Episode Summary

Season 4 premiere, Dr. KJ sits down with Nett Lynch, CISO at Kraft Kennedy and Emperor of Legion, to explore what it truly means to get left of boom in cybersecurity. Nett shares how she helps organizations move beyond checkbox compliance by leading with risk instead of fear, uncertainty, and doubt. Drawing on 28 years of IT experience and nearly two decades in the managed service provider space, she breaks down why SMART goals should drive every security roadmap, how AI-powered threats are reshaping the attack landscape, and what it takes to earn executive trust through listening and long-term partnership.

What You Will Learn

Why compliance is not the same as security and how the treasure and crown jewels analogy helps executives understand where their real risk lives. How AI-powered threats have shifted from technical sophistication to credibility and speed, and why passwordless authentication should be at the top of every organization's priority list. The importance of including the CFO in tabletop exercises and how to build security roadmaps that align to three- and five-year business goals.

Top 3 Takeaways

1. Lead with risk, not fear, uncertainty, and doubt. Clients who feel scared into a decision walk away uncomfortable and are less eager to have the next conversation. Framing security as a business enabler through SMART goals creates lasting partnerships.
2. Identity is now the primary attack surface. Threat actors are using AI to conduct faster reconnaissance and build attacks that are indistinguishable from real business activity. Passwordless authentication and strong multifactor are no longer optional.
3. Trust is built through listening, not credentials. Asking open-ended questions, understanding the politics and growth plans of a business, and meeting clients where they are will always outperform a list of certifications.

Memorable Quotes "Compliance is not security. They are not the same thing. It is kind of like a Venn diagram. There is a little bit of overlap, but there is stuff on either side that one does not equal the other." "All of their data is treasure. It is all valuable, but not all treasure are the crown jewels." "It is not your credentials. It is not your experience. It is how much you care." "You have one mouth and two ears. You should listen more than you speak."

Connect with the Guest Nett Lynch on LinkedIn: https://www.linkedin.com/in/nett-s-lynch-mba

Listen and Subscribe Like, follow, and subscribe to Secured with Dr. KJ: https://swdrkj.riverside.com Apple Podcasts: https://podcasts.apple.com/us/podcast/secured-with-dr-kj/id1805058517 Spotify YouTube

Support the Show If this episode brought you value, share it with a colleague, leave a review, and help us grow the community.

Securing tomorrow, one episode at a time.

In this episode of Secured with Dr. KJ, Alexandra Kruse joins Dr. KJ to make a case the security industry needs to hear diversity is not a fairness initiative — it is a security advantage. Drawing from her experience as a cybersecurity professional, immigrant, and working mother of two, Alex unpacks how homogenous teams create blind spots that put entire communities at risk, how AI systems inherit the biases of those who build them, and what it truly looks like to lead in a profession that was not always designed with you in mind. From facial recognition failures to the pressure of school drop-offs between back-to-back meetings, this episode brings the human side of security to the forefront.

What You Will Learn

Why leaving diverse voices out of the room is not just a fairness problem but a security risk with measurable consequences, how AI systems reflect the biases in their training data and what that means for underrepresented users at scale, and what real resilience looks like for working mothers navigating leadership in tech.

Top 3 Takeaways

1. Diverse teams build stronger security. When everyone in the room shares the same background and experiences, blind spots form. Communities that are not represented during design and development are the ones most likely to be left unprotected or actively harmed by the tools that are supposed to serve them.
2. AI outputs reflect who built it and what it was trained on. From facial recognition disparities to image generation defaults, the evidence is consistent: AI systems that lack diverse input produce output that fails underrepresented users. In an agentic world where those outputs run without a human reviewing every result, the stakes are even higher.
3. You are in the room because your voice matters, and that is enough. For women earlier in their careers, the pressure to show up perfectly or earn the right to take up space is real. Alex's message is direct: give yourself grace, advocate for others the way you wish someone had advocated for you, and do not confuse rest with weakness.

Memorable Quotes

"Bringing diverse voices into the room is not just about fairness. It is critical to building stronger security for everyone." — Alexandra Kruse

"We need to stop treating diversity as a nice-to-have and start seeing it as a security advantage." — Alexandra Kruse

"You are in the room because your voice matters, and that is enough." — Alexandra Kruse

"I do not need to deserve rest. I can just take the rest because I am human and that is allowed." — Alexandra Kruse

Connect with the Guest

Alexandra Kruse, MSML — Cybersecurity Professional and Advocate

LinkedIn: https://www.linkedin.com/in/alexandra-kruse-msml

Listen & Subscribe

Like, follow, and subscribe to Secured with Dr. KJ: https://swdrkj.riverside.com

🎙 Apple Podcasts: https://podcasts.apple.com/us/podcast/secured-with-dr-kj/id1805058517

🎵 Spotify

📺 YouTube

Support the Show

If this episode brought value, share it with a peer in your network. Every share helps grow a community built on substance over sales — real practitioners, real insights, no pitches.

Securing tomorrow, one episode at a time.

In this episode, Dr. KJ sits down with Kimberly, a product and engineering leader in the insurance industry, to talk about what it really takes to build secure products at enterprise scale. From managing security consistency across legacy and cloud applications to rolling out AI responsibly in a highly regulated environment, Kimberly brings a practitioner's perspective grounded in transparency, least privilege, and bringing people along on the journey. The conversation covers the tension between shipping fast and staying secure, the role of AI in transforming insurance products, and the leadership principles that make security culture stick.

What You'll Learn

In this episode, you will learn how a seasoned product leader approaches security consistency across applications of different ages and architectures, why least privilege is not just a technical control but a cultural practice, how to lead a phased AI rollout in a regulated industry while keeping InfoSec at the table from day one, what it looks like when security design reviews become a celebration rather than a checkpoint, and how to translate technical vulnerabilities into business risk language that resonates with stakeholders and leadership.

Top 3 Takeaways

Security has to be built in from the start. Treating it as a checklist item at the end of a development cycle creates inconsistency and opens the door to costly exposures. The why matters more than the what. Whether you are enforcing least privilege, rearchitecting vendor integrations, or rolling out AI, helping your team understand the reasoning behind a decision is what prevents corner-cutting and builds lasting security culture. AI is an accelerator, not a free pass. Organizations that are seeing real value from AI are the ones that stage their rollouts, measure outcomes, and keep security embedded in the design process from the beginning.

Memorable Quotes

"A small book could turn into a $5 million bigger issue."

"I don't look at security as the last thing that we do when we're getting ready to ship."

"There's no role or no space that's small. Security impacts every role."

"We catch security flaws early and design phases are celebrated — it's a win for all of us."

Connect with the Guest

Connect with Kimberly on LinkedIn: https://www.linkedin.com/in/kimberly-w-4841923aa/

Listen & Subscribe

Like, follow, and subscribe to Secured with Dr. KJ: https://swdrkj.riverside.com

Apple Podcasts: https://podcasts.apple.com/us/podcast/secured-with-dr-kj/id1805058517 Spotify: Search Secured with Dr. KJ YouTube: Search Secured with Dr. KJ

Support the Show

If this episode added value, share it with a colleague, leave a review, and help grow the Secured with Dr. KJ community. Every share puts these conversations in front of the practitioners who need them most.

Securing tomorrow, one episode at a time.

In this episode, Dr. KJ sits down with Doug Turpin, a seasoned managed service provider leader, to unpack the unique security challenges MSPs face at scale. Doug breaks down the concept of "blast radius" — what happens when the tools designed to protect clients become an attacker's greatest advantage — and shares how his organization builds a security-first culture grounded in stewardship, not fear. The conversation also digs into AI's role as an amplifier, and why ungoverned AI may be one of the most underestimated risks in security today.

What You'll Learn

• Why blast radius is the defining security challenge for managed service providers
• How security gaps most often start with people — not technology
• The difference between using AI as an operational advantage versus accelerating your own mistakes
• What a security-first culture actually looks like from the inside out
• How to handle and learn from team mistakes without creating a culture of fear
• Why AI without guardrails is a compliance and security liability

Top 3 Takeaways

1. Blast radius is real — and it scales fast. MSPs hold privileged access to dozens or hundreds of client environments. A single compromised identity or remote management tool doesn't just affect one network — it can cascade across your entire client base. Least privilege, strong isolation, and constant visibility aren't optional; they're foundational.
2. AI amplifies what's already there — good or bad. AI can surface better signals, reduce noise, and free your sharpest people for judgment calls. But if your fundamentals are weak — bad data, poor identity hygiene, broken processes — AI will accelerate your mistakes, not fix them. Governance comes first, use cases second.
3. Security culture is built on stewardship, not enforcement. When your team understands they're protecting people's livelihoods — not just systems — behavior changes naturally. Clear expectations, shared ownership, and psychological safety to speak up create instinctive security, not performative compliance.

