Episode Title: Security at Scale: Identity, AI, and Culture Host: Dr. Kenneth "KJ" Johnson Guest: Nicole Darden Ford Guest Title: Vice President and Customer Security Officer, Microsoft Duration: ~19 minutes

Keywords: identity security, AI security, security culture, Microsoft, enterprise security

Nicole Darden Ford joins Dr. KJ for a wide-ranging conversation on what it truly means to lead security at global scale. Drawing on over 25 years of experience across corporate and federal environments, Nicole unpacks the three converging forces keeping security leaders up at night — identity, software supply chain, and AI — and why the industry's mindset has fundamentally shifted from reactive to prevention-first. She shares her framework for balancing AI-powered defenses against AI-enabled attacks, why data governance remains the industry's most unresolved challenge, and how the most successful organizations are building security cultures where ownership and accountability belong to everyone. Nicole closes with a lesson from the golf course that every security leader can apply.

• Why identity, software supply chain, and AI are the three converging forces redefining enterprise security risk
• How to think about AI as a tier zero asset — and what that means for how you govern and protect it
• Why building a security culture rooted in ownership and accountability matters more than any policy or control

1. AI should advise broadly, decide narrowly, and act autonomously only when the blast radius has been clearly defined — organizations that skip this discipline are taking on significant risk
2. Data governance is no longer just a CIO or CISO issue — it belongs to the CEO, CFO, and the board, and it must be solved before AI can be deployed safely and effectively
3. Security culture beats security policy every time — when every employee feels accountable and empowered, security becomes part of how the business operates, not a barrier to it

"When everything looks authorized, it's really hard to figure out where the breach is." — Nicole Darden Ford

"AI should advise broadly, decide narrowly, and act autonomously only when the blast radius has been clearly defined." — Nicole Darden Ford

"Clarity beats consensus every time." — Nicole Darden Ford

Nicole Darden Ford LinkedIn: https://www.linkedin.com/in/nicolendardenford/ Company: www.microsoft.com

Like, follow, and subscribe to Secured with Dr. KJ: https://swdrkj.riverside.com Apple Podcasts: https://podcasts.apple.com/us/podcast/secured-with-dr-kj/id1805058517 Spotify: Search "Secured with Dr. KJ" YouTube: Search "Secured with Dr. KJ"

If this episode helped you, share it with your team, leave a quick rating/review, and follow the show for new episodes on AI, identity security, security culture, and more.

Securing tomorrow, one episode at a time.

Episode Title: Data Governance in the Age of AI: Building the Right Foundation Host: Dr. Kenneth "KJ" Johnson Guest: Ilya Pozharsky Guest Title: Senior Vice President of Enterprise Solutions, eShare Duration: ~22 minutes

Keywords: data governance, Microsoft 365, AI security, collaboration security, eShare

Ilya Pozharsky joins Dr. KJ for a deep dive into one of the most overlooked challenges in enterprise security — data governance. As AI reshapes how organizations work, Ilya makes the case that the industry has long neglected the basics, and that foundation must be in place before AI can be used safely and effectively. Drawing on his experience as a Microsoft Global Black Belt and his work advising CISOs across regulated industries, Ilya walks through how eShare's collaboration fabric helps organizations securely share data within Microsoft 365 — without creating roadblocks for the business. The conversation covers external collaboration challenges, AI's expanding attack surface, and why the most successful security leaders are the ones who partner with the business rather than block it.

• Why poor data governance is the root cause of most AI security risks — and what to do about it
• How eShare's collaboration fabric allows organizations to securely share data externally while keeping it inside Microsoft 365
• Why the best security leaders build partnerships with the business instead of creating roadblocks

1. AI is a powerful spotlight on existing data governance failures — organizations that haven't addressed the basics will face significant risk as AI adoption accelerates
2. Security should be a business accelerator, not an inhibitor — meeting users in their flow of work while applying the right guardrails is the key to scalable governance
3. Start with your North Star — whether building a security program or an AI application, having a clear vision of the end result will guide every decision along the way

"It's one thing to have a policy that looks good on paper — it's another to have one that actually scales." — Ilya Pozharsky

"AI is really putting a red dot on the fact that not having a good data governance strategy creates a lot of risk." — Ilya Pozharsky

"If you build it, they will come." — Ilya Pozharsky

Ilya Pozharsky LinkedIn: https://www.linkedin.com/in/ilyapozharsky/ Company: www.eshare.com

Like, follow, and subscribe to Secured with Dr. KJ: https://swdrkj.riverside.com Apple Podcasts: https://podcasts.apple.com/us/podcast/secured-with-dr-kj/id1805058517 Spotify: Search "Secured with Dr. KJ" YouTube: Search "Secured with Dr. KJ"

If this episode helped you, share it with your team, leave a quick rating/review, and follow the show for new episodes on AI, data governance, Microsoft security, and more.

