The Security Champions Podcast

Spandana Sarala Gorantla is a Senior Product Security Engineer at Adobe, specializing in product security, threat modeling, and secure development practices. She is passionate about making threat modeling collaborative, practical, and scalable, especially as AI and agentic systems reshape how teams build software.Spandana joined The Security Champions Podcast to discuss why threat modeling matters more than ever in the age of AI. In this episode, she shares how threat modeling became a central part of her security career, why collaboration across engineering, product, business, and security teams is essential, and how AI can help scale early risk identification without replacing human judgment. The conversation explores practical approaches to threat modeling, the role of Security Champions, and why frameworks like STRIDE and MAESTRO can help teams ask better questions about modern systems.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com. FOLLOW US to stay up-to-date with new content!LinkedIn (linkedin.com/company/security-journey)  Instagram (https://www.instagram.com/securityjourney)YouTube (youtube.com/c/securityjourney)Twitter (twitter.com/SecurityJourney)Online (securityjourney.com)  CONTACT: [email protected] Get your free VIBE Coding Field Guide: https://hubs.ly/Q043-zdS0

Nariman Aga-Tagiyev is an application security expert with over two decades of experience in software development across diverse technology stacks, including cloud-native environments. Since 2016, he has been in charge of the Application Security program and the Secure Software Development Lifecycle, with deep expertise in frameworks such as BSIMM, OWASP SAMM, and NIST SSDF. In this episode, Nariman breaks down the EU Cyber Resilience Act (CRA) and why it’s far more than a regional regulation. It’s a global shift in how software security is expected to be built and maintained. He explains what the CRA requires, how it impacts software vendors and open source, and what “secure by design” really looks like in practice. The conversation also covers practical steps teams can take today to prepare, without overcomplicating their approach.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com. FOLLOW US to stay up-to-date with new content!LinkedIn (linkedin.com/company/security-journey)  Instagram (https://www.instagram.com/securityjourney)YouTube (youtube.com/c/securityjourney)Twitter (twitter.com/SecurityJourney)Online (securityjourney.com)  CONTACT: [email protected] Get your free VIBE Coding Field Guide: https://hubs.ly/Q043-zdS0

Roger A. Grimes, CISO Advisor for KnowBe4, Inc., is the author of 16 books and more than 1,600 articles, with deep expertise in host security and defending against hacker and malware attacks. A frequent speaker at major cybersecurity conferences, Roger is known for his fast-paced, insight-driven presentations packed with practical recommendations.In this episode of The Security Champions Podcast, Roger joins the conversation to explore the impact of AI on cybersecurity, software development, and industry practices. He shares insights on the opportunities and challenges of AI integration, highlights emerging trends, and emphasizes the importance of responsible AI use alongside strong foundational security principles.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com. FOLLOW US to stay up-to-date with new content!LinkedIn (linkedin.com/company/security-journey)  Instagram (https://www.instagram.com/securityjourney)YouTube (youtube.com/c/securityjourney)Twitter (twitter.com/SecurityJourney)Online (securityjourney.com)  CONTACT: [email protected] Get your free VIBE Coding Field Guide: https://hubs.ly/Q043-zdS0

John Benninghoff is a long-time student and practitioner of managing information risk. His 25-year career in Cybersecurity and SRE spans financial services, retail, government, and health care. He founded Security Differently to advise organizations on how to integrate security into how work is done, quantify risk, improve performance, and make better decisions.John joins the podcast to explore what it means to treat security like other mature safety disciplines. Drawing on safety science, economics, and hands-on AppSec experience, he shares a practical perspective on security as decision support and how empowering developers with the right time and tools leads to stronger security outcomes.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com. FOLLOW US to stay up-to-date with new content!LinkedIn (linkedin.com/company/security-journey)  Instagram (https://www.instagram.com/securityjourney)YouTube (youtube.com/c/securityjourney)Twitter (twitter.com/SecurityJourney)Online (securityjourney.com)  CONTACT: [email protected] Get your free VIBE Coding Field Guide: https://hubs.ly/Q043-zdS0

