Prabh Nair

In this bootcamp session, Prabh Nair breaks down ISO/IEC 42001 and the practical reality of AI governance inside organizations.
If you are trying to implement an AI Management System (AIMS), this session walks you through the governance principles, the clause structure, the documentation mindset, and how to run AI risk assessments and impact assessments in a way that stands up to audits.WHAT YOU’LL LEARN- Why AI governance matters: bias, misinformation, misuse, and trust- The 5 AI governance principles: accountability, transparency, fairness, safety, and balanced innovation- ISO/IEC 42001 structure: clauses, annexes, and the PDCA cycle- AIMS implementation in 4 phases: gap analysis, planning, implementation, verification- Defining your organizational role: AI provider, producer, customer, partner, subject, authority- Project charter essentials: scope, context analysis, interested parties- Risk assessment methodology: likelihood, impact, and how to set criteria based on context- Risk assessment vs impact assessment: business risk vs human harm- When assessments must be repeated: planned intervals and major changes (data, model, rollout, geography)- Documentation and audit readiness: objectives, SoA, change management, competence, awareness, version controlPractical AI Governancehttps://www.youtube.com/watch?v=dQUML9vnlY4&t=3180s&pp=ygUKYWltcyBwcmFiaA%3D%3DAI Governancehttps://www.youtube.com/watch?v=LgFBi5XD-Ow&t=5668s&pp=ygUTYWkgZ292ZXJuYW5jZSBwcmFiaA%3D%3DAI Agent Governance https://www.youtube.com/watch?v=i721IZkpG8I&t=423s&pp=ygUYYWdlbnRpYyBnb3Zlcm5hbmNlIHByYWJo#ISO42001 #AIGovernance #AIMS #AIRiskAssessment #AICompliance #ISOCertification #Cybersecurity #GRC

Lazarus Group (widely attributed to North Korea) isn’t just “hacking” – it’s a repeatable cybercrime process: phishing, recruitment fraud, access, theft, then cryptocurrency laundering.In this podcast, investigative journalist and author Geoff White joins Prabh to break down how modern cybercrime actually works, why HR teams are now part of the attack surface, and what leaders can do to reduce real-world risk.GUESTGeoff White (LinkedIn): https://uk.linkedin.com/in/geoffwhitetechWHAT WE COVER- Lazarus tactics: phishing, insider targeting, and recruitment-style social engineering- Recruitment fraud: why Cybersecurity + HR must work together- Crypto laundering evolution: wallets → mixers → OTC brokers and beyond- WannaCry investigation lessons and why “evidence” can mislead- State cyber warfare: how weaker states use cyber tactics for leverage- AI and investigations: why human intuition still matters- Resilience planning: build an “if team” (prevention) and a “when team” (response)KEY TAKEAWAYS (FAST RECAP)1) Treat cybercrime like a business process, then break the chain.2) Recruitment and HR workflows are now security controls, not “admin work.”3) Incident readiness is not optional – plan for “when,” not just “if.”#LazarusGroup #CyberCrime #NorthKorea #CryptoLaundering #RecruitmentScam #Phishing #IncidentResponse #CyberSecurity #OSINT #ThreatIntel

In this episode, Prabh Nair is joined by Jayant, CISO for Asia Pacific and Japan at Check Point Software Technologies, for a grounded conversation on what cybersecurity leadership really means at the CISO level.The discussion goes far beyond tools, products, and frameworks. It focuses on the mindset shift every CISO must make — from being a technical security expert to becoming a business-aligned risk leader.Jayant shares real-world experiences from global enterprises, including a critical lesson from deploying network access controls in a low-latency trading environment. The case highlights a hard truth many security leaders learn late: a technically correct control can still be a business failure if it ignores how the business actually operates.Throughout the conversation, the focus remains on understanding business dynamics, risk appetite, and outcomes before deploying security controls. We explore how the role of the CISO has evolved as enterprises moved from a small set of tools to managing dozens of security platforms, multiple cloud service providers, and complex regulatory expectations across regions.Key themes discussed include:Why CISOs must act as translators between technology, business, and regulatorsHow security practices need to align with peak business usage and time-to-market pressuresThe shift from CapEx to OpEx models and its impact on security strategyChallenges of securing cloud and hybrid environments, especially for regulated and critical infrastructuresWhy cyber resilience is about tested failover and recovery, not documentationHow regulators now demand evidence that controls actually workThe role of AI in cybersecurity — not as magic, but as an amplifier of both threats and defensesJayant also shares insights on CISO leadership skills, emphasizing adaptability, stakeholder alignment, and the ability to communicate cyber risk in business language to CEOs, CFOs, boards, and regulators.If you are a:CISO or aspiring CISOSecurity leader, architect, or consultantGRC, audit, or risk professionalEngineer transitioning into leadershipthis episode will help you understand how CISOs think, decide, and balance growth with security in real organizations.CISO talkshttps://www.youtube.com/playlist?list=PL0hT6hgexlYwPTD-wC3oFBe27VGEiizg1NIST Serieshttps://www.youtube.com/watch?v=VcC_KabV_Ho&list=PL0hT6hgexlYy0vBwMv0eteiyAxB48RQzy&pp=gAQBiAQBGRC Serieshttps://www.youtube.com/watch?v=mq_vSLHm4r0&list=PL0hT6hgexlYztA41j1bceTfVagP9mtq28&pp=gAQBLinkedin Profile of Prashanthttp://linkedin.com/in/prashant-mohan-cissp-issap-ccsp-04610215Book Building Blocks: Comprehensive guide to build a security architecture programhttps://amzn.to/4szY0QvISO 27001 Videohttps://www.youtube.com/watch?v=sQqJH2naU6I&t=1454s&pp=ygUeaXNvIDI3MDAxIGltcGxlbWVudGF0aW9uIHN0ZXBzISO 27001 Implementation Guidehttps://www.youtube.com/watch?v=GBfwk10Hh-o&pp=ygUeaXNvIDI3MDAxIGltcGxlbWVudGF0aW9uIHN0ZXBzGRC Practical Serieshttps://www.youtube.com/playlist?list=PL0hT6hgexlYztA41j1bceTfVagP9mtq28GRC Interviewhttps://www.youtube.com/playlist?list=PL0hT6hgexlYz1Usn1Nrnur6OzVoz59zylInternal Audithttps://www.youtube.com/playlist?list=PL0hT6hgexlYyNWBcGYfabwumCr0GKmLWv#ciso #cybersecurity #infosec #resilience #cyberresilience

