Skip to content

Prabh Nair

Prabh Nair
Prabh Nair
Latest episode

139 episodes

  • Prabh Nair

    How to Build AI Governance in 5 Practical Steps Real Usecase

    16/07/2026 | 57 mins.
    AI governance is no longer optional. In this podcast, we break down a practical 5-step AI governance framework for managing high-risk AI systems from intake and inventory to risk assessment, documentation, vendor review, and continuous monitoring.Using a fictional HR hiring model at a multinational financial institution, this session explains how organizations can build a real-world AI governance process that addresses bias, compliance, privacy, vendor risk, model drift, and regulatory expectations. We also explore how governance teams can align AI systems with business objectives, legal obligations, and frameworks such as the EU AI Act, GDPR, and the NIST AI Risk Management Framework.What you’ll learn in this video:How to create an AI governance intake processWhy AI inventory and system classification matterHow to assess data lineage, bias, and privacy risksWhat to check in AI vendor and third-party risk assessmentsHow to perform AI risk assessments for high-risk systemsWhy model cards, documentation, and audit readiness are essentialHow to implement continuous monitoring for drift, fairness, and performanceKey governance challenges when deploying AI in regulated industriesThis episode is especially useful for:AI governance professionalsrisk and compliance teamsCISOs and security leadersprivacy professionalsdata governance teamsinternal auditorsorganizations deploying high-risk AI systemsWhether you are building an AI governance framework, preparing for AI compliance, or trying to manage AI risk in enterprise environments, this conversation offers a practical roadmap you can apply.Other Videos on AI Governacehttps://www.youtube.com/watch?v=mDuqzICOZZI&t=11shttps://www.youtube.com/watch?v=PT7xmnn8FFIhttps://www.youtube.com/watch?v=OhxAdrfHVs8https://www.youtube.com/watch?v=i721IZkpG8I&t=423shttps://youtu.be/skJNr6C6O18?si=itgrpjoY9viovfL6https://www.youtube.com/watch?v=dQUML9vnlY4&t=3180shttps://www.youtube.com/watch?v=LgFBi5XD-Ow&t=5668sSubscribe for more content on AI governance, cybersecurity, privacy, compliance, risk management, and emerging technology frameworks.#AIGovernance #AIRiskManagement #EUAIAct #GDPR #AICompliance
  • Prabh Nair

    vCISO Master Class: Build a Security Program From Zero

    13/07/2026 | 1h 20 mins.
    Want to become an effective vCISO and learn how to build an information security program from scratch? This masterclass breaks down the real role of a virtual CISO, showing how to lead security through strategy, governance, risk management, compliance, stakeholder communication, and measurable execution.In this session, you’ll learn how a modern vCISO operates across the three core functions of security leadership: strategic direction, governance structure, and operational oversight. The masterclass covers how to assess low-maturity organizations, identify crown jewels, develop a security programme, build a risk register, choose the right framework, write practical policies, oversee security operations, communicate with leadership, and demonstrate measurable business value.This video is ideal for:aspiring vCISOssecurity managers moving into leadership rolesGRC professionalsconsultants building vCISO servicescybersecurity leaders who want to think more strategicallyWhat you’ll learn:What a modern vCISO actually doesThe difference between strategy, governance, and oversightHow to assess an organization with little or no security maturityHow to identify crown jewels and prioritize business-critical assetsHow to build a security programme using frameworks like NIST CSF, ISO 27001, CIS Controls, and SOC 2How to perform practical risk management and create a living risk registerHow to build policies, governance structures, and reporting cadencesHow to oversee incident response, IAM, vulnerability management, vendor risk, and business continuityHow to communicate with executives and boardsHow to become a trusted, effective virtual CISO in real-world engagementsWhether you are starting your journey into the vCISO role or improving your ability to lead an enterprise security program, this masterclass gives you a practical roadmap you can use immediately.Other VideosHow to become CISOhttps://www.youtube.com/watch?v=U2LE8Ma1kcw&t=5s&pp=ygUKQ0lTTyBQUkFCSA%3D%3DCISO Mindsethttps://www.youtube.com/watch?v=iMey5DFE2UE&t=843s&pp=ygUKQ0lTTyBQUkFCSA%3D%3DInfosec Policyhttps://www.youtube.com/watch?v=wgzFoJ14iiI&pp=ygUhaW5mb3JtYXRpb24gc2VjdXJpdHkgcG9saWN5IHByYWJoGRC Videohttps://www.youtube.com/playlist?list=PL0hT6hgexlYxM5P9v7aEYBTJl7iJyK2uKISO 27001https://www.youtube.com/watch?v=tvd1MUf3aHE&list=PL0hT6hgexlYys_9UWhal1kr9Gkz0ms0sM&pp=sAgCBuilding KPIhttps://www.youtube.com/watch?v=UkEhXbNOn9w&pp=ygUJS1BJIFBSQUJI0gcJCdQKAYcqIYzvISO Risk Assessmenthttps://www.youtube.com/watch?v=EAgQ6u7ARIA&t=1882s&pp=ygUpaW5mb3JtYXRpb24gc2VjdXJpdHkgcmlzayBwcmFiaCBpc28gMjcwMDE%3DEnterprise Risk Assessmenthttps://www.youtube.com/watch?v=5ywJMfsYDgo&t=600s&pp=ygUJZXJtIHByYWJoSubscribe for more content on vCISO leadership, cybersecurity strategy, information security governance, risk management, compliance, and AI governance.#vCISO #CyberSecurity #InformationSecurity #RiskManagement #ISO27001
  • Prabh Nair