Securing tomorrow, one episode at a time.

Episode Title: App Security in the Age of AI Host: Dr. Kenneth "KJ" Johnson Guest: Zack Tembi Guest Title: CEO, Single Fin | Managing Partner, Single Fin Ventures | CIO/CISO Community Builder Duration: ~20 minutes

Keywords: application security, AI, identity security, agentic AI, private cloud

Zack Tembi joins Dr. KJ to unpack the growing tension between AI-accelerated development and application security. From the explosion of autonomous agents to the rise of identity-based threats, Zack brings a practitioner and investor lens to some of the most pressing challenges facing security teams today. The conversation explores why legacy monitoring tools are falling short, how organizational structure must evolve to embed security into development, and why taking ownership of your data — rather than relying entirely on external AI providers — is becoming a critical strategic imperative. Zack closes with a call to action for security professionals to continuously sharpen their skills and lean into modern innovation with curiosity rather than fear.

• Why AI-native monitoring tools are replacing legacy solutions and what that means for your security stack
• How the rise of agentic AI is fundamentally expanding the identity threat surface
• Why security must be embedded into development teams — not siloed as a separate function

1. The threat landscape is evolving faster than training programs — security professionals must proactively upskill and test modern tools in their own environments
2. Identity is the new perimeter — as AI agents proliferate, managing machine-to-machine identity is becoming as critical as managing human access
3. Data ownership matters — organizations should consider private cloud or on-prem solutions for mission-critical workloads before sending sensitive data to external AI providers

"You don't need to be a sophisticated hacker anymore to create these attacks." — Zack Tembi

"Security isn't just a security team thing — it's a company thing." — Zack Tembi

"We still need that human innovation and creativity to really get value out of AI." — Zack Tembi

Zack Tembi LinkedIn: https://www.linkedin.com/in/zacktembi/ Newsletter: www.ciosurge.com Company: www.singlefinventures.io

Like, follow, and subscribe to Secured with Dr. KJ: https://swdrkj.riverside.com Apple Podcasts: https://podcasts.apple.com/us/podcast/secured-with-dr-kj/id1805058517 Spotify: Search "Secured with Dr. KJ" YouTube: Search "Secured with Dr. KJ"

If this episode helped you, share it with your team, leave a quick rating/review, and follow the show for new episodes on AI, application security, identity, and more.

Securing tomorrow, one episode at a time.

Dr. KJ sits down with Erika Voss, CISO at Blue Yonder, to explore the evolving landscape of cybersecurity at the intersection of AI and supply chain management. Erika shares her insights on why identity has become the new attack surface, the challenges of securing AI-driven systems, and why customers are ultimately buying trust, not technology.

AI-Driven Supply Chain Security

• Managing expanding attack surfaces in 2026
• Integrating AI with 40-50 year old legacy systems
• Moving to millisecond-level supply chain optimization

Identity as the New Attack Surface

• Why all roads in security lead to identity
• The identity triad: non-negotiable, high-value, and advanced tiers
• Moving beyond patch management as a primary concern

Insider Risk and Access Management

• Permission creep and trust-but-verify principles
• Just-in-time (JIT) access and modern privilege management
• Behavioral red flags in identity management

Building Security Culture

• From project managers to technical program managers
• Why MFA is now just "cyber hygiene basics"
• Ground-up security programs vs. top-down mandates

The Trust Economy

• Why customers buy trust, not technology
• "The 'us' in trust is broken if you can't answer the trust question"

1. Identity is the new control plane - All modern security challenges ultimately trace back to identity and access management
2. Nail the basics first - Before investing in AI agents, ensure your foundation is solid
3. Autonomous security requires governance - AI-driven systems need monitoring, validation, testing, and governance
4. Trust is the product - In 2026, customers aren't buying technology—they're buying assurance

• "All roads now are leading back to identity... identity is your new attack surface."
• "It's not about patching the server anymore. That is so 1980."
• "The 'us' in trust is broken. You're not going to be around if you can't answer that question."
• "People are not buying your product anymore. What they're buying is trust."