Are you planning to implement ISO 27001 and wondering how to start? In this comprehensive video, we guide you through the process of writing a Project Initiation Document (PID) specifically for ISO 27001 implementation. This is the first video that covers everything from scratch—so whether you're a beginner or a seasoned professional, this video is designed to help you prepare a successful Project Initiation Document.What You Will Learn:What is a Project Initiation Document? We break down its purpose and significance in ISO 27001 implementation.Key Questions to Ask: Discover the essential questions you need to address while preparing a PID.Complete Content Overview: A detailed breakdown of what your Project Initiation Document should include, such as scope, objectives, timelines, risk management, and resources.Best Practices for ISO 27001 Implementation: Practical tips on how to structure your document to ensure a smooth ISO 27001 project kick-off.This video is a must-watch for anyone tasked with ISO 27001 implementation, especially those unfamiliar with creating a Project Initiation Document. By the end, you'll have a clear understanding of how to write an effective PID that sets the foundation for a successful ISO 27001 project. Key Topics Covered:Introduction to Project Initiation Documents (PIDs)Content required in a PID for ISO 27001Questions you must answer before creating your PIDReal-world case examples and step-by-step explanations💡 Why This Video is Unique: This is the first video to provide a detailed, practical guide on preparing a Project Initiation Document tailored to ISO 27001 implementation. If you're looking to save time and avoid mistakes in your ISO 27001 project, this is the resource for you.How to Implement ISO 27001 Implementatationhttps://www.youtube.com/watch?v=tvd1MUf3aHE&pp=ygUeaXNvIDI3MDAxIGltcGxlbWVudGF0aW9uIHN0ZXBzHow to Write ISMS Context Part 2https://youtu.be/wL2GSovv4Ok🔔 Don’t forget to like, comment, and subscribe for more in-depth ISO 27001 implementation guides!#ISO27001 #ProjectInitiationDocument #ISO27001Implementation #ISMS #CyberSecurity #Compliance #ProjectManagement #InformationSecurity #CyberSecurity2024 #ISO27001StepByStep

Turn plain English into working apps—safely. In this episode, Prabh and Siva unpack VIBE/VIP coding: using AI coding co-pilots to prototype websites and apps fast, with human-in-the-loop validation, security guardrails, and real software engineering discipline. We cover white coding for non-developers, secure AI development practices, and how to use AI to audit code—not replace developers.What you’ll learnVIBE/VIP coding workflow: idea → prompt → prototype → review → harden → shipAI as co-pilot (not autopilot): when to trust, verify, and hand-codeWhite coding for non-tech users: launch sites/apps quickly with oversightSecurity and governance: secrets handling, dependency checks, threat modeling, audit trailsHuman-in-the-loop gates: code review, tests, approvals, and rollback plansTooling stack: prompt builders, code assistants, prototyping and mobile app toolsUsing AI to audit work: test generation, linting, SBOM and supply-chain checksFrom POC to production: CI/CD, versioning, monitoring, and pen-test loopsWho this is forFounders, PMs, BAs, designers, and engineers who want AI-assisted development speed without losing quality, security, or governance.#AICoding #VIBECoding #VIPCoding #AIForBuilders #HumanInTheLoop #AIGovernance #SecureDevelopment #NoCode #LowCode #AIPrototyping #PromptEngineering #DevTools #AppDevelopment #CICD #SoftwareSecurity