Prabh Nair

Learn how to conduct an ITGC audit in this comprehensive video by Chinmay. Discover the ins and outs of ITGC auditing and how it works.This video is an eye-opener for every aspiring IT auditor.Forget theory—this is a real-world, step-by-step walkthrough of how audit control testing actually happens inside organizations.In this session, we go beyond certification talk and dive straight into practical auditing — from understanding a control to completing testing, writing workpapers, and preparing for review.🎯 What You’ll LearnHow to prepare for a walkthrough meeting like a professional auditorThe right questions to ask (and what to avoid)Managing discussions and taking notes effectivelyCapturing key process details and identifying critical control pointsWriting clear follow-up questionsCreating process flowcharts or outlines from your walkthroughDrafting a sample audit workpaper — with structure, evidence, and documentation best practicesThe sample documentation shared in this video is purely for educational purposes, showing you what every well-written audit workpaper should include. Every organization has its own format, but the fundamentals remain the same.This is the real day-in-the-life of an IT auditor — 8 AM to 5 PM.If you’ve ever wondered what auditors actually do beyond exams and checklists, this is your behind-the-scenes look.CISO talkshttps://www.youtube.com/playlist?list=PL0hT6hgexlYwPTD-wC3oFBe27VGEiizg1NIST Serieshttps://www.youtube.com/watch?v=VcC_KabV_Ho&list=PL0hT6hgexlYy0vBwMv0eteiyAxB48RQzy&pp=gAQBiAQBGRC Serieshttps://www.youtube.com/watch?v=mq_vSLHm4r0&list=PL0hT6hgexlYztA41j1bceTfVagP9mtq28&pp=gAQBISO 27001 Videohttps://www.youtube.com/watch?v=sQqJH2naU6I&t=1454s&pp=ygUeaXNvIDI3MDAxIGltcGxlbWVudGF0aW9uIHN0ZXBzISO 27001 Implementation Guidehttps://www.youtube.com/watch?v=GBfwk10Hh-o&pp=ygUeaXNvIDI3MDAxIGltcGxlbWVudGF0aW9uIHN0ZXBzGRC Practical Serieshttps://www.youtube.com/playlist?list=PL0hT6hgexlYztA41j1bceTfVagP9mtq28GRC Interviewhttps://www.youtube.com/playlist?list=PL0hT6hgexlYz1Usn1Nrnur6OzVoz59zylInternal Audithttps://www.youtube.com/playlist?list=PL0hT6hgexlYyNWBcGYfabwumCr0GKmLWv#ITAuditWalkthrough#ControlTestingProcess#AuditWorkpaperExample#AuditDocumentation#AuditBestPractices#WalkthroughMeeting#AuditPreparation#InternalAuditTraining#CISAStudyGuide#ITGCTesting#AuditSampleDocs#AuditorLife#AuditInterviewPrep#InternalControlTesting#AuditWorkpaperWriting#ProcessWalkthrough#AuditEvidence#AuditFlowchart#RealWorldAudit#CISAPracticalSkills#AuditReviewProcess

AI systems can now read websites, emails, documents, tickets, PDFs, and even trigger actions through plugins.That means one thing: if the AI can read it, someone can influence it.In this video, we go deep into the world of Prompt Injection, the fastest-growing attack on LLMs in 2025.Using insights from real research, real demos, and real enterprise failures, we explain how attackers hijack AI systems using hidden instructions, misleading content, and manipulated data — and how you can defend against it.This video is based on my full breakdown of LLM security failures and mitigations from LLM01: Prompt Injection. 00:00 - 00:45 – Introduction00:45 - 02:21 - Prompt Injection02:21 - 03:45 - Eg: Simple Analogy03:45 - 05:14 - Where Prompt Injection Shows Up05:14 - 05:35 - Typical Attackers Goals05:35 - 08:31 - Types of Prompt Injection08:31 - 09:56 - Eg: Direct Prompt Injection09:56 - 10:46 - Eg: Indirect Prompt Injection10:46 - 11:20 - Case Study-1 ChatGPT Plug-in Vulnerability (Direct Injection)11:20 - 12:32 - Not What You Sign For (Indirect Injection)12:32 - 13:14 - Why Prompt Injection is Dangerous13:14 - 14:13 - Key Risk Factors14:13 - 16:10 – Mitigation16:10 - 16:45 - CISO Lesson AI Practicalhttps://www.youtube.com/watch?v=XmbOUSX7IKc&list=PL0hT6hgexlYwHLdZR_oHvEKN_8IiAMBcU&pp=gAQBPractical Security Architecturehttps://www.youtube.com/watch?v=OhxAdrfHVs8&list=PL0hT6hgexlYwhCZaMSPd98vfYR-Aw9oWp&pp=gAQBGENAI Securityhttps://www.youtube.com/watch?v=aTJPKifa1VM&t=629s#PromptInjection#LLMSecurity#AISecurity#RAGSecurity#GenAISecurity#CyberSecurity#CISO#AIThreats#AIAttacks#TechExplained