Memorable Quotes

"The tools that we use are designed to be trusted — and attackers love those as hands-on intrusion kits." — Doug Turpin

"AI in reality doesn't fix bad data or identity hygiene or broken processes. If your fundamentals are weak, your AI is just going to make you accelerate your mistakes." — Doug Turpin

"Once you see that security is part of doing the right thing — not just following the rules — your behavior changes, and it changes naturally." — Doug Turpin

Connect with the Guest

Doug Turpin — Managed Service Provider Leader and Senior Security Engineer

Listen & Subscribe

Like, follow, and subscribe to Secured with Dr. KJ: https://swdrkj.riverside.com

• 🎙 Apple Podcasts: https://podcasts.apple.com/us/podcast/secured-with-dr-kj/id1805058517
• 🎵 Spotify
• 📺 YouTube

Support the Show

If this episode brought value, share it with a peer in your network. Every share helps grow a community built on substance over sales — real practitioners, real insights, no pitches.

Securing tomorrow, one episode at a time.

Keywords: identity security, AI security, security culture, Microsoft, enterprise security

Episode Summary

Nicole Darden Ford joins Dr. KJ for a wide-ranging conversation on what it truly means to lead security at global scale. Drawing on over 25 years of experience across corporate and federal environments, Nicole unpacks the three converging forces keeping security leaders up at night — identity, software supply chain, and AI — and why the industry's mindset has fundamentally shifted from reactive to prevention-first. She shares her framework for balancing AI-powered defenses against AI-enabled attacks, why data governance remains the industry's most unresolved challenge, and how the most successful organizations are building security cultures where ownership and accountability belong to everyone. Nicole closes with a lesson from the golf course that every security leader can apply.

What You'll Learn

• Why identity, software supply chain, and AI are the three converging forces redefining enterprise security risk
• How to think about AI as a tier zero asset — and what that means for how you govern and protect it
• Why building a security culture rooted in ownership and accountability matters more than any policy or control

Top 3 Takeaways

1. AI should advise broadly, decide narrowly, and act autonomously only when the blast radius has been clearly defined — organizations that skip this discipline are taking on significant risk
2. Data governance is no longer just a CIO or CISO issue — it belongs to the CEO, CFO, and the board, and it must be solved before AI can be deployed safely and effectively
3. Security culture beats security policy every time — when every employee feels accountable and empowered, security becomes part of how the business operates, not a barrier to it

Memorable Quotes

"When everything looks authorized, it's really hard to figure out where the breach is." — Nicole Darden Ford

"AI should advise broadly, decide narrowly, and act autonomously only when the blast radius has been clearly defined." — Nicole Darden Ford

"Clarity beats consensus every time." — Nicole Darden Ford

Connect with the Guest

Nicole Darden Ford LinkedIn: https://www.linkedin.com/in/nicolendardenford/ Company: www.microsoft.com

Listen & Subscribe

Like, follow, and subscribe to Secured with Dr. KJ: https://swdrkj.riverside.com Apple Podcasts: https://podcasts.apple.com/us/podcast/secured-with-dr-kj/id1805058517 Spotify: Search "Secured with Dr. KJ" YouTube: Search "Secured with Dr. KJ"

Support the Show

If this episode helped you, share it with your team, leave a quick rating/review, and follow the show for new episodes on AI, identity security, security culture, and more.

Securing tomorrow, one episode at a time.

Keywords: data governance, Microsoft 365, AI security, collaboration security, eShare

Episode Summary

Ilya Pozharsky joins Dr. KJ for a deep dive into one of the most overlooked challenges in enterprise security — data governance. As AI reshapes how organizations work, Ilya makes the case that the industry has long neglected the basics, and that foundation must be in place before AI can be used safely and effectively. Drawing on his experience as a Microsoft Global Black Belt and his work advising CISOs across regulated industries, Ilya walks through how eShare's collaboration fabric helps organizations securely share data within Microsoft 365 — without creating roadblocks for the business. The conversation covers external collaboration challenges, AI's expanding attack surface, and why the most successful security leaders are the ones who partner with the business rather than block it.

What You'll Learn

• Why poor data governance is the root cause of most AI security risks — and what to do about it
• How eShare's collaboration fabric allows organizations to securely share data externally while keeping it inside Microsoft 365
• Why the best security leaders build partnerships with the business instead of creating roadblocks

Top 3 Takeaways

1. AI is a powerful spotlight on existing data governance failures — organizations that haven't addressed the basics will face significant risk as AI adoption accelerates
2. Security should be a business accelerator, not an inhibitor — meeting users in their flow of work while applying the right guardrails is the key to scalable governance
3. Start with your North Star — whether building a security program or an AI application, having a clear vision of the end result will guide every decision along the way

Memorable Quotes

"It's one thing to have a policy that looks good on paper — it's another to have one that actually scales." — Ilya Pozharsky

"AI is really putting a red dot on the fact that not having a good data governance strategy creates a lot of risk." — Ilya Pozharsky

"If you build it, they will come." — Ilya Pozharsky

Connect with the Guest

Ilya Pozharsky LinkedIn: https://www.linkedin.com/in/ilyapozharsky/ Company: www.eshare.com

Listen & Subscribe

Like, follow, and subscribe to Secured with Dr. KJ: https://swdrkj.riverside.com Apple Podcasts: https://podcasts.apple.com/us/podcast/secured-with-dr-kj/id1805058517 Spotify: Search "Secured with Dr. KJ" YouTube: Search "Secured with Dr. KJ"

Support the Show

If this episode helped you, share it with your team, leave a quick rating/review, and follow the show for new episodes on AI, data governance, Microsoft security, and more.

Securing tomorrow, one episode at a time.

Keywords: application security, AI, identity security, agentic AI, private cloud

Episode Summary

Zack Tembi joins Dr. KJ to unpack the growing tension between AI-accelerated development and application security. From the explosion of autonomous agents to the rise of identity-based threats, Zack brings a practitioner and investor lens to some of the most pressing challenges facing security teams today. The conversation explores why legacy monitoring tools are falling short, how organizational structure must evolve to embed security into development, and why taking ownership of your data — rather than relying entirely on external AI providers — is becoming a critical strategic imperative. Zack closes with a call to action for security professionals to continuously sharpen their skills and lean into modern innovation with curiosity rather than fear.

What You'll Learn

• Why AI-native monitoring tools are replacing legacy solutions and what that means for your security stack
• How the rise of agentic AI is fundamentally expanding the identity threat surface
• Why security must be embedded into development teams — not siloed as a separate function

Top 3 Takeaways

1. The threat landscape is evolving faster than training programs — security professionals must proactively upskill and test modern tools in their own environments
2. Identity is the new perimeter — as AI agents proliferate, managing machine-to-machine identity is becoming as critical as managing human access
3. Data ownership matters — organizations should consider private cloud or on-prem solutions for mission-critical workloads before sending sensitive data to external AI providers

Memorable Quotes

"You don't need to be a sophisticated hacker anymore to create these attacks." — Zack Tembi

"Security isn't just a security team thing — it's a company thing." — Zack Tembi

"We still need that human innovation and creativity to really get value out of AI." — Zack Tembi

Connect with the Guest

Zack Tembi LinkedIn: https://www.linkedin.com/in/zacktembi/ Newsletter: www.ciosurge.com Company: www.singlefinventures.io

Listen & Subscribe

Like, follow, and subscribe to Secured with Dr. KJ: https://swdrkj.riverside.com Apple Podcasts: https://podcasts.apple.com/us/podcast/secured-with-dr-kj/id1805058517 Spotify: Search "Secured with Dr. KJ" YouTube: Search "Secured with Dr. KJ"

Support the Show

If this episode helped you, share it with your team, leave a quick rating/review, and follow the show for new episodes on AI, application security, identity, and more.

