Secured with Dr. KJ

Blast Radius: How MSPs Secure the many by Protecting One

16 min · 13 de abr de 2026
Portada del episodio Blast Radius: How MSPs Secure the many by Protecting One

Descripción

Episode Summary In this episode, Dr. KJ sits down with Doug Turpin, a seasoned managed service provider leader, to unpack the unique security challenges MSPs face at scale. Doug breaks down the concept of "blast radius" — what happens when the tools designed to protect clients become an attacker's greatest advantage — and shares how his organization builds a security-first culture grounded in stewardship, not fear. The conversation also digs into AI's role as an amplifier, and why ungoverned AI may be one of the most underestimated risks in security today. What You'll Learn * Why blast radius is the defining security challenge for managed service providers * How security gaps most often start with people — not technology * The difference between using AI as an operational advantage versus accelerating your own mistakes * What a security-first culture actually looks like from the inside out * How to handle and learn from team mistakes without creating a culture of fear * Why AI without guardrails is a compliance and security liability Top 3 Takeaways 1. Blast radius is real — and it scales fast. MSPs hold privileged access to dozens or hundreds of client environments. A single compromised identity or remote management tool doesn't just affect one network — it can cascade across your entire client base. Least privilege, strong isolation, and constant visibility aren't optional; they're foundational. 2. AI amplifies what's already there — good or bad. AI can surface better signals, reduce noise, and free your sharpest people for judgment calls. But if your fundamentals are weak — bad data, poor identity hygiene, broken processes — AI will accelerate your mistakes, not fix them. Governance comes first, use cases second. 3. Security culture is built on stewardship, not enforcement. When your team understands they're protecting people's livelihoods — not just systems — behavior changes naturally. Clear expectations, shared ownership, and psychological safety to speak up create instinctive security, not performative compliance. Memorable Quotes "The tools that we use are designed to be trusted — and attackers love those as hands-on intrusion kits." — Doug Turpin "AI in reality doesn't fix bad data or identity hygiene or broken processes. If your fundamentals are weak, your AI is just going to make you accelerate your mistakes." — Doug Turpin "Once you see that security is part of doing the right thing — not just following the rules — your behavior changes, and it changes naturally." — Doug Turpin Connect with the Guest Doug Turpin — Managed Service Provider Leader and Senior Security Engineer Listen & Subscribe Like, follow, and subscribe to Secured with Dr. KJ: https://swdrkj.riverside.com [https://swdrkj.riverside.com] * 🎙 Apple Podcasts: https://podcasts.apple.com/us/podcast/secured-with-dr-kj/id1805058517 [https://podcasts.apple.com/us/podcast/secured-with-dr-kj/id1805058517] * 🎵 Spotify * 📺 YouTube Support the Show If this episode brought value, share it with a peer in your network. Every share helps grow a community built on substance over sales — real practitioners, real insights, no pitches. Securing tomorrow, one episode at a time.

Comentarios

0

Sé la primera persona en comentar

¡Regístrate ahora y únete a la comunidad de Secured with Dr. KJ!

Empezar

2 meses por 1 €

Después 4,99 € / mes · Cancela cuando quieras.

