Secured with Dr. KJ

Episode Summary
In this episode of Secured with Dr. KJ, Alexandra Kruse joins Dr. KJ to make a case the security industry needs to hear diversity is not a fairness initiative — it is a security advantage. Drawing from her experience as a cybersecurity professional, immigrant, and working mother of two, Alex unpacks how homogenous teams create blind spots that put entire communities at risk, how AI systems inherit the biases of those who build them, and what it truly looks like to lead in a profession that was not always designed with you in mind. From facial recognition failures to the pressure of school drop-offs between back-to-back meetings, this episode brings the human side of security to the forefront.

What You Will Learn
Why leaving diverse voices out of the room is not just a fairness problem but a security risk with measurable consequences, how AI systems reflect the biases in their training data and what that means for underrepresented users at scale, and what real resilience looks like for working mothers navigating leadership in tech.

Top 3 Takeaways
Diverse teams build stronger security. When everyone in the room shares the same background and experiences, blind spots form. Communities that are not represented during design and development are the ones most likely to be left unprotected or actively harmed by the tools that are supposed to serve them.
AI outputs reflect who built it and what it was trained on. From facial recognition disparities to image generation defaults, the evidence is consistent: AI systems that lack diverse input produce output that fails underrepresented users. In an agentic world where those outputs run without a human reviewing every result, the stakes are even higher.
You are in the room because your voice matters, and that is enough. For women earlier in their careers, the pressure to show up perfectly or earn the right to take up space is real. Alex's message is direct: give yourself grace, advocate for others the way you wish someone had advocated for you, and do not confuse rest with weakness.

Memorable Quotes
"Bringing diverse voices into the room is not just about fairness. It is critical to building stronger security for everyone." — Alexandra Kruse
"We need to stop treating diversity as a nice-to-have and start seeing it as a security advantage." — Alexandra Kruse
"You are in the room because your voice matters, and that is enough." — Alexandra Kruse
"I do not need to deserve rest. I can just take the rest because I am human and that is allowed." — Alexandra Kruse

Connect with the Guest
Alexandra Kruse, MSML — Cybersecurity Professional and Advocate
LinkedIn: https://www.linkedin.com/in/alexandra-kruse-msml

Listen & Subscribe
Like, follow, and subscribe to Secured with Dr. KJ: https://swdrkj.riverside.com
🎙 Apple Podcasts: https://podcasts.apple.com/us/podcast/secured-with-dr-kj/id1805058517
🎵 Spotify
📺 YouTube

Support the Show
If this episode brought value, share it with a peer in your network. Every share helps grow a community built on substance over sales — real practitioners, real insights, no pitches.

Securing tomorrow, one episode at a time.

Episode Summary
In this episode, Dr. KJ sits down with Doug Turpin, a seasoned managed service provider leader, to unpack the unique security challenges MSPs face at scale. Doug breaks down the concept of "blast radius" — what happens when the tools designed to protect clients become an attacker's greatest advantage — and shares how his organization builds a security-first culture grounded in stewardship, not fear. The conversation also digs into AI's role as an amplifier, and why ungoverned AI may be one of the most underestimated risks in security today.

What You'll Learn
Why blast radius is the defining security challenge for managed service providers
How security gaps most often start with people — not technology
The difference between using AI as an operational advantage versus accelerating your own mistakes
What a security-first culture actually looks like from the inside out
How to handle and learn from team mistakes without creating a culture of fear
Why AI without guardrails is a compliance and security liability

Top 3 Takeaways
Blast radius is real — and it scales fast. MSPs hold privileged access to dozens or hundreds of client environments. A single compromised identity or remote management tool doesn't just affect one network — it can cascade across your entire client base. Least privilege, strong isolation, and constant visibility aren't optional; they're foundational.
AI amplifies what's already there — good or bad. AI can surface better signals, reduce noise, and free your sharpest people for judgment calls. But if your fundamentals are weak — bad data, poor identity hygiene, broken processes — AI will accelerate your mistakes, not fix them. Governance comes first, use cases second.
Security culture is built on stewardship, not enforcement. When your team understands they're protecting people's livelihoods — not just systems — behavior changes naturally. Clear expectations, shared ownership, and psychological safety to speak up create instinctive security, not performative compliance.