It’s been a momentous year for security champions, developer empowerment, and cultivating security culture. In this special year-in-review episode, hosts Dustin Lehr and Michael Burch look back on the standout conversations and greatest moments from The Security Champions Podcast throughout 2025.Whether you're building a champion program, supporting developers, or shaping appsec strategy, this episode brings together the best of 2025 in one conversation.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com. FOLLOW US to stay up-to-date with new content!LinkedIn (linkedin.com/company/security-journey)  Instagram (https://www.instagram.com/securityjourney)YouTube (youtube.com/c/securityjourney)Twitter (twitter.com/SecurityJourney)Online (securityjourney.com)  CONTACT: [email protected] Get your free VIBE Coding Field Guide: https://hubs.ly/Q043-zdS0

Mark McMillan has been building and leading Information Security Champions programs for over five years and has spent nearly a decade shaping cybersecurity culture at Rocket. He's passionate about creating programs that empower, not punish, and help people understand their role in keeping data secure.In this episode of The Security Champions Podcast, Mark shares his journey into the field and what he has learned about fostering engaging and supportive security programs. He contrasts the outdated “stick” approach with a more empowering “carrot” method that fosters trust, ownership, and lasting behavior change. He breaks down how Champions Programs act as powerful networks of internal advocates, strategies for scaling and sustaining them over time, and the importance of continuous improvement and community support.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com. FOLLOW US to stay up-to-date with new content!LinkedIn (linkedin.com/company/security-journey)  Instagram (https://www.instagram.com/securityjourney)YouTube (youtube.com/c/securityjourney)Twitter (twitter.com/SecurityJourney)Online (securityjourney.com)  CONTACT: [email protected] Get your free VIBE Coding Field Guide: https://hubs.ly/Q043-zdS0

In this episode of The Security Champions Podcast, hosts Dustin Lehr and Michael Burch discuss the recent success of the first annual Security Champions Summit.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com. FOLLOW US to stay up-to-date with new content!LinkedIn (linkedin.com/company/security-journey)  Instagram (https://www.instagram.com/securityjourney)YouTube (youtube.com/c/securityjourney)Twitter (twitter.com/SecurityJourney)Online (securityjourney.com)  CONTACT: [email protected] Get your free VIBE Coding Field Guide: https://hubs.ly/Q043-zdS0

Ariel Shin is a Security Engineer at Stripe, specializing in threat modeling and proactively identifying and mitigating potential security risks. She is passionate about scaling application security while reducing engineering burdens and strives to create foundations that seamlessly integrate security practices into the development lifecycle.Ariel joined The Security Champions Podcast to share her journey from penetration testing to building scalable, developer-friendly security practices. In this episode, she dives into the often-overlooked "glue work" that holds teams together, challenges common assumptions about threat modeling, and explores how AI is changing the security landscape. From practical strategies to forward-looking insights, Ariel offers a thoughtful perspective on how organizations can embed security into their culture without slowing down innovation.Resources: The Security Champions Summit - https://events.zoom.us/ev/AtVdnJITWfhMUFnsW_M1i4ZmOOhCAmScdyS69xg0oR4tS4iB6WO3~ArhXmQ4WPfpu5UoldBPL0lWGMfMj3PAOBs_PvjGyJLrTp_TfOMbweudy8pDHhHm-Ure1Ej4jX3S_bz70EsiKmB8W4g~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com. FOLLOW US to stay up-to-date with new content!LinkedIn (linkedin.com/company/security-journey)  Instagram (https://www.instagram.com/securityjourney)YouTube (youtube.com/c/securityjourney)Twitter (twitter.com/SecurityJourney)Online (securityjourney.com)  CONTACT: [email protected] Get your free VIBE Coding Field Guide: https://hubs.ly/Q043-zdS0

