Episode Title:Identity and Access ManagementHost: Dr. Kenneth JohnsonGuest: Corey Lee, Security CTO, Microsoft EducationDuration: ~20 minutesKeywords:identity, security, breaches, governance, authentication, authorization, MFA, passwordless, AI, zero trustEpisode Summary:In this episode of Secured with Dr. KJ, Corey Lee, Security CTO for Microsoft Education, unpacks the foundational role of identity in today’s security landscape. With over 15 years of experience in risk analysis, identity, and AI-enabled security, Corey shares how identity acts as the glue connecting people, devices, and data—and as the edge organizations must protect.The conversation covers the rise of identity-driven breaches, the growing importance of governance, and innovations like passkeys and verified ID. Corey also provides insights into strengthening MFA strategies, enabling passwordless adoption, and preparing for a future where AI and zero trust shape every layer of defense.What You’ll Learn:Why identity is now the core security perimeterHow identity connects and protects in a hybrid, AI-driven worldThe role of governance in managing evolving permissionsWhy MFA remains critical—and how to improve its adoptionWhat a successful passwordless journey looks likeHow identity threat detection is becoming more automated and intelligentThe importance of strategic planning in identity managementWhy identity is key to unlocking secure innovation at scaleKey Takeaways:Identity is the core of modern security architectureBreaches often stem from compromised or mismanaged identitiesIdentity governance helps manage scope creep and permissions sprawlMFA should be enforced adaptively based on riskPasswordless strategies reduce known attack surfacesOrganizations must report on and monitor identity security gapsIdentity is now central to AI and agent-based security scenariosStrategic identity planning unlocks innovation and improves protectionContinuous tracking and governance support transformationIdentity is here to stay and growing more critical each dayMemorable Quotes:“Identity is the new security perimeter.”“Passwords create very bad behavior.”“Identity has never been easy.”“Identity is here to stay.”Listen now on your favorite platform:Apple Podcasts: https://podcasts.apple.com/us/podcast/secured-with-dr-kj/id1730562581Spotify: https://open.spotify.com/show/5ZHg5qHXGP6MSf2QnK6LDoAcast: https://shows.acast.com/secured-with-dr-kjAmazon Music: https://music.amazon.com/podcasts/4ff12a6c-f35f-4f8d-a5d4-9170c601ea3fSecured with Dr. KJ – Securing tomorrow, one episode at a time. Hosted on Acast. See acast.com/privacy for more information.
--------
22:58
--------
22:58
Regulatory Compliance in the Cloud
Episode 7: Regulatory Compliance in the Cloud with Awnya CrequeHost: Dr. Kenneth JohnsonGuest: Awnya CrequeDuration: ~20 minutesKeywords:cloud compliance, data security, regulatory challenges, Microsoft Purview, risk assessment, industry regulations, cloud migration, access control, data privacy, compliance automationEpisode Summary:In this episode of Secured with Dr. KJ, Awnya Creque, Principal Technical Specialist at Microsoft, breaks down the complex world of regulatory compliance in the cloud.Awnya outlines five critical focus areas—data residency, access control, data privacy, regulatory compliance, and auditing/reporting—that organizations must address when migrating to or operating in cloud environments. She explains how compliance challenges vary across sectors like government, healthcare, and financial services, and how tools like Microsoft Purview can support proactive compliance strategies.The conversation also explores the importance of fostering a culture of compliance, leveraging automation, and integrating regulatory checks into day-to-day workflows.What You’ll Learn:The top compliance challenges when moving to the cloudWhy data sovereignty and residency matter more than everHow identity and access control play a central role in securing sensitive dataWhy compliance isn’t a one-time task—it’s a continuous processHow industry-specific requirements shape cloud security strategiesThe role of cloud providers and automation in easing the compliance burdenKey Takeaways:Organizations face multiple compliance challenges in the cloudData residency and sovereignty are essential to meet global regulationsStrong access control and identity management are non-negotiableSecurity programs must adhere to evolving frameworks like GDPR and HIPAACompliance demands constant attention and adaptationEffective auditing and reporting help demonstrate accountabilityIndustry-specific regulations drive unique security needsCloud platforms like Microsoft Purview offer valuable supportProactive strategies and automation reduce riskEmbedding compliance into daily workflows drives long-term successMemorable Quotes:“Data stays where it needs to be.”“Stay informed about regulatory updates.”“Conducting a risk assessment is crucial.”“Integrate compliance into your workflows.” Hosted on Acast. See acast.com/privacy for more information.