    Practical Purple Teaming in Action 2026

    09/07/2026 | 1h 29 mins.
    What is Purple Teaming in Cybersecurity? In this podcast episode, Aditya Rai explains purple teaming in a practical, easy-to-understand way through real-world demonstrations using Splunk, Caldera, Atomic Red Team, Windows logging, and Sysmon.If you want to understand how red team and blue team collaboration improves threat detection, security monitoring, and detection engineering, this episode is for you. Aditya shares his journey into cybersecurity, explains why purple teaming matters, and shows how organizations can identify logging gaps, validate detections, and improve visibility across their environment.Resourceshttps://controlcompass.github.io/threat-modelhttps://www.securityblue.team/blog/posts/windows-logging-enhanced-visibility-guidehttps://caldera.mitre.orghttps://www.atomicredteam.ioIn this episode, you will learn: What purple teaming means in real-world cybersecurityThe difference between red team, blue team, and purple team activitiesHow Splunk helps with log collection, analysis, and alerting Why Windows logging and command-line visibility are critical for detectionHow PowerShell activity can be detected and analyzedHow Caldera and Atomic Red Team support adversary emulationWhy Sysmon is valuable for stronger detection and investigation How Windows event IDs and log codes support better threat analysisThis episode is valuable for:SOC analysts Blue teamersDetection engineers Cybersecurity students Security professionals learning Splunk, Sysmon, or MITRE ATT&CKTopics covered:Purple Teaming, Cybersecurity, Splunk, Windows Logging, Sysmon, PowerShell Detection, Atomic Red Team, Caldera, MITRE ATT&CK, Detection Engineering, Threat Detection, Security Monitoring, Red Team vs Blue Team, Adversary EmulationWatch till the end to understand how practical purple teaming can help defenders create better detections, validate security controls, and reduce blind spots in modern environments.Subscribe for more practical cybersecurity podcasts, blue team learning, SOC insights, and hands-on security content. Cyber Warfare Playlisthttps://www.youtube.com/watch?v=KKNtazH1qFs&list=PL0hT6hgexlYw8lc75YSbOts1GhOFl1Ofr&pp=sAgCSOC Playlisthttps://www.youtube.com/watch?v=zCLlrFZU0M8&list=PL0hT6hgexlYxd24Jb8OE7vZoas-iTcHAc&pp=sAgCThreat Intelligencehttps://www.youtube.com/playlist?list=PL0hT6hgexlYxb9mXpcgmEU-_AOmQdrZYO#PurpleTeaming #CyberSecurity #Splunk #BlueTeam #RedTeam #SOCAnalyst #DetectionEngineering #Sysmon #AtomicRedTeam #MITREATTACK #ThreatDetection #WindowsLogging
  • Prabh Nair