Eva Benn is a Principal Security Program Manager for the Microsoft Security and Response Center. She is deeply involved in the security community, having served/serving on the leadership boards of the OWASP Seattle Chapter, WiCyS Western Washington, ISACA Puget Sound Chapter, the EC Council CEH Advisory Board, and the GIAC Advisory Board. She is also a Co-Chair of the Microsoft Women in Security and Co-Founder of Women in Tech Global. Eva joined The Security Champions Podcast to discuss the multitude of pathways into cybersecurity. The conversation dived into overcoming imposter syndrome, reshaping cybersecurity culture, and building a mindset where everyone sees themselves as defenders. Eva highlights the role of psychology in learning and the importance of gamification.  Resources: The Security Champions Summit https://events.zoom.us/ev/AtVdnJITWfhMUFnsW_M1i4ZmOOhCAmScdyS69xg0oR4tS4iB6WO3~ArhXmQ4WPfpu5UoldBPL0lWGMfMj3PAOBs_PvjGyJLrTp_TfOMbweudy8pDHhHm-Ure1Ej4jX3S_bz70EsiKmB8W4gTactical AppSec: The Security Champions' Field Guide: https://info.securityjourney.com/tactical-appsec-field-guide~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com. FOLLOW US to stay up-to-date with new content!LinkedIn (linkedin.com/company/security-journey)  Instagram (https://www.instagram.com/securityjourney)YouTube (youtube.com/c/securityjourney)Twitter (twitter.com/SecurityJourney)Online (securityjourney.com)  CONTACT: [email protected] Get your free VIBE Coding Field Guide: https://hubs.ly/Q043-zdS0

Jacob Salassi, former Director of Product Security at Snowflake, joined this episode of The Security Champions Podcast to share insights from his experience leading security transformation at scale.This episode explores the role of empathy in driving security engagement and how security teams can better align with engineering workflows. Jacob discusses the process of building the AppSec program at Snowflake, designing effective code review practices, and navigating organizational challenges. The conversation also touches on the potential of emerging technologies like LLMs and highlights key lessons from Jacob’s career journey and post-Snowflake focus.Resources:The Security Champions Summit: https://events.zoom.us/ev/AtVdnJITWfhMUFnsW_M1i4ZmOOhCAmScdyS69xg0oR4tS4iB6WO3~ArhXmQ4WPfpu5UoldBPL0lWGMfMj3PAOBs_PvjGyJLrTp_TfOMbweudy8pDHhHm-Ure1Ej4jX3S_bz70EsiKmB8W4gTactical AppSec: A Champions' Field Guide: https://info.securityjourney.com/tactical-appsec-field-guide~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com. FOLLOW US to stay up-to-date with new content!LinkedIn (linkedin.com/company/security-journey)  Instagram (https://www.instagram.com/securityjourney)YouTube (youtube.com/c/securityjourney)Twitter (twitter.com/SecurityJourney)Online (securityjourney.com)  CONTACT: [email protected] Get your free VIBE Coding Field Guide: https://hubs.ly/Q043-zdS0

David Kosorok, the Director of Information Security Programs at Toast, Inc., has over 25 years of experience in software and security testing - including more than 16 years dedicated to security. He’s led and scaled product security programs across organizations of all sizes, making him a trusted voice in the appsec space. In this episode of The Security Champion’s Podcast, David joined Dustin Lehr to share key insights from his new book ‘Mastering Application Security.’ They dive into what it takes to build a high-performing appsec team, from aligning talent with mission to prioritizing the right initiatives in your appsec program. Resources: BOOK - Mastering Application Security: Building Elite Teams for Tomorrow's Threats: https://www.amazon.com/Mastering-Application-Security-Building-Tomorrows-ebook/dp/B0F512GC8Y/ref=tmm_kin_swatch_0Security Champions Field Guide: https://info.securityjourney.com/tactical-appsec-field-guideThe Security Champion Program Success Guide: https://securitychampionsuccessguide.org/Follow David on LinkedIn: https://www.linkedin.com/in/kosorok/Follow Dustin on LinkedIn: https://www.linkedin.com/in/dustinlehr/Subscribe to Dustin's YouTube channel: https://www.youtube.com/@UCjYquhHrc1GR9nySDNpJtRA~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com. FOLLOW US to stay up-to-date with new content!LinkedIn (linkedin.com/company/security-journey)  Instagram (https://www.instagram.com/securityjourney)YouTube (youtube.com/c/securityjourney)Twitter (twitter.com/SecurityJourney)Online (securityjourney.com)  CONTACT: [email protected] Get your free VIBE Coding Field Guide: https://hubs.ly/Q043-zdS0

