Host: Kenneth Johnson

Guest: Matthew Waddell, Incident Response Expert & Author of Survive Ransomware

Duration: ~19 minutes

Keywords: Ransomware, Small Business Cybersecurity, Incident Response, Backups, Generative AI, Phishing, Tabletop Exercises, Managed Service Providers, AI in Cyber Defense

In this episode of Secured with Dr. KJ, I sit down with Matthew Waddell—an incident response veteran with over 25 years of experience defending governments, military operations, and private sector organizations. We focus on the ransomware epidemic hitting small businesses and explore why they’re often seen as low-risk, high-reward targets for cybercriminals.

Matthew shares practical, budget-friendly strategies small businesses can implement today—from running internal tabletop exercises and building relationships with law enforcement to creating effective playbooks and developing a culture of vigilance. We also dive into the critical role of offline, tested backups and how poor backup practices can turn an incident into a full-scale disaster.

The conversation takes a forward-looking turn as we discuss generative AI—how it’s making ransomware attacks more convincing and sophisticated, and how defenders can leverage AI-driven tools, such as virtual SOCs, to match the attackers’ speed and precision. Matthew closes by previewing his upcoming book, Survive Ransomware, designed to give non-technical leaders the tools and knowledge to respond effectively to an attack.

• Why ransomware gangs target small businesses as “practice grounds” for larger attacks
• The importance of employee awareness as the first line of defense
• How tabletop exercises can uncover gaps before an incident strikes
• Why backups must be offline, air-gapped, and regularly tested
• How generative AI is being weaponized by attackers—and how defenders can fight back
• How to build strong relationships with law enforcement and managed service providers before you need them

• Small businesses aren’t immune—they’re often easier and more appealing targets for attackers.
• Incident response planning doesn’t require a huge budget, but it does require time, communication, and documentation.
• Backups are only as good as your last test—and ransomware actors actively seek to destroy them.
• Generative AI is reshaping the threat landscape, producing more believable phishing campaigns and faster attacks.
• Proactive relationships with service providers and law enforcement can be invaluable during an incident.

“It doesn’t take a large budget to be secure—just a team willing to think through ‘what if?’ scenarios.” – Matthew Waddell

“If your backups aren’t offline and tested, they might as well not exist when ransomware hits.” – Matthew Waddell

“Attackers are using AI to get faster and smarter—so defenders must do the same.” – Matthew Waddell

🔗 Connect with Matthew Waddell on LinkedIn

Secured with Dr. KJ – Securing tomorrow, one episode at a time.

🎙️ Episode 2: Cloud Security: The Microsoft Advantage

Host: Dr. Kenneth Johnson

Guest: Unique Glover, Technical Sales Director, Microsoft

Duration: ~19 minutes

Episode Overview

In this episode of Secured with Dr. KJ, we sit down with Unique Glover, a veteran cybersecurity leader and cloud expert with over 20 years in the industry. Unique currently serves as Technical Sales Director at Microsoft and holds advanced credentials like CISSP and CCSP. His passion for security, innovation, and community shines as we explore how Microsoft is shaping the future of cloud security.

What You’ll Learn:

•How Microsoft Azure security compares to AWS and GCP

•Why Defender for Cloud is a game-changing tool for enterprise security

•The evolution of data security and the importance of unified security platforms

•How Microsoft balances innovation with openness and integration

•Why collaboration across the security industry is critical to staying ahead of threats

Key Takeaways:

•Microsoft’s native tooling, threat intelligence, and end-to-end integration create a uniquely powerful security platform.

•Defender for Cloud offers visibility, compliance frameworks, automation, and consistent posture management.

•Flexibility and interoperability are must-haves for modern security architecture.

•Collaboration across vendors, partners, and the community is essential to protect customers and stop adversaries.

Memorable Quote:

“If our customers and communities don’t get the protection they need, the only ones who win are the attackers. That’s why integration, collaboration, and transparency matter more than ever.” — Unique Glover

If you enjoyed this episode, be sure to like, subscribe, and share the podcast with your network.

Join us next time as we continue securing tomorrow, one episode at a time.

Hosted on Acast. See acast.com/privacy for more information.

Host: Kenneth Johnson

Guest: Richard Kaufmann

Duration: 21m 28s

Location: United States

Podcast Link: Secured with Dr. KJ on Acast

Privacy, Children, Cybersecurity, Surveillance, Digital Footprint, Parenting, AI, Data Protection, Cyber Awareness, Online Safety

In this bonus episode, Dr. KJ sits down with cybersecurity and AI expert Richard Kaufmann to explore one of the most critical and emotionally charged issues in today’s digital era: privacy and our children. With kids being exposed to technology from infancy and data trails forming before they can even talk, Richard walks us through the unseen costs of growing up in a world that never forgets.

They explore how everything from smart devices to educational apps can silently collect data and what that means for a child’s future. Richard blends real-world experience, strategic insight, and parental empathy to highlight what leaders, parents, and policymakers need to understand—and act on.

