Secured with Dr. KJ

Guest: Erika Voss, CISO at Blue Yonder
Episode Overview
Dr. KJ sits down with Erika Voss, CISO at Blue Yonder, to explore the evolving landscape of cybersecurity at the intersection of AI and supply chain management. Erika shares her insights on why identity has become the new attack surface, the challenges of securing AI-driven systems, and why customers are ultimately buying trust, not technology.
Key Discussion Topics
AI-Driven Supply Chain Security
Managing expanding attack surfaces in 2026
Integrating AI with 40-50 year old legacy systems
Moving to millisecond-level supply chain optimization

Identity as the New Attack Surface
Why all roads in security lead to identity
The identity triad: non-negotiable, high-value, and advanced tiers
Moving beyond patch management as a primary concern

Insider Risk and Access Management
Permission creep and trust-but-verify principles
Just-in-time (JIT) access and modern privilege management
Behavioral red flags in identity management

Building Security Culture
From project managers to technical program managers
Why MFA is now just "cyber hygiene basics"
Ground-up security programs vs. top-down mandates

The Trust Economy
Why customers buy trust, not technology
"The 'us' in trust is broken if you can't answer the trust question"
Key Takeaways
Identity is the new control plane - All modern security challenges ultimately trace back to identity and access management
Nail the basics first - Before investing in AI agents, ensure your foundation is solid
Autonomous security requires governance - AI-driven systems need monitoring, validation, testing, and governance
Trust is the product - In 2026, customers aren't buying technology—they're buying assurance
Notable Quotes
"All roads now are leading back to identity... identity is your new attack surface."
"It's not about patching the server anymore. That is so 1980."
"The 'us' in trust is broken. You're not going to be around if you can't answer that question."
"People are not buying your product anymore. What they're buying is trust."
About the Guest
Erika Voss is the Chief Information Security Officer at Blue Yonder, a leader in AI-driven supply chain management. With a doctorate focused on insider threat and extensive experience in enterprise security, Erika brings a unique perspective on securing the intersection of legacy systems and cutting-edge AI technology.
Connect with Erika
LinkedIn: Erika Voss, PhD | LinkedIn
About Secured with Dr. KJ
Hosted by Dr. Kenneth Johnson, "Secured with Dr. KJ" features authentic conversations with cybersecurity practitioners across industries. Each episode focuses on substance over sales, bringing you real insights from security leaders.
Securing tomorrow, one episode at a time.

Listen on: Apple Podcasts | Spotify | YouTube

Episode Title: DNS Security in the AI Era with Garland Moore
Guest: Garland Moore, Solutions Architect at F5

Episode Description: In this episode of Secured with Dr. KJ, I sit down with Garland Moore, Solutions Architect at F5, to discuss DNS security threats, effective defense strategies, and how AI is transforming both the attack landscape and our defensive capabilities. Garland brings over 17 years of hands-on infrastructure experience and shares practical insights for organizations of all sizes.

What We Discussed:
DNS Security Threats & Defense
Why DNS remains a primary target and the impact of major outages
Effective strategies: DNSSEC adoption, resolver hardening, rate limiting
The importance of monitoring, logging, and analytics
Intelligent DNS and managed DNS solutions for threat intelligence

AI's Dual Role in DNS Security
How AI is being weaponized for DNS attacks
Leveraging AI for predictive threat detection and filtering log noise
The emergence of "layer eight" security challenges

Practical Guidance for Smaller Organizations
Minimum DNS security implementations without enterprise budgets
Hybrid approaches combining managed services with internal controls
Sticking to security fundamentals over flashy tools

Building Security Culture & Getting Executive Buy-In
Why foundational systems (DNS, identity, patching, backups) get overlooked
Tying DNS security to business impact: revenue, risk, speed to market
"If DNS goes down, business stops"—translating technical issues to business outcomes

Breaking Into Cybersecurity
You don't need 10 certifications to get started
Three essential qualities: curiosity, fundamentals, and persistence
"Sponge mode": learning broadly while waiting for opportunities
The critical importance of soft skills

Key Quotes:
DNS is the heartbeat of the internet—it's definitely something that is highly targeted.
Nobody really cares about DNS until it doesn't work.
You can't protect what you don't understand.
Cybersecurity isn't about chasing the latest attack—it's about protecting the foundational systems that everything relies on.

About Garland Moore: Garland Moore is a Solutions Architect at F5 specializing in security and modern applications. With over 17 years of infrastructure experience, he combines deep technical expertise with a growing focus on AI to build scalable, secure solutions. His journey from infrastructure operations to Solutions Architect gives him unique end-to-end understanding of enterprise systems. He holds CKA and AWS Solutions Architect certifications and volunteers with Feed the Children and coaches' youth basketball.

Connect with Garland: Garland Moore | LinkedIn

Securing tomorrow, one episode at a time.

