The Security Champions Podcast

Mike Burch
  • 5.0 (1)
  • Technology
  • Updated Biweekly

Automation, Generative AI, Shift Left - the world of application security is evolving fast, and so are the conversations that shape it. Welcome to The Security Champions Podcast, the go-to resource for insights from the front lines of application security. The podcast is cohosted by Michael Burch, Director of Application Security for Security Journey, and Dustin Lehr, the Director of AppSec Advocacy. Each month, one of them shares a candid conversation with security leaders, engineering voices, and software experts.  From championing secure development practices to navigating real-world challenges in modern SDLCs, this show explores how teams are scaling appsec, strategy and culture.  New Episodes drop monthly, with even more security content at https://www.securityjourney.com/ Always remember: Security is a Journey, not a Destination. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This podcast is sponsored by Security Journey. FOLLOW US to stay up-to-date with new content!X (https://x.com/SecurityJourney)LinkedIn (https://www.linkedin.com/company/7574213)Instagram (https://www.instagram.com/securityjourney/?hl=en)YouTube (https://www.youtube.com/@UCBVPnBCNcZqx_WAuCsV6BuA )Online (securityjourney.com)CONTACT: hello@securityjourney.com

  1. May 6

    Spandana Sarala Gorantla - Scaling Security: How AI and Collaboration Transform Threat Modeling

    Spandana Sarala Gorantla is a Senior Product Security Engineer at Adobe, specializing in product security, threat modeling, and secure development practices. She is passionate about making threat modeling collaborative, practical, and scalable, especially as AI and agentic systems reshape how teams build software. Spandana joined The Security Champions Podcast to discuss why threat modeling matters more than ever in the age of AI. In this episode, she shares how threat modeling became a central part of her security career, why collaboration across engineering, product, business, and security teams is essential, and how AI can help scale early risk identification without replacing human judgment. The conversation explores practical approaches to threat modeling, the role of Security Champions, and why frameworks like STRIDE and MAESTRO can help teams ask better questions about modern systems. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com.  FOLLOW US to stay up-to-date with new content! LinkedIn (linkedin.com/company/security-journey)  Instagram (https://www.instagram.com/securityjourney)YouTube (youtube.com/c/securityjourney)Twitter (twitter.com/SecurityJourney)Online (securityjourney.com)  CONTACT: hello@securityjourney.com Get your free VIBE Coding Field Guide: https://hubs.ly/Q043-zdS0

    1h 3m

  2. Apr 8

    Nariman Aga-Tagiyev - Understanding the EU Cyber Resiliency Act: What You Need to Know

    Nariman Aga-Tagiyev is an application security expert with over two decades of experience in software development across diverse technology stacks, including cloud-native environments. Since 2016, he has been in charge of the Application Security program and the Secure Software Development Lifecycle, with deep expertise in frameworks such as BSIMM, OWASP SAMM, and NIST SSDF.  In this episode, Nariman breaks down the EU Cyber Resilience Act (CRA) and why it’s far more than a regional regulation. It’s a global shift in how software security is expected to be built and maintained. He explains what the CRA requires, how it impacts software vendors and open source, and what “secure by design” really looks like in practice. The conversation also covers practical steps teams can take today to prepare, without overcomplicating their approach. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com.  FOLLOW US to stay up-to-date with new content! LinkedIn (linkedin.com/company/security-journey)  Instagram (https://www.instagram.com/securityjourney)YouTube (youtube.com/c/securityjourney)Twitter (twitter.com/SecurityJourney)Online (securityjourney.com)  CONTACT: hello@securityjourney.com Get your free VIBE Coding Field Guide: https://hubs.ly/Q043-zdS0

    1h 3m

  3. Mar 18

    Roger Grimes - AI and the Future of Cybersecurity

    Roger A. Grimes, CISO Advisor for KnowBe4, Inc., is the author of 16 books and more than 1,600 articles, with deep expertise in host security and defending against hacker and malware attacks. A frequent speaker at major cybersecurity conferences, Roger is known for his fast-paced, insight-driven presentations packed with practical recommendations. In this episode of The Security Champions Podcast, Roger joins the conversation to explore the impact of AI on cybersecurity, software development, and industry practices. He shares insights on the opportunities and challenges of AI integration, highlights emerging trends, and emphasizes the importance of responsible AI use alongside strong foundational security principles. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com.  FOLLOW US to stay up-to-date with new content! LinkedIn (linkedin.com/company/security-journey)  Instagram (https://www.instagram.com/securityjourney)YouTube (youtube.com/c/securityjourney)Twitter (twitter.com/SecurityJourney)Online (securityjourney.com)  CONTACT: hello@securityjourney.com Get your free VIBE Coding Field Guide: https://hubs.ly/Q043-zdS0

    56 min

  4. Feb 4

    John Benninghoff - Tapping Other Fields To Approach Security Differently

    John Benninghoff is a long-time student and practitioner of managing information risk. His 25-year career in Cybersecurity and SRE spans financial services, retail, government, and health care. He founded Security Differently to advise organizations on how to integrate security into how work is done, quantify risk, improve performance, and make better decisions. John joins the podcast to explore what it means to treat security like other mature safety disciplines. Drawing on safety science, economics, and hands-on AppSec experience, he shares a practical perspective on security as decision support and how empowering developers with the right time and tools leads to stronger security outcomes. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com.  FOLLOW US to stay up-to-date with new content! LinkedIn (linkedin.com/company/security-journey)  Instagram (https://www.instagram.com/securityjourney)YouTube (youtube.com/c/securityjourney)Twitter (twitter.com/SecurityJourney)Online (securityjourney.com)  CONTACT: hello@securityjourney.com Get your free VIBE Coding Field Guide: https://hubs.ly/Q043-zdS0