Securing tomorrow, one episode at a time.

Guest: Garland Moore, Solutions Architect at F5

Episode Description: In this episode of Secured with Dr. KJ, I sit down with Garland Moore, Solutions Architect at F5, to discuss DNS security threats, effective defense strategies, and how AI is transforming both the attack landscape and our defensive capabilities. Garland brings over 17 years of hands-on infrastructure experience and shares practical insights for organizations of all sizes.

What We Discussed:

DNS Security Threats & Defense

• Why DNS remains a primary target and the impact of major outages
• Effective strategies: DNSSEC adoption, resolver hardening, rate limiting
• The importance of monitoring, logging, and analytics
• Intelligent DNS and managed DNS solutions for threat intelligence

AI's Dual Role in DNS Security

• How AI is being weaponized for DNS attacks
• Leveraging AI for predictive threat detection and filtering log noise
• The emergence of "layer eight" security challenges

Practical Guidance for Smaller Organizations

• Minimum DNS security implementations without enterprise budgets
• Hybrid approaches combining managed services with internal controls
• Sticking to security fundamentals over flashy tools

Building Security Culture & Getting Executive Buy-In

• Why foundational systems (DNS, identity, patching, backups) get overlooked
• Tying DNS security to business impact: revenue, risk, speed to market
• "If DNS goes down, business stops"—translating technical issues to business outcomes

Breaking Into Cybersecurity

• You don't need 10 certifications to get started
• Three essential qualities: curiosity, fundamentals, and persistence
• "Sponge mode": learning broadly while waiting for opportunities
• The critical importance of soft skills

Key Quotes:

• DNS is the heartbeat of the internet—it's definitely something that is highly targeted.
• Nobody really cares about DNS until it doesn't work.
• You can't protect what you don't understand.
• Cybersecurity isn't about chasing the latest attack—it's about protecting the foundational systems that everything relies on.

About Garland Moore: Garland Moore is a Solutions Architect at F5 specializing in security and modern applications. With over 17 years of infrastructure experience, he combines deep technical expertise with a growing focus on AI to build scalable, secure solutions. His journey from infrastructure operations to Solutions Architect gives him unique end-to-end understanding of enterprise systems. He holds CKA and AWS Solutions Architect certifications and volunteers with Feed the Children and coaches' youth basketball.

Connect with Garland: Garland Moore | LinkedIn

Securing tomorrow, one episode at a time.

Episode Overview

Dr. KJ sits down with Erika Voss, CISO at Blue Yonder, to explore the evolving landscape of cybersecurity at the intersection of AI and supply chain management. Erika shares her insights on why identity has become the new attack surface, the challenges of securing AI-driven systems, and why customers are ultimately buying trust, not technology.

Key Discussion Topics

AI-Driven Supply Chain Security

• Managing expanding attack surfaces in 2026
• Integrating AI with 40-50 year old legacy systems
• Moving to millisecond-level supply chain optimization

Identity as the New Attack Surface

• Why all roads in security lead to identity
• The identity triad: non-negotiable, high-value, and advanced tiers
• Moving beyond patch management as a primary concern

Insider Risk and Access Management

• Permission creep and trust-but-verify principles
• Just-in-time (JIT) access and modern privilege management
• Behavioral red flags in identity management

Building Security Culture

• From project managers to technical program managers
• Why MFA is now just "cyber hygiene basics"
• Ground-up security programs vs. top-down mandates

The Trust Economy

• Why customers buy trust, not technology
• "The 'us' in trust is broken if you can't answer the trust question"

Key Takeaways

1. Identity is the new control plane - All modern security challenges ultimately trace back to identity and access management
2. Nail the basics first - Before investing in AI agents, ensure your foundation is solid
3. Autonomous security requires governance - AI-driven systems need monitoring, validation, testing, and governance
4. Trust is the product - In 2026, customers aren't buying technology—they're buying assurance

Notable Quotes

• "All roads now are leading back to identity... identity is your new attack surface."
• "It's not about patching the server anymore. That is so 1980."
• "The 'us' in trust is broken. You're not going to be around if you can't answer that question."
• "People are not buying your product anymore. What they're buying is trust."

About the Guest

Erika Voss is the Chief Information Security Officer at Blue Yonder, a leader in AI-driven supply chain management. With a doctorate focused on insider threat and extensive experience in enterprise security, Erika brings a unique perspective on securing the intersection of legacy systems and cutting-edge AI technology.

Connect with Erika

LinkedIn: Erika Voss, PhD | LinkedIn

About Secured with Dr. KJ

Hosted by Dr. Kenneth Johnson, "Secured with Dr. KJ" features authentic conversations with cybersecurity practitioners across industries. Each episode focuses on substance over sales, bringing you real insights from security leaders.

Securing tomorrow, one episode at a time.

Listen on: Apple Podcasts | Spotify | YouTube

Allen Westley, Director of Cyber Intelligence at L3Harris Technologies, explores the challenges government contractors face with AI, compliance, and operational security. We discuss the compliance trap, agentic AI risks, and why judgment-driven leadership outweighs certifications.

Guest

Allen Westley
Director of Cyber Intelligence, L3Harris Technologies
Founder, Cyber Explorer LLC | Adjunct Professor
LinkedIn: Allen Westley, CSM, CISSP, MBA

Key Topics

The Compliance Trap

• Passing CMMC audits vs. having operational security
• Critical importance of scoping for defense contractors
• Convergence of classified and unclassified systems (CUI, 871 controls)
• Shadow IT: operators using unapproved tools to meet deliverables

AI as Dual-Use Technology

• Adversaries operationalizing AI alongside defenders
• Cognitive mapping and anthropomorphizing risks
• Pattern matching creating unintended classified information
• Training gaps when mandating AI adoption without guardrails

Agentic AI Systems

• Models collaborating with limited visibility
• ChatGPT agent example: exceeding original instructions
• Data segmentation failures enabling unauthorized access
• Engineers bypassing inadequate guardrails

Security Culture

• Judgment over knowledge through experience
• Psychological safety for reporting mistakes
• Leading by example in daily decisions
• Trust built through consistency, not town halls

Timestamps

00:00 - Introduction
01:51 - Compliance trap challenges
04:03 - CMMC scoping essentials
06:05 - AI reshaping operations
10:21 - Agentic systems and data risks
12:46 - Canva agent example
15:03 - Building security culture
18:00 - Outro

Resources

• CMMC Compliance: Levels 1-3, FCI vs CUI
• Defense Industrial Base guidance
• AI governance frameworks

Key Takeaways

1. Scoping determines CMMC success
2. Compliance ≠ operational security
3. AI needs training and guardrails
4. Agentic systems require data segmentation
5. Psychological safety builds real culture

Connect

Subscribe to Secured with Dr. KJ.

Feedback or want to be a guest? Visit: Secured with Dr. KJ - Podcast

Securing tomorrow, one episode at a time.

In this Season 3 premiere, Ben Masino, President and Chief Growth Officer at Avertium, discusses how security enables business growth rather than hindering it. We explore building security programs through the Microsoft Security platform, the critical role of data hygiene in AI adoption, and meeting customers where they are for long-term success.

Guest

Ben Masino
President & Chief Growth Officer, Avertium
LinkedIn: Ben Masino

Key Topics

Avertium's Approach

• "Assess, Design, Protect" methodology for regulated industries
• Serving healthcare, manufacturing, retail, and finance sectors
• 20+ years combined experience in security and compliance

AI Readiness Through Data

• Securing your data estate is foundational for AI success
• Using Microsoft Purview for data discovery and governance
• Bridging executive AI mandates with IT/security realities

Customer Success

• Healthcare company journey: pen test to full MXDR partnership
• Intune misconfiguration discovery and remediation
• Building trust through actionable assessments

Customer Zero Philosophy

• Avertium uses Microsoft E5, Sentinel, and Defender internally first
• Testing Copilot for Security to enhance analyst work
• Leading into the future with proven expertise

Timestamps

00:00 - Introduction
00:20 - Avertium's mission in security
02:05 - Common challenges across regulated industries
03:44 - Assess, Design, Protect methodology
05:54 - Customer success story
08:26 - AI readiness and data estates
10:57 - Bridging executives and IT teams
12:57 - Customer Zero approach
15:09 - Final thoughts

Resources

• Avertium: avertium.com
• Microsoft Security: Sentinel, Defender XDR, Purview
• Compliance: HIPAA, PCI, NERC, High Trust

Key Takeaways

1. Focus creates depth - specialization builds meaningful partnerships
2. Data hygiene before AI - organize your data estate first
3. Meet customers where they are - tactical starts lead to strategic relationships
4. Be your own customer zero - internal testing builds real expertise
5. Security enables business - proper programs accelerate outcomes

Connect

Subscribe to Secured with Dr. KJ on your favorite podcast platform.

