January 19, 2026

Defense Cybersecurity - from checkbox compliance to security culture

19 minutes

Episode Overview

Allen Westley, Director of Cyber Intelligence at L3Harris Technologies, explores the challenges government contractors face with AI, compliance, and operational security. We discuss the compliance trap, agentic AI risks, and why judgment-driven leadership outweighs certifications.

Guest

Allen Westley
Director of Cyber Intelligence, L3Harris Technologies
Founder, Cyber Explorer LLC | Adjunct Professor
LinkedIn: Allen Westley, CSM, CISSP, MBA

Key Topics

The Compliance Trap

Passing CMMC audits vs. having operational security
Critical importance of scoping for defense contractors
Convergence of classified and unclassified systems (CUI, 871 controls)
Shadow IT: operators using unapproved tools to meet deliverables

AI as Dual-Use Technology

Adversaries operationalizing AI alongside defenders
Cognitive mapping and anthropomorphizing risks
Pattern matching creating unintended classified information
Training gaps when mandating AI adoption without guardrails

Agentic AI Systems

Models collaborating with limited visibility
ChatGPT agent example: exceeding original instructions
Data segmentation failures enabling unauthorized access
Engineers bypassing inadequate guardrails

Security Culture

Judgment over knowledge through experience
Psychological safety for reporting mistakes
Leading by example in daily decisions
Trust built through consistency, not town halls

Timestamps

00:00 - Introduction
01:51 - Compliance trap challenges
04:03 - CMMC scoping essentials
06:05 - AI reshaping operations
10:21 - Agentic systems and data risks
12:46 - Canva agent example
15:03 - Building security culture
18:00 - Outro

Resources

CMMC Compliance: Levels 1-3, FCI vs CUI
Defense Industrial Base guidance
AI governance frameworks

Key Takeaways

Scoping determines CMMC success
Compliance ≠ operational security
AI needs training and guardrails
Agentic systems require data segmentation
Psychological safety builds real culture

Connect

Subscribe to Secured with Dr. KJ.

Feedback or want to be a guest? Visit: Secured with Dr. KJ - Podcast

Securing tomorrow, one episode at a time.

...more

View all episodes

By Kenneth Johnson

January 19, 2026

Defense Cybersecurity - from checkbox compliance to security culture

19 minutes

Episode Overview

Guest

Allen Westley
Director of Cyber Intelligence, L3Harris Technologies
Founder, Cyber Explorer LLC | Adjunct Professor
LinkedIn: Allen Westley, CSM, CISSP, MBA

Key Topics

The Compliance Trap

Passing CMMC audits vs. having operational security
Critical importance of scoping for defense contractors
Convergence of classified and unclassified systems (CUI, 871 controls)
Shadow IT: operators using unapproved tools to meet deliverables

AI as Dual-Use Technology

Adversaries operationalizing AI alongside defenders
Cognitive mapping and anthropomorphizing risks
Pattern matching creating unintended classified information
Training gaps when mandating AI adoption without guardrails

Agentic AI Systems

Models collaborating with limited visibility
ChatGPT agent example: exceeding original instructions
Data segmentation failures enabling unauthorized access
Engineers bypassing inadequate guardrails

Security Culture

Judgment over knowledge through experience
Psychological safety for reporting mistakes
Leading by example in daily decisions
Trust built through consistency, not town halls

Timestamps

Resources

CMMC Compliance: Levels 1-3, FCI vs CUI
Defense Industrial Base guidance
AI governance frameworks

Key Takeaways

Scoping determines CMMC success
Compliance ≠ operational security
AI needs training and guardrails
Agentic systems require data segmentation
Psychological safety builds real culture

Connect

Subscribe to Secured with Dr. KJ.

Feedback or want to be a guest? Visit: Secured with Dr. KJ - Podcast

Securing tomorrow, one episode at a time.

...more

Share Defense Cybersecurity - from checkbox compliance to security culture

Sign up to save your podcasts

Defense Cybersecurity - from checkbox compliance to security culture

Defense Cybersecurity - from checkbox compliance to security culture