Why I Started My YouTube Channel
Back to Blog
Community
Nov 26, 202410 min read

Why I Started My YouTube Channel

S
Shubham Singla

"Don't forget to like and subscribe." It's a cliché, but behind every YouTube channel is a story of late nights, editing frustration, and the desire to teach. Here is why I put my face on the internet to talk about packet captures.

Video Editing Timeline

Executive Summary

In November 2024, I launched my YouTube channel dedicated to Cybersecurity Education. The goal was simple: democratize knowledge. The industry is full of gatekeepers who make simple concepts sound complex to sell consultancy. I wanted to break that cycle.

The Equipment Stack

You don't need a RED camera to start. My setup is modest but effective:

  • Camera: Sony A6400 with a Sigma 16mm lens. (Crisp 4K).
  • Audio: Shure MV7. (Bad audio kills retention faster than bad video).
  • Software: DaVinci Resolve (Free and powerful).

Overcoming Imposter Syndrome

The biggest hurdle wasn't technical; it was psychological. "Who am I to teach this? There are experts with 20 years of experience."

I realized that you don't need to be a Guru. You just need to be one chapter ahead of the person you are teaching. Sometimes, an expert is too far removed from the beginner's struggle to explain it simply.

Analytics Graph

Technical Deep Dive: The Attack Anatomy

Understanding the specific mechanics of the attack is crucial for engineers. Most advanced threats follow the Cyber Kill Chain model:

RECONNAISSANCE: The attacker gathers information on the target. This can be passive (OSINT) or active (port scanning).

WEAPONIZATION: Creating a deliverable payload (e.g., a malicious PDF or Office macro).

DELIVERY: Transmitting the weapon to the target (e.g., via Phishing or USB).

EXPLOITATION: Triggering the payload to exploit a vulnerability (e.g., CVE-2023-xyz).

INSTALLATION: establishing a backdoor or persistence mechanism (e.g., a scheduled task or registry key).

COMMAND & CONTROL (C2): The compromised system calls home to the attacker server for instructions.

ACTIONS ON OBJECTIVES: The attacker achieves their goal (encryption, extensive data exfiltration, destruction).

The Content Strategy

I focus on "evergreen" content. A video about "Log4Shell" is relevant for a month. A video about "How DNS Works" is relevant for a decade. My analytics show that tutorials (How-To) outperform news/commentary by 300% in the long tail.

Standard Incident Response Procedures

A robust Incident Response Plan (IRP) is the best defense against chaos. The SANS Institute outlines a six-step process:

  1. Preparation: Training, tooling, and dry runs (tabletop exercises).
  2. Identification: Detecting the deviation from normal behavior and determining the scope.
  3. Containment: Short-term mitigation (isolating the system) and long-term containment (patching).
  4. Eradication: Removing the root cause (malware, compromised accounts).
  5. Recovery: Restoring systems to normal operation and monitoring for recurrence.
  6. Lessons Learned: Post-incident analysis to improve future response.

Conclusion

Teaching is the best way to learn. By forcing myself to explain concepts like Kerberos or BGP to a camera, I solidified my own understanding.

Comprehensive Mitigation Strategies

To prevent recurrence, a defense-in-depth approach is required. This involves layering security controls so that if one fails, another catches the threat.

  • Network Segmentation: Isolate critical assets in separate VLANs with strict firewall rules (East-West traffic inspection).
  • Endpoint Detection and Response (EDR): Deploy agents that can detect behavioral anomalies, not just file signatures.
  • Identity and Access Management (IAM): Enforce Least Privilege and MFA everywhere. Review access logs regularly.
  • Regular Audits: Conduct penetration testing and vulnerability scanning (using tools like Nessus or Burp Suite) at least quarterly.