Season 2, Episode 5 – Secured with Dr. KJ

Securing Finance: Protecting the Digital Backbone of Banking

Host: Dr. KJ

Guest: Jerry Davis, Senior Cybersecurity Executive & Former CISO/CSO at multiple U.S. federal agencies and Fortune 500 companies

Duration: ~25 minutes

Banking Security, Cyber Resilience, Financial Services, Critical Infrastructure, AI in Security, National Security, Workforce Development, Public-Private Partnerships, Digital Backbone of Finance

Kicking off Season 2 of Secured with Dr. KJ, we welcome Jerry Davis, a five-time CISO/CSO and one of the most experienced cybersecurity leaders in both government and private industry.

Jerry’s career spans protecting some of the most mission-critical organizations on the planet—from NASA and the Department of Veterans Affairs to global financial institutions. He even served as a CIA Counterintelligence Officer, bringing a unique perspective on threat actors and national security.

In this episode, Jerry shares how financial services organizations can protect the digital backbone of banking, where operational continuity, trust, and resilience are paramount. He dives into how innovation, compliance, and collaboration intersect, and why preparing the next generation of cyber talent is essential for resilience.

• How to secure financial ecosystems while protecting trust at scale
• Why public-private collaboration is critical against evolving threats
• How to balance innovation, compliance, and operational continuity
• The role of workforce development in building sustainable cyber resilience

• Banking and finance are the digital backbone of global economies
• Resilience is about preparation—from identity and access management to vulnerability management
• Partnerships and intelligence sharing amplify security capabilities
• Future-proofing the workforce is as critical as adopting new technologies

👉 Jerry Davis on LinkedIn

👉 Secured with Dr. KJ on Acast

Hosted on Acast. See acast.com/privacy for more information.

Episode 4 – Secured with Dr. KJ

Cybersecurity in Education: Balancing Openness and Protection

Host: Dr. KJ

Guest: Dan Menicucci, National Solution Engineering Manager, Microsoft Security in Financial Services

Duration: ~20 minutes

Cybersecurity in Education, Digital Transformation, Budget Constraints, Public-Private Collaboration, Microsoft Security, Identity, MFA, Risk Management

In this episode, Dr. KJ sits down with Dan Menicucci, a seasoned cybersecurity leader with decades of experience across education and financial services. Dan previously served as Microsoft’s Chief Security Advisor for Education and brings a unique perspective on how academic institutions can balance their open, collaborative nature with the need for strong cyber defenses.

We unpack the real-world challenges education leaders face—tight budgets, aging infrastructure, and the rising tide of ransomware—and explore how focusing on fundamentals like identity, patch management, and MFA can make the biggest difference. Dan also highlights the critical role of public-private partnerships, and how collaboration is shaping the next chapter of education security.

This episode offers both strategic insights for leaders and practical guidance for practitioners on the front lines.

• Why education is a top target for cyberattacks—and how attackers are evolving
• How to balance openness vs. protection in academic environments
• The importance of collaboration between public and private sectors
• Why focusing on the basics is more impactful than chasing every new threat
• Dan’s perspective on the future of cybersecurity in education

• The basics still matter: identity, patching, MFA
• Collaboration can be a force multiplier—no one can tackle these challenges alone
• Education leaders must align budget, strategy, and partnerships for long-term resilience

👉 Dan Menicucci on LinkedIn

👉 Secured with Dr. KJ on Acast

Hosted on Acast. See acast.com/privacy for more information.

Host: Kenneth Johnson

Guest: Matthew Waddell, Incident Response Expert & Author of Survive Ransomware

Duration: ~19 minutes

Keywords: Ransomware, Small Business Cybersecurity, Incident Response, Backups, Generative AI, Phishing, Tabletop Exercises, Managed Service Providers, AI in Cyber Defense

In this episode of Secured with Dr. KJ, I sit down with Matthew Waddell—an incident response veteran with over 25 years of experience defending governments, military operations, and private sector organizations. We focus on the ransomware epidemic hitting small businesses and explore why they’re often seen as low-risk, high-reward targets for cybercriminals.