Feedback, topics, or want to be a guest? Visit: Secured with Dr. KJ - Podcast

Keep securing tomorrow, one episode at a time.

Guest: Stephen Clark, Enterprise Solution Architect

Episode Summary

Stephen Clark joins Dr. KJ to discuss how healthcare organizations can modernize legacy systems and embrace AI without compromising patient care or data security. The conversation covers phased cloud migration strategies, balancing clinical access with HIPAA compliance, and implementing AI responsibly to improve patient outcomes while protecting against bias.

Discussion Topics & Timestamps

- (00:00): Introduction and guest welcome

- (01:05): Legacy systems and phased cloud migration strategies

- (08:30): Hot sites, lift-and-shift vs. hybrid cloud approaches

- (13:20): Balancing clinical access with privacy and compliance

- (16:30): AI in healthcare: security applications and responsible implementation

- (24:00): Final thoughts: blueprints, executive buy-in, and crawl-walk-run

Key Takeaways

1. Avoid the "big bang" approach – Healthcare cloud migration requires a phased, methodical strategy. Hybrid cloud lets you maintain existing DR/BC plans while modernizing incrementally.
2. Data assessment comes first – Before addressing compliance, security, or migration, you must understand your current state: where data lives, what integrations exist, and who's consuming it.
3. AI needs governance from day one – Responsible AI in healthcare requires clean data, continuous monitoring, transparency in decision-making, and a robust ethical framework policy.

Notable Quotes

"AI, to me today, has the discernment of a mouse. AI doesn't really discern today—it doesn't know if the data provided is truthful or accurate."

"Don't try to boil the ocean. Start with thorough assessments, prioritize compliance and security, and ensure you have executive buy-in before diving in."

Connect

Guest: Stephen Clark – (12) Stephen Clark | LinkedIn

Host: Dr. Kenneth Johnson – (12) Dr. Kenneth Johnson, CISSP | LinkedIn

Securing tomorrow, one episode at a time.

Hosted on Acast. See acast.com/privacy for more information.

Episode Title: AI in Cybersecurity: A New Era

Host & Guest:

• Host: Dr. Kenneth “KJ” Johnson
• Guest: Joshua Boyce

Duration: ~16 minutes

Keywords:

AI, cybersecurity, proactive defense, threat intelligence, data quality, incident response, human oversight, collaboration, security leaders, trust

Episode Summary:

In this conversation, Joshua Boyce joins Dr. KJ to explore how AI is transforming cybersecurity from a reactive posture to a proactive defense model. They unpack the critical role of data quality in ensuring AI-driven systems are effective, the growing importance of cross-industry collaboration for threat intelligence sharing, and how organizations can balance AI automation with human oversight. The discussion underscores that AI should be viewed as a force multiplier, enhancing human capability rather than replacing it. The episode concludes with insights on building trust in AI systems and why security leaders must treat AI as an accelerant to human potential—one that reshapes both the attack surface and the way defenders respond.

What You’ll Learn:

• Why AI is becoming a teammate in the SOC (Security Operations Center).
• How data quality determines the success of AI in cybersecurity.
• The value of cross-industry collaboration for proactive threat defense.
• Why human oversight remains essential in an AI-driven world.
• How organizations can shift from reactive to proactive cybersecurity strategies.

Key Takeaways:

• AI is a force multiplier, not a replacement for human defenders.
• Data quality is foundational to effective AI implementation.
• Collaboration is essential for sharing threat intelligence across industries.
• Trust in AI systems is vital for long-term success.
• The future of cybersecurity is proactive, not reactive.

Memorable Quotes:

“AI is becoming a teammate in the SOC.”

“AI is a force multiplier, not a replacement.”

“Garbage in, garbage out.”

Connect with the guest

• Joshua Boyce: https://www.linkedin.com/in/joshuaboyce/

Listen & subscribe

• Acast: https://shows.acast.com/secured-with-dr-kj
• Apple Podcasts / Spotify / YouTube: Search “Secured with Dr. KJ”

Support the show

If this episode helped you, share it with your team, leave a quick rating/review, and follow the show for new episodes on cloud security, Zero Trust, AI-driven defense, and more.

Securing tomorrow, one episode at a time.

Hosted on Acast. See acast.com/privacy for more information.

Securing Finance: Protecting the Digital Backbone of Banking

Host: Dr. KJ

Guest: Jerry Davis, Senior Cybersecurity Executive & Former CISO/CSO at multiple U.S. federal agencies and Fortune 500 companies

Duration: ~25 minutes

Keywords

Banking Security, Cyber Resilience, Financial Services, Critical Infrastructure, AI in Security, National Security, Workforce Development, Public-Private Partnerships, Digital Backbone of Finance

Episode Summary

Kicking off Season 2 of Secured with Dr. KJ, we welcome Jerry Davis, a five-time CISO/CSO and one of the most experienced cybersecurity leaders in both government and private industry.

Jerry’s career spans protecting some of the most mission-critical organizations on the planet—from NASA and the Department of Veterans Affairs to global financial institutions. He even served as a CIA Counterintelligence Officer, bringing a unique perspective on threat actors and national security.

In this episode, Jerry shares how financial services organizations can protect the digital backbone of banking, where operational continuity, trust, and resilience are paramount. He dives into how innovation, compliance, and collaboration intersect, and why preparing the next generation of cyber talent is essential for resilience.

What You’ll Learn

• How to secure financial ecosystems while protecting trust at scale
• Why public-private collaboration is critical against evolving threats
• How to balance innovation, compliance, and operational continuity
• The role of workforce development in building sustainable cyber resilience

Key Takeaways

• Banking and finance are the digital backbone of global economies
• Resilience is about preparation—from identity and access management to vulnerability management
• Partnerships and intelligence sharing amplify security capabilities
• Future-proofing the workforce is as critical as adopting new technologies

Memorable Quotes

“In banking, cybersecurity isn’t just about protection—it’s about preserving trust in the system.” – Jerry Davis

“Resilience comes from preparation, collaboration, and never losing sight of the basics.” – Jerry Davis

Connect with the Guest

👉 Jerry Davis on LinkedIn

Listen Now

👉 Secured with Dr. KJ on Acast

Hosted on Acast. See acast.com/privacy for more information.

Cybersecurity in Education: Balancing Openness and Protection

Host: Dr. KJ

Guest: Dan Menicucci, National Solution Engineering Manager, Microsoft Security in Financial Services

Duration: ~20 minutes

Keywords

Cybersecurity in Education, Digital Transformation, Budget Constraints, Public-Private Collaboration, Microsoft Security, Identity, MFA, Risk Management

Episode Summary

In this episode, Dr. KJ sits down with Dan Menicucci, a seasoned cybersecurity leader with decades of experience across education and financial services. Dan previously served as Microsoft’s Chief Security Advisor for Education and brings a unique perspective on how academic institutions can balance their open, collaborative nature with the need for strong cyber defenses.

We unpack the real-world challenges education leaders face—tight budgets, aging infrastructure, and the rising tide of ransomware—and explore how focusing on fundamentals like identity, patch management, and MFA can make the biggest difference. Dan also highlights the critical role of public-private partnerships, and how collaboration is shaping the next chapter of education security.

This episode offers both strategic insights for leaders and practical guidance for practitioners on the front lines.