• How digital exposure starts before birth and why that’s a problem.
• The long-term consequences of early data collection and surveillance.
• Why privacy must be treated as a child safety issue.
• How AI complicates the protection of minors.
• Practical tips for parents, educators, and security professionals.

• Digital Childhood is Permanent: Children’s data footprints are not erasable and can shape their opportunities later in life.
• Security Isn’t Optional: Protecting kids in the digital age means rethinking both parenting and policy through a cybersecurity lens.
• AI is a Double-Edged Sword: While powerful for personalization and protection, it can also enable surveillance and data misuse.
• We Need Guardrails: The time to act is now—before children’s futures are compromised by today’s tech conveniences.

• “We put more protection on a credit card than we do on a child’s data.” – Richard Kaufmann
• “The most vulnerable population in the digital age is the one without a voice yet.” – Richard Kaufmann

Want to learn more from Richard Kaufmann or continue the conversation?

• 🔹 Connect with Richard on LinkedIn

Hosted on Acast. See acast.com/privacy for more information.

Host: Dr. Kenneth Johnson

Guest: Rico Mariani, Veteran Software Performance Engineer & Longtime Microsoft Leader

Duration: ~20 minutes

In this episode of Secured with Dr. KJ, Dr. Kenneth Johnson sits down with Rico Mariani, a veteran technologist with decades of experience at Microsoft and a deep background in software performance engineering. Known for his strategic thinking and advocacy for diversity in tech, Rico shares valuable insights on how organizations can better approach security in a hybrid workforce era.

They explore key challenges with BYOD, transitioning to cloud environments, and the critical need to understand your internal inventory before building outward. Rico also dives into why tailored security matters, how to assume compromise as a defense model, and the human side of securing flexible work.

• The security risks introduced by hybrid and remote work
• Why visibility and inventory are the foundation of modern security
• Strategies for managing BYOD in enterprise environments
• How to align infrastructure with user needs and risk
• Why tailored access and device assumptions matter
• The connection between good security and organizational readiness

• Understand your inventory before building your security stack.
• Get your internal systems in order before expanding into hybrid/cloud.
• Assume devices are compromised to strengthen overall defense.
• Tailor security to roles and business needs for smarter access control.
• BYOD success requires flexibility, awareness, and clear boundaries.

“Assume they’re connecting with a compromised device. That mindset changes how you design your defenses.” – Rico Mariani

Hosted on Acast. See acast.com/privacy for more information.

🎙️ Episode 1: The State of Cybersecurity – Jim Eckart

Host: Dr. Kenneth Johnson

Guest: Jim Eckart, General Manager of Security Solution Sales at Microsoft, Former CISO

Duration: 18:50

Episode Overview:

In this premiere episode of Secured with Dr. KJ, we sit down with Jim Eckart—a seasoned security leader with over 25 years in IT and cybersecurity. As a former CISO and current General Manager of Security Solution Sales at Microsoft, Jim shares insights on what it takes to secure organizations at scale in today’s evolving digital landscape.

What We Discuss:

•The biggest shifts in the cybersecurity landscape over the last decade

•Lessons learned from Jim’s time as a CISO

•How Microsoft approaches enterprise security and what makes it stand out

•The role of Zero Trust, identity, and AI in modern security strategies

•Where organizations still fall short—and how they can catch up

Why You Should Listen:

Whether you’re a business leader, security professional, or curious about the future of cybersecurity, this episode offers a front-row seat to how one of the world’s biggest tech companies tackles security challenges from the inside out.

Key Quote:

“Good security is about anticipating problems before they become breaches—and that takes a culture, not just a toolset.” — Jim Eckart

Hosted on Acast. See acast.com/privacy for more information.

Episode 6: Ransomware and Threat Protection with James Ringold

Host: Dr. Kenneth Johnson

Guest: James Ringold

Duration: ~20 minutes

ransomware, cybersecurity, threat landscape, AI in security, recovery strategies, ransomware as a service, security education, enterprise security, ransomware attacks, modern security platforms

In this episode of Secured with Dr. KJ, James Ringold breaks down the constantly evolving ransomware threat landscape and its implications for enterprise security. From the rise of AI-powered attacks to the growth of ransomware as a service, James explains why these threats demand more than just technical fixes—they require a strategic, cross-functional approach.

We also explore the growing importance of security education, the burden of legacy systems, and how organizations can better balance proactive prevention with rapid recovery strategies.

• How ransomware tactics have evolved, including triple extortion
• Why legacy systems are still a major weak spot
• How AI is both a threat and a tool in cybersecurity
• The role of cloud storage and file versioning in recovery
• Why education and awareness are just as critical as tooling
• How to think about ransomware as a business risk, not just a tech problem

• Ransomware damages are projected to hit $57 billion by 2025
• Triple extortion and human-operated attacks are on the rise
• AI is enabling faster, stealthier attacks
• Ransomware as a service creates a supply chain of cybercrime
• Legacy infrastructure remains a major vulnerability
• Cloud-based recovery tools like versioning can expedite restoration
• Employee education and SOC readiness are vital to response
• Effective defense requires cross-team collaboration
• Prevention and recovery must go hand-in-hand
• Ransomware is a business-level risk, not just an IT concern

• “AI is used to automate phishing and evade detection.”
• “Ransomware as a service is a growing concern.”
• “Attackers don’t hack anymore—they log in.”
• “Balancing prevention with rapid recovery is crucial.”