Matthew shares practical, budget-friendly strategies small businesses can implement today—from running internal tabletop exercises and building relationships with law enforcement to creating effective playbooks and developing a culture of vigilance. We also dive into the critical role of offline, tested backups and how poor backup practices can turn an incident into a full-scale disaster.

The conversation takes a forward-looking turn as we discuss generative AI—how it’s making ransomware attacks more convincing and sophisticated, and how defenders can leverage AI-driven tools, such as virtual SOCs, to match the attackers’ speed and precision. Matthew closes by previewing his upcoming book, Survive Ransomware, designed to give non-technical leaders the tools and knowledge to respond effectively to an attack.

• Why ransomware gangs target small businesses as “practice grounds” for larger attacks
• The importance of employee awareness as the first line of defense
• How tabletop exercises can uncover gaps before an incident strikes
• Why backups must be offline, air-gapped, and regularly tested
• How generative AI is being weaponized by attackers—and how defenders can fight back
• How to build strong relationships with law enforcement and managed service providers before you need them

• Small businesses aren’t immune—they’re often easier and more appealing targets for attackers.
• Incident response planning doesn’t require a huge budget, but it does require time, communication, and documentation.
• Backups are only as good as your last test—and ransomware actors actively seek to destroy them.
• Generative AI is reshaping the threat landscape, producing more believable phishing campaigns and faster attacks.
• Proactive relationships with service providers and law enforcement can be invaluable during an incident.

🔗 Connect with Matthew Waddell on LinkedIn

Secured with Dr. KJ – Securing tomorrow, one episode at a time.

Hosted on Acast. See acast.com/privacy for more information.

Host: Kenneth Johnson

Guest: Bryce Carter, Chief Information Security Officer, City of Arlington

Duration: ~22 minutes

Keywords: Smart Cities, Critical Infrastructure, Generative AI, Deepfakes, Operational Technology, Security by Design, Third-Party Risk, Quantum Encryption, AI Ethics

In this insightful episode of Secured with Dr. KJ, I sit down with Bryce Carter, CISO for the City of Arlington, to explore the evolving challenges of securing modern urban environments. Bryce takes us behind the scenes of city operations—where critical infrastructure like utilities, public safety, and transportation systems converge with rapidly advancing technologies.

We discuss the rising threats posed by generative AI, deepfakes, and nation-state actors, as well as the complexities of protecting operational technology (OT) and Internet of Things (IoT) systems. Bryce shares his perspective on embedding security by design, managing third-party risk, and fostering a culture of resilience through executive and technical tabletop exercises.

Our conversation also ventures into the future—examining AI bias, data governance, explainability, and the encryption challenges that quantum computing may soon bring. Bryce’s community-first approach to security ensures that technology not only protects citizens but also enhances quality of life, trust, and economic vitality.

• Why cities face unique cybersecurity challenges across multiple sectors simultaneously
• How generative AI and deepfakes are reshaping the threat landscape
• The importance of “security by design” and a proactive risk management culture
• Strategies for building resilience in interconnected urban ecosystems
• The role of AI ethics, governance, and bias testing in public sector adoption
• Why quantum encryption readiness is a growing priority for governments

• Cities operate like many industries in one—making cybersecurity vastly more complex.
• Generative AI and deepfakes will require both technical and societal responses to maintain trust.
• Security by design must be woven into culture, funding, processes, and development cycles.
• Third-party risk management is essential, but there is no silver bullet—collaboration and intelligence sharing are critical.
• Quantum computing may upend current encryption standards, requiring governments to prepare now.

🔗 Connect with Bryce Carter on LinkedIn

Secured with Dr. KJ – Securing tomorrow, one episode at a time.

Hosted on Acast. See acast.com/privacy for more information.

🎙️ Episode 1: Fueling Security – Cyber Resilience in Oil & Gas

Host: Dr. Kenneth Johnson

Guest: Connie Devine, Deputy CISO, Phillips 66 - https://www.linkedin.com/in/connie-devine-duncan/

Duration: ~18.7 minutes

Keywords:

critical infrastructure, oil and gas, cybersecurity, OT security, IT-OT convergence, threat intelligence, generative AI, zero trust, third-party risk, cyber resilience

Episode Summary:

In the premiere of Season 2, Secured with Dr. KJ shifts focus to the voice of the customer, starting with a deep dive into the oil and gas sector. Connie Devine, Deputy CISO at Phillips 66, discusses the evolving cybersecurity landscape across IT and operational technology (OT) environments. From geopolitical threats to AI-infused vendor solutions, Connie shares how her team stays ahead of nation-state actors, secures critical supply chains, and balances innovation with regulation.