Dustin Lehr joined Security Journey as Director of Application Security Advocacy. With nearly two decades of experience as a software engineer, application architect, and cybersecurity leader, Dustin has ample expertise in the industry.In this episode of The Security Champions Podcast, Dustin joined to explore the interconnected roles of secure code, security-conscious culture, developer behavior, and the proper tooling. Discover practical insights on how to move beyond siloed approaches and create a truly effective strategy for product security.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com. FOLLOW US to stay up-to-date with new content!LinkedIn (linkedin.com/company/security-journey)  Instagram (https://www.instagram.com/securityjourney)YouTube (youtube.com/c/securityjourney)Twitter (twitter.com/SecurityJourney)Online (securityjourney.com)  CONTACT: [email protected] Get your free VIBE Coding Field Guide: https://hubs.ly/Q043-zdS0

Roger A. Grimes, Data-Driven Defense Evangelist for KnowBe4, Inc., is the author of 15 books and over 1500 articles. He specializes in host security and preventing hacker and malware attacks. Roger is a frequent speaker at national computer security conferences and his presentations are fast-paced and full of useful facts and recommendations.This episode of The Security Champions Podcast explores the fascinating concepts of quantum mechanics and how they relate to cryptography. It explores topics like quantum entanglement, quantum tunneling, and the mind-boggling reality that a quantum particle can be in all states simultaneously. Also discussed are the potential risks quantum computers pose to existing encryption methods and what you can do to prepare.Podcast Chapters: 0:10 Welcome to the Security Champions Podcast 10:52 Not Here To Do Little Things 15:12 Being a Cybersecurity Evangelist23:18 What Exactly is Quantum26:15 Quantum Entanglement30:28 Two-Photon Double-Slit Experiment 33:21 Quantum Tunneling35:54 Quantum Particle Can Be All States At All Times40:30 The Race to Post-Quantum Cryptography44:57 Quantum Cryptography Could Break All Crypto49:20 How to Protect Your Organization ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com. FOLLOW US to stay up-to-date with new content!LinkedIn (linkedin.com/company/security-journey)  Instagram (https://www.instagram.com/securityjourney)YouTube (youtube.com/c/securityjourney)Twitter (twitter.com/SecurityJourney)Online (securityjourney.com)  CONTACT: [email protected] Get your free VIBE Coding Field Guide: https://hubs.ly/Q043-zdS0

Adam Bruehl, a Senior DevOps Engineer at Security Journey, has a unique blend of expertise ranging from biology to technology.In this episode, Adam dives into the intersection of cybersecurity and medical devices, pharmaceutical research, and patient data. Hear first-hand accounts of security incidents, ethical dilemmas, and the constant battle to balance cutting-edge technology with outdated protocols in an industry where the stakes are life and death. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com. FOLLOW US to stay up-to-date with new content!LinkedIn (linkedin.com/company/security-journey)  Instagram (https://www.instagram.com/securityjourney)YouTube (youtube.com/c/securityjourney)Twitter (twitter.com/SecurityJourney)Online (securityjourney.com)  CONTACT: [email protected] Get your free VIBE Coding Field Guide: https://hubs.ly/Q043-zdS0

Michael Erquitt is a Senior Security Engineer at Security Journey who develops educational content for all of our learners.Michael joined the podcast to discuss the AI Threat Landscape. The discussion starts with the history of the AI threat landscape before moving on to the biggest AI security changes of 2025 and the future of AI and AI security. 0:05 Welcome to The Security Champions Podcast10:23 The History of the AI Threat Landscape16:41 Securing AI Compared to Other Technologies 18:53 The Biggest AI Security Changes Expected in 202528:20 Number 1 Piece of Advice for 202536:47 The Future of AI ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com. FOLLOW US to stay up-to-date with new content!LinkedIn (linkedin.com/company/security-journey)  Instagram (https://www.instagram.com/securityjourney)YouTube (youtube.com/c/securityjourney)Twitter (twitter.com/SecurityJourney)Online (securityjourney.com)  CONTACT: [email protected] Get your free VIBE Coding Field Guide: https://hubs.ly/Q043-zdS0

