Sec Guy – Détails, épisodes et analyse

From the server room to the boardroom: Mastering AI GRC for the SecAI+ Exam.

This episode covers Domain 4: AI Governance, Risk, and Compliance. We explore the AI Center of Excellence (CoE), identify the Builders, Defenders, and Watchers on an AI team, and deep-dive into the dangers of Shadow AI. Learn the essential Responsible AI Principles—Fairness, Transparency, and Accountability—needed to pass objective 4.1.

🎓 Join the Mission: Get free practice tests and the Python for Security module at: secguy.org

📍 Timestamps (Chapters):

00:00 – Introduction to AI GRC (Domain 4)

00:28 – The AI Center of Excellence (CoE)

00:50 – Team Roles: Builders vs. Defenders

01:23 – Team Roles: The Watchers (Auditors & Analysts)

01:40 – Shadow AI vs. Shadow IT

02:17 – Beyond Data: Safety & Reputational Risk

02:35 – Responsible AI Principles: Fairness & Transparency

02:50 – Accountability = Human (Avoiding Bias)

03:13 – Coming Up: EU AI Act & Regulatory Frameworks

#AI #Governance #SecAI #CompTIA #RiskManagement #SecGuy

We have seen the weapons (Video 10). Now, let’s look at the shields. Welcome to Domain 3: AI-Assisted Security. In this video (Objective 3.3), we switch to the Blue Team.

We are breaking down the "AI Co-Pilot" stack, the new hardware you need to know for the exam, and the critical standard that connects AI to your internal data without causing a leak.

In this video, we cover:

The AI Co-Pilot: IDE vs. CLI Plugins (GitHub Copilot vs. Terminal Assistants).

Critical Exam Term: Model Context Protocol (MCP)—The standard for connecting AI to secure internal servers.

Analysis Tools: Vulnerability Analysis, Anomaly Detection, Summarization, and Real-Time Translation.

Hardware: NVIDIA Jetson Nano Orin (Edge AI) and Vector Databases.

Privacy: Using Ollama to run local LLMs and prevent data leaks.

Timecodes:

0:00 - Intro: Switching to the Blue Team

0:25 - The AI Co-Pilot (IDE vs. CLI Plugins)

1:00 - CRITICAL TERM: Model Context Protocol (MCP)

1:30 - Analysis Tools: Vuln Scans & Translation

2:15 - Anomaly Detection & Vector Databases

2:38 - Edge AI Hardware: NVIDIA Jetson Nano Orin

3:02 - Threat Hunting with Neo4j Graph Database

3:22 - Privacy Tools: Ollama & Local LLMs

3:45 - What’s Next: Automation & SOAR (Video 12)

​📚 Resources & Support

​🎓 FREE Interactive Learning Tools

Don't just watch—practice. Access our new browser-based tools to test your skills live.

​AI-Powered Exam Simulators: https://secguy.org/exam-simulators

​Python for Security Labs: https://secguy.org/python-practice

​Mock Interview Board: https://secguy.org/mock-interview

💬 Join the Squad

Connect with other industry veterans and students in our new dedicated study group.

​Official Discord: https://secguy.org/discord-chat

​📚 Download Course Materials

Get the SecAI+ Cheat Sheet (including the MCP Architecture Diagram & Jetson specs) and full course slides directly from the academy.

​Access Here: https://secguy.org/courses

#SecAI #CompTIA #BlueTeam #CyberDefense #MCP #ModelContextProtocol #Ollama #JetsonNano #CoPilot #Cybersecurity

Computers don't speak English. They speak Math. In Part 2 of our CompTIA SecAI+ Deep Dive, we break down the "Data Pipeline." If you want to secure an AI model, you first need to understand how it translates chaotic human language into structured mathematical vectors.

This video covers the most abstract (and critical) technical concepts in Domain 1. We explain exactly how Tokenization works, the magic of Embeddings (King - Man + Woman = Queen), and why Vector Databases are the backbone of modern RAG systems.

We also cover critical exam topics like Context Window Overflows and the difference between Zero-Shot and Few-Shot prompting.

🎓 In this video, you will learn:

Tokenization: Why 1,000 tokens ≈ 750 words, and why this limit matters for security.

Embeddings: How AI maps words in a 3D space to understand meaning.

Vector Databases: The difference between SQL and Semantic Search (RAG).

Context Window: How attackers use "Short-Term Memory" limits to crash models (DoS).

Prompt Engineering: The security implications of Zero-Shot vs. Few-Shot prompting.