    1h 1m

  5. 12/10/2025

    Dustin Lehr & Michael Burch - End of Year Recap 2025

    It’s been a momentous year for security champions, developer empowerment, and cultivating security culture. In this special year-in-review episode, hosts Dustin Lehr and Michael Burch look back on the standout conversations and greatest moments from The Security Champions Podcast throughout 2025. Whether you're building a champion program, supporting developers, or shaping appsec strategy, this episode brings together the best of 2025 in one conversation. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com.  FOLLOW US to stay up-to-date with new content! LinkedIn (linkedin.com/company/security-journey)  Instagram (https://www.instagram.com/securityjourney)YouTube (youtube.com/c/securityjourney)Twitter (twitter.com/SecurityJourney)Online (securityjourney.com)  CONTACT: hello@securityjourney.com Get your free VIBE Coding Field Guide: https://hubs.ly/Q043-zdS0

    1h 6m

  6. 11/05/2025

    Mark McMillan - Leading with the Carrot: Building Security Culture, Not Just Compliance

    Mark McMillan has been building and leading Information Security Champions programs for over five years and has spent nearly a decade shaping cybersecurity culture at Rocket. He's passionate about creating programs that empower, not punish, and help people understand their role in keeping data secure. In this episode of The Security Champions Podcast, Mark shares his journey into the field and what he has learned about fostering engaging and supportive security programs. He contrasts the outdated “stick” approach with a more empowering “carrot” method that fosters trust, ownership, and lasting behavior change. He breaks down how Champions Programs act as powerful networks of internal advocates, strategies for scaling and sustaining them over time, and the importance of continuous improvement and community support. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com.  FOLLOW US to stay up-to-date with new content! LinkedIn (linkedin.com/company/security-journey)  Instagram (https://www.instagram.com/securityjourney)YouTube (youtube.com/c/securityjourney)Twitter (twitter.com/SecurityJourney)Online (securityjourney.com)  CONTACT: hello@securityjourney.com Get your free VIBE Coding Field Guide: https://hubs.ly/Q043-zdS0

    44 min

  7. 10/16/2025

    Dustin Lehr & Michael Burch - Security Champions Summit Recap

    In this episode of The Security Champions Podcast, hosts Dustin Lehr and Michael Burch discuss the recent success of the first annual Security Champions Summit. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com.  FOLLOW US to stay up-to-date with new content! LinkedIn (linkedin.com/company/security-journey)  Instagram (https://www.instagram.com/securityjourney)YouTube (youtube.com/c/securityjourney)Twitter (twitter.com/SecurityJourney)Online (securityjourney.com)  CONTACT: hello@securityjourney.com Get your free VIBE Coding Field Guide: https://hubs.ly/Q043-zdS0

    44 min

  8. 09/03/2025

    Ariel Shin - Beyond Breaking: From Pen Tester to Problem Solver

    Ariel Shin is a Security Engineer at Stripe, specializing in threat modeling and proactively identifying and mitigating potential security risks. She is passionate about scaling application security while reducing engineering burdens and strives to create foundations that seamlessly integrate security practices into the development lifecycle. Ariel joined The Security Champions Podcast to share her journey from penetration testing to building scalable, developer-friendly security practices. In this episode, she dives into the often-overlooked "glue work" that holds teams together, challenges common assumptions about threat modeling, and explores how AI is changing the security landscape. From practical strategies to forward-looking insights, Ariel offers a thoughtful perspective on how organizations can embed security into their culture without slowing down innovation. Resources: The Security Champions Summit - https://events.zoom.us/ev/AtVdnJITWfhMUFnsW_M1i4ZmOOhCAmScdyS69xg0oR4tS4iB6WO3~ArhXmQ4WPfpu5UoldBPL0lWGMfMj3PAOBs_PvjGyJLrTp_TfOMbweudy8pDHhHm-Ure1Ej4jX3S_bz70EsiKmB8W4g ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com.  FOLLOW US to stay up-to-date with new content! LinkedIn (linkedin.com/company/security-journey)  Instagram (https://www.instagram.com/securityjourney)YouTube (youtube.com/c/securityjourney)Twitter (twitter.com/SecurityJourney)Online (securityjourney.com)  CONTACT: hello@securityjourney.com Get your free VIBE Coding Field Guide: https://hubs.ly/Q043-zdS0

    1 hr
See All (30)

Trailer

About

Automation, Generative AI, Shift Left - the world of application security is evolving fast, and so are the conversations that shape it. Welcome to The Security Champions Podcast, the go-to resource for insights from the front lines of application security. The podcast is cohosted by Michael Burch, Director of Application Security for Security Journey, and Dustin Lehr, the Director of AppSec Advocacy. Each month, one of them shares a candid conversation with security leaders, engineering voices, and software experts.  From championing secure development practices to navigating real-world challenges in modern SDLCs, this show explores how teams are scaling appsec, strategy and culture.  New Episodes drop monthly, with even more security content at https://www.securityjourney.com/ Always remember: Security is a Journey, not a Destination. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This podcast is sponsored by Security Journey. FOLLOW US to stay up-to-date with new content!X (https://x.com/SecurityJourney)LinkedIn (https://www.linkedin.com/company/7574213)Instagram (https://www.instagram.com/securityjourney/?hl=en)YouTube (https://www.youtube.com/@UCBVPnBCNcZqx_WAuCsV6BuA )Online (securityjourney.com)CONTACT: hello@securityjourney.com

Information

  • Creator
    Mike Burch
  • Years Active
    2023 - 2026
  • Episodes
    30
  • Rating
    Clean
  • Copyright
    © 2026 The Security Champions Podcast
  • Show Website
    The Security Champions Podcast

You Might Also Like