HackerOne Blog

Introducing the HackerOne Champion Program and Our First Champion of the Quarter

Justina Wu
Customer Advocate
HackerOne Logo on a Pedestal

The most effective security leaders don’t operate in isolation. They move the industry forward by comparing notes with peers who’ve faced the same pressure, made the hard tradeoffs, and lived with the consequences.

For years, we’ve seen this dynamic play out among HackerOne customers. These leaders weren’t gatekeeping their learnings. They were talking to people, sharing what actually worked, and being honest about what didn’t.

The HackerOne Champion Program is officially here, and it is our way of supporting and recognizing those leaders. It’s designed for security practitioners who actively contribute to the community by sharing lessons, advising peers, and helping shape how modern security is practiced. 

Dr. Erika Voss, CSO at Blue Yonder, is our first Champion of the Quarter—a new recognition we’ll award each quarter to security leaders within the program who demonstrate measurable impact. Her approach to strengthening customer trust shows exactly what this program is about.

Erika Voss Quote

Champion Q&A: Erika Voss on Strengthening Customer Trust at Blue Yonder

What do customers want from a CSO? They want to know someone is listening, and they want confidence that the company will show up immediately.

That’s the lens Erika Voss brought to Blue Yonder when she joined. Her job, as she describes it, is straightforward: strengthen trust with customers. 

It’s also why she’s HackerOne’s first Champion of the Quarter.

From Prisons to Incident Command: Why Erika Leads with Operations

Erika didn’t start her career in a security operations center.

She started in physical security, working in a men’s closed-custody prison and building muscle memory around emergency preparedness and business continuity. Later, she gave a presentation on FEMA’s Incident Command System (ICS) and how that same operating model applies to technology incidents: clear roles, clear terminology, clear accountability. 

Then she got recruited into disaster recovery, and on day two in that role, everything became real.

Blue teams talk about resilience. Erika lived it: a malicious employee triggered a logic bomb and wiped their Active Directory, forcing a 10-day recovery effort. That moment shaped her career-long fixation on the “why,” the behaviors behind incidents, and the operational discipline it takes to respond under pressure. 

A Career Built Under Pressure

Erika’s path through security has a pattern: she tends to join organizations at inflection points.

She moved from state service into federal contracting, then into large-scale resilience work at Amazon, including building global continuity for fulfillment centers after Japan’s tsunami, earthquake, and nuclear event exposed how fragile “normal operations” can be. She later worked on AWS data center resiliency, Microsoft supply chain security, and global GRC at Oracle as it evolved into a public cloud provider. 

Her takeaway from that whole arc is simple: You can’t fix what you won’t name.

And trust is earned when leaders are willing to say the hard thing out loud, then do the work to change it. 

In our conversation, Erika emphasized: “People aren’t buying a product. They’re buying trust.”

So when Erika joined Blue Yonder last April, she didn’t stay inside the org chart. She went straight to customers.

Her instinct was to listen, then explain where the company is going, what investments are being made, and what “trust by design” should mean for them. 

Funding a Customer Trust Arm Inside Security

Erika’s biggest initiative at Blue Yonder is also the thing she thinks more CISOs will eventually do: she intentionally funded a customer trust arm on her team.

Blue Yonder’s Trust organization, led by VP Sam Archey, ensures trust isn’t treated as a moment-of-incident activity, but as a continuous operating model.

This team is designed to be always-on and customer-facing, providing 24/7 availability so customers are never left waiting for clarity. The team partners closely with internal security, engineering, legal, and customer-facing teams to enable consistent, timely, and credible engagement, whether that’s translating technical signals into customer-relevant context, strengthening security awareness across the company, or helping teams communicate risk and resilience with confidence.

At its core, customer trust comes down to real-time information. Erika’s model is “if we see something, we say something,” even if the message is simply: we’re investigating and we’re with you through it. 

And she makes an important distinction: her role isn’t a “field CISO” function. It’s closer to a trust officer function, focused on how security shows up with customers, how ROI is communicated, and how credibility is built and measured. 

Proof Points Customers Can Hold: AI Red Teaming for Customer Confidence

When asked for a concrete initiative influenced by customer needs, Erika points to AI.

Blue Yonder is investing in AI agents and autonomous capabilities. That’s why her team is doing AI red teaming with HackerOne. In her words, the power of this work is that it doesn’t just help security teams see risk differently, it provides customer confidence and trust because you can credibly say: we’re validating these systems, and we’re doing it with the right partner. 

What “Success” Looks Like for a CISO Strengthening Trust

Erika’s success metrics are refreshingly grounded. She looks for:

  • Detection and response improving: MTTD and MTTR trending down.
  • Patch management maturity: Vulnerabilities move too fast to fall behind. 
  • Executive leadership trust: The ELT believes in the program and the decisions. 
  • Stability during peak season: For supply chain, the busiest window is roughly Nov. 1 to Jan. 1, and success is getting through that without disruption.

That’s CISO strategy in plain language: measurable improvement, executive confidence, and business stability customers can feel.

The Risk Area Erika Wants the Industry to Talk About More: Insider Threats

Erika also highlights one topic she thinks the industry avoids: insider threats.

She pursued her doctorate in cybersecurity specifically to drive change, with a focus on insider threats and the behavioral warning signs organizations often ignore. She calls it part of “cyber hygiene foundation” and points out there’s a MITRE insider threat framework, yet not enough real attention on it. 

The Part Nobody Wants to Admit: Trust Takes Time

Erika is candid about the reality of stepping into a senior security role.

New CISOs want quick wins, but the job is often: learn the architecture, build relationships, and navigate competing priorities. She says it takes six to nine months just to understand the lay of the land, and ultimately, the real job is culture change, which takes years (she references an article she recalls from Harvard Business Review about culture change timelines). 

That honesty is what customers respond to.

Why Erika is Champion of the Quarter

Erika’s story reflects a leadership mindset that treats trust as something you earn with customers, not something you assume.

That’s what the HackerOne Champion Program is built to recognize: security leaders who share candidly, lead through complexity, and raise the bar for the broader community.

If you’re doing that work, we want you in this room. Join the HackerOne Champion Program to connect with peers, share what you’ve learned, and help create a safer internet.

HackerOne News
Exposure Management

About the Author

Justina Wu Headshot
Justina Wu
Customer Advocate
HackerOne

Justina is the Customer Advocate at HackerOne. She brings customer success stories to life in the cybersecurity space.