GRC Practical Series - How To Build An InfoSec Program From Scratch

Learn how to build an enterprise security program step by step in this informative video. Follow along to create a comprehensive information security program for your organization. If you have ever been told, "You are the first security person, please build our information security program from scratch", this video is for you. In this deep-dive conversation, Prabh Nair and Mr. Rahul Kokcha break down a complete, practical workflow for building an information security program from zero and then running it as a continuous security program, not just a one-time project. 00:00 – 01:47 – Precap, Introduction, Guest welcome 01:47 - Rahul Kokcha Introduction and Journey 04:12 – 06:30 - First Day Experience and Organizational Understanding 06:30 – 10:25 - Who was the first person you interacted? 10:25 – 14:55 - Strategy vs. Ground Reality (Phase One Activity) and Building Rapport 14:55 – 16:45 - The Next Step (Phase Two: Risk Assessment) 16:45 – 18:30 - Building the Strategy 18:30 – 20:20 - Risk Assessment Methodology Example 20:20 – 22:10 - Strategy Content and Rollout 22:10 – 24:02 - Implementation 24:02 – 25:50 - Continuous Validation 25:50 – 27:00 - Defining the Security Program 27:00 – 28:10 - Ongoing Role of the Security Officer 28:10 – 29:55 - Key takeaways and last minute advise 29:55 - End of the conversation by thanking Rahul Kokcha and looking forward to doing more Podcast. You will see how to start in the right order: first understanding the business, people, and culture, then building trust and rapport, and only after that moving into risk assessment, gap analysis, strategy, implementation, KPIs, and continuous improvement. The entire approach is simple, business-focused and built around being a security enabler, not a roadblock. We walk through 4 clear phases: Phase 1: Groundwork and relationship building - understanding business context, meeting leadership, listening to pain points, and positioning security as a support function. Phase 2: Risk assessment and gap analysis - using a service based model instead of heavy asset based jargon, and converting findings into a risk register and treatment plan. Phase 3: Strategy and roadmap - linking cyber security objectives to business objectives, aligning budget, effort and time, and getting management buy in for a realistic roadmap. Phase 4 and 5: Implementation, validation and continuous improvement - assigning ownership, validating controls, defining KPIs, running internal audits, and adapting to new services and changes in the business. If you are searching for how to build an information security program from scratch, how to start a cyber security program, or how to implement GRC in a new organization, this video will give you a step by step mental model you can directly apply in your next role or project. Who this video is for New CISOs and Heads of Security First security hire in a startup or mid size company GRC, compliance and audit professionals Security architects and program managers Anyone asked to "set up security from scratch" without a clear roadmap CISO talks https://www.youtube.com/playlist?list=PL0hT6hgexlYwPTD-wC3oFBe27VGEiizg1 NIST Series https://www.youtube.com/watch?v=VcC_KabV_Ho&list=PL0hT6hgexlYy0vBwMv0eteiyAxB48RQzy&pp=gAQBiAQB GRC Series https://www.youtube.com/watch?v=mq_vSLHm4r0&list=PL0hT6hgexlYztA41j1bceTfVagP9mtq28&pp=gAQB ISO 27001 Video https://www.youtube.com/watch?v=sQqJH2naU6I&t=1454s&pp=ygUeaXNvIDI3MDAxIGltcGxlbWVudGF0aW9uIHN0ZXBz ISO 27001 Implementation Guide https://www.youtube.com/watch?v=GBfwk10Hh-o&pp=ygUeaXNvIDI3MDAxIGltcGxlbWVudGF0aW9uIHN0ZXBz GRC Practical Series https://www.youtube.com/playlist?list=PL0hT6hgexlYztA41j1bceTfVagP9mtq28 GRC Interview https://www.youtube.com/playlist?list=PL0hT6hgexlYz1Usn1Nrnur6OzVoz59zyl Internal Audit https://www.youtube.com/playlist?list=PL0hT6hgexlYyNWBcGYfabwumCr0GKmLWv Study with Me Telegram Group https://t.me/Infoseclearning #CyberSecurityProgram #CISOStrategy #InfoSecRoadmap #RiskManagement #SecurityManager #PracticalCyberSecurity #PrabhNair #SecurityGovernance #CyberSecurityFromScratch #InformationSecurity