Erika Voss is the Chief Information Security Officer at Blue Yonder, a leader in AI-driven supply chain management. With a doctorate focused on insider threat and extensive experience in enterprise security, Erika brings a unique perspective on securing the intersection of legacy systems and cutting-edge AI technology.

LinkedIn: Erika Voss, PhD | LinkedIn

Hosted by Dr. Kenneth Johnson, "Secured with Dr. KJ" features authentic conversations with cybersecurity practitioners across industries. Each episode focuses on substance over sales, bringing you real insights from security leaders.

Securing tomorrow, one episode at a time.

Listen on: Apple Podcasts | Spotify | YouTube

Episode Title: DNS Security in the AI Era with Garland Moore

Guest: Garland Moore, Solutions Architect at F5

Episode Description: In this episode of Secured with Dr. KJ, I sit down with Garland Moore, Solutions Architect at F5, to discuss DNS security threats, effective defense strategies, and how AI is transforming both the attack landscape and our defensive capabilities. Garland brings over 17 years of hands-on infrastructure experience and shares practical insights for organizations of all sizes.

What We Discussed:

DNS Security Threats & Defense

• Why DNS remains a primary target and the impact of major outages
• Effective strategies: DNSSEC adoption, resolver hardening, rate limiting
• The importance of monitoring, logging, and analytics
• Intelligent DNS and managed DNS solutions for threat intelligence

AI's Dual Role in DNS Security

• How AI is being weaponized for DNS attacks
• Leveraging AI for predictive threat detection and filtering log noise
• The emergence of "layer eight" security challenges

Practical Guidance for Smaller Organizations

• Minimum DNS security implementations without enterprise budgets
• Hybrid approaches combining managed services with internal controls
• Sticking to security fundamentals over flashy tools

Building Security Culture & Getting Executive Buy-In

• Why foundational systems (DNS, identity, patching, backups) get overlooked
• Tying DNS security to business impact: revenue, risk, speed to market
• "If DNS goes down, business stops"—translating technical issues to business outcomes

Breaking Into Cybersecurity

• You don't need 10 certifications to get started
• Three essential qualities: curiosity, fundamentals, and persistence
• "Sponge mode": learning broadly while waiting for opportunities
• The critical importance of soft skills

Key Quotes:

• DNS is the heartbeat of the internet—it's definitely something that is highly targeted.
• Nobody really cares about DNS until it doesn't work.
• You can't protect what you don't understand.
• Cybersecurity isn't about chasing the latest attack—it's about protecting the foundational systems that everything relies on.

About Garland Moore: Garland Moore is a Solutions Architect at F5 specializing in security and modern applications. With over 17 years of infrastructure experience, he combines deep technical expertise with a growing focus on AI to build scalable, secure solutions. His journey from infrastructure operations to Solutions Architect gives him unique end-to-end understanding of enterprise systems. He holds CKA and AWS Solutions Architect certifications and volunteers with Feed the Children and coaches' youth basketball.

Connect with Garland: Garland Moore | LinkedIn

Securing tomorrow, one episode at a time.

Allen Westley, Director of Cyber Intelligence at L3Harris Technologies, explores the challenges government contractors face with AI, compliance, and operational security. We discuss the compliance trap, agentic AI risks, and why judgment-driven leadership outweighs certifications.

Allen Westley
Director of Cyber Intelligence, L3Harris Technologies
Founder, Cyber Explorer LLC | Adjunct Professor
LinkedIn: Allen Westley, CSM, CISSP, MBA

The Compliance Trap

• Passing CMMC audits vs. having operational security
• Critical importance of scoping for defense contractors
• Convergence of classified and unclassified systems (CUI, 871 controls)
• Shadow IT: operators using unapproved tools to meet deliverables

AI as Dual-Use Technology

• Adversaries operationalizing AI alongside defenders
• Cognitive mapping and anthropomorphizing risks
• Pattern matching creating unintended classified information
• Training gaps when mandating AI adoption without guardrails

Agentic AI Systems

• Models collaborating with limited visibility
• ChatGPT agent example: exceeding original instructions
• Data segmentation failures enabling unauthorized access
• Engineers bypassing inadequate guardrails

Security Culture

• Judgment over knowledge through experience
• Psychological safety for reporting mistakes
• Leading by example in daily decisions
• Trust built through consistency, not town halls

