InfosecTrain

AI is no longer a futuristic concept it’s an active driver of enterprise change. However, with great innovation comes significant risk. In this episode, we explore how risk professionals identify, assess, and respond to AI-driven threats. From strategic and operational impacts to the critical need for human oversight, we break down the framework for building intelligent, resilient enterprises.

🎯 Key Topics Covered in This Episode:
AI Risk Identification: Why AI risk isn't just an "IT issue" but a fundamental driver of enterprise-wide risk.

AI as an Enterprise Risk Driver: Categorizing AI risks into Strategic, Operational, Compliance/Legal, and Reputational domains.

Bias and Legal Pitfalls: Real-world examples of gender bias in AI hiring and lending tools that led to regulatory penalties.

Assessing AI Risk: Using Impact, Likelihood, Velocity, and Control Effectiveness to quantify the "speed" and "magnitude" of AI failures.

The Four Risk Responses: How to decide when to Avoid, Mitigate, Transfer, or Accept AI risk based on organizational appetite.

Governance & Ownership: Who truly owns AI risk? Defining roles across Business, IT, and Compliance teams.

Implementing Controls: A guide to Preventive, Detective, and Corrective controls for the AI lifecycle.

Integrating AI into ERM: Why AI risk must be part of your central risk register rather than a siloed technical framework.

Continuous Monitoring: The necessity of tracking "model drift" and data accuracy at frequent intervals.

🎧 Secure your enterprise's future with InfosecTrain. Advance your career with our CRISC and AI Governance certification programs. Learn to bridge the gap between emerging technology and robust risk management.

📽️ Watch the full episode on YouTube: https://www.youtube.com/watch?v=25lAfjw_wvQ

AI is everywhere, from personal companions to high-stakes business automation. But as adoption grows, so do the risks of data privacy breaches, algorithmic bias, and lack of accountability. In this episode, we discuss why AI literacy is no longer optional for IT professionals and how the Certified AI Governance Specialist program bridges the gap between technical AI tools and responsible business leadership.

🎯 Key Topics Covered in This Episode:
The Shift in AI Adoption: From "Googling" to "Chatting" how AI has moved from a search tool to a personal and professional companion.

Accountability in AI: Why we can't take an AI to court and the urgent need for human oversight in high-risk use cases like loan approvals.

Technical vs. Non-Technical Roles: Why AI governance is for everyone from developers to CISOs and the importance of "AI Literacy" as mandated by the EU AI Act.

The Amazon Resume Case Study: A real-world example of how a lack of AI governance led to gender bias and reputational damage.

Global Regulations & Frameworks: Understanding the impact of the EU AI Act, GDPR, ISO 42001, and the NIST AI Risk Management Framework.

Career Evolution: Kish shares his personal journey from a technical "fix-it" guy to a governance consultant, explaining why governance is a better career decision.

Practical Training vs. Theory: What sets the Certified AI Governance Specialist program apart, including hands-on policy writing and real-world risk assessments.

Explainability & Blind Spots: Why AI decisions must be auditable and explainable to maintain customer trust and legal compliance.

The Lightning Round: Quick takes on "automation bias," the biggest mistakes organizations make, and whether AI is currently under-governed or under-understood.

🎧 Stay ahead of the curve with InfosecTrain. Prepare for the future of GRC by becoming a Certified AI Governance Specialist. Our 48-hour live instructor-led program provides the templates, use cases, and practical insights you need to lead AI initiatives.

Watch the full episode on YouTube: https://www.youtube.com/watch?v=jMYDpy-zy8M

In this episode, we break down the sophisticated world of Red Teaming. Moving past simple vulnerability scans, we explore the mindset of a determined adversary. We cover the entire attack chain from initial access via LLMNR poisoning to lateral movement using BloodHound and explain how these simulations help Blue Teams sharpen their detection and response capabilities.

Key Topics Covered in This Episode:
Defining Red Teaming: Why Red Teaming is "threat-oriented" rather than "vulnerability-centric," focusing on organizational resilience.