Hosted on Acast. See acast.com/privacy for more information.

Host: Dr. Kenneth Johnson

Guest: Awnya Creque

Duration: ~20 minutes

cloud compliance, data security, regulatory challenges, Microsoft Purview, risk assessment, industry regulations, cloud migration, access control, data privacy, compliance automation

In this episode of Secured with Dr. KJ, Awnya Creque, Principal Technical Specialist at Microsoft, breaks down the complex world of regulatory compliance in the cloud.

Awnya outlines five critical focus areas—data residency, access control, data privacy, regulatory compliance, and auditing/reporting—that organizations must address when migrating to or operating in cloud environments. She explains how compliance challenges vary across sectors like government, healthcare, and financial services, and how tools like Microsoft Purview can support proactive compliance strategies.

The conversation also explores the importance of fostering a culture of compliance, leveraging automation, and integrating regulatory checks into day-to-day workflows.

• The top compliance challenges when moving to the cloud
• Why data sovereignty and residency matter more than ever
• How identity and access control play a central role in securing sensitive data
• Why compliance isn’t a one-time task—it’s a continuous process
• How industry-specific requirements shape cloud security strategies
• The role of cloud providers and automation in easing the compliance burden

• Organizations face multiple compliance challenges in the cloud
• Data residency and sovereignty are essential to meet global regulations
• Strong access control and identity management are non-negotiable
• Security programs must adhere to evolving frameworks like GDPR and HIPAA
• Compliance demands constant attention and adaptation
• Effective auditing and reporting help demonstrate accountability
• Industry-specific regulations drive unique security needs
• Cloud platforms like Microsoft Purview offer valuable support
• Proactive strategies and automation reduce risk
• Embedding compliance into daily workflows drives long-term success

• “Data stays where it needs to be.”
• “Stay informed about regulatory updates.”
• “Conducting a risk assessment is crucial.”
• “Integrate compliance into your workflows.”

Hosted on Acast. See acast.com/privacy for more information.

Episode Title:

Identity and Access Management

Host: Dr. Kenneth Johnson

Guest: Corey Lee, Security CTO, Microsoft Education

Duration: ~20 minutes

Keywords:

identity, security, breaches, governance, authentication, authorization, MFA, passwordless, AI, zero trust

Episode Summary:

In this episode of Secured with Dr. KJ, Corey Lee, Security CTO for Microsoft Education, unpacks the foundational role of identity in today’s security landscape. With over 15 years of experience in risk analysis, identity, and AI-enabled security, Corey shares how identity acts as the glue connecting people, devices, and data—and as the edge organizations must protect.

The conversation covers the rise of identity-driven breaches, the growing importance of governance, and innovations like passkeys and verified ID. Corey also provides insights into strengthening MFA strategies, enabling passwordless adoption, and preparing for a future where AI and zero trust shape every layer of defense.

What You’ll Learn:

• Why identity is now the core security perimeter
• How identity connects and protects in a hybrid, AI-driven world
• The role of governance in managing evolving permissions
• Why MFA remains critical—and how to improve its adoption
• What a successful passwordless journey looks like
• How identity threat detection is becoming more automated and intelligent
• The importance of strategic planning in identity management
• Why identity is key to unlocking secure innovation at scale

Key Takeaways:

• Identity is the core of modern security architecture
• Breaches often stem from compromised or mismanaged identities
• Identity governance helps manage scope creep and permissions sprawl
• MFA should be enforced adaptively based on risk
• Passwordless strategies reduce known attack surfaces
• Organizations must report on and monitor identity security gaps
• Identity is now central to AI and agent-based security scenarios
• Strategic identity planning unlocks innovation and improves protection
• Continuous tracking and governance support transformation
• Identity is here to stay and growing more critical each day

Memorable Quotes:

• “Identity is the new security perimeter.”
• “Passwords create very bad behavior.”
• “Identity has never been easy.”
• “Identity is here to stay.”

Listen now on your favorite platform:

• Apple Podcasts: https://podcasts.apple.com/us/podcast/secured-with-dr-kj/id1730562581
• Spotify: https://open.spotify.com/show/5ZHg5qHXGP6MSf2QnK6LDo
• Acast: https://shows.acast.com/secured-with-dr-kj
• Amazon Music: https://music.amazon.com/podcasts/4ff12a6c-f35f-4f8d-a5d4-9170c601ea3f

Secured with Dr. KJ – Securing tomorrow, one episode at a time.

Hosted on Acast. See acast.com/privacy for more information.