What You’ll Learn

• Why education is a top target for cyberattacks—and how attackers are evolving
• How to balance openness vs. protection in academic environments
• The importance of collaboration between public and private sectors
• Why focusing on the basics is more impactful than chasing every new threat
• Dan’s perspective on the future of cybersecurity in education

Key Takeaways

• The basics still matter: identity, patching, MFA
• Collaboration can be a force multiplier—no one can tackle these challenges alone
• Education leaders must align budget, strategy, and partnerships for long-term resilience

Memorable Quotes

“The fundamentals—identity, vulnerability management, MFA—will protect you more than chasing the latest shiny tool.” – Dan Menicucci

“In education, it’s about enabling learning while quietly building the guardrails to keep everyone safe.” – Dan Menicucci

Connect with the Guest

👉 Dan Menicucci on LinkedIn

Listen Now

👉 Secured with Dr. KJ on Acast

Hosted on Acast. See acast.com/privacy for more information.

Guest: Jameeka Green Aaron

Guest Title: Chief Information Security Officer, Headspace

Episode Summary

Jameeka Green Aaron, CISO at Headspace, joins Dr. KJ for a candid conversation on protecting mental health data, the limitations of AI in clinical settings, and why humanity must remain a non-negotiable in cybersecurity. As a Navy veteran and black woman in tech leadership, Jameeka also shares powerful insights on representation, courage, and the fight for equity in the industry.

Discussion Topics & Timestamps

• (00:00) Introduction and guest welcome
• (01:45) AI in mental health: balancing innovation with patient protection
• (08:30) Guardrails and governance: the CIA triad applied to AI
• (14:20) Why security leadership is critical in healthcare
• (21:30) Explaining security concepts to clinicians and product teams
• (24:30) Leadership, representation, and courage as a black veteran in cybersecurity

Key Takeaways

1. Humanity is a non-negotiable – AI lacks empathy, context, and the ability to read nonverbal cues. In mental health, models must never instruct users to harm themselves or others—guardrails must be absolute.
2. Data professionals are the linchpin of AI – Good data in, good data out. De-identification, anonymization, and clean data practices are essential before training any model on sensitive health information.
3. Protecting and healing go together – Security in healthcare isn't a barrier; it's an enabler. Clinicians already understand patient privacy deeply—security leadership helps them extend that protection through technology.

Resources & Frameworks Mentioned

• HIPAA – Health Insurance Portability and Accountability Act
• HITRUST – Healthcare information security certification
• CIA Triad – Confidentiality, Integrity, Availability
• Headspace Ebb – AI companion that helps users navigate mental health content
• Large Language Models (LLMs) – Foundation for AI-powered tools

Notable Quotes

"Technology is about people. Everything we create is for the greater good of humanity. As a CISO, I'm here to enable innovation and protect people from the woes of that innovation."

"AI has the discernment of a mouse. It doesn't know if the data you provided is truthful or accurate."

"Protecting and healing go together."

Connect

Guest: Jameeka Green Aaron – (13) Jameeka Green Aaron, CISSP | LinkedIn

Host: Dr. Kenneth Johnson – (13) Dr. Kenneth Johnson, CISSP | LinkedIn

Securing tomorrow, one episode at a time.

Hosted on Acast. See acast.com/privacy for more information.

Host: Dr. Kenneth Johnson

Guest: Connie Devine, Deputy CISO, Phillips 66 - https://www.linkedin.com/in/connie-devine-duncan/

Duration: ~18.7 minutes

Keywords:

critical infrastructure, oil and gas, cybersecurity, OT security, IT-OT convergence, threat intelligence, generative AI, zero trust, third-party risk, cyber resilience

Episode Summary:

In the premiere of Season 2, Secured with Dr. KJ shifts focus to the voice of the customer, starting with a deep dive into the oil and gas sector. Connie Devine, Deputy CISO at Phillips 66, discusses the evolving cybersecurity landscape across IT and operational technology (OT) environments. From geopolitical threats to AI-infused vendor solutions, Connie shares how her team stays ahead of nation-state actors, secures critical supply chains, and balances innovation with regulation.

What You’ll Learn:

• The importance of converged governance in IT and OT networks
• How geopolitical events directly impact energy security
• Strategies for integrating zero trust into OT environments
• The promise and caution around AI implementation in energy
• How to vet and manage cybersecurity risk in third-party relationships
• Why cyber awareness and culture are as vital as the tools deployed

Key Takeaways:

• The attack surface in energy has expanded with IT-OT convergence
• Cybersecurity in oil and gas is about protecting both people and product
• AI brings opportunities and risks—understanding use cases is essential
• Supply chain security is a critical, ongoing process
• Regulatory frameworks like NIST and TSA are foundational
• Building a cyber-aware culture strengthens every layer of defense

Memorable Quotes:

“Zero trust in OT requires a very different mindset.”

“We’re always looking for better, safer ways to do what we do.”

“Cybersecurity is no longer optional—it’s a strategic imperative.”

“The OT network will become a bigger target in the future.”

🎧 Listen on Your Favorite Platform:

• 🎙️ Acast: https://shows.acast.com/secured-with-dr-kj
• 🍎 Apple Podcasts: https://podcasts.apple.com/us/podcast/secured-with-dr-kj/id1719440170
• 🎧 Spotify: https://open.spotify.com/show/7uZYymUPp7PBiKqgYrbv2Y

Connect with Connie on LinkedIn: https://www.linkedin.com/in/connie-devine-duncan/

Secured with Dr. KJ – Securing tomorrow, one episode at a time.

Hosted on Acast. See acast.com/privacy for more information.

Identity and Access Management

Host: Dr. Kenneth Johnson

Guest: Corey Lee, Security CTO, Microsoft Education

Duration: ~20 minutes

Keywords:

identity, security, breaches, governance, authentication, authorization, MFA, passwordless, AI, zero trust

Episode Summary:

In this episode of Secured with Dr. KJ, Corey Lee, Security CTO for Microsoft Education, unpacks the foundational role of identity in today’s security landscape. With over 15 years of experience in risk analysis, identity, and AI-enabled security, Corey shares how identity acts as the glue connecting people, devices, and data—and as the edge organizations must protect.

The conversation covers the rise of identity-driven breaches, the growing importance of governance, and innovations like passkeys and verified ID. Corey also provides insights into strengthening MFA strategies, enabling passwordless adoption, and preparing for a future where AI and zero trust shape every layer of defense.

What You’ll Learn:

• Why identity is now the core security perimeter
• How identity connects and protects in a hybrid, AI-driven world
• The role of governance in managing evolving permissions
• Why MFA remains critical—and how to improve its adoption
• What a successful passwordless journey looks like
• How identity threat detection is becoming more automated and intelligent
• The importance of strategic planning in identity management
• Why identity is key to unlocking secure innovation at scale

Key Takeaways:

• Identity is the core of modern security architecture
• Breaches often stem from compromised or mismanaged identities
• Identity governance helps manage scope creep and permissions sprawl
• MFA should be enforced adaptively based on risk
• Passwordless strategies reduce known attack surfaces
• Organizations must report on and monitor identity security gaps
• Identity is now central to AI and agent-based security scenarios
• Strategic identity planning unlocks innovation and improves protection
• Continuous tracking and governance support transformation
• Identity is here to stay and growing more critical each day

Memorable Quotes:

• “Identity is the new security perimeter.”
• “Passwords create very bad behavior.”
• “Identity has never been easy.”
• “Identity is here to stay.”

Listen now on your favorite platform:

• Apple Podcasts: https://podcasts.apple.com/us/podcast/secured-with-dr-kj/id1730562581
• Spotify: https://open.spotify.com/show/5ZHg5qHXGP6MSf2QnK6LDo
• Acast: https://shows.acast.com/secured-with-dr-kj
• Amazon Music: https://music.amazon.com/podcasts/4ff12a6c-f35f-4f8d-a5d4-9170c601ea3f

Secured with Dr. KJ – Securing tomorrow, one episode at a time.

Hosted on Acast. See acast.com/privacy for more information.

Host: Dr. Kenneth Johnson

Guest: Maurice Hampton

Duration: ~23 minutes

Keywords:

IoT security, connected devices, cybersecurity, risk management, best practices, visibility, control, AI, machine learning, organizational strategy

Episode Summary:

In this episode of Secured with Dr. KJ, Maurice Hampton, Director of Cybersecurity Solution Sales (East) at Microsoft, unpacks the security challenges posed by the exponential growth of connected devices.