    Practical Active Directory Pentesting Masterclass 2026

    06/07/2026 | 2h 37 mins.
    In this episode, Prabh hosts Siva for a deep, practical masterclass on Active Directory (AD) security — covering how AD works, why it becomes the single biggest “blast radius” in most enterprises, and how attackers exploit misconfigurations to compromise an entire organization.What You’ll Learn in This SessionActive Directory components explained (Domain Controllers, LDAP, NTDS.DIT, trusts, OUs)Why AD compromise usually equals full enterprise compromiseReal-world AD attack vectors and how attackers gain initial accessLLMNR poisoning and NTLM authentication abuseNTLM hash cracking with Hashcat (and why cracking “hash → hash” matters)BloodHound for AD security mapping and privilege path discoveryAD Certificate Services (ADCS) vulnerabilities (ESC-style misconfigs)Certificate-based impersonation of Domain AdminsDCSync, DACL abuse, GenericAll permissions, and persistence techniquesKerberos attacks: Golden Ticket, Silver Ticket, KerberoastingWhy Active Directory Security MattersActive Directory is the identity backbone for most enterprises.If AD is compromised, attackers can gain:Domain-wide credentialsAdmin privileges across systemsLateral movement capabilityLong-term persistenceThis masterclass focuses on understanding how the attack works, not just “which command to run.”Active Directory Fundamentals (Quick Breakdown)We cover core AD concepts including:Forest & Domain (security boundaries)Trust relationships (especially during mergers & acquisitions)Organizational Units (OUs) for policy enforcementDomain Controller role and directory servicesLDAP as the protocol used for AD interactionNTDS.DIT and why it’s one of the most dangerous files to loseNTDS.DIT: The “Crown Jewel” RiskSiva demonstrates how extracting NTDS.DIT can reveal:User accountsPassword hashesTrust relationshipsDomain secretsOne compromised file can lead to credential exposure across the entire organization.LLMNR Poisoning & NTLM Attacks (Hands-On)A major portion of this episode focuses on the classic but still deadly chain:Broadcast name resolution (LLMNR)Attacker responds as the “fake resolver”Captures NTLM authentication hashesHashes are cracked for credentials or reused for accessWe also clarify key concepts:LM Hash vs NT Hash vs NTLMWhy cracking NTLM is often the real gateway to exploitationNTLM Hash Cracking With Hashcat (Real Practical)Siva demonstrates:Why Hashcat is preferred for crackingHow password list choice matters (e.g., WeakPass)A powerful technique: cracking NTLMv1 → converting to NT hash for broader attack coverageThis is one of those “real pentesting tricks” many people miss.BloodHound: Visualizing AD Attack PathsSiva demonstrates BloodHound to:Identify Domain AdminsMap group membershipsDiscover privilege escalation pathsUnderstand why local admin access can quickly become domain admin compromiseWe also discuss best practices such as limiting local admin privileges and following Microsoft’s tiering model.AD Certificate Services (ADCS): Domain Compromise in MinutesThis is one of the most critical sections of the session.Siva explains how ADCS misconfigurations can allow attackers to:Request certificates for other usersImpersonate domain adminsAuthenticate using certificate-based logonExtract hashes and elevate privilege rapidlyWe cover how dangerous “Supply in the request” + client authentication permissions can be in certificate templates.DCSync, DACLs, GenericAll & PersistenceWe explore advanced but realistic misconfigurations that don’t always show up as CVEs:DCSync (replication permissions abuse)DACL vulnerabilities (outbound permissions that let you control other objects)GenericAll leading to shadow credentials and persistent accessHow persistence can survive password changes without changing passwords directlyKerberos Attacks ExplainedSiva breaks down Kerberos concepts and vulnerabilities including:Golden TicketSilver TicketKerberoasting
  • Prabh Nair

    Top 3 Skills to Master Before Entering Cybersecurity

    23/03/2026 | 1 mins.
    Are you ready to enter the exciting world of cybersecurity? Before you do, make sure you're equipped with these three essential skills that every aspiring cybersecurity professional must know! In this short video, we'll discuss the critical abilities you need to master to set a solid foundation for your career.Why These Skills Matter:Networking Fundamentals: Knowing how data moves across networks is crucial for detecting and mitigating cyber threats.Operating Systems: Familiarity with different operating systems (Windows, Linux, etc.) helps in understanding system vulnerabilities and defense mechanisms.Cyber Threats: Being aware of common cyber threats and attack vectors is essential for developing effective security strategies.Key Takeaways:Gain a solid understanding of networking fundamentals to comprehend data flow and security measures.Learn the basics of operating systems to identify and address potential vulnerabilities.Understand common cyber threats to develop robust defense strategies.#cybersecuritytraining #cybersecurity #career #informationsecurity
More Technology podcasts
About Prabh Nair
Prabh Nair is a cybersecurity podcaster covering cyber risk, ransomware, incident response, SOC operations, GRC, AI security, threat intelligence, digital forensics, ISO 27001, CISSP, CISM, and security leadership. Built for SOC analysts, auditors, cybersecurity professionals, students, and business leaders, each episode delivers simple explanations, practical lessons, and real-world examples to help you stay ahead in the fast-changing cyber world. #CyberSecurity #InformationSecurity #CyberRisk #GRC #SOC #IncidentResponse #Ransomware #ThreatIntelligence #AISecurity #DigitalForensics
Podcast website

Listen to Prabh Nair, Galaxy Brain and many other podcasts from around the world with the radio.net app

Get the free radio.net app

  • Stations and podcasts to bookmark
  • Stream via Wi-Fi or Bluetooth
  • Supports Carplay & Android Auto
  • Many other app features