that shape it. Welcome to The Security Champions Podcast, the go-to resource for insights from the front lines of application security. The podcast is cohosted by Michael Burch, Director of Application Security for Security Journey, and Dustin Lehr, the Director of AppSec Advocacy. Each month, one of them shares a candid conversation with security leaders, engineering voices, and software experts.  From championing secure development practices to navigating real-world challenges in modern SDLCs, this show explores how teams are scaling appsec, strategy and culture.  New Episodes drop monthly, with even more security content at https://www.securityjourney.com/ Always remember: Security is a Journey, not a Destination. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This podcast is sponsored by Security Journey. FOLLOW US to stay up-to-date with new content!X (https://x.com/SecurityJourney)LinkedIn (https://www.linkedin.com/company/7574213)Instagram (https://www.instagram.com/securityjourney/?hl=en)YouTube (https://www.youtube.com/@UCBVPnBCNcZqx_WAuCsV6BuA )Online (securityjourney.com)CONTACT: hello@securityjourney.com

  1. FEB 4

    John Benninghoff - Tapping Other Fields To Approach Security Differently

    John Benninghoff is a long-time student and practitioner of managing information risk. His 25-year career in Cybersecurity and SRE spans financial services, retail, government, and health care. He founded Security Differently to advise organizations on how to integrate security into how work is done, quantify risk, improve performance, and make better decisions. John joins the podcast to explore what it means to treat security like other mature safety disciplines. Drawing on safety science, economics, and hands-on AppSec experience, he shares a practical perspective on security as decision support and how empowering developers with the right time and tools leads to stronger security outcomes. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com. FOLLOW US to stay up-to-date with new content! LinkedIn (linkedin.com/company/security-journey) Instagram (https://www.instagram.com/securityjourney) YouTube (youtube.com/c/securityjourney) Twitter (twitter.com/SecurityJourney) Online (securityjourney.com) CONTACT: hello@securityjourney.com

    1h 1m

  2. 12/10/2025

    Dustin Lehr & Michael Burch - End of Year Recap 2025

    It’s been a momentous year for security champions, developer empowerment, and cultivating security culture. In this special year-in-review episode, hosts Dustin Lehr and Michael Burch look back on the standout conversations and greatest moments from The Security Champions Podcast throughout 2025. Whether you're building a champion program, supporting developers, or shaping appsec strategy, this episode brings together the best of 2025 in one conversation. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com. FOLLOW US to stay up-to-date with new content! LinkedIn (linkedin.com/company/security-journey) Instagram (https://www.instagram.com/securityjourney) YouTube (youtube.com/c/securityjourney) Twitter (twitter.com/SecurityJourney) Online (securityjourney.com) CONTACT: hello@securityjourney.com

    1h 6m

  3. 11/05/2025

    Mark McMillan - Leading with the Carrot: Building Security Culture, Not Just Compliance

    Mark McMillan has been building and leading Information Security Champions programs for over five years and has spent nearly a decade shaping cybersecurity culture at Rocket. He's passionate about creating programs that empower, not punish, and help people understand their role in keeping data secure. In this episode of The Security Champions Podcast, Mark shares his journey into the field and what he has learned about fostering engaging and supportive security programs. He contrasts the outdated “stick” approach with a more empowering “carrot” method that fosters trust, ownership, and lasting behavior change. He breaks down how Champions Programs act as powerful networks of internal advocates, strategies for scaling and sustaining them over time, and the importance of continuous improvement and community support. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com. FOLLOW US to stay up-to-date with new content! LinkedIn (linkedin.com/company/security-journey) Instagram (https://www.instagram.com/securityjourney) YouTube (youtube.com/c/securityjourney) Twitter (twitter.com/SecurityJourney) Online (securityjourney.com) CONTACT: hello@securityjourney.com