What You’ll Learn:

• The importance of converged governance in IT and OT networks
• How geopolitical events directly impact energy security
• Strategies for integrating zero trust into OT environments
• The promise and caution around AI implementation in energy
• How to vet and manage cybersecurity risk in third-party relationships
• Why cyber awareness and culture are as vital as the tools deployed

Key Takeaways:

• The attack surface in energy has expanded with IT-OT convergence
• Cybersecurity in oil and gas is about protecting both people and product
• AI brings opportunities and risks—understanding use cases is essential
• Supply chain security is a critical, ongoing process
• Regulatory frameworks like NIST and TSA are foundational
• Building a cyber-aware culture strengthens every layer of defense

Memorable Quotes:

“Zero trust in OT requires a very different mindset.”

“We’re always looking for better, safer ways to do what we do.”

“Cybersecurity is no longer optional—it’s a strategic imperative.”

“The OT network will become a bigger target in the future.”

🎧 Listen on Your Favorite Platform:

• 🎙️ Acast: https://shows.acast.com/secured-with-dr-kj
• 🍎 Apple Podcasts: https://podcasts.apple.com/us/podcast/secured-with-dr-kj/id1719440170
• 🎧 Spotify: https://open.spotify.com/show/7uZYymUPp7PBiKqgYrbv2Y

Connect with Connie on LinkedIn: https://www.linkedin.com/in/connie-devine-duncan/

Secured with Dr. KJ – Securing tomorrow, one episode at a time.

Hosted on Acast. See acast.com/privacy for more information.

Host: Kenneth Johnson

Guest: Richard Kaufmann

Duration: 21m 28s

Location: United States

Podcast Link: Secured with Dr. KJ on Acast

Privacy, Children, Cybersecurity, Surveillance, Digital Footprint, Parenting, AI, Data Protection, Cyber Awareness, Online Safety

In this bonus episode, Dr. KJ sits down with cybersecurity and AI expert Richard Kaufmann to explore one of the most critical and emotionally charged issues in today’s digital era: privacy and our children. With kids being exposed to technology from infancy and data trails forming before they can even talk, Richard walks us through the unseen costs of growing up in a world that never forgets.

They explore how everything from smart devices to educational apps can silently collect data and what that means for a child’s future. Richard blends real-world experience, strategic insight, and parental empathy to highlight what leaders, parents, and policymakers need to understand—and act on.

• How digital exposure starts before birth and why that’s a problem.
• The long-term consequences of early data collection and surveillance.
• Why privacy must be treated as a child safety issue.
• How AI complicates the protection of minors.
• Practical tips for parents, educators, and security professionals.

• Digital Childhood is Permanent: Children’s data footprints are not erasable and can shape their opportunities later in life.
• Security Isn’t Optional: Protecting kids in the digital age means rethinking both parenting and policy through a cybersecurity lens.
• AI is a Double-Edged Sword: While powerful for personalization and protection, it can also enable surveillance and data misuse.
• We Need Guardrails: The time to act is now—before children’s futures are compromised by today’s tech conveniences.

• “We put more protection on a credit card than we do on a child’s data.” – Richard Kaufmann
• “The most vulnerable population in the digital age is the one without a voice yet.” – Richard Kaufmann

Want to learn more from Richard Kaufmann or continue the conversation?

• 🔹 Connect with Richard on LinkedIn

Hosted on Acast. See acast.com/privacy for more information.

Episode 10: The Future of Cybersecurity with Michael Billy

Host: Dr. Kenneth Johnson

Guest: Michael Billy

Duration: ~20 minutes

Keywords:

cybersecurity, generative AI, security trends, tool sprawl, AI security, automation, human oversight, future-proofing, security technologies, Microsoft

Episode Summary:

In this episode of Secured with Dr. KJ, Michael Billy joins the show to explore the future of cybersecurity and how organizations can evolve with confidence in the face of rapid technological change.

