MS Cybersecurity β Northeastern University Β· Boston, MA Β· Class of 2026
AI Agent Security & Governance Β· GRC/Compliance Β· Cloud Security Β· OT/ICS Security
Red-teaming framework for deployed AI agents across 12 attack vectors: prompt injection, jailbreaking, tool abuse, model extraction, session hijacking, output parsing, CoT manipulation, data poisoning, token smuggling, DoS resilience, context exhaustion.
- Every finding maps to OWASP LLM Top 10, NIST AI RMF, ISO/IEC 42001, SOC 2, HIPAA
- Multi-agent comparative testing (Claude vs Mistral vs local LLMs)
- Grade AβF risk scoring with vulnerability matrix
- Governance-ready compliance scorecards
- 89 tests passing, 89% code coverage
Python FastAPI React/Vite OWASP LLM Top 10 NIST AI RMF ISO 42001 Ollama
GitHub: https://github.com/Ashwatha4502/aiost
Defensive configuration auditing for AI agents. Static config audit + runtime behavioral assurance from CloudTrail/Bedrock traces.
- Maps findings to NIST AI RMF, ISO/IEC 42001, OWASP LLM Top 10
- Configuration compliance scoring (% aligned with frameworks)
- Runtime behavioral validation against policy controls
- Audit-ready evidence packages and CISO PDFs
- 21 tests passing, production-ready
Python boto3 Streamlit AWS CloudTrail Bedrock NIST AI RMF ISO 42001
GitHub: https://github.com/Ashwatha4502/a-acaf-agent-assurance
Real-time agent behavior monitoring and drift detection from CloudTrail + Bedrock agent traces.
- Detects control violations and policy breaches in real time
- Drift scoring: which controls degraded from baseline
- Maps findings to NIST AI RMF, ISO 42001 controls
- Generates drift reports for auditors and CISOs
- 25 tests passing, production-ready
Python AWS CloudTrail Bedrock Drift Detection NIST AI RMF ISO 42001
GitHub: https://github.com/Ashwatha4502/a-acaf-rt
| Phase | Tool | What It Does |
|---|---|---|
| Defensive | A-ACAF | "Is the configuration secure?" β Compliance score |
| Offensive | AIOST | "Does it hold under attack?" β Risk grade + findings |
| Runtime | A-ACAF-RT | "Is it drifting?" β Behavioral validation |
Output: Audit-ready governance evidence mapped to NIST AI RMF, ISO 42001, OWASP LLM Top 10, SOC 2, HIPAA.
Automated AWS security auditor replicating the AWS Security Assurance team's engagement workflow. Audits IAM, S3, CloudTrail, Security Groups β maps every finding to NIST CSF, SOC 2 TSC, CIS AWS Benchmark v2.0. Generates structured audit evidence and CISO-ready PDFs.
Python boto3 Streamlit AWS NIST CSF SOC 2 CIS Benchmark
Full-stack SOC lab for Tamil Nadu's state power grid. Wazuh + TheHive + MISP processing 8,760 hours of SCADA data. 20 custom detection rules mapped to MITRE ATT&CK for ICS. Python anomaly detection (Z-Score, IQR, Isolation Forest) with 90% recall across 5 attack scenarios.
Wazuh TheHive MISP Python MITRE ATT&CK for ICS OT Security
Wazuh SIEM processing 720 hours of synthetic SCADA data. 3 custom detection rules mapped to MITRE ATT&CK for ICS (T0855, T0856, T0814). Interactive Streamlit dashboard with live alert feed and MITRE heatmap.
Wazuh SIEM Python Streamlit MITRE ATT&CK for ICS SCADA
Simulated full Rhysida attack chain (CISA AA23-319A). 15 custom Wazuh detection rules covering all 15 MITRE ATT&CK techniques across 10 attack phases. Full IR report with attack timeline, IOC analysis, and root cause analysis.
Wazuh MITRE ATT&CK Incident Response CISA Threat Detection
Post-incident GRC assessment of the 2024 Rhysida breach (791,784 individuals). 30 risks identified (12 Critical) across NIST CSF 2.0. HIPAA compliance at 63% with $5Mβ$15M penalty exposure. Interactive Streamlit risk dashboard.
NIST CSF 2.0 HIPAA IEC 62443 Risk Assessment Streamlit
Third-party risk management framework (Epic, Cerner, Philips, Baxter, Change Healthcare). 15 vendors assessed across 3 tiers. Dedicated medical device OT vendor track with FDA 510(k) and SBOM requirements. 50-question vendor assessment.
NIST SP 800-161 HIPAA IEC 62443 Vendor Risk TPRM Streamlit
SOC 2 compliance gap analysis of the 2022 LastPass breach. Findings mapped to SOC 2 Trust Services Criteria, NIST CSF, ISO 27001. Interactive Streamlit compliance dashboard with control heatmap.
SOC 2 NIST CSF ISO 27001 GRC Compliance Streamlit
Enterprise data governance program for HCA Healthcare subsidiary. Built system catalog (200+ assets), retention schedule aligned to HIPAA/IRS/ERISA. CISO-sponsored. Locked as "GRC and Data Governance Analyst β Capstone" on resume.
NIST AI RMF ISO 42001 HIPAA Data Governance Microsoft 365
IEEE CONIT 2024 β CNN-LSTM Hybrid Model for Network Intrusion Detection
Published research on deep learning for IDS classification. Presented at the 2024 IEEE Conference on Interdisciplinary Approaches in Technology and Management.
| Domain | Tools & Frameworks |
|---|---|
| AI Agent Security | AIOST Β· A-ACAF Β· A-ACAF-RT Β· NIST AI RMF Β· ISO 42001 Β· OWASP LLM Top 10 |
| SIEM / Detection | Wazuh Β· Splunk Β· Snort Β· Wireshark Β· TheHive Β· MISP |
| Cloud Security | AWS Β· boto3 Β· IAM Β· S3 Β· CloudTrail Β· Security Groups |
| Offensive Security | Metasploit Β· Nmap Β· Burp Suite Β· Nessus Β· SQLMap |
| GRC Frameworks | NIST CSF 2.0 Β· NIST AI RMF Β· ISO 27001 Β· ISO 42001 Β· HIPAA Β· SOC 2 Β· MITRE ATT&CK |
| Cloud / DevOps | AWS Β· Docker Β· Kubernetes Β· Python Β· FastAPI Β· Streamlit Β· Git |
| Data Governance | Microsoft Purview Β· Microsoft Lists Β· Microsoft 365 |
- π MS Cybersecurity β Northeastern University (2026, STEM OPT eligible)
- π CompTIA Security+ SY0-701
- π IEEE CONIT 2024 β CNN-LSTM Network Intrusion Detection (published research)
- π¬ Graduate Capstone β AI governance & data retention for HCA Healthcare (CISO-sponsored)
Seeking roles in:
- AI Agent Governance β Auditing, risk assessment, compliance validation of deployed agents
- GRC / Compliance β Risk management, control assurance, frameworks (NIST, ISO, HIPAA)
- Cloud Security β AWS auditing, control assurance, compliance automation
- Security Operations β SOC analysis, threat detection, incident response
Open to: Full-time, contract, or consulting engagements. F-1 OPT eligible. Target relocation: Fremont, CA (August 2026).
Email: raman.as@northeastern.edu
LinkedIn: https://linkedin.com/in/ashwathanarayan
GitHub: https://github.com/ashwatha4502
Built by someone who believes security is not hope β it's data.