  • Podcasts exclusivos
  • 20 horas de audiolibros / mes
  • Podcast gratuitos

Todos los episodios

34 episodios

Portada del episodio The Security Gap Quantum will Expose

The Security Gap Quantum will Expose

Episode Summary Dr. Pierrette Renée Dagg, Director of Research and R&D at Merit Network, explores post-quantum cryptography, AI governance, and technology leadership. Drawing on her work across institutions from R1 universities to rural libraries, she offers practical steps for quantum readiness, the growing importance of vendor scrutiny in AI adoption, and the leadership the security field urgently needs. What You Will Learn * Why capacity is the biggest barrier to post-quantum readiness * How the "harvest now, decrypt later" threat is changing encryption urgency * Why data classification is the best starting point for quantum migration * How AI governance must become part of all technology policy * Why vendor scrutiny and data ownership are critical yet overlooked risks * Why philosophy must precede technology in security leadership Top 3 Takeaways 1. You cannot fix what you cannot see. Inventory your encryption and revisit your data classification chart — starting with your most sensitive data first. 2. AI governance is no longer a separate conversation. AI is embedded in existing enterprise systems, often without notification. Supplier scrutiny and data ownership must be part of every technology governance framework. 3. Philosophy before technology. Effective security leaders ask the deeper questions about social good and unintended consequences before acting. Memorable Quotes "You can't fix what you can't see." "AI has been the disruptor. The disruptor is over. Now this is just how things are." "Opting out is entirely illusional — which is why we need to be having these conversations." "Stay curious. The more that I am learning, the more I know I know absolutely nothing." Connect with the Guest Dr. Pierrette Renée Dagg Director of Research and R&D, Merit Network LinkedIn: https://www.linkedin.com/in/pierrette-renee-dagg/ [https://www.linkedin.com/in/pierrette-renee-dagg/] Listen and Subscribe Like, follow, and subscribe to Secured with Dr. KJ: https://swdrkj.riverside.com [https://swdrkj.riverside.com] Apple Podcasts: https://podcasts.apple.com/us/podcast/secured-with-dr-kj/id1805058517 [https://podcasts.apple.com/us/podcast/secured-with-dr-kj/id1805058517] Spotify: Search Secured with Dr. KJ on Spotify YouTube: Search Secured with Dr. KJ on YouTube Support the Show If you find value in these conversations, please share this episode, leave a review, and subscribe so you never miss an episode. Securing tomorrow, one episode at a time.

6 de jul de 202620 min
Portada del episodio Leading at the Speed of AI

Leading at the Speed of AI

Episode Summary In this episode of Secured with Dr. KJ, M.K. Palmore, Board Director and Managing Partner at Apogee Global RMS, joins the conversation to explore the evolving threat landscape shaped by artificial intelligence, the strategic gaps organizations face in cybersecurity planning, and what it truly means to lead in an era of machine-speed risk. Drawing on his experience across the Marine Corps, FBI, and the private sector, M.K. delivers a candid, practitioner-driven perspective on where organizations are falling short and what it will take to close the gap. What You Will Learn * Why AI has created a genuine parity between adversaries and defenders, and what that means for how organizations must respond * The difference between tactical tool adoption and strategic security planning, and why CISOs need both running simultaneously * How to evaluate AI-powered security vendors beyond the marketing label and ask the questions that surface real capability * Why Zero Trust remains unfinished business for most organizations even as the industry pivots to AI * What it means to make yourself indispensable as a mid-career cybersecurity professional Top 3 Takeaways 1. AI has leveled the playing field between attackers and defenders. The winner will not be determined by who has the most tools, but by who executes the fundamentals with the most discipline. 2. CISOs must separate strategic planning from day-to-day tactical operations. Without a dedicated forward-looking function, organizations will always be building for yesterday's threat. 3. Mid-career professionals who make themselves indispensable through continuous learning, visible impact, and substantiated thought leadership will be the ones retained and relied upon when organizations face pressure to cut. Memorable Quotes I do believe that in this world of AI, there is finally a parity between the adversary and the defender. The winner is left to the individual exercising the best practices, frameworks, and analysis. If the boss cannot identify something impactful that you have done in the past 12 months, you are in danger. Before we even get done being excellent at one thing, innovation moves so fast that we are already onto the next major pivot. Zero Trust is a great example. Most organizations still have not gotten that right. Connect with the Guest Connect with M.K. Palmore on LinkedIn: https://www.linkedin.com/in/mkpalmore/ [https://www.linkedin.com/in/mkpalmore/] Listen and Subscribe Like, follow, and subscribe to Secured with Dr. KJ: https://swdrkj.riverside.com [https://swdrkj.riverside.com] Apple Podcasts: https://podcasts.apple.com/us/podcast/secured-with-dr-kj/id1805058517 [https://podcasts.apple.com/us/podcast/secured-with-dr-kj/id1805058517] Spotify: Search Secured with Dr. KJ YouTube: Search Secured with Dr. KJ Support the Show If this episode brought value to you, share it with a colleague, leave a review, and help us grow the community of security practitioners committed to protecting tomorrow. Securing tomorrow, one episode at a time.