00:00 - Introduction
01:51 - Compliance trap challenges
04:03 - CMMC scoping essentials
06:05 - AI reshaping operations
10:21 - Agentic systems and data risks
12:46 - Canva agent example
15:03 - Building security culture
18:00 - Outro

• CMMC Compliance: Levels 1-3, FCI vs CUI
• Defense Industrial Base guidance
• AI governance frameworks

1. Scoping determines CMMC success
2. Compliance ≠ operational security
3. AI needs training and guardrails
4. Agentic systems require data segmentation
5. Psychological safety builds real culture

Subscribe to Secured with Dr. KJ.

Feedback or want to be a guest? Visit: Secured with Dr. KJ - Podcast

Securing tomorrow, one episode at a time.

In this Season 3 premiere, Ben Masino, President and Chief Growth Officer at Avertium, discusses how security enables business growth rather than hindering it. We explore building security programs through the Microsoft Security platform, the critical role of data hygiene in AI adoption, and meeting customers where they are for long-term success.

Ben Masino
President & Chief Growth Officer, Avertium
LinkedIn: Ben Masino

Avertium's Approach

• "Assess, Design, Protect" methodology for regulated industries
• Serving healthcare, manufacturing, retail, and finance sectors
• 20+ years combined experience in security and compliance

AI Readiness Through Data

• Securing your data estate is foundational for AI success
• Using Microsoft Purview for data discovery and governance
• Bridging executive AI mandates with IT/security realities

Customer Success

• Healthcare company journey: pen test to full MXDR partnership
• Intune misconfiguration discovery and remediation
• Building trust through actionable assessments

Customer Zero Philosophy

• Avertium uses Microsoft E5, Sentinel, and Defender internally first
• Testing Copilot for Security to enhance analyst work
• Leading into the future with proven expertise

00:00 - Introduction
00:20 - Avertium's mission in security
02:05 - Common challenges across regulated industries
03:44 - Assess, Design, Protect methodology
05:54 - Customer success story
08:26 - AI readiness and data estates
10:57 - Bridging executives and IT teams
12:57 - Customer Zero approach
15:09 - Final thoughts

• Avertium: avertium.com
• Microsoft Security: Sentinel, Defender XDR, Purview
• Compliance: HIPAA, PCI, NERC, High Trust

1. Focus creates depth - specialization builds meaningful partnerships
2. Data hygiene before AI - organize your data estate first
3. Meet customers where they are - tactical starts lead to strategic relationships
4. Be your own customer zero - internal testing builds real expertise
5. Security enables business - proper programs accelerate outcomes

Subscribe to Secured with Dr. KJ on your favorite podcast platform.

Feedback, topics, or want to be a guest? Visit: Secured with Dr. KJ - Podcast

Keep securing tomorrow, one episode at a time.

Guest: Jameeka Green Aaron

Guest Title: Chief Information Security Officer, Headspace

Jameeka Green Aaron, CISO at Headspace, joins Dr. KJ for a candid conversation on protecting mental health data, the limitations of AI in clinical settings, and why humanity must remain a non-negotiable in cybersecurity. As a Navy veteran and black woman in tech leadership, Jameeka also shares powerful insights on representation, courage, and the fight for equity in the industry.

• (00:00) Introduction and guest welcome
• (01:45) AI in mental health: balancing innovation with patient protection
• (08:30) Guardrails and governance: the CIA triad applied to AI
• (14:20) Why security leadership is critical in healthcare
• (21:30) Explaining security concepts to clinicians and product teams
• (24:30) Leadership, representation, and courage as a black veteran in cybersecurity

1. Humanity is a non-negotiable – AI lacks empathy, context, and the ability to read nonverbal cues. In mental health, models must never instruct users to harm themselves or others—guardrails must be absolute.
2. Data professionals are the linchpin of AI – Good data in, good data out. De-identification, anonymization, and clean data practices are essential before training any model on sensitive health information.
3. Protecting and healing go together – Security in healthcare isn't a barrier; it's an enabler. Clinicians already understand patient privacy deeply—security leadership helps them extend that protection through technology.