--------
24:31
--------
24:31
Ransomware and Threat Protection
Episode 6: Ransomware and Threat Protection with James RingoldHost: Dr. Kenneth JohnsonGuest: James RingoldDuration: ~20 minutesKeywords:ransomware, cybersecurity, threat landscape, AI in security, recovery strategies, ransomware as a service, security education, enterprise security, ransomware attacks, modern security platformsEpisode Summary:In this episode of Secured with Dr. KJ, James Ringold breaks down the constantly evolving ransomware threat landscape and its implications for enterprise security. From the rise of AI-powered attacks to the growth of ransomware as a service, James explains why these threats demand more than just technical fixes—they require a strategic, cross-functional approach.We also explore the growing importance of security education, the burden of legacy systems, and how organizations can better balance proactive prevention with rapid recovery strategies.What You’ll Learn:How ransomware tactics have evolved, including triple extortionWhy legacy systems are still a major weak spotHow AI is both a threat and a tool in cybersecurityThe role of cloud storage and file versioning in recoveryWhy education and awareness are just as critical as toolingHow to think about ransomware as a business risk, not just a tech problemKey Takeaways:Ransomware damages are projected to hit $57 billion by 2025Triple extortion and human-operated attacks are on the riseAI is enabling faster, stealthier attacksRansomware as a service creates a supply chain of cybercrimeLegacy infrastructure remains a major vulnerabilityCloud-based recovery tools like versioning can expedite restorationEmployee education and SOC readiness are vital to responseEffective defense requires cross-team collaborationPrevention and recovery must go hand-in-handRansomware is a business-level risk, not just an IT concernMemorable Quotes:“AI is used to automate phishing and evade detection.”“Ransomware as a service is a growing concern.”“Attackers don’t hack anymore—they log in.”“Balancing prevention with rapid recovery is crucial.” Hosted on Acast. See acast.com/privacy for more information.
--------
25:45
--------
25:45
Zero Trust in Practice
Episode 4: Zero Trust – Zero Trust in Practice with Mark SimosHost: Dr. Kenneth JohnsonGuest: Mark Simos, Lead Cybersecurity Architect, MicrosoftDuration: ~20 minutesKeywords:Zero Trust, Cybersecurity, Identity Management, AI, Security Architecture, Collaboration, Trust Verification, Modern Security StrategiesEpisode Summary:In this episode of Secured with Dr. KJ, Kenneth Johnson and Mark Simos break down the reality of Zero Trust—moving beyond buzzwords into actionable strategies. They explore why traditional perimeter-based security no longer works, and how identity, verification, and AI are reshaping the way we think about trust in cybersecurity.Mark shares insights on how organizations can align their teams, embrace a culture of shared responsibility, and make security a business enabler—not a blocker. The conversation also touches on how AI is accelerating complex security tasks, helping teams stay ahead of evolving threats.What You’ll Learn:Why Zero Trust is more than a framework—it’s a mindset shiftThe critical role identity plays in modern securityHow AI supports and strengthens Zero Trust strategiesThe cost of implicit trust and the value of explicit verificationWhy collaboration and communication are essential to successKey Takeaways:Zero Trust removes the false assumption of a secure perimeter.Verification of identity is essential in modern security.Trust is costly; explicit verification is necessary.Identity management is crucial for Zero Trust success.AI plays a symbiotic role in enhancing security.Security must be integrated into business processes.Every asset and user must have a defined identity.Collaboration across teams is vital for security effectiveness.Security professionals should act as enablers for other teams.Open communication fosters a successful Zero Trust implementation.Memorable Quotes:“AI accelerates complex security tasks.”“Identity is the new security perimeter.”“Security is part of everyone’s job.” Hosted on Acast. See acast.com/privacy for more information.
--------
18:56
--------
18:56
Securing the Hybrid Workforce
🎙️ Episode 3: Securing the Hybrid Workforce with Rico MarianiHost: Dr. Kenneth JohnsonGuest: Rico Mariani, Veteran Software Performance Engineer & Longtime Microsoft LeaderDuration: ~20 minutesEpisode Overview:In this episode of Secured with Dr. KJ, Dr. Kenneth Johnson sits down with Rico Mariani, a veteran technologist with decades of experience at Microsoft and a deep background in software performance engineering. Known for his strategic thinking and advocacy for diversity in tech, Rico shares valuable insights on how organizations can better approach security in a hybrid workforce era.They explore key challenges with BYOD, transitioning to cloud environments, and the critical need to understand your internal inventory before building outward. Rico also dives into why tailored security matters, how to assume compromise as a defense model, and the human side of securing flexible work.What You’ll Learn:The security risks introduced by hybrid and remote workWhy visibility and inventory are the foundation of modern securityStrategies for managing BYOD in enterprise environmentsHow to align infrastructure with user needs and riskWhy tailored access and device assumptions matterThe connection between good security and organizational readinessKey Takeaways:Understand your inventory before building your security stack.Get your internal systems in order before expanding into hybrid/cloud.Assume devices are compromised to strengthen overall defense.Tailor security to roles and business needs for smarter access control.BYOD success requires flexibility, awareness, and clear boundaries.Memorable Quote:“Assume they’re connecting with a compromised device. That mindset changes how you design your defenses.” – Rico Mariani Hosted on Acast. See acast.com/privacy for more information.
Welcome to Secured with Dr. KJ—the podcast that explores the evolving world of cybersecurity, the technologies driving it, and the companies shaping our digital future.Hosted by Dr. Kenneth Johnson, cybersecurity leader and strategist, this podcast simplifies complex security topics into actionable insights. In today’s digital world, cybersecurity is a business imperative. Each episode dives into cloud security, Zero Trust, identity management, AI-driven security, and more.We’ll assess how industry leaders, including Microsoft, are tackling security challenges—and where there’s room for improvement. Featuring expert insights from security professionals, industry leaders, and technologists, Secured with Dr. KJ delivers real-world strategies to protect businesses and individuals.🔒 Join the conversation! Subscribe today to explore what it takes to stay secure in a rapidly changing digital world—securing tomorrow, one episode at a time. Hosted on Acast. See acast.com/privacy for more information.
New Zealand