Prabh Nair

Prabh Nair
  • 5.0 (3)
  • TECHNOLOGY
  • UPDATED DAILY

Dive deep into the world of information security with Prabh Nair, a seasoned expert with a knack for distilling complex topics into easily digestible insights. Each episode, spanning just 15 minutes, is designed to provide listeners with a concise and clear understanding of the ever-evolving landscape of infosec. Whether you're a professional looking to stay updated, a student eager to learn, or just curious about the digital realm, Prabh's enlightening discussions promise to keep you informed and engaged. Tune in for your regular dose of cybersecurity wisdom, all in a quarter of an hou

  1. 8H AGO

    OSCP Preparation (Step-by-Step Roadmap + Real Strategy)

    In this episode, Prabh sits down with Sérgio to break down a practical, no-fluff roadmap for preparing for the OSCP (Offensive Security Certified Professional) certification.This discussion is designed for anyone who feels overwhelmed by OSCP — and wants a structured approach that focuses on hands-on skills, repeatable methodology, and exam-ready habits.Sérgio’s Journey: From Hospitality to OSCPSérgio shares how he transitioned from being a restaurant shift supervisor into cybersecurity — and eventually earned the OSCP.Key takeaway: OSCP isn’t about being “naturally gifted.”It’s about practice, repetition, and building a personal methodology.What You Should Learn Before OSCPBefore buying OSCP material, Sérgio strongly recommends building fundamentals first:Linux fundamentals (file system, permissions, services, processes)Windows fundamentals (users, services, logs, privilege escalation basics)Basic networking & enumeration habitsComfort using terminals and troubleshootingHe suggests starting with platforms like Hack The Box or TryHackMe to build confidence before going into OSCP labs.Best Practice Platform for Exam ReadinessSérgio recommends training on Proving Grounds because it most closely matches OffSec-style machines and exam patterns.Why it matters:Practicing on OffSec-style labs builds the exact muscle memory needed for OSCP — especially under time pressure.The OSCP Notes System That Saves You in the ExamOne of the strongest lessons in this episode:Your notes and checklists are your real “weapon” in OSCP.Sérgio explains how he built an Excel-based tracking system to document:Machine difficulty rating (your own subjective scale)Steps takenKey learnings and takeawaysWhat worked / what failedRepeatable exploitation patternsThis helps you avoid repeating mistakes and creates a “playbook” you can use during the exam.OSCP Exam Methodology (How to Think Under Pressure)Sérgio stresses that OSCP success depends on a personal workflow:Start with full port scansRun targeted enumerationCheck common entry points (shares, web apps, creds, services)Always validate credentials across machinesBuild a repeatable process you can run like a scriptHe also highlights the value of becoming tool-flexible (not tool-dependent). Active Directory in OSCP (What to Focus On)The OSCP Active Directory portion is not about advanced enterprise AD topics.It’s about doing the fundamentals extremely well:Recon + enumerationCredential access and reuseLateral movement basicsTools like SecretsDump / Mimikatz (used correctly)Repeating the process across AD machines systematicallyTools, Tunneling & Not Overusing MetasploitSérgio shares realistic advice on tools OSCP candidates should understand:Privilege escalation basicsEnumeration scriptsPivoting/tunneling tools like Ligolo-NG and ChiselAvoid becoming dependent on MetasploitLearn to adapt when a tool failsOSCP Reporting: The Skill Most People IgnoreA big OSCP differentiator is report writing.Sérgio breaks down what matters in the exam report:Clean structureClear reproduction stepsScreenshots for proof (flags + key commands)A readable narrative (work backwards if needed)Make the examiner’s job easyHow to Know You’re Ready for OSCPSérgio suggests readiness looks like:You can solve boxes consistently in a limited timeframeYou’re comfortable with OffSec-style lab patternsYou have a repeatable checklist-driven methodologyYou can document everything clearly while hacking

    53 min

  2. 1D AGO

    Most GRC Professionals Don't Know This AI Hack

    In this episode, we talk about how AI tools like Claude 3.5, Gemini, and ChatGPT are changing the landscape for career guidance, making Google searches less relevant. We emphasize the importance of using ai prompt effectively, rather than just basic queries, to support your career growth. This shift highlights a new era for beginners entering various fields, requiring a deeper understanding of how to leverage ai tools for practical advice and learning.