Phillip Maddux is the founder of Deception Logic and a Staff Engineer on the Detection Engineering and Response Automation team at Compass. With close to two decades of experience in information and application security, Phillip's passion for honeypots led him to develop HoneyDB.io and his company, Deception Logic.   In this episode of The Security Champions Podcast, Phillip explained the world of deception technology and its evolving role in cybersecurity. From high-fidelity honeypots to detecting insider threats, the conversation dives into how these tools can mislead attackers while protecting critical systems. Podcast Chapters: 0:05 Welcome to the Security Champions Podcast 10:30 What is Deception Technology? 15:12 High-Fidelity Honeypots  21:07 Detecting Insider Threats 28:13 The Ethics of 'Poison'  32:30 AI's Space in Deception Technology 36:15 Deception in 5 Years~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com. FOLLOW US to stay up-to-date with new content!LinkedIn (linkedin.com/company/security-journey)  Instagram (https://www.instagram.com/securityjourney)YouTube (youtube.com/c/securityjourney)Twitter (twitter.com/SecurityJourney)Online (securityjourney.com)  CONTACT: [email protected] Get your free VIBE Coding Field Guide: https://hubs.ly/Q043-zdS0

Irfaan Santoe is the leader of the OWASP Netherlands chapter and the creator of the OWASP Security Champions Guide. He is passionate about scaling security in AppDev, DevOps, and Cloud and has helped numerous multinationals solve information security challenges. In this episode of The Security Champions Podcast, Irfaan walks through the Security Champion Program Guide. He shares the motivation behind the project, what makes this guide different, how security champions can affect real change, and more! [0:05] Welcome to The Security Champions Podcast [14:13] The Motivation Behind the OWASP Security Champions Guide [18:02] How To Get Buy-In for a New OWASP Project [21:28] Why the Champions Guide is Different[28:26] How To Make Everyone a Security Champion[32:49] Engineers are Part of the Security Team  [37:52] Facilitating Behavioral Change[41:02] How Security Champions Bring the Community TogetherEpisode Resources:OWASP Security Champions Guide - https://owasp.org/www-project-security-champions-guidebook/~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com. FOLLOW US to stay up-to-date with new content!LinkedIn (linkedin.com/company/security-journey)  Instagram (https://www.instagram.com/securityjourney)YouTube (youtube.com/c/securityjourney)Twitter (twitter.com/SecurityJourney)Online (securityjourney.com)  CONTACT: [email protected] Get your free VIBE Coding Field Guide: https://hubs.ly/Q043-zdS0

Noah Morse is an application security engineer at Security Journey focused on building vulnerable sandboxes for our Break/Fix lessons that teach developers how to secure applications. Noah joined the podcast to share his experience attending Black Hat USA 2024. They cover some of the most popular topics from the conference, the talks that Noah attended and key takeaways to consider. Welcome to The Security Champions Podcast [0:25]AI/LLMs "That's How They're Supposed to Work" [6:24]The Scary Long Game Social Engineering Attacks That Most of Us Would Fall For [10:15]Relationships Matter in Ransomware Gangs [14:17]Privacy Intrusion Techniques [20:20]Hackers in the Media [24:05]Quantum Computers [29:50]Ransomware Groups Have Better Security Than You [32:50]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com. FOLLOW US to stay up-to-date with new content!LinkedIn (linkedin.com/company/security-journey)  Instagram (https://www.instagram.com/securityjourney)YouTube (youtube.com/c/securityjourney)Twitter (twitter.com/SecurityJourney)Online (securityjourney.com)  CONTACT: [email protected] Get your free VIBE Coding Field Guide: https://hubs.ly/Q043-zdS0

Michael Bargury is a security researcher passionate about all things related to cloud, SaaS and low-code security, and he spends his time finding the ways they could all go wrong. He is the co-founder and CTO of Zenity, where he helps companies secure their low-code/no-code apps and leads the OWASP No-Code/Low-Code Top 10 project.Michael joined the podcast to explain low-code/no-code solutions and discuss the best practices for optimizing security in the organizations that use them. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com. FOLLOW US to stay up-to-date with new content!LinkedIn (linkedin.com/company/security-journey)  Instagram (https://www.instagram.com/securityjourney)YouTube (youtube.com/c/securityjourney)Twitter (twitter.com/SecurityJourney)Online (securityjourney.com)  CONTACT: [email protected] Get your free VIBE Coding Field Guide: https://hubs.ly/Q043-zdS0