In this powerful episode, Yuval and Prabh break down what’s truly broken in cybersecurity today — our obsession with tools over thinking.If you’ve ever wondered why your security investments still fail to stop breaches, this conversation will change the way you look at risk, resilience, and leadership.💡 What You’ll LearnWhy understanding root causes matters more than chasing the latest toolsHow to balance business enablement and security without slowing growthThe evolution from EPP to EDR — and why detection timing mattersReal-world breakdown of secure browsing approaches (SWG, RBI, enterprise browsers)How to make security defensible and measurable through risk-based KPIsWhy AI security should be treated as part of your stack, not a separate domainHow to evaluate when to remove controls and rebalance your risk postureThe real meaning of continuous exposure management (CTEM) for CISOs in 2025🗣️ Key Discussion HighlightsSecurity must follow the business, not the other way around.Ask why before buying — not what’s trending.AI is just another vector in your stack — treat it like one.CISO talkshttps://www.youtube.com/playlist?list=PL0hT6hgexlYwPTD-wC3oFBe27VGEiizg1NIST Serieshttps://www.youtube.com/watch?v=VcC_KabV_Ho&list=PL0hT6hgexlYy0vBwMv0eteiyAxB48RQzy&pp=gAQBiAQBGRC Serieshttps://www.youtube.com/watch?v=mq_vSLHm4r0&list=PL0hT6hgexlYztA41j1bceTfVagP9mtq28&pp=gAQBISO 27001 Videohttps://www.youtube.com/watch?v=sQqJH2naU6I&t=1454s&pp=ygUeaXNvIDI3MDAxIGltcGxlbWVudGF0aW9uIHN0ZXBzISO 27001 Implementation Guidehttps://www.youtube.com/watch?v=GBfwk10Hh-o&pp=ygUeaXNvIDI3MDAxIGltcGxlbWVudGF0aW9uIHN0ZXBzGRC Practical Serieshttps://www.youtube.com/playlist?list=PL0hT6hgexlYztA41j1bceTfVagP9mtq28GRC Interviewhttps://www.youtube.com/playlist?list=PL0hT6hgexlYz1Usn1Nrnur6OzVoz59zylInternal Audithttps://www.youtube.com/playlist?list=PL0hT6hgexlYyNWBcGYfabwumCr0GKmLWv#CyberSecurity #CISO #CyberResilience #SecurityStrategy #RiskManagement #CTEM #EDR #EPP #AISecurity #GRC #SecurityPodcast #RootCauseSecurity #SecOps

AI is changing how we code — and how attackers break systems.In this deep-dive conversation, Prabh and Mayank explore the new security challenges across frontend, backend, APIs, LLMs, supply chain, data pipelines, and infrastructure. From secure coding fundamentals to defending modern AI-driven systems, this episode is packed with real-world lessons developers and security teams can apply immediately.00:00 – 01:30 - Introduction, Guest welcome and his credentials 01:30 – 05:47 - Foundational Context and Core Premises05:47 – 08:30 - Importance of Secure AI coding08:30 – 09:50 - The Insecurity of LLM Outputs09:50 – 12:02 - Amplification of Attacks12:02 – 14:11 - Podcast Agenda14:11 – 21:25 - Front-end with example21:25 – 26:20 - Back-end26:20 – 31:10 – Database31:10 – 34:40 – Infrastructure34:40 – 37:04 – LLM and Prompt Injection37:04 – 39:33 - Output Filtering39:33 – 41:23 - Memory Attacks41:23 – 43:12 - Model Security43:12 – 54:24 - AI Supply Chain, Classics, and Future Threats54:24 – 57:40 - Incident prevention and always be ready57:40 – 01:03:40 – Typoglycemia01:03:40 – 01:09:40 - Due Diligence and Limited Visibility01:09:40 – 01:11:45 - Key challenges01:11:45 – 01:13:20 - Future Podcast Topic01:13:20 – 01:15:00 - End of the conversation by thanking Mayank Lau and looking forward to doing more Podcast.In this video, we break down everything developers and security teams must know about building secure systems in the age of AI. You’ll learn why AI-generated code isn’t automatically safe, how frontend vulnerabilities like XSS, SQL injection, sanitization failures, secrets exposure, and CORS issues still happen, and what it takes to design backend APIs that survive real attacks. We also go deep into LLM security — prompt injection, output manipulation, memory attacks, session poisoning, data theft, and how to secure agent pipelines the right way. You’ll understand the new AI supply chain risks, from unsafe data sources to third-party models, plus the importance of patching, hashing, and infrastructure monitoring for agentic systems. Finally, we discuss incident prevention and team mindset, covering MTTA/MTTR reduction, secure-team thinking, and why the right mindset protects you more than any tool.CISO talkshttps://www.youtube.com/playlist?list=PL0hT6hgexlYwPTD-wC3oFBe27VGEiizg1NIST Serieshttps://www.youtube.com/watch?v=VcC_KabV_Ho&list=PL0hT6hgexlYy0vBwMv0eteiyAxB48RQzy&pp=gAQBiAQBGRC Serieshttps://www.youtube.com/watch?v=mq_vSLHm4r0&list=PL0hT6hgexlYztA41j1bceTfVagP9mtq28&pp=gAQBISO 27001 Videohttps://www.youtube.com/watch?v=sQqJH2naU6I&t=1454s&pp=ygUeaXNvIDI3MDAxIGltcGxlbWVudGF0aW9uIHN0ZXBzISO 27001 Implementation Guidehttps://www.youtube.com/watch?v=GBfwk10Hh-o&pp=ygUeaXNvIDI3MDAxIGltcGxlbWVudGF0aW9uIHN0ZXBzGRC Practical Serieshttps://www.youtube.com/playlist?list=PL0hT6hgexlYztA41j1bceTfVagP9mtq28GRC Interviewhttps://www.youtube.com/playlist?list=PL0hT6hgexlYz1Usn1Nrnur6OzVoz59zylInternal Audithttps://www.youtube.com/playlist?list=PL0hT6hgexlYyNWBcGYfabwumCr0GKmLWv#SecureCoding #AISecurity #LLMSecurity #PromptInjection #BackendSecurity #FrontendSecurity #APISecurity #DevSecOps #AIAttacks #SupplyChainSecurity #MLSecurity #AgenticSystems #DeveloperSecurity #CyberSecurity2025 #vibecoding