    4 min

  3. 2D AGO

    How to Build a SOC Home Lab (Elastic SIEM) | Practical Demo with Pratyush

    In this episode, Prabh sits down with Pratyush to break down SOC (Security Operations Center) architecture and the real skills needed to start and grow a career in SOC — with a live practical demo of building a basic SOC using open-source tools.https://www.linkedin.com/in/pratyush-joshi-3391a0230/Noteshttps://excalidraw.com/#json=uAQ-z09mY63gTK6w0-5uq,rnK-MWtIUPZDl41wHQx7eg🎯 What You’ll Learn in This Podcast✅ SOC architecture explained (end-to-end workflow)✅ How log collection, parsing, and visualization actually works✅ Building a basic SOC using Elastic Stack (ELK)✅ Setting up Windows logging using Sysmon + WinLogBeat✅ Creating detections and alerts inside Elastic✅ Simulating real attacks using Atomic Red Team (MITRE ATT&CK)✅ How SOC tiers work (L1 → L2 → escalation & reporting)✅ How freshers can build practical SOC skills at home for free✅ Why learning a SIEM is the fastest way to understand cybersecurity🧱 SOC Architecture (Simplified)Pratyush explains SOC architecture in a simple way:Endpoints / Servers → Log Forwarder → SIEM (Elastic) → Dashboards → Detection Rules → Alerts → Investigation → ResponseWe cover how a SOC works across:Indexing (storing logs)Visualization (dashboards & searches)Detection rules (logic + thresholds)Alerting (triage & escalation)Response (SOAR/XDR concepts)⚙️ Live Demo: Build a Basic SOC with Elastic Stack (ELK)Pratyush demonstrates how to set up:✅ Elasticsearch + Kibana + LogstashInstallation and configuration basicsYAML configuration (host IPs, ports, security options)Creating Kibana data views and searching logsUnderstanding how logs are indexed and queried🖥️ Windows Telemetry Setup (Sysmon + WinLogBeat)🚨 Detection Engineering: Create Rules + Generate AlertsPratyush shows how to:Write queries to filter suspicious behaviorCreate detection rules inside ElasticTrigger alerts and understand SOC alert pipelinesExample: PowerShell-based suspicious activity detection (concept-level demo)This section is a mini introduction to Detection Engineering for SOC analysts.📈 SOC Career Path (L1 to L2 and Beyond)Pratyush explains the SOC tiers in a simple way:Tier 1 (L1)Monitor alertsValidate true vs false positivesEscalate suspicious incidentsTier 2 (L2)Deep investigationCorrelation across logsReport writing and remediation suggestionsHe also shares why:✅ Programming helps but is not mandatory to start✅ SIEM knowledge is the “core engine” of SOC growth✅ Home labs + practice gives freshers a huge edge🧠 Practical Skills to Become SOC-ReadyWe also discuss how to build real-world SOC habits:Log triage mindsetWriting investigation notesReporting and escalation clarityPracticing rule creation using SigmaLearning from platforms like Let’s Defend (for SOC scenarios)💻 SOC Home Lab Requirements (Minimal Setup)You can run this lab with:✅ 8GB RAM minimum✅ 40–50GB storage✅ VirtualBox / VMware✅ Ubuntu VM + Windows VMNo paid tools needed.SOC Playlisthttps://www.youtube.com/watch?v=zCLlrFZU0M8&list=PL0hT6hgexlYxd24Jb8OE7vZoas-iTcHAcISO 27001 Videohttps://www.youtube.com/watch?v=sQqJH2naU6I&t=1454s&pp=ygUeaXNvIDI3MDAxIGltcGxlbWVudGF0aW9uIHN0ZXBzISO 27001 Implementation Guidehttps://www.youtube.com/watch?v=GBfwk10Hh-o&pp=ygUeaXNvIDI3MDAxIGltcGxlbWVudGF0aW9uIHN0ZXBzGRC Practical Serieshttps://www.youtube.com/playlist?list=PL0hT6hgexlYztA41j1bceTfVagP9mtq28GRC Interviewhttps://www.youtube.com/playlist?list=PL0hT6hgexlYz1Usn1Nrnur6OzVoz59zylInternal Audithttps://www.youtube.com/playlist?list=PL0hT6hgexlYyNWBcGYfabwumCr0GKmLWvStudy with MeTelegram Grouphttps://t.me/Infoseclearning#SOC #ElasticSIEM #CyberSecurity #SecurityOperationsCenter #BlueTeam #Sysmon #AtomicRedTeam #MITREATTACK #socanalyst