• HIPAA – Health Insurance Portability and Accountability Act
• HITRUST – Healthcare information security certification
• CIA Triad – Confidentiality, Integrity, Availability
• Headspace Ebb – AI companion that helps users navigate mental health content
• Large Language Models (LLMs) – Foundation for AI-powered tools

Guest: Jameeka Green Aaron – (13) Jameeka Green Aaron, CISSP | LinkedIn

Host: Dr. Kenneth Johnson – (13) Dr. Kenneth Johnson, CISSP | LinkedIn

Securing tomorrow, one episode at a time.

Hosted on Acast. See acast.com/privacy for more information.

Guest: Stephen Clark, Enterprise Solution Architect

Stephen Clark joins Dr. KJ to discuss how healthcare organizations can modernize legacy systems and embrace AI without compromising patient care or data security. The conversation covers phased cloud migration strategies, balancing clinical access with HIPAA compliance, and implementing AI responsibly to improve patient outcomes while protecting against bias.

- (00:00): Introduction and guest welcome

- (01:05): Legacy systems and phased cloud migration strategies

- (08:30): Hot sites, lift-and-shift vs. hybrid cloud approaches

- (13:20): Balancing clinical access with privacy and compliance

- (16:30): AI in healthcare: security applications and responsible implementation

- (24:00): Final thoughts: blueprints, executive buy-in, and crawl-walk-run

1. Avoid the "big bang" approach – Healthcare cloud migration requires a phased, methodical strategy. Hybrid cloud lets you maintain existing DR/BC plans while modernizing incrementally.
2. Data assessment comes first – Before addressing compliance, security, or migration, you must understand your current state: where data lives, what integrations exist, and who's consuming it.
3. AI needs governance from day one – Responsible AI in healthcare requires clean data, continuous monitoring, transparency in decision-making, and a robust ethical framework policy.

Guest: Stephen Clark – (12) Stephen Clark | LinkedIn

Host: Dr. Kenneth Johnson – (12) Dr. Kenneth Johnson, CISSP | LinkedIn

Securing tomorrow, one episode at a time.

Hosted on Acast. See acast.com/privacy for more information.

Show: Secured with Dr. KJ

Guest: Carl Mosby III — solutions engineering leader, trusted advisor, people-first technologist

Episode type: Leadership & culture / AI & security

Leadership today sits at the intersection of people and rapidly evolving tech. Carl Mosby III unpacks what effective leadership looks like when security and technology are inseparable—covering education-first cultures, leading without ego, activating others, and keeping trust and ethics at the center as AI accelerates change.

• People-first leadership in a high-velocity tech era
• Education as a core security control (making risks & methods visible)
• Leading without ego: listening, advocacy, and “multiplicity”
• Activating others: sponsorship, visibility, and shared success
• AI with guardrails: ethics, trust, and avoiding shiny-object syndrome

• 00:00 – 01:04 | Show open & what we cover on Secured with Dr. KJ
• 01:05 – 02:12 | Guest intro: who Carl is & where he leads
• 02:23 – 05:21 | Q1: Leadership when security & tech are inseparable (education, pace of change)
• 05:57 – 07:04 | Leading without ego: balancing urgency with protecting people
• 07:04 – 12:00 | Multiplicity & advocacy: listening, sponsorship, and letting others shine
• 12:00 – 15:30 | AI & leadership: trust, ethics, quality, and resisting over-reliance
• 15:30 – 19:15 | Staying people-centric while tech scales; vulnerability as strength
• 19:18 – 23:12 | The future of leadership: connection, North Stars, and secure growth
• 23:34 – end | Wrap & takeaway

1. Security is a people practice. Training, context, and communication are as critical as controls.
2. Lead without ego. Listen first, advocate often, and elevate others—especially into the rooms that matter.
3. Build multiplicity. Scale impact by empowering teammates with visibility, ownership, and support.
4. Treat AI as an accelerant, not a replacement. Keep trust, ethics, and human judgment at the center.
5. Connection drives performance. Teams work harder when they feel seen, supported, and aligned to purpose.

• Conferences, forums, and cross-org engagement as leadership force multipliers
• Principles: open-door culture, sponsorship, and people-centric rhythms

• Carl Mosby III: https://www.linkedin.com/in/carl-mosby-iii/

• Acast: https://shows.acast.com/secured-with-dr-kj
• Apple Podcasts / Spotify / YouTube: search “Secured with Dr. KJ”

If this episode resonated, share it with a teammate, leave a quick rating/review, and follow for new conversations on leadership, AI, and security.

Securing tomorrow, one episode at a time.

Hosted on Acast. See acast.com/privacy for more information.