Memorable Quotes
"The tools that we use are designed to be trusted — and attackers love those as hands-on intrusion kits." — Doug Turpin
"AI in reality doesn't fix bad data or identity hygiene or broken processes. If your fundamentals are weak, your AI is just going to make you accelerate your mistakes." — Doug Turpin
"Once you see that security is part of doing the right thing — not just following the rules — your behavior changes, and it changes naturally." — Doug Turpin

Connect with the Guest
Doug Turpin — Managed Service Provider Leader and Senior Security Engineer

Listen & Subscribe
Like, follow, and subscribe to Secured with Dr. KJ: https://swdrkj.riverside.com
🎙 Apple Podcasts: https://podcasts.apple.com/us/podcast/secured-with-dr-kj/id1805058517
🎵 Spotify
📺 YouTube

Support the Show
If this episode brought value, share it with a peer in your network. Every share helps grow a community built on substance over sales — real practitioners, real insights, no pitches.

Securing tomorrow, one episode at a time.

Episode Title: Security at Scale: Identity, AI, and Culture Host: Dr. Kenneth "KJ" Johnson Guest: Nicole Darden Ford Guest Title: Vice President and Customer Security Officer, Microsoft Duration: ~19 minutes
Keywords: identity security, AI security, security culture, Microsoft, enterprise security
Episode Summary
Nicole Darden Ford joins Dr. KJ for a wide-ranging conversation on what it truly means to lead security at global scale. Drawing on over 25 years of experience across corporate and federal environments, Nicole unpacks the three converging forces keeping security leaders up at night — identity, software supply chain, and AI — and why the industry's mindset has fundamentally shifted from reactive to prevention-first. She shares her framework for balancing AI-powered defenses against AI-enabled attacks, why data governance remains the industry's most unresolved challenge, and how the most successful organizations are building security cultures where ownership and accountability belong to everyone. Nicole closes with a lesson from the golf course that every security leader can apply.
What You'll Learn
Why identity, software supply chain, and AI are the three converging forces redefining enterprise security risk
How to think about AI as a tier zero asset — and what that means for how you govern and protect it
Why building a security culture rooted in ownership and accountability matters more than any policy or control
Top 3 Takeaways
AI should advise broadly, decide narrowly, and act autonomously only when the blast radius has been clearly defined — organizations that skip this discipline are taking on significant risk
Data governance is no longer just a CIO or CISO issue — it belongs to the CEO, CFO, and the board, and it must be solved before AI can be deployed safely and effectively
Security culture beats security policy every time — when every employee feels accountable and empowered, security becomes part of how the business operates, not a barrier to it
Memorable Quotes
"When everything looks authorized, it's really hard to figure out where the breach is." — Nicole Darden Ford
"AI should advise broadly, decide narrowly, and act autonomously only when the blast radius has been clearly defined." — Nicole Darden Ford
"Clarity beats consensus every time." — Nicole Darden Ford
Connect with the Guest
Nicole Darden Ford LinkedIn: https://www.linkedin.com/in/nicolendardenford/ Company: www.microsoft.com
Listen & Subscribe
Like, follow, and subscribe to Secured with Dr. KJ: https://swdrkj.riverside.com Apple Podcasts: https://podcasts.apple.com/us/podcast/secured-with-dr-kj/id1805058517 Spotify: Search "Secured with Dr. KJ" YouTube: Search "Secured with Dr. KJ"
Support the Show
If this episode helped you, share it with your team, leave a quick rating/review, and follow the show for new episodes on AI, identity security, security culture, and more.
Securing tomorrow, one episode at a time.