22 de jun de 202621 min
Portada del episodio Design as Defense

Design as Defense

SHOW NOTES Episode Summary In this episode, Dr. KJ sits down with Nick Cawthon, founder of Gauge and a leading voice in human-centered design, to explore a dimension of cybersecurity that is too often overlooked: the human one. Nick breaks down how experience design is not just a product concern but a frontline defense. From analyst fatigue to AI-accelerated social engineering to the politics of getting a seat at the security table, Nick brings a practitioner's lens to the question of how we build systems that actually work for the people using them. What You Will Learn How human-centered design reduces the conditions that lead to security failures, why the analyst experience inside security operations centers has been shaped by consumer UX patterns that were never meant for high-stakes environments, how AI is accelerating the social engineering threat and what design can do about it, what forward-deployed experience design looks like in practice, and why design teams must be present from the start of any security product conversation rather than brought in at the end. Top 3 Takeaways 1. Fatigue is a vulnerability. Repetitive, poorly designed workflows lead to analyst burnout and missed signals. The MOOSEC framework — Methods for Understanding Security Experiences — offers a structured way to identify where human strain is creating exploitable gaps in the defense chain. 2. Speed without strategy is a trap. AI tools have compressed development timelines, but moving faster than ever does not mean building the right thing. The most important question any security team can ask is not what can we design, but what should we design. 3. Design earns its seat by showing up early. UX professionals who enter security conversations late are fighting for relevance. Those who are present at the start, helping teams map personas, workflows, and user needs before a single line of code is written, become indispensable strategic partners. Memorable Quotes "The sense of speed can sometimes be a fallacy if we don't stop and slow down and take the time and the strategy approach to make sure that we're designing the right thing." — Nick Cawthon "Let's make sure that we can go in with enough candor and confidence that when we do design this, we're meeting the needs of the people we intend." — Nick Cawthon "It takes a human being to recognize those kinds of hurdles." — Nick Cawthon Connect with the Guest Nick Cawthon, Founder of Gauge and Professor of Data Literacy and Visualization at California College of the Arts: https://www.linkedin.com/in/nickcawthon [https://www.linkedin.com/in/nickcawthon] Listen and Subscribe Like, follow, and subscribe to Secured with Dr. KJ: https://swdrkj.riverside.com [https://swdrkj.riverside.com] * 🎙 Apple Podcasts: https://podcasts.apple.com/us/podcast/secured-with-dr-kj/id1805058517 [https://podcasts.apple.com/us/podcast/secured-with-dr-kj/id1805058517] * 🎵 Spotify * 📺 YouTube Support the Show If this episode brought value, share it with a peer in your network. Every share helps grow a community built on substance over sales — real practitioners, real insights, no pitches. Securing tomorrow, one episode at a time.