From the impact of generative AI to the risks of tool sprawl, Michael outlines why fundamentals like security hygiene and human oversight are more critical than ever. He also discusses how organizations can build trust in AI-powered tools, prepare their teams for the unknown, and create a sustainable plan to stay ahead of threats while embracing innovation.

What You’ll Learn:

• Why hygiene is still the #1 threat in security
• How generative AI is reshaping security tools and tactics
• The importance of vetting AI suppliers and securing AI agents
• Why tool sprawl can lead to visibility gaps and operational fatigue
• How to balance automation with human judgment
• Why Zero Trust and assume breach remain foundational principles
• Strategies for future-proofing security teams and tech stacks

Key Takeaways:

• Hygiene remains the top threat in cybersecurity
• Generative AI will significantly impact security practices
• Organizations must secure their AI agents effectively
• Tool sprawl is a growing concern in cybersecurity
• Vetting generative AI suppliers is crucial for security
• Embracing technology helps teams understand its implications
• Assuming breach is essential for a Zero Trust environment
• Setting a clear plan is vital for security leaders
• Balancing automation with human oversight is necessary
• Continuous learning and adaptation are key in cybersecurity

Memorable Quotes:

• “Hygiene is still the number one threat.”
• “There is no silver bullet in security.”
• “Empower everyone to achieve more.”

Hosted on Acast. See acast.com/privacy for more information.

Episode 9: AI and Security: Friend or Foe? with Terence Jackson

Host: Dr. Kenneth Johnson

Guest: Terence Jackson

Duration: ~23 minutes

Keywords:

AI, cybersecurity, threat detection, security posture, upskilling, cross-training, digital security, threat actors, zero trust, automation

Episode Summary:

In this episode of Secured with Dr. KJ, Terence Jackson, Chief Security Advisor at Microsoft, explores how artificial intelligence is revolutionizing both sides of the cybersecurity battlefield.

Terence explains how AI is redefining traditional defenses, making threat detection faster and smarter—but also more accessible to adversaries. He walks through the advantages of agentic AI, the evolving threat landscape, and the urgent need for organizations to strengthen posture management and automate security operations. The conversation highlights the importance of upskilling, cross-training, and revisiting foundational security practices like zero trust to stay ahead in the AI arms race.

Listeners will gain insight into the balance between automation and human oversight, and the very real pressures defenders face in a world where attackers have no red tape.

What You’ll Learn:

• How AI empowers defenders to reason over large datasets
• Why threat actors are gaining speed with natural language-driven exploits
• What agentic AI means for posture management and response
• How cross-training existing personnel accelerates readiness
• Why the basics (patching, RBAC, MFA) still matter most
• How to prepare your SOC for AI-assisted defense

Key Takeaways:

• AI has obliterated traditional defenses—speed is the new battleground
• Threat actors are better resourced and less restricted than defenders
• Natural language is the new attack surface
• Agentic AI brings autonomous detection and remediation capabilities
• Time to compromise is now measured in minutes, not months
• Cross-training network and IT engineers reduces staffing gaps
• AI can democratize learning and accelerate workforce development
• Organizations must focus on zero trust and foundational hygiene
• Automation must be balanced with human oversight
• AI is both a friend and a foe—how we use it determines the outcome

Memorable Quotes:

• “AI is obliterating traditional defenses.”
• “The hottest programming language right now is natural language.”
• “We’re defending at the pace and speed of AI.”
• “The attackers have jobs—just like we do.”
• “We need to do the basics better.”

Hosted on Acast. See acast.com/privacy for more information.

Episode 10: Securing the Internet of Things with Maurice Hampton

Host: Dr. Kenneth Johnson

Guest: Maurice Hampton

Duration: ~23 minutes

Keywords:

IoT security, connected devices, cybersecurity, risk management, best practices, visibility, control, AI, machine learning, organizational strategy

Episode Summary:

In this episode of Secured with Dr. KJ, Maurice Hampton, Director of Cybersecurity Solution Sales (East) at Microsoft, unpacks the security challenges posed by the exponential growth of connected devices.