Ahmad is an entrepreneur with three successful ventures who is currently the CEO at Corgea. He led various products at Coupa after they acquired his previous venture, Riskopy. He built his current company due to frustration with the manual and inefficient processes companies take around security. Ahmad joined the podcast to discuss the use of AI in product security, offering insight into its positive and negative implications. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com. FOLLOW US to stay up-to-date with new content!LinkedIn (linkedin.com/company/security-journey)  Instagram (https://www.instagram.com/securityjourney)YouTube (youtube.com/c/securityjourney)Twitter (twitter.com/SecurityJourney)Online (securityjourney.com)  CONTACT: [email protected] Get your free VIBE Coding Field Guide: https://hubs.ly/Q043-zdS0

Join Micheal Burch, host of The Security Champions Podcast, as he reminisces about the standout moments from this season's conversations, from unraveling the intricacies of elegant code to exploring the human side of coding.Welcome to The Security Champions Podcast [0:15] Clip 1 - What Can We Do For Our Security Champions? [18:30]Clip 2 - Elegant Code Leads to Better Security [26:25]Clip 3 - The Human Side of Security [31:22]Clip 4 - Gamification of Champions Programs [33:53]Clip 5 - Don't be 'The House of No' [39:25]Clip 6 - Baking Security into the Company Culture [46:09]Clip 7 - How to Keep Your Security Champions [51:35]Clip 8 - Bridging the Gap Between Security and Development [55:28]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com. FOLLOW US to stay up-to-date with new content!LinkedIn (linkedin.com/company/security-journey)  Instagram (https://www.instagram.com/securityjourney)YouTube (youtube.com/c/securityjourney)Twitter (twitter.com/SecurityJourney)Online (securityjourney.com)  CONTACT: [email protected] Get your free VIBE Coding Field Guide: https://hubs.ly/Q043-zdS0

Derek is a multifaceted professional with expertise in information security, serving as an author, leader, speaker, and university instructor. His commitment to enhancing information security has defined his career, steering high-performing cybersecurity teams and crafting strategic initiatives that effectively mitigate risks and safeguard sensitive data. He excels in uniting teams, implementing regulatory compliance systems, and establishing comprehensive enterprise security services to ensure organizations' secure digital landscape navigation.Derek joined us to discuss the Application Security Program Handbook and how to run security champions programs effectively. Welcome to The Security Champions Podcast [0:15] The Application Security Program Handbook [12:00]The Conflict Between Development & Security [16:23]Create Guard Rails, Not Barriers [22:30]Leveraging Security Champions [28:02]Regulations Effect on Development Teams & Education [39:51]Tips & Tricks for Security Champions Programs [46:55] Episode Resources:Application Security Program Handbook~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com. FOLLOW US to stay up-to-date with new content!LinkedIn (linkedin.com/company/security-journey)  Instagram (https://www.instagram.com/securityjourney)YouTube (youtube.com/c/securityjourney)Twitter (twitter.com/SecurityJourney)Online (securityjourney.com)  CONTACT: [email protected] Get your free VIBE Coding Field Guide: https://hubs.ly/Q043-zdS0

Tanya Janca, also known as SheHacksPurple, is the best-selling author of 'Alice and Bob Learn Application Security' and founder of We Hack Purple. Tanya has been coding and working in IT for over 25 years, has won countless awards, and has been everywhere, from public service to tech giants, writing software, leading communities, founding companies, and 'securing all things'. Tanya joins the podcast to discuss the recipe for success for security champions programs. She touches on best practices for recruiting, engagement, education, recognition & rewards, and maintaining a champions program. Welcome to The Security Champions Podcast [0:15]Alice and Bob Learn Application Security [3:55]Why We Hack Purple? [9:10]The Recipe for Succes with Security Champions Programs [14:30]How to Engage Your Champions [25:50]What to Teach Security Champions [38:28]Recognition & Rewards to Drive Engagement [46:45]How to Maintain Your Security Champion Program [57:50]Collaboration Between Dev & Security [1:06:49] Episode Resources:Alice & Bob Learn Application SecurityWe Hack Purple Podcast~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com. FOLLOW US to stay up-to-date with new content!LinkedIn (linkedin.com/company/security-journey)  Instagram (https://www.instagram.com/securityjourney)YouTube (youtube.com/c/securityjourney)Twitter (twitter.com/SecurityJourney)Online (securityjourney.com)  CONTACT: [email protected] Get your free VIBE Coding Field Guide: https://hubs.ly/Q043-zdS0