Maurice walks through the evolution of the IoT attack surface, explaining how formerly isolated systems are now interconnected and exposed to new threats. He outlines a practical, phased approach—acknowledge, assess, implement controls—for tackling IoT security at scale. The discussion underscores the need for visibility, collaboration, and AI-driven insights to manage risk across environments like manufacturing, transportation, and smart cities.

Listeners will gain actionable strategies and real-world examples of how organizations can secure their IoT footprint from the edge to the cloud.

What You’ll Learn:

• Why IoT security is more complex today than ever before
• The risks associated with interconnectivity and outdated systems
• How to launch an IoT security strategy using a crawl-walk-run approach
• Why visibility and inventory are foundational to defense
• The critical role of cross-functional collaboration in securing IoT
• How AI and machine learning enhance detection and response
• Real-world examples of IoT security transformation

Key Takeaways:

• The IoT attack surface has expanded due to rapid connectivity
• Security must be built into innovation—not added later
• Acknowledging risks is step one in any IoT security journey
• Comprehensive assessments are essential to understand current state
• Controls must follow knowledge—not precede it
• Cross-team collaboration is vital—security is a team sport
• Visibility into devices and their behavior drives stronger defense
• AI can uncover anomalies that humans may miss
• Start small and build repeatable processes
• Taking action is the key to reducing long-term risk

Memorable Quotes:

• “The attack surface has grown exponentially.”
• “Acknowledge, understand, and then controls.”
• “Get other people in the boat with you.”
• “Security isn’t a solo act—it’s a team sport.”
• “AI lets us see what we couldn’t before.”

Hosted on Acast. See acast.com/privacy for more information.

Host: Kenneth Johnson

Guest: Bryce Carter, Chief Information Security Officer, City of Arlington

Duration: ~22 minutes

Keywords: Smart Cities, Critical Infrastructure, Generative AI, Deepfakes, Operational Technology, Security by Design, Third-Party Risk, Quantum Encryption, AI Ethics

Episode Summary

In this insightful episode of Secured with Dr. KJ, I sit down with Bryce Carter, CISO for the City of Arlington, to explore the evolving challenges of securing modern urban environments. Bryce takes us behind the scenes of city operations—where critical infrastructure like utilities, public safety, and transportation systems converge with rapidly advancing technologies.

We discuss the rising threats posed by generative AI, deepfakes, and nation-state actors, as well as the complexities of protecting operational technology (OT) and Internet of Things (IoT) systems. Bryce shares his perspective on embedding security by design, managing third-party risk, and fostering a culture of resilience through executive and technical tabletop exercises.

Our conversation also ventures into the future—examining AI bias, data governance, explainability, and the encryption challenges that quantum computing may soon bring. Bryce’s community-first approach to security ensures that technology not only protects citizens but also enhances quality of life, trust, and economic vitality.

What You’ll Learn

• Why cities face unique cybersecurity challenges across multiple sectors simultaneously
• How generative AI and deepfakes are reshaping the threat landscape
• The importance of “security by design” and a proactive risk management culture
• Strategies for building resilience in interconnected urban ecosystems
• The role of AI ethics, governance, and bias testing in public sector adoption
• Why quantum encryption readiness is a growing priority for governments

Key Takeaways

• Cities operate like many industries in one—making cybersecurity vastly more complex.
• Generative AI and deepfakes will require both technical and societal responses to maintain trust.
• Security by design must be woven into culture, funding, processes, and development cycles.
• Third-party risk management is essential, but there is no silver bullet—collaboration and intelligence sharing are critical.
• Quantum computing may upend current encryption standards, requiring governments to prepare now.

Memorable Quotes

“When you think about a city… it’s really like a bunch of different subsidiaries, and protecting that is very complex.” – Bryce Carter

“Deepfakes could push us back to face-to-face interactions just for trust alone.” – Bryce Carter

“Security done right doesn’t impair—it enables better quality of life and economic value.” – Bryce Carter

Connect with the Guest

🔗 Connect with Bryce Carter on LinkedIn

Secured with Dr. KJ – Securing tomorrow, one episode at a time.

Hosted on Acast. See acast.com/privacy for more information.

Host: Dr. Kenneth Johnson

Guest: Awnya Creque

Duration: ~20 minutes

Keywords:

cloud compliance, data security, regulatory challenges, Microsoft Purview, risk assessment, industry regulations, cloud migration, access control, data privacy, compliance automation

Episode Summary:

In this episode of Secured with Dr. KJ, Awnya Creque, Principal Technical Specialist at Microsoft, breaks down the complex world of regulatory compliance in the cloud.

Awnya outlines five critical focus areas—data residency, access control, data privacy, regulatory compliance, and auditing/reporting—that organizations must address when migrating to or operating in cloud environments. She explains how compliance challenges vary across sectors like government, healthcare, and financial services, and how tools like Microsoft Purview can support proactive compliance strategies.

The conversation also explores the importance of fostering a culture of compliance, leveraging automation, and integrating regulatory checks into day-to-day workflows.

What You’ll Learn:

• The top compliance challenges when moving to the cloud
• Why data sovereignty and residency matter more than ever
• How identity and access control play a central role in securing sensitive data
• Why compliance isn’t a one-time task—it’s a continuous process
• How industry-specific requirements shape cloud security strategies
• The role of cloud providers and automation in easing the compliance burden

Key Takeaways:

• Organizations face multiple compliance challenges in the cloud
• Data residency and sovereignty are essential to meet global regulations
• Strong access control and identity management are non-negotiable
• Security programs must adhere to evolving frameworks like GDPR and HIPAA
• Compliance demands constant attention and adaptation
• Effective auditing and reporting help demonstrate accountability
• Industry-specific regulations drive unique security needs
• Cloud platforms like Microsoft Purview offer valuable support
• Proactive strategies and automation reduce risk
• Embedding compliance into daily workflows drives long-term success

Memorable Quotes:

• “Data stays where it needs to be.”
• “Stay informed about regulatory updates.”
• “Conducting a risk assessment is crucial.”
• “Integrate compliance into your workflows.”

Hosted on Acast. See acast.com/privacy for more information.

Host: Dr. Kenneth Johnson

Guest: James Ringold

Duration: ~20 minutes

Keywords:

ransomware, cybersecurity, threat landscape, AI in security, recovery strategies, ransomware as a service, security education, enterprise security, ransomware attacks, modern security platforms

Episode Summary:

In this episode of Secured with Dr. KJ, James Ringold breaks down the constantly evolving ransomware threat landscape and its implications for enterprise security. From the rise of AI-powered attacks to the growth of ransomware as a service, James explains why these threats demand more than just technical fixes—they require a strategic, cross-functional approach.

We also explore the growing importance of security education, the burden of legacy systems, and how organizations can better balance proactive prevention with rapid recovery strategies.

What You’ll Learn:

• How ransomware tactics have evolved, including triple extortion
• Why legacy systems are still a major weak spot
• How AI is both a threat and a tool in cybersecurity
• The role of cloud storage and file versioning in recovery
• Why education and awareness are just as critical as tooling
• How to think about ransomware as a business risk, not just a tech problem

Key Takeaways:

• Ransomware damages are projected to hit $57 billion by 2025
• Triple extortion and human-operated attacks are on the rise
• AI is enabling faster, stealthier attacks
• Ransomware as a service creates a supply chain of cybercrime
• Legacy infrastructure remains a major vulnerability
• Cloud-based recovery tools like versioning can expedite restoration
• Employee education and SOC readiness are vital to response
• Effective defense requires cross-team collaboration
• Prevention and recovery must go hand-in-hand
• Ransomware is a business-level risk, not just an IT concern

Memorable Quotes:

• “AI is used to automate phishing and evade detection.”
• “Ransomware as a service is a growing concern.”
• “Attackers don’t hack anymore—they log in.”
• “Balancing prevention with rapid recovery is crucial.”

Hosted on Acast. See acast.com/privacy for more information.

Host: Dr. Kenneth Johnson

Guest: Jim Eckart, General Manager of Security Solution Sales at Microsoft, Former CISO

Duration: 18:50

Episode Overview:

In this premiere episode of Secured with Dr. KJ, we sit down with Jim Eckart—a seasoned security leader with over 25 years in IT and cybersecurity. As a former CISO and current General Manager of Security Solution Sales at Microsoft, Jim shares insights on what it takes to secure organizations at scale in today’s evolving digital landscape.