⏱️ Timestamps:

00:00 Intro: The Math Problem

01:15 Tokenization & The 75% Rule

02:00 Embeddings & The "King - Man" Formula

03:10 Vector Databases & Semantic Search (RAG)

04:10 The Context Window & DoS Risks

04:35 Exam Tip: Zero-Shot vs Few-Shot Prompting

05:00 Support the Channel (Store & Podcast)

05:20 What's Next (Domain 1.3: Fine-Tuning)

​📚 Resources & Support

​🎓 FREE Interactive Learning Tools

Don't just watch—practice. Access our new browser-based tools to test your skills live.

​AI-Powered Exam Simulators: https://secguy.org/exam-simulators

​Python for Security Labs: https://secguy.org/python-practice

​Mock Interview Board: https://secguy.org/mock-interview

​💬 Join the Squad

Connect with other industry veterans and students in our new dedicated study group.

​Official Discord: https://secguy.org/discord-chat

​📚 Download Course Materials

Get the SecAI+ Cheat Sheet (including the MCP Architecture Diagram & Jetson specs) and full course slides directly from the academy.

​Access Here: https://secguy.org/courses

#SecAIplus #CompTIA #Cybersecurity #AIsecurity #VectorDatabase #RAG #SecGuy #PromptEngineering

Master AI Fundamentals for the CompTIA SecAI+, Security+, CISSP, and CEH. In this lesson, we break down the "Artificial Brain"—from Neural Networks and Weights to the Transformer architecture that powers ChatGPT.

Welcome back to the Sec Guy Channel and the next step on your journey to becoming a cybersecurity professional! 🛡️ While this is the absolute foundation for the CompTIA SecAI+ (Domain 1), this knowledge is now critical for every security role. You cannot secure what you do not understand. Today, we move beyond the buzzwords to understand the actual architecture of AI—because you can't write a policy for a "Black Box" if you don't know how it thinks.

This isn't just about definitions; it's about understanding the "Engine" of modern threats. Whether you are aiming for your Security+, CEH, CISSP, or the new SecAI+, this video covers the essential architecture you need to know.

🔑 What We Cover: The Hierarchy of Intelligence: Understanding the security implications of ANI (Artificial Narrow Intelligence), AGI (General), and the theoretical risks of ASI (Super Intelligence). Inside the "Brain" (Neural Networks): How Input Layers, Hidden Layers, and Output Layers actually process data using Weights and Biases (mimicking biological neurons).

The Game Changer (Transformers): Why the 2017 "Attention Is All You Need" paper changed everything, and how Self-Attention allows AI to understand context (e.g., "Bank of the River" vs. "Bank of America").

How Machines Learn: Distinguishing between Supervised Learning (Labeled Data), Unsupervised Learning (Clustering/Anomaly Detection), and Reinforcement Learning (Trial & Error). Generative Models: A deep dive into the three engines of GenAI: LLMs (Text), Diffusion Models (Images), and GANs (Deepfakes). Understanding AI Architecture is the foundation of securing the future. Let's dive in!

🛍️ Support the Channel: Check out the Sec Guy Store for exclusive cybersecurity gear and apparel! ➡️ https://sec-guy.printify.me

🔔 Don't forget to Like, Comment, and Subscribe for more cybersecurity training! Hit the notification bell so you don't miss Video 2: Vector Databases & RAG.

➡️ SecAI+ Question of the Day: https://youtube.com/shorts/lFMRerQl7F8?feature=share

📚 Resources Mentioned: CompTIA SecAI+ Objectives: https://www.comptia.org/

Recommended Study Materials: [Link to Cheat Sheet]

Connect with the Sec Guy Community:

LinkedIn: https://www.linkedin.com/company/secguy

Facebook: https://www.facebook.com/share/1HGdh1m51U/

Instagram: https://www.instagram.com/secguychannel

☕ Support the Mission:

Buy me a coffee: https://buymeacoffee.com/secguychanc

#CompTIA #SecAI #SecurityPlus #CISSP #CEH #AI #NeuralNetworks #CybersecurityTraining #ITCertification #MySecGuy #GenerativeAI #MachineLearning #DeepLearning

The rules of cybersecurity have changed. Attackers are using generative AI to write polymorphic malware and craft uncatchable phishing emails. Defenders must learn to fight back at machine speed.

In this inaugural episode of the Sec Guy Podcast, we kick off our full audio course for the CompTIA Security AI+ (SecAI+) certification. We break down exactly what this new exam covers, why it’s critical for your career, and how to start thinking like an AI defender.

In this episode, we cover:

• The Threat Landscape: How GenAI has shifted the battlefield from human-speed to machine-speed.
• Exam Logistics: Breakdown of the SecAI+ (CY0-001) domains, release dates, and passing scores.
• The Experience Myth: Why you might be more qualified than you think (referencing the "Cracking the Experience Code" guide).
• The 3 Pillars of AI Security:
  1. Protecting the AI (Adversarial ML, Data Poisoning)
  2. Using AI to Defend (Threat Hunting, Anomaly Detection)
  3. Governance (Compliance, Ethics, Bias)

Resources & Links:

• 📖 Read the Guide: Cracking the Experience Code: It’s More Flexible Than You Think
• ☕ Support the Mission: Buy me a coffee: Sec Guy
• 👕 Official Merch: Sec Guy Store
• 📺 YouTube Channel: SecGuy - YouTube

Join the Community: Connect with us for daily study tips and Q&A.