If you’re running a business in India, handling website leads, student registrations, client details, HR information, invoices, or any digital personal data… then the Digital Personal Data Protection Act (DPDPA) 2025 applies to you.This video is a simple, practical, end-to-end guide on How to comply with DPDPA India 2025 — designed for founders, HR teams, sales, marketing, IT, trainers, support teams, and non-technical stakeholders who manage 80% of personal data every day.In this session, we break down the DPDPA Act and DPDPA Rules 2025 in plain, usable language. You’ll understand the real difference between the Act (the “WHAT & WHY”) and the Rules (the “HOW, WHEN & BY WHOM”). Using real examples from Azpirantz Technologies LLP, we walk through how a normal Data Fiduciary should build a defensible, operational and audit-ready DPDP compliance program.You’ll learn how to confirm your applicability, build a basic data inventory, draft lawful privacy notices, choose between consent and legitimate uses, handle rights requests, decide retention timelines, implement minimum security safeguards, manage vendors, handle breaches, and prepare your team for audits. This video is structured exactly around the 13-step implementation roadmap from the DPDP Rules — so you can start complying today without waiting for consultants or legal teams.Whether you run a startup, MSME, training company, consulting firm, SaaS business, agency, HR team, or any organisation that handles personal data, this walkthrough will show you:✔ What the law really expects✔ What documentation is needed✔ How to implement each requirement in real life✔ How to avoid penalties and common mistakes✔ How to build a simple privacy governance structure✔ How to secure your data, vendors and user rights✔ How to show compliance if the Data Protection Board contacts youThis is the most practical, founder-friendly, non-technical DPDPA compliance guide available on YouTube today. If you're searching for How to comply with DPDPA India 2025, you will find everything here — explained step-by-step with clarity.Practical Steps to GDPR Compliance Success 2024https://www.youtube.com/watch?v=Pf_qQxeubIg&pp=ygUKR0RQUiBQUkFCSA%3D%3DGDPR Data Processing Agreements Simplified Quicklyhttps://www.youtube.com/watch?v=zVRqS8ML0UU&pp=ygUKR0RQUiBQUkFCSA%3D%3DHow to Implement PIMShttps://www.youtube.com/watch?v=IwAseU4ZmuQ&t=980s&pp=ygUPR0RQUiBQUkFCSCBQSU1T#DPDPA #dpdpact #DPDPARules2025 #HowToComplyDPDPA #DPDPAIndia2025 #DataProtectionIndia #PrivacyLawIndia #IndianStartupCompliance #Azpirantz #PrabhNair #DataFiduciary #IndianPrivacyLaw #DigitalPersonalDataProtection #DPDPACompliance #IndianCyberLaw #DataGovernanceIndia #PrivacyComplianceIndia #IndianBusinesses #FounderFriendlyGuide