The Security Champions Podcast
Automation, Generative AI, Shift Left - the world of application security is evolving fast, and so are the conversations that shape it.
Welcome to The Security Champions Podcast, the go-to resource for insights from the front lines of application security. The podcast is cohosted by Michael Burch, Director of Application Security for Security Journey, and Dustin Lehr, the Director of AppSec Advocacy. Each month, one of them shares a candid conversation with security leaders, engineering voices, and software experts.
From championing secure development practices to navigating real-world challenges in modern SDLCs, this show explores how teams are scaling appsec, strategy and culture.
New Episodes drop monthly, with even more security content at https://www.securityjourney.com/
Always remember: Security is a Journey, not a Destination.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This podcast is sponsored by Security Journey.
FOLLOW US to stay up-to-date with new content!
X (https://x.com/SecurityJourney)
LinkedIn (https://www.linkedin.com/company/7574213)
Instagram (https://www.instagram.com/securityjourney/?hl=en)
YouTube (https://www.youtube.com/@UCBVPnBCNcZqx_WAuCsV6BuA )
Online (securityjourney.com)
CONTACT: hello@securityjourney.com
The Security Champions Podcast
Jason Haddix - The Hacker CISO
Jason Haddix has had a distinguished 15-year career in cybersecurity, previously serving as the CISO of Ubisoft, Head of Trust/Security/Operations at Bugcrowd, Director of Penetration Testing at HP, and Lead Penetration Tester at Redspin. He is a hacker and bug hunter to the core and has authored many talks, speaking at cons such as BlackHat, RSA, and many more.
Jason joins us to discuss best practices learned from his experience running security champion programs, the layers of application security, and how to foster collaboration between development and security teams.
- Welcome to The Security Champions Podcast [0:15]
- AI Prevalence & Staying Secure [8:20]
- The Best Aspects of Security Champions Programs [16:23]
- The Methodology of Training Security Champions [27:01]
- Preventing Gaps Left by Security Tools [31:25]
- In-House vs. Contracted Pen-Testing [36:02]
- The Layers of AppSec [41:55]
- Bringing Development & Security Teams Together [50:52]
Episode Resources:
- Jason Haddix on the Critical Thinking Podcast
- Jason Haddix on the Darknet Diaries
- HackerOne Community Blog
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Podcast sponsored by Security Journey, Secure Coding Training for Developers and Everyone in the SDLC. Learn more at securityjourney.com.
FOLLOW US to stay up-to-date with new content!
- LinkedIn (linkedin.com/company/security-journey)
- Instagram (https://www.instagram.com/securityjourney)
- YouTube (youtube.com/c/securityjourney)
- Twitter (twitter.com/SecurityJourney)
- Online (securityjourney.com)
- CONTACT: hello@securityjourney.com