Maurice walks through the evolution of the IoT attack surface, explaining how formerly isolated systems are now interconnected and exposed to new threats. He outlines a practical, phased approach—acknowledge, assess, implement controls—for tackling IoT security at scale. The discussion underscores the need for visibility, collaboration, and AI-driven insights to manage risk across environments like manufacturing, transportation, and smart cities.

Listeners will gain actionable strategies and real-world examples of how organizations can secure their IoT footprint from the edge to the cloud.

What You’ll Learn:

• Why IoT security is more complex today than ever before
• The risks associated with interconnectivity and outdated systems
• How to launch an IoT security strategy using a crawl-walk-run approach
• Why visibility and inventory are foundational to defense
• The critical role of cross-functional collaboration in securing IoT
• How AI and machine learning enhance detection and response
• Real-world examples of IoT security transformation

Key Takeaways:

• The IoT attack surface has expanded due to rapid connectivity
• Security must be built into innovation—not added later
• Acknowledging risks is step one in any IoT security journey
• Comprehensive assessments are essential to understand current state
• Controls must follow knowledge—not precede it
• Cross-team collaboration is vital—security is a team sport
• Visibility into devices and their behavior drives stronger defense
• AI can uncover anomalies that humans may miss
• Start small and build repeatable processes
• Taking action is the key to reducing long-term risk

Memorable Quotes:

• “The attack surface has grown exponentially.”
• “Acknowledge, understand, and then controls.”
• “Get other people in the boat with you.”
• “Security isn’t a solo act—it’s a team sport.”
• “AI lets us see what we couldn’t before.”

Hosted on Acast. See acast.com/privacy for more information.

Episode Title:

Identity and Access Management

Host: Dr. Kenneth Johnson

Guest: Corey Lee, Security CTO, Microsoft Education

Duration: ~20 minutes

Keywords:

identity, security, breaches, governance, authentication, authorization, MFA, passwordless, AI, zero trust

Episode Summary:

In this episode of Secured with Dr. KJ, Corey Lee, Security CTO for Microsoft Education, unpacks the foundational role of identity in today’s security landscape. With over 15 years of experience in risk analysis, identity, and AI-enabled security, Corey shares how identity acts as the glue connecting people, devices, and data—and as the edge organizations must protect.

The conversation covers the rise of identity-driven breaches, the growing importance of governance, and innovations like passkeys and verified ID. Corey also provides insights into strengthening MFA strategies, enabling passwordless adoption, and preparing for a future where AI and zero trust shape every layer of defense.

What You’ll Learn:

• Why identity is now the core security perimeter
• How identity connects and protects in a hybrid, AI-driven world
• The role of governance in managing evolving permissions
• Why MFA remains critical—and how to improve its adoption
• What a successful passwordless journey looks like
• How identity threat detection is becoming more automated and intelligent
• The importance of strategic planning in identity management
• Why identity is key to unlocking secure innovation at scale

Key Takeaways:

• Identity is the core of modern security architecture
• Breaches often stem from compromised or mismanaged identities
• Identity governance helps manage scope creep and permissions sprawl
• MFA should be enforced adaptively based on risk
• Passwordless strategies reduce known attack surfaces
• Organizations must report on and monitor identity security gaps
• Identity is now central to AI and agent-based security scenarios
• Strategic identity planning unlocks innovation and improves protection
• Continuous tracking and governance support transformation
• Identity is here to stay and growing more critical each day

Memorable Quotes:

• “Identity is the new security perimeter.”
• “Passwords create very bad behavior.”
• “Identity has never been easy.”
• “Identity is here to stay.”

Listen now on your favorite platform:

• Apple Podcasts: https://podcasts.apple.com/us/podcast/secured-with-dr-kj/id1730562581
• Spotify: https://open.spotify.com/show/5ZHg5qHXGP6MSf2QnK6LDo
• Acast: https://shows.acast.com/secured-with-dr-kj
• Amazon Music: https://music.amazon.com/podcasts/4ff12a6c-f35f-4f8d-a5d4-9170c601ea3f

Secured with Dr. KJ – Securing tomorrow, one episode at a time.

Hosted on Acast. See acast.com/privacy for more information.