    44 min

  4. 10/16/2025

    Dustin Lehr & Michael Burch - Security Champions Summit Recap

    In this episode of The Security Champions Podcast, hosts Dustin Lehr and Michael Burch discuss the recent success of the first annual Security Champions Summit. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com. FOLLOW US to stay up-to-date with new content! LinkedIn (linkedin.com/company/security-journey) Instagram (https://www.instagram.com/securityjourney) YouTube (youtube.com/c/securityjourney) Twitter (twitter.com/SecurityJourney) Online (securityjourney.com) CONTACT: hello@securityjourney.com

    44 min

  5. 09/03/2025

    Ariel Shin - Beyond Breaking: From Pen Tester to Problem Solver

    Ariel Shin is a Security Engineer at Stripe, specializing in threat modeling and proactively identifying and mitigating potential security risks. She is passionate about scaling application security while reducing engineering burdens and strives to create foundations that seamlessly integrate security practices into the development lifecycle. Ariel joined The Security Champions Podcast to share her journey from penetration testing to building scalable, developer-friendly security practices. In this episode, she dives into the often-overlooked "glue work" that holds teams together, challenges common assumptions about threat modeling, and explores how AI is changing the security landscape. From practical strategies to forward-looking insights, Ariel offers a thoughtful perspective on how organizations can embed security into their culture without slowing down innovation. Resources: The Security Champions Summit - https://events.zoom.us/ev/AtVdnJITWfhMUFnsW_M1i4ZmOOhCAmScdyS69xg0oR4tS4iB6WO3~ArhXmQ4WPfpu5UoldBPL0lWGMfMj3PAOBs_PvjGyJLrTp_TfOMbweudy8pDHhHm-Ure1Ej4jX3S_bz70EsiKmB8W4g ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com. FOLLOW US to stay up-to-date with new content! LinkedIn (linkedin.com/company/security-journey) Instagram (https://www.instagram.com/securityjourney) YouTube (youtube.com/c/securityjourney) Twitter (twitter.com/SecurityJourney) Online (securityjourney.com) CONTACT: hello@securityjourney.com

    1 hr

  6. 08/06/2025

    Eva Benn - Embracing Your Own Cybersecurity Identity

    Eva Benn is a Principal Security Program Manager for the Microsoft Security and Response Center. She is deeply involved in the security community, having served/serving on the leadership boards of the OWASP Seattle Chapter, WiCyS Western Washington, ISACA Puget Sound Chapter, the EC Council CEH Advisory Board, and the GIAC Advisory Board. She is also a Co-Chair of the Microsoft Women in Security and Co-Founder of Women in Tech Global. Eva joined The Security Champions Podcast to discuss the multitude of pathways into cybersecurity. The conversation dived into overcoming imposter syndrome, reshaping cybersecurity culture, and building a mindset where everyone sees themselves as defenders. Eva highlights the role of psychology in learning and the importance of gamification.   Resources: The Security Champions Summit https://events.zoom.us/ev/AtVdnJITWfhMUFnsW_M1i4ZmOOhCAmScdyS69xg0oR4tS4iB6WO3~ArhXmQ4WPfpu5UoldBPL0lWGMfMj3PAOBs_PvjGyJLrTp_TfOMbweudy8pDHhHm-Ure1Ej4jX3S_bz70EsiKmB8W4g Tactical AppSec: The Security Champions' Field Guide: https://info.securityjourney.com/tactical-appsec-field-guide ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com. FOLLOW US to stay up-to-date with new content! LinkedIn (linkedin.com/company/security-journey) Instagram (https://www.instagram.com/securityjourney) YouTube (youtube.com/c/securityjourney) Twitter (twitter.com/SecurityJourney) Online (securityjourney.com) CONTACT: hello@securityjourney.com