    1h 5m

  4. 5D AGO

    What is Phishing: Types, Techniques, and How to Stay Safe

    Welcome to our in-depth video on "What is Phishing?" If you’ve ever been curious about the various types of phishing attacks and the tactics used by cybercriminals, this video is a must-watch! We cover everything from the basics of phishing to the more advanced techniques like vishing and smishing, ensuring you have a comprehensive understanding of this crucial cybersecurity topic. In This Video, You’ll Learn:What is Phishing? A clear explanation of phishing and why it’s a major threat in today’s digital world.Different Types of Phishing Attacks: Explore the various types of phishing, including spear phishing, whaling, and clone phishing.Advanced Phishing Tactics: Discover the sophisticated tactics used by attackers to deceive victims.Understanding Vishing and Smishing: Learn about voice phishing (vishing) and SMS phishing (smishing) and how they differ from traditional phishing.How to Protect Yourself: Practical tips and best practices to safeguard against phishing attacks.Comptia Security + https://www.youtube.com/playlist?list=PL0hT6hgexlYwNK8DvXvUlDb63xB0zfFeNCC ISC2https://www.youtube.com/playlist?list=PL0hT6hgexlYw-k6GxQf_DIAPdc96T2MP-#Phishing #CyberSecurity #PhishingTechniques #Smishing #Vishing #PhishingPrevention #OnlineSecurity #EmailPhishing #DigitalSecurity #CyberThreats

    15 min

  5. MAR 11

    Simplifying Public Key Infrastructure (PKI) for Beginners

    Welcome to our video on "What is PKI in Simple Terms?" If you’ve ever wondered what Public key Infrastructure (PKI) is and why it’s essential, this video is for you! We break down the complexities of PKI into simple, easy-to-understand language, making it accessible to everyone. In this video, You’ll learn:Why PKI is Important: Discover why Public Key Infrastructure is crucial for secure digital communications.Key Components of PKI: Understand the essential elements of PKI, including certificates, keys, and Certificate Authorities (CAs).The End-to-End PKI Process: Get a clear overview of how PKI works from start to finish.Common Questions Answered: We cover frequently asked questions about PKI to ensure you have a comprehensive understanding.💡 Why Watch This Video?Public Key Infrastructure is a cornerstone of secure online communication, and understanding it is key for anyone involved in cybersecurity or IT. Whether you’re a beginner or looking to refresh your knowledge, this video will give you the insights you need to grasp PKI and its importance.🔔 Don’t forget to like, comment, and subscribe for more easy-to-understand cybersecurity and IT concepts!Cryptography Fundamental: https://www.youtube.com/watch?v=2zxiWSitAlE&t=1304s&pp=ygUac3ltbWV0cmljIGVuY3J5cHRpb24gcHJhYmg%3DHashing and Digital Signature Fundamental https://www.youtube.com/watch?v=BuhWRY4hkpY&pp=ygUhZGlnaXRhbCBzaWduYXR1ciBlbmNyeXB0aW9uIHByYWJoAssess Your Knowledge of PKI https://www.youtube.com/watch?v=2TPe8R8BgsU&t=526s&pp=ygUcY2lzc3AgY3J5cHRvZ3JhcGh5IHF1ZXN0aW9ucw%3D%3D#PKI #PublicKeyInfrastructure #CyberSecurity #ITSecurity #PKIExplained, #DigitalCertificates #SecureCommunication #CyberSecurityForBeginners