• LinkedIn: Sec Guy Company Page

Tags: #SecAI #CompTIA #Cybersecurity #InfoSec #AIsecurity #TechPodcast #SecGuy #VeteransInTech

The Final Objective: Mastering the Law and Frameworks for global AI compliance.

In the finale of our SecAI+ course, we cover Objective 4.3: Compliance and Frameworks. We break down the EU AI Act's risk-based approach, the four core functions of the NIST AI RMF, and the critical ISO standards (42001, 23894, 22989) you need for the exam. Plus, learn about Data Sovereignty and how the OECD Principles impact security architecture.

📝 Pass the Exam: Take the practice quiz and join the Discord study group at: secguy.org

📍 Timestamps (Chapters):

00:00 – Introduction: The Law of AI

00:30 – The EU AI Act: Global Impact

00:44 – The 4 Levels of AI Risk & Regulation

01:43 – NIST AI Risk Management Framework (RMF)

02:13 – ISO 42001: AI Management Systems

02:29 – ISO 23894 & 22989: Risk & Terminology

02:58 – Data Sovereignty & GDPR

03:24 – Course Wrap-up: You're Ready!

#EUAIAct #NIST #ISO42001 #SecAI #CyberSecurityLaw #SecGuy

Welcome back to the Sec Guy Channel – your go-to resource for IT and cybersecurity certifications!

🛡️ In this video, we’re doing a deep dive into the BIG changes CompTIA is rolling out in 2026, including:

✅ The brand-new Xpert Series certifications

✅ Crossover certs like SecAI+ for AI-driven security

✅ Updates to A+, Network+, and Security+ that reflect today’s tech trends If you’re planning to get certified in 2026 or want to stay ahead of the curve, this is the video you need!

🔑 What We Cover: Expert Series Explained: What makes these advanced certs different. SecAI+ Overview: Why AI security is the next big thing. Core Updates: Changes to A+, Network+, and Security+. Career Impact: How these updates shape your IT path.

🛍️ Support the Channel: Check out the Sec Guy Store for exclusive cybersecurity gear and apparel! ➡️ https://sec-guy.printify.me

📘 Connect with My Sec Guy Channel: Facebook: https://www.facebook.com/share/1HGdh1m51U/

LinkedIn: https://www.linkedin.com/company/secguy Blog: https://medium.com/@secguychannel

☕ Support the Mission:

Buy me a coffee: https://buymeacoffee.com/secguychanc

🔔 Don’t Forget: Like 👍 | Comment 💬 | Subscribe ✅ Hit the notification bell so you never miss the next video in this series!

#CompTIA #ExpertSeries #SecAIPlus #CybersecurityTraining #ITCertification #MySecGuy #CareerGrowth #Comptia2026 #SecAI+ #A+ #Security+ #Network+

Welcome to the inaugural episode of the Sec Guy Podcast!

In a world full of noise, complex jargon, and gatekeeping, finding a clear path into the cybersecurity industry can be tough. This podcast is here to change that. Hosted by "The Sec Guy," a seasoned IT professional and veteran, this show is dedicated to breaking down complex security concepts into actionable, real-world advice.

In this episode, we cover:

• The Mission: Why we are moving beyond theory to focus on real-world application.
• Who this is for: Whether you are studying for your CompTIA Security+, exploring the new SecAI+, or currently working in a SOC, this show is for you.
• What to expect: A roadmap of future episodes, including deep dives into threat vectors, cryptography, and the "human element" of security.

If you are ready to stop guessing and start learning the skills that actually get you hired, hit that subscribe button. Let’s get to work.

Timestamps:

• (0:00) Welcome & Introduction
• (1:00) Cutting through the noise: The Sec Guy Mission
• (2:30) Roadmap: Security+, SecAI+, and Future Topics
• (3:30) How to join the community

Links & Resources:

• Official Merch Store: sec-guy.printify.me
• YouTube Channel: SecGuy - YouTube
• Connect on LinkedIn: https://www.linkedin.com/company/secguy/

Show your Support:

Buy Me A Coffee: Sec Guy Coffee Fund

Tags: #Cybersecurity #InfoSec #CompTIA #SecurityPlus #SecAI #ITCareer #TechPodcast #SecGuy #VeteransInTech

​🛡️ Domain 3: AI-Assisted Security (Objective 3.1)

​We’ve analyzed the weapons in Domain 2—now it’s time to deploy the shields. Welcome to the Blue Team.

