InfosecTrain

Governance, Risk & Compliance (GRC) is no longer just about meeting static requirements it’s about controlling intelligent, evolving systems. In this episode, InfosecTrain explores how organizations are transitioning from reactive compliance to proactive, AI-first governance frameworks. We break down how next-generation GRC integrates AI risk management and automated decision-making to handle the unique challenges of the 2026 digital landscape.

📘 What You’ll Learn:
Managing AI-Specific Model Risks: Strategies for tackling bias, hallucinations, model drift, and the explainability gap.

Modernizing Third-Party Due Diligence: Moving beyond static questionnaires to AI vendor risk scoring and continuous monitoring.

The New Era of AI Auditing: Implementing a 5-domain framework for evidence standards and board-level reporting.

Navigating Global Regulations: A deep dive into the EU AI Act, NIST AI RMF, and new SEC disclosure rules.

AI’s ESG Footprint: Understanding the environmental and social governance impact of large-scale AI deployment.

🎧 Dive in to understand how enterprises are shifting toward intelligent governance strategies to secure the future of AI.

Watch the full episode on YouTube: https://youtu.be/LrQbgbnWIEI?si=3HqMfGGseYVyI0B0

Identifying your role in the AI lifecycle is no longer just a technicality it’s a regulatory and ethical necessity. In this episode, we break down ISO/IEC 42001:2023, the world’s first auditable standard for an Artificial Intelligence Management System (AIMS). From global tech giants to the individual subjects impacted by AI decisions, discover how this framework ensures responsible development, transparency, and data privacy.

📘 What You’ll Learn:
What ISO 42001 is and how the PDCA (Plan-Do-Check-Act) cycle applies to AI governance

The 5 Key AI Roles: Provider, Producer, Partner, Customer, and Subject

Real-world analogies: How AI roles mirror the construction of a house or medical drug discovery

The intersection of AI and Privacy: How ISO 42001 aligns with GDPR and the EU AI Act

Goal Alignment: Why Providers focus on capability while Subjects focus on their fundamental rights

🎧 Dive in to understand why defining your AI role is a critical part of today’s cybersecurity and compliance strategy.

📽️ Watch the full episode on YouTube: https://www.youtube.com/watch?v=qKdsZWBQTDM

AI is no longer a futuristic concept it’s an active driver of enterprise change. However, with great innovation comes significant risk. In this episode, we explore how risk professionals identify, assess, and respond to AI-driven threats. From strategic and operational impacts to the critical need for human oversight, we break down the framework for building intelligent, resilient enterprises.

🎯 Key Topics Covered in This Episode:
AI Risk Identification: Why AI risk isn't just an "IT issue" but a fundamental driver of enterprise-wide risk.

AI as an Enterprise Risk Driver: Categorizing AI risks into Strategic, Operational, Compliance/Legal, and Reputational domains.

Bias and Legal Pitfalls: Real-world examples of gender bias in AI hiring and lending tools that led to regulatory penalties.

Assessing AI Risk: Using Impact, Likelihood, Velocity, and Control Effectiveness to quantify the "speed" and "magnitude" of AI failures.

The Four Risk Responses: How to decide when to Avoid, Mitigate, Transfer, or Accept AI risk based on organizational appetite.

Governance & Ownership: Who truly owns AI risk? Defining roles across Business, IT, and Compliance teams.

Implementing Controls: A guide to Preventive, Detective, and Corrective controls for the AI lifecycle.

Integrating AI into ERM: Why AI risk must be part of your central risk register rather than a siloed technical framework.

Continuous Monitoring: The necessity of tracking "model drift" and data accuracy at frequent intervals.

🎧 Secure your enterprise's future with InfosecTrain. Advance your career with our CRISC and AI Governance certification programs. Learn to bridge the gap between emerging technology and robust risk management.

📽️ Watch the full episode on YouTube: https://www.youtube.com/watch?v=25lAfjw_wvQ

AI is everywhere, from personal companions to high-stakes business automation. But as adoption grows, so do the risks of data privacy breaches, algorithmic bias, and lack of accountability. In this episode, we discuss why AI literacy is no longer optional for IT professionals and how the Certified AI Governance Specialist program bridges the gap between technical AI tools and responsible business leadership.

🎯 Key Topics Covered in This Episode:
The Shift in AI Adoption: From "Googling" to "Chatting" how AI has moved from a search tool to a personal and professional companion.

Accountability in AI: Why we can't take an AI to court and the urgent need for human oversight in high-risk use cases like loan approvals.

Technical vs. Non-Technical Roles: Why AI governance is for everyone from developers to CISOs and the importance of "AI Literacy" as mandated by the EU AI Act.

The Amazon Resume Case Study: A real-world example of how a lack of AI governance led to gender bias and reputational damage.

Global Regulations & Frameworks: Understanding the impact of the EU AI Act, GDPR, ISO 42001, and the NIST AI Risk Management Framework.

Career Evolution: Kish shares his personal journey from a technical "fix-it" guy to a governance consultant, explaining why governance is a better career decision.

Practical Training vs. Theory: What sets the Certified AI Governance Specialist program apart, including hands-on policy writing and real-world risk assessments.

Explainability & Blind Spots: Why AI decisions must be auditable and explainable to maintain customer trust and legal compliance.

The Lightning Round: Quick takes on "automation bias," the biggest mistakes organizations make, and whether AI is currently under-governed or under-understood.

🎧 Stay ahead of the curve with InfosecTrain. Prepare for the future of GRC by becoming a Certified AI Governance Specialist. Our 48-hour live instructor-led program provides the templates, use cases, and practical insights you need to lead AI initiatives.

Watch the full episode on YouTube: https://www.youtube.com/watch?v=jMYDpy-zy8M

In this episode, we break down the sophisticated world of Red Teaming. Moving past simple vulnerability scans, we explore the mindset of a determined adversary. We cover the entire attack chain from initial access via LLMNR poisoning to lateral movement using BloodHound and explain how these simulations help Blue Teams sharpen their detection and response capabilities.

Key Topics Covered in This Episode:
Defining Red Teaming: Why Red Teaming is "threat-oriented" rather than "vulnerability-centric," focusing on organizational resilience.

Understanding APTs: The characteristics of Advanced Persistent Threats—sophisticated, long-term, and stealthy.

The MITRE ATT&CK Framework: A breakdown of the 14 tactics used to map adversarial behavior from reconnaissance to impact.

Red Team vs. Pentesting: A detailed comparison of scope, duration, and goals (Narrow vs. Broad, Goal-oriented vs. Threat-oriented).

The Attack Life Cycle: Stepping through Reconnaissance, Initial Compromise, Persistence, Privilege Escalation, and Exfiltration.

Live Demo: LLMNR Poisoning: How attackers exploit "link-local" protocols to capture password hashes using tools like Responder.

Cracking Hashes: Using Hashcat to resolve captured NTLMv2 hashes into plain-text passwords.

Visualizing the Path: Using BloodHound and Neo4j to map hidden relationships and attack paths within Active Directory.

The Blue Team Perspective: How the Security Operations Center (SOC) uses Red Team findings to close detection gaps.

🎧 Level up your offensive security skills with InfosecTrain. We provide specialized training in Red Teaming, Active Directory Security, and APT Simulation to prepare you for the front lines of cybersecurity.

Watch the full episode on YouTube: https://www.youtube.com/watch?v=ruaK9NNIE2w