    23 min

  6. MAR 10

    How to Build an Enterprise Cybersecurity Program From Scratch

    In this episode, Prabh sits down with Dr. Eric to break down what most organizations get wrong about cybersecurity: they over-focus on “prevention” and under-invest in building a resilient security program.This conversation is designed for CISOs, security leaders, and anyone responsible for creating or fixing an enterprise security function — especially in environments with limited budget, limited maturity, or limited executive attention.What This Podcast CoversThis 30-minute podcast focuses on how to build a cybersecurity program from the ground up, including:What an information security program actually includesThe real difference between security strategy vs security programHow to prioritize security work without trying to “secure everything”How to gain executive trust when you're new in the roleWhy people + process come before toolsHow to build a security program even when budgets are tightSecurity Program vs Security Strategy (Most People Confuse This)Dr. Eric explains that a strategy is the direction — what you want to achieve and why.A program is how you execute consistently: operating model, processes, governance, reporting, and repeatable outcomes.If you only have strategy without a program, you get slides — not security.🎯 The Prioritization Method That WorksInstead of trying to secure the entire organization at once, Dr. Eric recommends:Pick one critical process or data setIdentify its risk toleranceMap the biggest threatsFix the largest vulnerabilities firstRepeat in small, measurable stepsThis “focus-and-repeat” approach can secure 80% of critical processes within a year, compared to the traditional method that fails due to overload and complexity.🤝 Executive Engagement: Start With Legal + CFO (Not CEO)One of the strongest leadership lessons in this episode:If you're building a security program from scratch, don’t start by pitching the CEO.Start with:Chief Legal Counsel (risk, liability, compliance)CFO (funding, business impact, risk tolerance)Building credibility with these stakeholders creates momentum and trust — which makes later CEO alignment easier and faster.🗣 CISO Communication That Gets AttentionDr. Eric shares what separates successful security leaders from technical-only leaders:✅ Speak in the language executives care about:financial riskoperational downtimerisk tolerancereputational exposureregulatory consequences💰 Building Security in Budget-Constrained OrganizationsIf funding is limited, Dr. Eric recommends a simple approach:start with small investmentsdemonstrate measurable valueshow outcomes and risk reductionthen request bigger budgets with credibilityThis is how security programs survive and scale in real enterprises.🎯 Who Should Watch This?This episode is ideal for:CISOs and security leadersSecurity managers and architectsGRC leaders and risk teamsSOC leaders and security engineersAnyone building a cybersecurity program from zeroCISO talkshttps://www.youtube.com/playlist?list=PL0hT6hgexlYwPTD-wC3oFBe27VGEiizg1NIST Serieshttps://www.youtube.com/watch?v=VcC_KabV_Ho&list=PL0hT6hgexlYy0vBwMv0eteiyAxB48RQzy&pp=gAQBiAQBGRC Serieshttps://www.youtube.com/watch?v=mq_vSLHm4r0&list=PL0hT6hgexlYztA41j1bceTfVagP9mtq28&pp=gAQBISO 27001 Videohttps://www.youtube.com/watch?v=sQqJH2naU6I&t=1454s&pp=ygUeaXNvIDI3MDAxIGltcGxlbWVudGF0aW9uIHN0ZXBzISO 27001 Implementation Guidehttps://www.youtube.com/watch?v=GBfwk10Hh-o&pp=ygUeaXNvIDI3MDAxIGltcGxlbWVudGF0aW9uIHN0ZXBzGRC Practical Serieshttps://www.youtube.com/playlist?list=PL0hT6hgexlYztA41j1bceTfVagP9mtq28GRC Interviewhttps://www.youtube.com/playlist?list=PL0hT6hgexlYz1Usn1Nrnur6OzVoz59zylInternal Audithttps://www.youtube.com/playlist?list=PL0hT6hgexlYyNWBcGYfabwumCr0GKmLWvStudy with MeTelegram Grouphttps://t.me/Infoseclearning#cisos #ciso #cissp #cism #infosec