Jason Haddix has had a distinguished 15-year career in cybersecurity, previously serving as the CISO of Ubisoft, Head of Trust/Security/Operations at Bugcrowd, Director of Penetration Testing at HP, and Lead Penetration Tester at Redspin. He is a hacker and bug hunter to the core and has authored many talks, speaking at cons such as BlackHat, RSA, and many more. Jason joins us to discuss best practices learned from his experience running security champion programs, the layers of application security, and how to foster collaboration between development and security teams.  Welcome to The Security Champions Podcast [0:15] AI Prevalence & Staying Secure [8:20]The Best Aspects of Security Champions Programs [16:23]The Methodology of Training Security Champions [27:01]Preventing Gaps Left by Security Tools [31:25]In-House vs. Contracted Pen-Testing [36:02]The Layers of AppSec [41:55]Bringing Development & Security Teams Together [50:52] Episode Resources:Jason Haddix on the Critical Thinking PodcastJason Haddix on the Darknet Diaries HackerOne Community Blog~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com. FOLLOW US to stay up-to-date with new content!LinkedIn (linkedin.com/company/security-journey)  Instagram (https://www.instagram.com/securityjourney)YouTube (youtube.com/c/securityjourney)Twitter (twitter.com/SecurityJourney)Online (securityjourney.com)  CONTACT: [email protected] Get your free VIBE Coding Field Guide: https://hubs.ly/Q043-zdS0

Ron Woerner, CISSP, CISM, is the President and Chief Security Officer at Cyber-AAA, plus a Senior Security and Risk Consultant for Forrester Research. With over 20 years of experience in IT and Security experience, Ron works with leaders worldwide to advise on security, compliance, and privacy.Ron joins to discuss how organizations should adapt tools and methodologies for their business' maturity, how to have impactful security champion mentors, and how security teams can successfully work with other teams.Welcome to The Security Champions Podcast [0:10] Ron Woerner’s Security Journey [1:20] Zero Trust Architecture [4:50]Using Tools Based On Business Maturity [10:30]Successful Security Mentorship [15:30]Episode Resources: cyber-aaa.comcybersecurity.bellevue.edu~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com. FOLLOW US to stay up-to-date with new content!LinkedIn (linkedin.com/company/security-journey)  Instagram (https://www.instagram.com/securityjourney)YouTube (youtube.com/c/securityjourney)Twitter (twitter.com/SecurityJourney)Online (securityjourney.com)  CONTACT: [email protected] Get your free VIBE Coding Field Guide: https://hubs.ly/Q043-zdS0

Dustin Lehr is the Sr. Director of Platform Security at Fivetran & the Co-founder and Chief Solutions Officer at Katilyst Security. Before shifting into cybersecurity leadership, Dustin spent 13 years as a software engineer and application architect in various industries. He joins us to discuss The Security Champion Program Success Guide and the inner workings of Fivetran's security champion program.Welcome to The Security Champions Podcast [0:35]The Security Champion Program Success Guide [12:38]Gamification for Learning [22:01]Insights from Fivetran's Program [33:10]What is a Security Champion? [40:30]Proving the ROI of Security Champions [46:11]Bridging the Security and Development Divide [50:02]Episode Resources:The Security Champion Program Success Guide Let's Talk Software Security! --  An online group where Dustin and others share tips, tricks, and ideas for making DevSecOps, Shift Left, and Security By Design concepts work efficiently for organizations.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com. FOLLOW US to stay up-to-date with new content!LinkedIn (linkedin.com/company/security-journey)  Instagram (https://www.instagram.com/securityjourney)YouTube (youtube.com/c/securityjourney)Twitter (twitter.com/SecurityJourney)Online (securityjourney.com)  CONTACT: [email protected] Get your free VIBE Coding Field Guide: https://hubs.ly/Q043-zdS0