Understanding APTs: The characteristics of Advanced Persistent Threats—sophisticated, long-term, and stealthy.

The MITRE ATT&CK Framework: A breakdown of the 14 tactics used to map adversarial behavior from reconnaissance to impact.

Red Team vs. Pentesting: A detailed comparison of scope, duration, and goals (Narrow vs. Broad, Goal-oriented vs. Threat-oriented).

The Attack Life Cycle: Stepping through Reconnaissance, Initial Compromise, Persistence, Privilege Escalation, and Exfiltration.

Live Demo: LLMNR Poisoning: How attackers exploit "link-local" protocols to capture password hashes using tools like Responder.

Cracking Hashes: Using Hashcat to resolve captured NTLMv2 hashes into plain-text passwords.

Visualizing the Path: Using BloodHound and Neo4j to map hidden relationships and attack paths within Active Directory.

The Blue Team Perspective: How the Security Operations Center (SOC) uses Red Team findings to close detection gaps.

🎧 Level up your offensive security skills with InfosecTrain. We provide specialized training in Red Teaming, Active Directory Security, and APT Simulation to prepare you for the front lines of cybersecurity.

Watch the full episode on YouTube: https://www.youtube.com/watch?v=ruaK9NNIE2w

Are you still spending 20 minutes reading a single regulatory document? In this episode, we show you how to leverage Gemini and Custom Agents to automate document analysis. We walk through the process of feeding an AI 17 pages of RBI fintech guidelines and training it to act as your personal "Fintech Helper" capable of answering complex questions and drafting polished, empathetic emails directly to your team or clients.

Key Timestamps & How-To:
The Manual Burden: Why reading 17 pages of RBI guidelines takes too long and how AI solves the "memory" problem.

Knowledge Feeding: How to properly summarize and feed specific regulatory knowledge into your custom agent.

Setting the Guardrails: Why you must instruct your agent on tone (e.g., "polite and mature") and ensure it doesn't use random citations.

Multi-Tool Integration: Enabling your agent to use web searches and your professional email to gather real-time context.

3-Second Analysis: Watching the agent digest a massive update and provide accurate summaries in under three seconds.

The Draft-to-Sent Workflow: How the agent automatically creates a ready-to-send draft in your Gmail based on the document's findings.

Master AI Automation with InfosecTrain. We provide the technical foundation to help you build secure, autonomous agents for your professional workflow.

Watch the full episode on YouTube: https://www.youtube.com/watch?v=9nTsH4m0KqA

National security is no longer just about tanks and aircraft; it’s about power grids, financial ecosystems, and data privacy. In this episode, Colonel Deepak Joshi explains why safeguarding a business is an act of nation-building. We dive into the DPDP Act, the "Black Box" of AI, and why your organization’s cybersecurity posture is now a competitive advantage that drives revenue and trust.

Key Timestamps & Insights:
Beyond the Battlefield: Why cyber warfare is now a primary domain alongside land, sea, and air.

Critical Infrastructure: The high stakes of protecting airports, power grids, and banking services.

The ₹250 Crore Risk: Understanding the penalties under India’s DPDP Act and the cost of "just in case" data collection.

Security as a Brand: How Apple and Tata Nexon used "security" as a winning marketing tagline to dominate markets.

The AI Privacy Bridge: Balancing innovation with ethical data ingestion and avoiding the "Black Box" trap.

Secure by Design: The "Sprinkler System" analogy—why security must be baked into the foundation, not added later.

Startup Survival Kit: Three non-negotiable tips for high-energy startups to protect their IP and reputation.

The Human Firewall: Why regular patching is like a medical checkup and why your digital hygiene matters more than your tools.

Career Pivot: Why cybersecurity professionals are perfectly positioned to lead the new wave of Privacy and DPO roles in India.

Expert Guest: Colonel Deepak Joshi (CISO & DPO) 
Hosted by: InfosecTrain Tech Talk

Watch the full episode on YouTube: https://www.youtube.com/watch?v=RR--vwkpMVY