Episode Overview
Allen Westley, Director of Cyber Intelligence at L3Harris Technologies, explores the challenges government contractors face with AI, compliance, and operational security. We discuss the compliance trap, agentic AI risks, and why judgment-driven leadership outweighs certifications.
Guest
Allen Westley
Director of Cyber Intelligence, L3Harris Technologies
Founder, Cyber Explorer LLC | Adjunct Professor
LinkedIn: Allen Westley, CSM, CISSP, MBA
Key Topics
The Compliance Trap
Passing CMMC audits vs. having operational security
Critical importance of scoping for defense contractors
Convergence of classified and unclassified systems (CUI, 871 controls)
Shadow IT: operators using unapproved tools to meet deliverables
AI as Dual-Use Technology
Adversaries operationalizing AI alongside defenders
Cognitive mapping and anthropomorphizing risks
Pattern matching creating unintended classified information
Training gaps when mandating AI adoption without guardrails
Agentic AI Systems
Models collaborating with limited visibility
ChatGPT agent example: exceeding original instructions
Data segmentation failures enabling unauthorized access
Engineers bypassing inadequate guardrails
Security Culture
Judgment over knowledge through experience
Psychological safety for reporting mistakes
Leading by example in daily decisions
Trust built through consistency, not town halls
Timestamps
00:00 - Introduction
01:51 - Compliance trap challenges
04:03 - CMMC scoping essentials
06:05 - AI reshaping operations
10:21 - Agentic systems and data risks
12:46 - Canva agent example
15:03 - Building security culture
18:00 - Outro
Resources
CMMC Compliance: Levels 1-3, FCI vs CUI
Defense Industrial Base guidance
AI governance frameworks
Key Takeaways
Scoping determines CMMC success
Compliance ≠ operational security
AI needs training and guardrails
Agentic systems require data segmentation
Psychological safety builds real culture
Connect
Subscribe to Secured with Dr. KJ.
Feedback or want to be a guest? Visit: Secured with Dr. KJ - Podcast
Securing tomorrow, one episode at a time.

Episode Overview
In this Season 3 premiere, Ben Masino, President and Chief Growth Officer at Avertium, discusses how security enables business growth rather than hindering it. We explore building security programs through the Microsoft Security platform, the critical role of data hygiene in AI adoption, and meeting customers where they are for long-term success.
Guest
Ben Masino
President & Chief Growth Officer, Avertium
LinkedIn: Ben Masino
Key Topics
Avertium's Approach
"Assess, Design, Protect" methodology for regulated industries
Serving healthcare, manufacturing, retail, and finance sectors
20+ years combined experience in security and compliance
AI Readiness Through Data
Securing your data estate is foundational for AI success
Using Microsoft Purview for data discovery and governance
Bridging executive AI mandates with IT/security realities
Customer Success
Healthcare company journey: pen test to full MXDR partnership
Intune misconfiguration discovery and remediation
Building trust through actionable assessments
Customer Zero Philosophy
Avertium uses Microsoft E5, Sentinel, and Defender internally first
Testing Copilot for Security to enhance analyst work
Leading into the future with proven expertise
Timestamps
00:00 - Introduction
00:20 - Avertium's mission in security
02:05 - Common challenges across regulated industries
03:44 - Assess, Design, Protect methodology
05:54 - Customer success story
08:26 - AI readiness and data estates
10:57 - Bridging executives and IT teams
12:57 - Customer Zero approach
15:09 - Final thoughts
Resources
Avertium: avertium.com
Microsoft Security: Sentinel, Defender XDR, Purview
Compliance: HIPAA, PCI, NERC, High Trust
Key Takeaways
Focus creates depth - specialization builds meaningful partnerships
Data hygiene before AI - organize your data estate first
Meet customers where they are - tactical starts lead to strategic relationships
Be your own customer zero - internal testing builds real expertise
Security enables business - proper programs accelerate outcomes
Connect
Subscribe to Secured with Dr. KJ on your favorite podcast platform.
Feedback, topics, or want to be a guest? Visit: Secured with Dr. KJ - Podcast
Keep securing tomorrow, one episode at a time.

Episode: AI, Mental Health & the Human Side of Cybersecurity
Guest: Jameeka Green Aaron
Guest Title: Chief Information Security Officer, Headspace

Episode Summary
Jameeka Green Aaron, CISO at Headspace, joins Dr. KJ for a candid conversation on protecting mental health data, the limitations of AI in clinical settings, and why humanity must remain a non-negotiable in cybersecurity. As a Navy veteran and black woman in tech leadership, Jameeka also shares powerful insights on representation, courage, and the fight for equity in the industry.

Discussion Topics & Timestamps
(00:00) Introduction and guest welcome
(01:45) AI in mental health: balancing innovation with patient protection
(08:30) Guardrails and governance: the CIA triad applied to AI
(14:20) Why security leadership is critical in healthcare
(21:30) Explaining security concepts to clinicians and product teams
(24:30) Leadership, representation, and courage as a black veteran in cybersecurity

Key Takeaways
Humanity is a non-negotiable – AI lacks empathy, context, and the ability to read nonverbal cues. In mental health, models must never instruct users to harm themselves or others—guardrails must be absolute.
Data professionals are the linchpin of AI – Good data in, good data out. De-identification, anonymization, and clean data practices are essential before training any model on sensitive health information.
Protecting and healing go together – Security in healthcare isn't a barrier; it's an enabler. Clinicians already understand patient privacy deeply—security leadership helps them extend that protection through technology.

Resources & Frameworks Mentioned
HIPAA – Health Insurance Portability and Accountability Act
HITRUST – Healthcare information security certification
CIA Triad – Confidentiality, Integrity, Availability
Headspace Ebb – AI companion that helps users navigate mental health content
Large Language Models (LLMs) – Foundation for AI-powered tools

Notable Quotes
"Technology is about people. Everything we create is for the greater good of humanity. As a CISO, I'm here to enable innovation and protect people from the woes of that innovation.""AI has the discernment of a mouse. It doesn't know if the data you provided is truthful or accurate.""Protecting and healing go together."Connect
Guest: Jameeka Green Aaron – (13) Jameeka Green Aaron, CISSP | LinkedIn
Host: Dr. Kenneth Johnson – (13) Dr. Kenneth Johnson, CISSP | LinkedIn

Securing tomorrow, one episode at a time.
Hosted on Acast. See acast.com/privacy for more information.