    1h 5m

  7. 07/09/2025

    Jacob Salassi - Developer Empathy: A Thoughtful Approach to Product Security

    Jacob Salassi, former Director of Product Security at Snowflake, joined this episode of The Security Champions Podcast to share insights from his experience leading security transformation at scale. This episode explores the role of empathy in driving security engagement and how security teams can better align with engineering workflows. Jacob discusses the process of building the AppSec program at Snowflake, designing effective code review practices, and navigating organizational challenges. The conversation also touches on the potential of emerging technologies like LLMs and highlights key lessons from Jacob’s career journey and post-Snowflake focus. Resources: The Security Champions Summit: https://events.zoom.us/ev/AtVdnJITWfhMUFnsW_M1i4ZmOOhCAmScdyS69xg0oR4tS4iB6WO3~ArhXmQ4WPfpu5UoldBPL0lWGMfMj3PAOBs_PvjGyJLrTp_TfOMbweudy8pDHhHm-Ure1Ej4jX3S_bz70EsiKmB8W4g Tactical AppSec: A Champions' Field Guide: https://info.securityjourney.com/tactical-appsec-field-guide ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com. FOLLOW US to stay up-to-date with new content! LinkedIn (linkedin.com/company/security-journey) Instagram (https://www.instagram.com/securityjourney) YouTube (youtube.com/c/securityjourney) Twitter (twitter.com/SecurityJourney) Online (securityjourney.com) CONTACT: hello@securityjourney.com

    1h 3m

  8. 06/04/2025

    David Kosorok - Mastering Application Security

    David Kosorok, the Director of Information Security Programs at Toast, Inc., has over 25 years of experience in software and security testing - including more than 16 years dedicated to security. He’s led and scaled product security programs across organizations of all sizes, making him a trusted voice in the appsec space.  In this episode of The Security Champion’s Podcast, David joined Dustin Lehr to share key insights from his new book ‘Mastering Application Security.’ They dive into what it takes to build a high-performing appsec team, from aligning talent with mission to prioritizing the right initiatives in your appsec program.  Resources:  BOOK - Mastering Application Security: Building Elite Teams for Tomorrow's Threats: https://www.amazon.com/Mastering-Application-Security-Building-Tomorrows-ebook/dp/B0F512GC8Y/ref=tmm_kin_swatch_0 Security Champions Field Guide: https://info.securityjourney.com/tactical-appsec-field-guide The Security Champion Program Success Guide: https://securitychampionsuccessguide.org/ Follow David on LinkedIn: https://www.linkedin.com/in/kosorok/ Follow Dustin on LinkedIn: https://www.linkedin.com/in/dustinlehr/ Subscribe to Dustin's YouTube channel: https://www.youtube.com/@UCjYquhHrc1GR9nySDNpJtRA ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com. FOLLOW US to stay up-to-date with new content! LinkedIn (linkedin.com/company/security-journey) Instagram (https://www.instagram.com/securityjourney) YouTube (youtube.com/c/securityjourney) Twitter (twitter.com/SecurityJourney) Online (securityjourney.com) CONTACT: hello@securityjourney.com

    1h 3m
See All (27)

Trailer

About

Automation, Generative AI, Shift Left - the world of application security is evolving fast, and so are the conversations that shape it. Welcome to The Security Champions Podcast, the go-to resource for insights from the front lines of application security. The podcast is cohosted by Michael Burch, Director of Application Security for Security Journey, and Dustin Lehr, the Director of AppSec Advocacy. Each month, one of them shares a candid conversation with security leaders, engineering voices, and software experts.  From championing secure development practices to navigating real-world challenges in modern SDLCs, this show explores how teams are scaling appsec, strategy and culture.  New Episodes drop monthly, with even more security content at https://www.securityjourney.com/ Always remember: Security is a Journey, not a Destination. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This podcast is sponsored by Security Journey. FOLLOW US to stay up-to-date with new content!X (https://x.com/SecurityJourney)LinkedIn (https://www.linkedin.com/company/7574213)Instagram (https://www.instagram.com/securityjourney/?hl=en)YouTube (https://www.youtube.com/@UCBVPnBCNcZqx_WAuCsV6BuA )Online (securityjourney.com)CONTACT: hello@securityjourney.com

Information

  • Creator
    Mike Burch
  • Years Active
    2023 - 2026
  • Episodes
    27
  • Rating
    Explicit
  • Copyright
    © 2026 The Security Champions Podcast
  • Show Website
    The Security Champions Podcast