    32 min

  7. MAR 5

    How to Plan Cybersecurity in Healthcare: SOC Plan, Ransomware Lessons & Risk Strategy

    Cybersecurity in Healthcare: Patient Safety, Ransomware & 90-Day SOC StrategyIn this episode, we dive deep into cybersecurity in healthcare with Abhinav, who shares practical, real-world strategies for protecting hospitals and healthcare organizations from cyber threats.Unlike theoretical discussions, this conversation focuses on what actually works in healthcare environments — where patient safety always comes first.Why Simple Security Controls Prevent 80% of AttacksAbhinav explains that most cyber threats in healthcare can be mitigated through basic, disciplined controls:Blocking malicious IP addresses and high-risk geographiesStrict patch managementIdentity and access management hygieneFirewall rule cleanupBackup validation and testingInstead of overcomplicating security architecture, he emphasizes keeping controls simple and effective. In healthcare, simplicity often saves lives.Risk Assessment in Healthcare: It’s Not About MoneyTraditional cybersecurity risk models focus heavily on financial impact.Healthcare is different.Risk prioritization in hospitals is based on:Patient impactRegulatory compliance requirementsIT downtime affecting clinical operationsFinancial lossAbhinav highlights how explaining cybersecurity risks in terms of patient safety and regulatory penalties, rather than CVSS scores or technical jargon, is critical for getting leadership support.90-Day Plan for Security VisibilityAbhinav shared his 90-day roadmap for building comprehensive security visibility inside any organization.Key focus areas include:Full asset inventory and visibilityEndpoint monitoringNetwork traffic analysisRisk exposure mappingReducing attack failure rate (AFR) significantlyImplementing a functional SOC in as little as 20 daysThe core idea:You cannot protect what you cannot see.Security visibility is the foundation of healthcare cyber defense.Ransomware Readiness in HealthcareHealthcare environments face unique challenges, including:USB-based threatsClinical staff exposure to phishingLegacy medical systemsThird-party integrationsRansomware preparedness requires:Technical controlsClinical staff awareness trainingIncident response playbooksBackup restoration drillsLeadership communication planningCybersecurity in healthcare is not just technical — it is operational and cultural.Cybersecurity Insurance & Cultural ShiftThe discussion also touched on the increasing role of cybersecurity insurance in healthcare.However, Abhinav stresses that insurance is not a substitute for strong controls. Organizations must build internal resilience before relying on financial mitigation strategies.CISO talkshttps://www.youtube.com/playlist?list=PL0hT6hgexlYwPTD-wC3oFBe27VGEiizg1NIST Serieshttps://www.youtube.com/watch?v=VcC_KabV_Ho&list=PL0hT6hgexlYy0vBwMv0eteiyAxB48RQzy&pp=gAQBiAQBGRC Serieshttps://www.youtube.com/watch?v=mq_vSLHm4r0&list=PL0hT6hgexlYztA41j1bceTfVagP9mtq28&pp=gAQBISO 27001 Videohttps://www.youtube.com/watch?v=sQqJH2naU6I&t=1454s&pp=ygUeaXNvIDI3MDAxIGltcGxlbWVudGF0aW9uIHN0ZXBzISO 27001 Implementation Guidehttps://www.youtube.com/watch?v=GBfwk10Hh-o&pp=ygUeaXNvIDI3MDAxIGltcGxlbWVudGF0aW9uIHN0ZXBzGRC Practical Serieshttps://www.youtube.com/playlist?list=PL0hT6hgexlYztA41j1bceTfVagP9mtq28GRC Interviewhttps://www.youtube.com/playlist?list=PL0hT6hgexlYz1Usn1Nrnur6OzVoz59zylInternal Audithttps://www.youtube.com/playlist?list=PL0hT6hgexlYyNWBcGYfabwumCr0GKmLWvStudy with MeTelegram Grouphttps://t.me/Infoseclearning#HealthcareCybersecurity #HospitalSecurity#RansomwareProtection #SOCImplementation #CyberRiskManagement#HealthcareIT