Episode Title: Data Governance in the Age of AI: Building the Right Foundation Host: Dr. Kenneth "KJ" Johnson Guest: Ilya Pozharsky Guest Title: Senior Vice President of Enterprise Solutions, eShare Duration: ~22 minutes
Keywords: data governance, Microsoft 365, AI security, collaboration security, eShare
Episode Summary
Ilya Pozharsky joins Dr. KJ for a deep dive into one of the most overlooked challenges in enterprise security — data governance. As AI reshapes how organizations work, Ilya makes the case that the industry has long neglected the basics, and that foundation must be in place before AI can be used safely and effectively. Drawing on his experience as a Microsoft Global Black Belt and his work advising CISOs across regulated industries, Ilya walks through how eShare's collaboration fabric helps organizations securely share data within Microsoft 365 — without creating roadblocks for the business. The conversation covers external collaboration challenges, AI's expanding attack surface, and why the most successful security leaders are the ones who partner with the business rather than block it.
What You'll Learn
Why poor data governance is the root cause of most AI security risks — and what to do about it
How eShare's collaboration fabric allows organizations to securely share data externally while keeping it inside Microsoft 365
Why the best security leaders build partnerships with the business instead of creating roadblocks
Top 3 Takeaways
AI is a powerful spotlight on existing data governance failures — organizations that haven't addressed the basics will face significant risk as AI adoption accelerates
Security should be a business accelerator, not an inhibitor — meeting users in their flow of work while applying the right guardrails is the key to scalable governance
Start with your North Star — whether building a security program or an AI application, having a clear vision of the end result will guide every decision along the way
Memorable Quotes
"It's one thing to have a policy that looks good on paper — it's another to have one that actually scales." — Ilya Pozharsky
"AI is really putting a red dot on the fact that not having a good data governance strategy creates a lot of risk." — Ilya Pozharsky
"If you build it, they will come." — Ilya Pozharsky
Connect with the Guest
Ilya Pozharsky LinkedIn: https://www.linkedin.com/in/ilyapozharsky/ Company: www.eshare.com
Listen & Subscribe
Like, follow, and subscribe to Secured with Dr. KJ: https://swdrkj.riverside.com Apple Podcasts: https://podcasts.apple.com/us/podcast/secured-with-dr-kj/id1805058517 Spotify: Search "Secured with Dr. KJ" YouTube: Search "Secured with Dr. KJ"
Support the Show
If this episode helped you, share it with your team, leave a quick rating/review, and follow the show for new episodes on AI, data governance, Microsoft security, and more.
Securing tomorrow, one episode at a time.

Episode Title: App Security in the Age of AI Host: Dr. Kenneth "KJ" Johnson Guest: Zack Tembi Guest Title: CEO, Single Fin | Managing Partner, Single Fin Ventures | CIO/CISO Community Builder Duration: ~20 minutes
Keywords: application security, AI, identity security, agentic AI, private cloud
Episode Summary
Zack Tembi joins Dr. KJ to unpack the growing tension between AI-accelerated development and application security. From the explosion of autonomous agents to the rise of identity-based threats, Zack brings a practitioner and investor lens to some of the most pressing challenges facing security teams today. The conversation explores why legacy monitoring tools are falling short, how organizational structure must evolve to embed security into development, and why taking ownership of your data — rather than relying entirely on external AI providers — is becoming a critical strategic imperative. Zack closes with a call to action for security professionals to continuously sharpen their skills and lean into modern innovation with curiosity rather than fear.
What You'll Learn
Why AI-native monitoring tools are replacing legacy solutions and what that means for your security stack
How the rise of agentic AI is fundamentally expanding the identity threat surface
Why security must be embedded into development teams — not siloed as a separate function
Top 3 Takeaways
The threat landscape is evolving faster than training programs — security professionals must proactively upskill and test modern tools in their own environments
Identity is the new perimeter — as AI agents proliferate, managing machine-to-machine identity is becoming as critical as managing human access
Data ownership matters — organizations should consider private cloud or on-prem solutions for mission-critical workloads before sending sensitive data to external AI providers
Memorable Quotes
"You don't need to be a sophisticated hacker anymore to create these attacks." — Zack Tembi
"Security isn't just a security team thing — it's a company thing." — Zack Tembi
"We still need that human innovation and creativity to really get value out of AI." — Zack Tembi
Connect with the Guest
Zack Tembi LinkedIn: https://www.linkedin.com/in/zacktembi/ Newsletter: www.ciosurge.com Company: www.singlefinventures.io
Listen & Subscribe
Like, follow, and subscribe to Secured with Dr. KJ: https://swdrkj.riverside.com Apple Podcasts: https://podcasts.apple.com/us/podcast/secured-with-dr-kj/id1805058517 Spotify: Search "Secured with Dr. KJ" YouTube: Search "Secured with Dr. KJ"
Support the Show
If this episode helped you, share it with your team, leave a quick rating/review, and follow the show for new episodes on AI, application security, identity, and more.

Securing tomorrow, one episode at a time.