Sign up to save your podcasts
Or
Share Blast Radius: How MSPs Secure the many by Protecting One
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Blast Radius: How MSPs Secure the many by Protecting One
Episode Summary
In this episode, Dr. KJ sits down with Doug Turpin, a seasoned managed service provider leader, to unpack the unique security challenges MSPs face at scale. Doug breaks down the concept of "blast radius" — what happens when the tools designed to protect clients become an attacker's greatest advantage — and shares how his organization builds a security-first culture grounded in stewardship, not fear. The conversation also digs into AI's role as an amplifier, and why ungoverned AI may be one of the most underestimated risks in security today.
What You'll Learn
- Why blast radius is the defining security challenge for managed service providers
- How security gaps most often start with people — not technology
- The difference between using AI as an operational advantage versus accelerating your own mistakes
- What a security-first culture actually looks like from the inside out
- How to handle and learn from team mistakes without creating a culture of fear
- Why AI without guardrails is a compliance and security liability
Top 3 Takeaways
- Blast radius is real — and it scales fast. MSPs hold privileged access to dozens or hundreds of client environments. A single compromised identity or remote management tool doesn't just affect one network — it can cascade across your entire client base. Least privilege, strong isolation, and constant visibility aren't optional; they're foundational.
- AI amplifies what's already there — good or bad. AI can surface better signals, reduce noise, and free your sharpest people for judgment calls. But if your fundamentals are weak — bad data, poor identity hygiene, broken processes — AI will accelerate your mistakes, not fix them. Governance comes first, use cases second.
- Security culture is built on stewardship, not enforcement. When your team understands they're protecting people's livelihoods — not just systems — behavior changes naturally. Clear expectations, shared ownership, and psychological safety to speak up create instinctive security, not performative compliance.
Memorable Quotes
"The tools that we use are designed to be trusted — and attackers love those as hands-on intrusion kits." — Doug Turpin
"AI in reality doesn't fix bad data or identity hygiene or broken processes. If your fundamentals are weak, your AI is just going to make you accelerate your mistakes." — Doug Turpin
"Once you see that security is part of doing the right thing — not just following the rules — your behavior changes, and it changes naturally." — Doug Turpin
Connect with the Guest
Doug Turpin — Managed Service Provider Leader and Senior Security Engineer
Listen & Subscribe
Like, follow, and subscribe to Secured with Dr. KJ: https://swdrkj.riverside.com
- 🎙 Apple Podcasts: https://podcasts.apple.com/us/podcast/secured-with-dr-kj/id1805058517
- 🎵 Spotify
- 📺 YouTube
Support the Show
If this episode brought value, share it with a peer in your network. Every share helps grow a community built on substance over sales — real practitioners, real insights, no pitches.
Securing tomorrow, one episode at a time.
View all episodes
By Kenneth JohnsonEpisode Summary
In this episode, Dr. KJ sits down with Doug Turpin, a seasoned managed service provider leader, to unpack the unique security challenges MSPs face at scale. Doug breaks down the concept of "blast radius" — what happens when the tools designed to protect clients become an attacker's greatest advantage — and shares how his organization builds a security-first culture grounded in stewardship, not fear. The conversation also digs into AI's role as an amplifier, and why ungoverned AI may be one of the most underestimated risks in security today.
What You'll Learn
- Why blast radius is the defining security challenge for managed service providers
- How security gaps most often start with people — not technology
- The difference between using AI as an operational advantage versus accelerating your own mistakes
- What a security-first culture actually looks like from the inside out
- How to handle and learn from team mistakes without creating a culture of fear
- Why AI without guardrails is a compliance and security liability
Top 3 Takeaways
- Blast radius is real — and it scales fast. MSPs hold privileged access to dozens or hundreds of client environments. A single compromised identity or remote management tool doesn't just affect one network — it can cascade across your entire client base. Least privilege, strong isolation, and constant visibility aren't optional; they're foundational.
- AI amplifies what's already there — good or bad. AI can surface better signals, reduce noise, and free your sharpest people for judgment calls. But if your fundamentals are weak — bad data, poor identity hygiene, broken processes — AI will accelerate your mistakes, not fix them. Governance comes first, use cases second.
- Security culture is built on stewardship, not enforcement. When your team understands they're protecting people's livelihoods — not just systems — behavior changes naturally. Clear expectations, shared ownership, and psychological safety to speak up create instinctive security, not performative compliance.
Memorable Quotes
"The tools that we use are designed to be trusted — and attackers love those as hands-on intrusion kits." — Doug Turpin
"AI in reality doesn't fix bad data or identity hygiene or broken processes. If your fundamentals are weak, your AI is just going to make you accelerate your mistakes." — Doug Turpin
"Once you see that security is part of doing the right thing — not just following the rules — your behavior changes, and it changes naturally." — Doug Turpin
Connect with the Guest
Doug Turpin — Managed Service Provider Leader and Senior Security Engineer
Listen & Subscribe
Like, follow, and subscribe to Secured with Dr. KJ: https://swdrkj.riverside.com
- 🎙 Apple Podcasts: https://podcasts.apple.com/us/podcast/secured-with-dr-kj/id1805058517
- 🎵 Spotify
- 📺 YouTube
Support the Show
If this episode brought value, share it with a peer in your network. Every share helps grow a community built on substance over sales — real practitioners, real insights, no pitches.
Securing tomorrow, one episode at a time.