What We Discuss:

•The biggest shifts in the cybersecurity landscape over the last decade

•Lessons learned from Jim’s time as a CISO

•How Microsoft approaches enterprise security and what makes it stand out

•The role of Zero Trust, identity, and AI in modern security strategies

•Where organizations still fall short—and how they can catch up

Why You Should Listen:

Whether you’re a business leader, security professional, or curious about the future of cybersecurity, this episode offers a front-row seat to how one of the world’s biggest tech companies tackles security challenges from the inside out.

Key Quote:

“Good security is about anticipating problems before they become breaches—and that takes a culture, not just a toolset.” — Jim Eckart

Hosted on Acast. See acast.com/privacy for more information.

Host: Kenneth Johnson

Guest: Richard Kaufmann

Duration: 21m 28s

Location: United States

Podcast Link: Secured with Dr. KJ on Acast

Keywords

Privacy, Children, Cybersecurity, Surveillance, Digital Footprint, Parenting, AI, Data Protection, Cyber Awareness, Online Safety

Episode Summary

In this bonus episode, Dr. KJ sits down with cybersecurity and AI expert Richard Kaufmann to explore one of the most critical and emotionally charged issues in today’s digital era: privacy and our children. With kids being exposed to technology from infancy and data trails forming before they can even talk, Richard walks us through the unseen costs of growing up in a world that never forgets.

They explore how everything from smart devices to educational apps can silently collect data and what that means for a child’s future. Richard blends real-world experience, strategic insight, and parental empathy to highlight what leaders, parents, and policymakers need to understand—and act on.

What You’ll Learn

• How digital exposure starts before birth and why that’s a problem.
• The long-term consequences of early data collection and surveillance.
• Why privacy must be treated as a child safety issue.
• How AI complicates the protection of minors.
• Practical tips for parents, educators, and security professionals.

Key Takeaways

• Digital Childhood is Permanent: Children’s data footprints are not erasable and can shape their opportunities later in life.
• Security Isn’t Optional: Protecting kids in the digital age means rethinking both parenting and policy through a cybersecurity lens.
• AI is a Double-Edged Sword: While powerful for personalization and protection, it can also enable surveillance and data misuse.
• We Need Guardrails: The time to act is now—before children’s futures are compromised by today’s tech conveniences.

Memorable Quotes

• “We put more protection on a credit card than we do on a child’s data.” – Richard Kaufmann
• “The most vulnerable population in the digital age is the one without a voice yet.” – Richard Kaufmann

Connect with the Guest

Want to learn more from Richard Kaufmann or continue the conversation?

• 🔹 Connect with Richard on LinkedIn

Hosted on Acast. See acast.com/privacy for more information.

Host: Dr. Kenneth Johnson

Guest: Rico Mariani, Veteran Software Performance Engineer & Longtime Microsoft Leader

Duration: ~20 minutes

Episode Overview:

In this episode of Secured with Dr. KJ, Dr. Kenneth Johnson sits down with Rico Mariani, a veteran technologist with decades of experience at Microsoft and a deep background in software performance engineering. Known for his strategic thinking and advocacy for diversity in tech, Rico shares valuable insights on how organizations can better approach security in a hybrid workforce era.

They explore key challenges with BYOD, transitioning to cloud environments, and the critical need to understand your internal inventory before building outward. Rico also dives into why tailored security matters, how to assume compromise as a defense model, and the human side of securing flexible work.

What You’ll Learn:

• The security risks introduced by hybrid and remote work
• Why visibility and inventory are the foundation of modern security
• Strategies for managing BYOD in enterprise environments
• How to align infrastructure with user needs and risk
• Why tailored access and device assumptions matter
• The connection between good security and organizational readiness

Key Takeaways:

• Understand your inventory before building your security stack.
• Get your internal systems in order before expanding into hybrid/cloud.
• Assume devices are compromised to strengthen overall defense.
• Tailor security to roles and business needs for smarter access control.
• BYOD success requires flexibility, awareness, and clear boundaries.

Memorable Quote:

“Assume they’re connecting with a compromised device. That mindset changes how you design your defenses.” – Rico Mariani

Hosted on Acast. See acast.com/privacy for more information.

Host: Dr. Kenneth Johnson

Guest: Unique Glover, Technical Sales Director, Microsoft

Duration: ~19 minutes

Episode Overview

In this episode of Secured with Dr. KJ, we sit down with Unique Glover, a veteran cybersecurity leader and cloud expert with over 20 years in the industry. Unique currently serves as Technical Sales Director at Microsoft and holds advanced credentials like CISSP and CCSP. His passion for security, innovation, and community shines as we explore how Microsoft is shaping the future of cloud security.

What You’ll Learn:

•How Microsoft Azure security compares to AWS and GCP

•Why Defender for Cloud is a game-changing tool for enterprise security

•The evolution of data security and the importance of unified security platforms

•How Microsoft balances innovation with openness and integration

•Why collaboration across the security industry is critical to staying ahead of threats

Key Takeaways:

•Microsoft’s native tooling, threat intelligence, and end-to-end integration create a uniquely powerful security platform.

•Defender for Cloud offers visibility, compliance frameworks, automation, and consistent posture management.

•Flexibility and interoperability are must-haves for modern security architecture.

•Collaboration across vendors, partners, and the community is essential to protect customers and stop adversaries.

Memorable Quote:

“If our customers and communities don’t get the protection they need, the only ones who win are the attackers. That’s why integration, collaboration, and transparency matter more than ever.” — Unique Glover

If you enjoyed this episode, be sure to like, subscribe, and share the podcast with your network.

Join us next time as we continue securing tomorrow, one episode at a time.

Hosted on Acast. See acast.com/privacy for more information.

Show: Secured with Dr. KJ

Guest: Carl Mosby III — solutions engineering leader, trusted advisor, people-first technologist

Episode type: Leadership & culture / AI & security

Episode snapshot

Leadership today sits at the intersection of people and rapidly evolving tech. Carl Mosby III unpacks what effective leadership looks like when security and technology are inseparable—covering education-first cultures, leading without ego, activating others, and keeping trust and ethics at the center as AI accelerates change.

Key topics

• People-first leadership in a high-velocity tech era
• Education as a core security control (making risks & methods visible)
• Leading without ego: listening, advocacy, and “multiplicity”
• Activating others: sponsorship, visibility, and shared success
• AI with guardrails: ethics, trust, and avoiding shiny-object syndrome

Timestamps

• 00:00 – 01:04 | Show open & what we cover on Secured with Dr. KJ
• 01:05 – 02:12 | Guest intro: who Carl is & where he leads
• 02:23 – 05:21 | Q1: Leadership when security & tech are inseparable (education, pace of change)
• 05:57 – 07:04 | Leading without ego: balancing urgency with protecting people
• 07:04 – 12:00 | Multiplicity & advocacy: listening, sponsorship, and letting others shine
• 12:00 – 15:30 | AI & leadership: trust, ethics, quality, and resisting over-reliance
• 15:30 – 19:15 | Staying people-centric while tech scales; vulnerability as strength
• 19:18 – 23:12 | The future of leadership: connection, North Stars, and secure growth
• 23:34 – end | Wrap & takeaway

5 takeaways to remember

1. Security is a people practice. Training, context, and communication are as critical as controls.
2. Lead without ego. Listen first, advocate often, and elevate others—especially into the rooms that matter.
3. Build multiplicity. Scale impact by empowering teammates with visibility, ownership, and support.
4. Treat AI as an accelerant, not a replacement. Keep trust, ethics, and human judgment at the center.
5. Connection drives performance. Teams work harder when they feel seen, supported, and aligned to purpose.

Resources mentioned

• Conferences, forums, and cross-org engagement as leadership force multipliers
• Principles: open-door culture, sponsorship, and people-centric rhythms

Connect with the guest

• Carl Mosby III: https://www.linkedin.com/in/carl-mosby-iii/

Listen & subscribe

• Acast: https://shows.acast.com/secured-with-dr-kj
• Apple Podcasts / Spotify / YouTube: search “Secured with Dr. KJ”

Support the show

If this episode resonated, share it with a teammate, leave a quick rating/review, and follow for new conversations on leadership, AI, and security.

Securing tomorrow, one episode at a time.