    1h 15m

  8. MAR 3

    The Ultimate Guide to Deciphering Pentesting Job Requirements

    Are you aspiring to kickstart your career in penetration testing but find yourself puzzled by complex job descriptions? Look no further! In this detailed guide, we dive deep into the art of decoding penetration testing (Pen Testing) job descriptions (JDs), ensuring you know exactly what employers are looking for and how to prepare for your interview with maximum impact.What You’ll Learn:📖 Understand Key Terms: Break down the technical jargon and essential skills listed in Pen Testing JDs.Identify Core Requirements: Learn how to spot the must-have qualifications and experience employers are seeking. Tailor Your Application: Tips on customizing your resume and cover letter to match the Pen Testing JD perfectly.Interview Prep Strategies: Insights on anticipating interview questions based on the JD and how to present your skills effectively.Why This Video?🌟 Exclusive Insights: Gain knowledge from industry experts on navigating the Pen Testing job market.🛠 Practical Tips: Apply actionable advice to enhance your job application and interview performance.💡 Stay Ahead: Equip yourself with the knowledge to stand out in the competitive field of cybersecurity in 2024.Playlist CISO Talkhttps://www.youtube.com/playlist?list=PL0hT6hgexlYz1LzzrLwTiSt5d_kO_0QsEPlaylist Network Securityhttps://www.youtube.com/playlist?list=PL0hT6hgexlYzX6AWwcyDbAZQUKYJL2MdtGRC Interview Questionshttps://youtu.be/4TyfNtFGAC4Internal Auditor Playlist https://www.youtube.com/playlist?list=PL0hT6hgexlYyNWBcGYfabwumCr0GKmLWvHow to make career progression post #isc2 and #isaca https://www.youtube.com/watch?v=PT0fnCWzAFA&pp=ygUJZ3JjIHByYWJoHow to make career in GRChttps://www.youtube.com/watch?v=_S4t9S5N4Ts&t=102s&pp=ygUJZ3JjIHByYWJoHow to Build PIMShttps://www.youtube.com/watch?v=IwAseU4ZmuQHow to Implement 27001 in an organization https://www.youtube.com/watch?v=sQqJH2naU6IHow to conduct PIAhttps://www.youtube.com/watch?v=z1BD7exH2Ow&t=774sHow to Make an career in GRChttps://www.youtube.com/watch?v=_S4t9S5N4Ts&t=7sTelegram Grouphttps://t.me/InfoseclearningStart your career in cybersecurity with free resources https://lnkd.in/g89gxkzc Cybersecurity Career: How to Make a Career in Cybersecurity 2022 https://lnkd.in/gCGBnRM7Pentesting Career https://lnkd.in/gQYenKYdTelegram Group Linkhttps://t.me/InfoseclearningCybersecurity Guidehttps://www.youtube.com/playlist?list=PL0hT6hgexlYwdYBW6yqUQMuRqvABiQPXkTelegram Group Linkhttps://t.me/Infoseclearning#CybersecurityCareers, #PenetrationTesting #Jobs, #CVTips, #LinkedIn #Networking #cybersecurity #JobHunting #EntryLevel #Cybersecurity, #penetrationtester #CV #CybersecurityNetworking #infosec #cybersecurity #job

    10 min
See All (133)

Ratings & Reviews

5
out of 5
3 Ratings

About

Dive deep into the world of information security with Prabh Nair, a seasoned expert with a knack for distilling complex topics into easily digestible insights. Each episode, spanning just 15 minutes, is designed to provide listeners with a concise and clear understanding of the ever-evolving landscape of infosec. Whether you're a professional looking to stay updated, a student eager to learn, or just curious about the digital realm, Prabh's enlightening discussions promise to keep you informed and engaged. Tune in for your regular dose of cybersecurity wisdom, all in a quarter of an hou

Information

  • Creator
    Prabh Nair
  • Years Active
    2021 - 2026
  • Episodes
    133
  • Rating
    Clean
  • Copyright
    © Prabh Nair
  • Show Website
    Prabh Nair

You Might Also Like