​In this video, we break down the "AI Co-Pilot" stack and the defensive tools you need to master for the SecAI+ exam. From the hardware powering Edge AI to the critical protocols that secure internal data, this is your crash course in AI-assisted defense.

​🚀 What We Cover in This Video:

​The AI Co-Pilot Stack: Understanding the difference between IDE plugins (GitHub Copilot) and CLI Terminal Assistants.

​CRITICAL Exam Concept: The Model Context Protocol (MCP)—the industry standard for connecting AI models to secure internal servers without risking data leaks.

​Defensive Analysis: leveraging AI for vulnerability scanning, anomaly detection, automated summarization, and real-time translation.

​Hardware & Architecture: A look at NVIDIA Jetson Nano Orin (Edge AI) and how Vector Databases power modern security tools.

​Threat Hunting: visualizing threats with Neo4j Graph Databases.

​Data Privacy: How to use Ollama to run local LLMs, ensuring your sensitive data never leaves the network.

​⏱️ Timecodes

​0:00 - Intro: Switching to the Blue Team

​0:25 - The AI Co-Pilot (IDE vs. CLI Plugins)

​1:00 - CRITICAL TERM: Model Context Protocol (MCP)

​1:30 - Analysis Tools: Vuln Scans & Translation

​2:15 - Anomaly Detection & Vector Databases

​2:38 - Edge AI Hardware: NVIDIA Jetson Nano Orin

​3:02 - Threat Hunting with Neo4j Graph Database

​3:22 - Privacy Tools: Ollama & Local LLMs

​3:45 - What’s Next: Automation & SOAR (Video 12)

​📚 Resources & Support

​🎓 FREE Interactive Learning Tools

Don't just watch—practice. Access our new browser-based tools to test your skills live.

​AI-Powered Exam Simulators: https://secguy.org/exam-simulators

​Python for Security Labs: https://secguy.org/python-practice

​Mock Interview Board: https://secguy.org/mock-interview

​💬 Join the Squad

Connect with other industry veterans and students in our new dedicated study group.

​Official Discord: https://secguy.org/discord-chat

​📚 Download Course Materials

Get the SecAI+ Cheat Sheet (including the MCP Architecture Diagram & Jetson specs) and full course slides directly from the academy.

​Access Here: https://secguy.org/courses

​Next Up: Domain 3.3: The AI Automator (SOAR & Agents)

​#SecAI #CompTIA #BlueTeam #CyberDefense #MCP #ModelContextProtocol #Ollama #JetsonNano #CoPilot #Cybersecurity

We have talked about how to hack an AI. Now, let’s talk about when the AI becomes the hacker. Welcome to Domain 3: AI-Assisted Security. In this video (Objective 3.2), we switch to the Red Team.

We are breaking down exactly how attackers weaponize LLMs to scale social engineering, clone voices for "Vishing," and generate polymorphic malware that evades traditional antivirus.

In this video, we cover:

Identity Attacks: Deepfakes, Impersonation, and Social Engineering at Scale.

Infrastructure Attacks: Automated Reconnaissance, Attack Vector Discovery, and AI-Enhanced DDoS.

Payloads: Polymorphic Code, Obfuscation, and Adversarial Malware Generation.

Hardware: Why GPUs are required for Password Cracking (PassGAN).

Timecodes:

0:00 - Intro: The AI Offensive (Domain 3)

0:42 - Social Engineering & Personalized Phishing

1:05 - Voice Cloning & Vishing (The 3-Second Rule)

1:38 - Automated Recon & Attack Vector Discovery

2:05 - AI-Enhanced DDoS (Traffic Shaping)

2:28 - Writing Malware & Polymorphic Code (Obfuscation)

3:05 - Hardware: GPUs & Password Cracking (PassGAN)

3:35 - What’s Next: The Blue Team (Video 11)

​📚 Resources & Support

​🎓 FREE Interactive Learning Tools

Don't just watch—practice. Access our new browser-based tools to test your skills live.

​AI-Powered Exam Simulators: https://secguy.org/exam-simulators

​Python for Security Labs: https://secguy.org/python-practice

​Mock Interview Board: https://secguy.org/mock-interview

​💬 Join the Squad

Connect with other industry veterans and students in our new dedicated study group.

​Official Discord: https://secguy.org/discord-chat

​📚 Download Course Materials

Get the SecAI+ Cheat Sheet (including the MCP Architecture Diagram & Jetson specs) and full course slides directly from the academy.

​Access Here: https://secguy.org/courses

Next Video: Domain 3.1: The AI Analyst (Blue Team Defense)

#SecAI #CompTIA #Cybersecurity #RedTeam #Deepfakes #Malware #EthicalHacking #PassGAN #AIsecurity