Kenneth Buckler, CASP, is a research analyst of information security/risk and compliance management for Enterprise Management Associates, a technology industry analyst and consulting firm. With over 15 years of experience, Ken is an author on cybersecurity topics and has spent several years working for federal contractors in cybersecurity practitioner roles. Ken joins to discuss the human side of secure coding, the important elements of secure coding practices, and how to teach a security mindset.·       Welcome to The Security Champions Podcast [0:10]·      Secure Coding Training Research [8:45]·       The Struggles with Shifting Left [13:10]·       Communicating the Importance of Secure Coding [17:20]·       Security Champions Role in Secure Coding [25:30] Episode Resources:·       Secure Coding Practices – Growing Success or Zero-Day Epidemic? January 2023 EMA Research Report ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com. FOLLOW US to stay up-to-date with new content!LinkedIn (linkedin.com/company/security-journey)  Instagram (https://www.instagram.com/securityjourney)YouTube (youtube.com/c/securityjourney)Twitter (twitter.com/SecurityJourney)Online (securityjourney.com)  CONTACT: [email protected] Get your free VIBE Coding Field Guide: https://hubs.ly/Q043-zdS0

Tim Brown is the CISO of SolarWinds, responsible for overseeing the company's internal IT security, product security, and security strategy. With over 25 years of experience and 18 issued patents on security-related topics, Tim is a trusted advisor for business executives, AppSec leaders, and the White House.  Tim joins to discuss the concept of elegant code and the impact elegant coding can have on an organization's security.  Welcome to The Security Champions Podcast [0:10] Takeaways from the SolarWinds Breach [7:00] The Structure of Elegant Code [15:45] When to Implement Elegant Code [21:40] Prioritization of Mitigating Vulnerabilities [34:00] Unifying Security and Development [44:15] Episode Resources: Mastering Elegant Code Part 1: Advantages and Security Benefits of Elegant CodeMastering Elegant Code Part 2: 6 Techniques for Writing Elegant Code ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com. FOLLOW US to stay up-to-date with new content!LinkedIn (linkedin.com/company/security-journey)  Instagram (https://www.instagram.com/securityjourney)YouTube (youtube.com/c/securityjourney)Twitter (twitter.com/SecurityJourney)Online (securityjourney.com)  CONTACT: [email protected] Get your free VIBE Coding Field Guide: https://hubs.ly/Q043-zdS0

Chris Romeo, AppSec expert and CEO of Kerr Ventures, joins to talk about The Security Champions Framework and the biggest mistake organizations make with security champion programs. Welcome to The Security Champions Podcast [0:10] Starting Cisco’s Security Champions Program [10:00] The Year of Security Champions [13:00] The Security Champions Framework [15:23] Biggest Security Champion Program Mistakes [26:00] Growing a Program from Day 1 [35:00]  Episode Resources: The Security Champions Framework (hosted on GitHub) Using the Security Champions Framework to Optimize Your Security Program~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com. FOLLOW US to stay up-to-date with new content!LinkedIn (linkedin.com/company/security-journey)  Instagram (https://www.instagram.com/securityjourney)YouTube (youtube.com/c/securityjourney)Twitter (twitter.com/SecurityJourney)Online (securityjourney.com)  CONTACT: [email protected] Get your free VIBE Coding Field Guide: https://hubs.ly/Q043-zdS0

Tune into our NEW show, The Security Champions Podcast, to hear conversations between appsec expert Mike Burch and leading software development and security professionals. Episodes will explore the latest news, trends, best practices, and technologies. The experts will share valuable insight and practical advice on building, maintaining, and scaling successful software security programs based on real-world guidance and experience. Stay tuned for our first episode with Chris Romeo, founder of Security Journey and leading voice in application security, threat modeling, and security champions. Remember: Security is a Journey, not a Destination. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com. FOLLOW US to stay up-to-date with new content!LinkedIn (linkedin.com/company/security-journey)  Instagram (https://www.instagram.com/securityjourney)YouTube (youtube.com/c/securityjourney)Twitter (twitter.com/SecurityJourney)Online (securityjourney.com)  CONTACT: [email protected] Get your free VIBE Coding Field Guide: https://hubs.ly/Q043-zdS0