8 de jun de 202620 min
Portada del episodio Risk before Technology

Risk before Technology

Secured with Dr. KJ — Season 4, Episode 1 Risk Before Technology with Nett Lynch Episode Summary Season 4 premiere, Dr. KJ sits down with Nett Lynch, CISO at Kraft Kennedy and Emperor of Legion, to explore what it truly means to get left of boom in cybersecurity. Nett shares how she helps organizations move beyond checkbox compliance by leading with risk instead of fear, uncertainty, and doubt. Drawing on 28 years of IT experience and nearly two decades in the managed service provider space, she breaks down why SMART goals should drive every security roadmap, how AI-powered threats are reshaping the attack landscape, and what it takes to earn executive trust through listening and long-term partnership. What You Will Learn Why compliance is not the same as security and how the treasure and crown jewels analogy helps executives understand where their real risk lives. How AI-powered threats have shifted from technical sophistication to credibility and speed, and why passwordless authentication should be at the top of every organization's priority list. The importance of including the CFO in tabletop exercises and how to build security roadmaps that align to three- and five-year business goals. Top 3 Takeaways 1. Lead with risk, not fear, uncertainty, and doubt. Clients who feel scared into a decision walk away uncomfortable and are less eager to have the next conversation. Framing security as a business enabler through SMART goals creates lasting partnerships. 2. Identity is now the primary attack surface. Threat actors are using AI to conduct faster reconnaissance and build attacks that are indistinguishable from real business activity. Passwordless authentication and strong multifactor are no longer optional. 3. Trust is built through listening, not credentials. Asking open-ended questions, understanding the politics and growth plans of a business, and meeting clients where they are will always outperform a list of certifications. Memorable Quotes "Compliance is not security. They are not the same thing. It is kind of like a Venn diagram. There is a little bit of overlap, but there is stuff on either side that one does not equal the other." "All of their data is treasure. It is all valuable, but not all treasure are the crown jewels." "It is not your credentials. It is not your experience. It is how much you care." "You have one mouth and two ears. You should listen more than you speak." Connect with the Guest Nett Lynch on LinkedIn: https://www.linkedin.com/in/nett-s-lynch-mba [https://www.linkedin.com/in/nett-s-lynch-mba] Listen and Subscribe Like, follow, and subscribe to Secured with Dr. KJ: https://swdrkj.riverside.com [https://swdrkj.riverside.com] Apple Podcasts: https://podcasts.apple.com/us/podcast/secured-with-dr-kj/id1805058517 [https://podcasts.apple.com/us/podcast/secured-with-dr-kj/id1805058517] Spotify YouTube Support the Show If this episode brought you value, share it with a colleague, leave a review, and help us grow the community. Securing tomorrow, one episode at a time.

25 de may de 202623 min
Portada del episodio Security is not a Checkbox

Security is not a Checkbox

Episode Summary In this episode, Dr. KJ sits down with Kimberly, a product and engineering leader in the insurance industry, to talk about what it really takes to build secure products at enterprise scale. From managing security consistency across legacy and cloud applications to rolling out AI responsibly in a highly regulated environment, Kimberly brings a practitioner's perspective grounded in transparency, least privilege, and bringing people along on the journey. The conversation covers the tension between shipping fast and staying secure, the role of AI in transforming insurance products, and the leadership principles that make security culture stick. What You'll Learn In this episode, you will learn how a seasoned product leader approaches security consistency across applications of different ages and architectures, why least privilege is not just a technical control but a cultural practice, how to lead a phased AI rollout in a regulated industry while keeping InfoSec at the table from day one, what it looks like when security design reviews become a celebration rather than a checkpoint, and how to translate technical vulnerabilities into business risk language that resonates with stakeholders and leadership. Top 3 Takeaways Security has to be built in from the start. Treating it as a checklist item at the end of a development cycle creates inconsistency and opens the door to costly exposures. The why matters more than the what. Whether you are enforcing least privilege, rearchitecting vendor integrations, or rolling out AI, helping your team understand the reasoning behind a decision is what prevents corner-cutting and builds lasting security culture. AI is an accelerator, not a free pass. Organizations that are seeing real value from AI are the ones that stage their rollouts, measure outcomes, and keep security embedded in the design process from the beginning. Memorable Quotes "A small book could turn into a $5 million bigger issue." "I don't look at security as the last thing that we do when we're getting ready to ship." "There's no role or no space that's small. Security impacts every role." "We catch security flaws early and design phases are celebrated — it's a win for all of us." Connect with the Guest Connect with Kimberly on LinkedIn: https://www.linkedin.com/in/kimberly-w-4841923aa/ [https://www.linkedin.com/in/kimberly-w-4841923aa/] Listen & Subscribe Like, follow, and subscribe to Secured with Dr. KJ: https://swdrkj.riverside.com [https://swdrkj.riverside.com] Apple Podcasts: https://podcasts.apple.com/us/podcast/secured-with-dr-kj/id1805058517 [https://podcasts.apple.com/us/podcast/secured-with-dr-kj/id1805058517] Spotify: Search Secured with Dr. KJ YouTube: Search Secured with Dr. KJ Support the Show If this episode added value, share it with a colleague, leave a review, and help grow the Secured with Dr. KJ community. Every share puts these conversations in front of the practitioners who need them most. Securing tomorrow, one episode at a time.

11 de may de 202614 min