Hosted on Acast. See acast.com/privacy for more information.

Host: Dr. Kenneth Johnson

Guest: Michael Billy

Duration: ~20 minutes

Keywords:

cybersecurity, generative AI, security trends, tool sprawl, AI security, automation, human oversight, future-proofing, security technologies, Microsoft

Episode Summary:

In this episode of Secured with Dr. KJ, Michael Billy joins the show to explore the future of cybersecurity and how organizations can evolve with confidence in the face of rapid technological change.

From the impact of generative AI to the risks of tool sprawl, Michael outlines why fundamentals like security hygiene and human oversight are more critical than ever. He also discusses how organizations can build trust in AI-powered tools, prepare their teams for the unknown, and create a sustainable plan to stay ahead of threats while embracing innovation.

What You’ll Learn:

• Why hygiene is still the #1 threat in security
• How generative AI is reshaping security tools and tactics
• The importance of vetting AI suppliers and securing AI agents
• Why tool sprawl can lead to visibility gaps and operational fatigue
• How to balance automation with human judgment
• Why Zero Trust and assume breach remain foundational principles
• Strategies for future-proofing security teams and tech stacks

Key Takeaways:

• Hygiene remains the top threat in cybersecurity
• Generative AI will significantly impact security practices
• Organizations must secure their AI agents effectively
• Tool sprawl is a growing concern in cybersecurity
• Vetting generative AI suppliers is crucial for security
• Embracing technology helps teams understand its implications
• Assuming breach is essential for a Zero Trust environment
• Setting a clear plan is vital for security leaders
• Balancing automation with human oversight is necessary
• Continuous learning and adaptation are key in cybersecurity

Memorable Quotes:

• “Hygiene is still the number one threat.”
• “There is no silver bullet in security.”
• “Empower everyone to achieve more.”

Hosted on Acast. See acast.com/privacy for more information.

Host: Dr. Kenneth Johnson

Guest: Mark Simos, Lead Cybersecurity Architect, Microsoft

Duration: ~20 minutes

Keywords:

Zero Trust, Cybersecurity, Identity Management, AI, Security Architecture, Collaboration, Trust Verification, Modern Security Strategies

Episode Summary:

In this episode of Secured with Dr. KJ, Kenneth Johnson and Mark Simos break down the reality of Zero Trust—moving beyond buzzwords into actionable strategies. They explore why traditional perimeter-based security no longer works, and how identity, verification, and AI are reshaping the way we think about trust in cybersecurity.

Mark shares insights on how organizations can align their teams, embrace a culture of shared responsibility, and make security a business enabler—not a blocker. The conversation also touches on how AI is accelerating complex security tasks, helping teams stay ahead of evolving threats.

What You’ll Learn:

• Why Zero Trust is more than a framework—it’s a mindset shift
• The critical role identity plays in modern security
• How AI supports and strengthens Zero Trust strategies
• The cost of implicit trust and the value of explicit verification
• Why collaboration and communication are essential to success

Key Takeaways:

• Zero Trust removes the false assumption of a secure perimeter.
• Verification of identity is essential in modern security.
• Trust is costly; explicit verification is necessary.
• Identity management is crucial for Zero Trust success.
• AI plays a symbiotic role in enhancing security.
• Security must be integrated into business processes.
• Every asset and user must have a defined identity.
• Collaboration across teams is vital for security effectiveness.
• Security professionals should act as enablers for other teams.
• Open communication fosters a successful Zero Trust implementation.

Memorable Quotes:

• “AI accelerates complex security tasks.”
• “Identity is the new security perimeter.”
• “Security is part of everyone’s job.”

Hosted on Acast. See acast.com/privacy for more information.

Host: Kenneth Johnson

Guest: Matthew Waddell, Incident Response Expert & Author of Survive Ransomware

Duration: ~19 minutes

Keywords: Ransomware, Small Business Cybersecurity, Incident Response, Backups, Generative AI, Phishing, Tabletop Exercises, Managed Service Providers, AI in Cyber Defense

Episode Summary

In this episode of Secured with Dr. KJ, I sit down with Matthew Waddell—an incident response veteran with over 25 years of experience defending governments, military operations, and private sector organizations. We focus on the ransomware epidemic hitting small businesses and explore why they’re often seen as low-risk, high-reward targets for cybercriminals.

Matthew shares practical, budget-friendly strategies small businesses can implement today—from running internal tabletop exercises and building relationships with law enforcement to creating effective playbooks and developing a culture of vigilance. We also dive into the critical role of offline, tested backups and how poor backup practices can turn an incident into a full-scale disaster.

The conversation takes a forward-looking turn as we discuss generative AI—how it’s making ransomware attacks more convincing and sophisticated, and how defenders can leverage AI-driven tools, such as virtual SOCs, to match the attackers’ speed and precision. Matthew closes by previewing his upcoming book, Survive Ransomware, designed to give non-technical leaders the tools and knowledge to respond effectively to an attack.

What You’ll Learn

• Why ransomware gangs target small businesses as “practice grounds” for larger attacks
• The importance of employee awareness as the first line of defense
• How tabletop exercises can uncover gaps before an incident strikes
• Why backups must be offline, air-gapped, and regularly tested
• How generative AI is being weaponized by attackers—and how defenders can fight back
• How to build strong relationships with law enforcement and managed service providers before you need them

Key Takeaways

• Small businesses aren’t immune—they’re often easier and more appealing targets for attackers.
• Incident response planning doesn’t require a huge budget, but it does require time, communication, and documentation.
• Backups are only as good as your last test—and ransomware actors actively seek to destroy them.
• Generative AI is reshaping the threat landscape, producing more believable phishing campaigns and faster attacks.
• Proactive relationships with service providers and law enforcement can be invaluable during an incident.

Memorable Quotes

“It doesn’t take a large budget to be secure—just a team willing to think through ‘what if?’ scenarios.” – Matthew Waddell

“If your backups aren’t offline and tested, they might as well not exist when ransomware hits.” – Matthew Waddell

“Attackers are using AI to get faster and smarter—so defenders must do the same.” – Matthew Waddell

Connect with the Guest

🔗 Connect with Matthew Waddell on LinkedIn

Secured with Dr. KJ – Securing tomorrow, one episode at a time.

Host: Dr. Kenneth Johnson

Guest: Terence Jackson

Duration: ~23 minutes

Keywords:

AI, cybersecurity, threat detection, security posture, upskilling, cross-training, digital security, threat actors, zero trust, automation

Episode Summary:

In this episode of Secured with Dr. KJ, Terence Jackson, Chief Security Advisor at Microsoft, explores how artificial intelligence is revolutionizing both sides of the cybersecurity battlefield.

Terence explains how AI is redefining traditional defenses, making threat detection faster and smarter—but also more accessible to adversaries. He walks through the advantages of agentic AI, the evolving threat landscape, and the urgent need for organizations to strengthen posture management and automate security operations. The conversation highlights the importance of upskilling, cross-training, and revisiting foundational security practices like zero trust to stay ahead in the AI arms race.

Listeners will gain insight into the balance between automation and human oversight, and the very real pressures defenders face in a world where attackers have no red tape.

What You’ll Learn:

• How AI empowers defenders to reason over large datasets
• Why threat actors are gaining speed with natural language-driven exploits
• What agentic AI means for posture management and response
• How cross-training existing personnel accelerates readiness
• Why the basics (patching, RBAC, MFA) still matter most
• How to prepare your SOC for AI-assisted defense

Key Takeaways:

• AI has obliterated traditional defenses—speed is the new battleground
• Threat actors are better resourced and less restricted than defenders
• Natural language is the new attack surface
• Agentic AI brings autonomous detection and remediation capabilities
• Time to compromise is now measured in minutes, not months
• Cross-training network and IT engineers reduces staffing gaps
• AI can democratize learning and accelerate workforce development
• Organizations must focus on zero trust and foundational hygiene
• Automation must be balanced with human oversight
• AI is both a friend and a foe—how we use it determines the outcome

Memorable Quotes:

• “AI is obliterating traditional defenses.”
• “The hottest programming language right now is natural language.”
• “We’re defending at the pace and speed of AI.”
• “The attackers have jobs—just like we do.”
• “We need to do the basics better.”

Hosted on Acast. See acast.com/privacy for more information.