Skip to content
View Ashwatha4502's full-sized avatar
  • Boston, MA

Block or report Ashwatha4502

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
Ashwatha4502/README.md

Hi, I'm Ashwatha πŸ‘‹

MS Cybersecurity β€” Northeastern University Β· Boston, MA Β· Class of 2026
AI Agent Security & Governance Β· GRC/Compliance Β· Cloud Security Β· OT/ICS Security

LinkedIn Email GitHub


πŸ”΄ AI Agent Security (Open Source)

Red-teaming framework for deployed AI agents across 12 attack vectors: prompt injection, jailbreaking, tool abuse, model extraction, session hijacking, output parsing, CoT manipulation, data poisoning, token smuggling, DoS resilience, context exhaustion.

  • Every finding maps to OWASP LLM Top 10, NIST AI RMF, ISO/IEC 42001, SOC 2, HIPAA
  • Multi-agent comparative testing (Claude vs Mistral vs local LLMs)
  • Grade A–F risk scoring with vulnerability matrix
  • Governance-ready compliance scorecards
  • 89 tests passing, 89% code coverage

Python FastAPI React/Vite OWASP LLM Top 10 NIST AI RMF ISO 42001 Ollama

GitHub: https://github.com/Ashwatha4502/aiost


Defensive configuration auditing for AI agents. Static config audit + runtime behavioral assurance from CloudTrail/Bedrock traces.

  • Maps findings to NIST AI RMF, ISO/IEC 42001, OWASP LLM Top 10
  • Configuration compliance scoring (% aligned with frameworks)
  • Runtime behavioral validation against policy controls
  • Audit-ready evidence packages and CISO PDFs
  • 21 tests passing, production-ready

Python boto3 Streamlit AWS CloudTrail Bedrock NIST AI RMF ISO 42001

GitHub: https://github.com/Ashwatha4502/a-acaf-agent-assurance


Real-time agent behavior monitoring and drift detection from CloudTrail + Bedrock agent traces.

  • Detects control violations and policy breaches in real time
  • Drift scoring: which controls degraded from baseline
  • Maps findings to NIST AI RMF, ISO 42001 controls
  • Generates drift reports for auditors and CISOs
  • 25 tests passing, production-ready

Python AWS CloudTrail Bedrock Drift Detection NIST AI RMF ISO 42001

GitHub: https://github.com/Ashwatha4502/a-acaf-rt


🎯 Together: Complete AI Agent Security Lifecycle

Phase Tool What It Does
Defensive A-ACAF "Is the configuration secure?" β†’ Compliance score
Offensive AIOST "Does it hold under attack?" β†’ Risk grade + findings
Runtime A-ACAF-RT "Is it drifting?" β†’ Behavioral validation

Output: Audit-ready governance evidence mapped to NIST AI RMF, ISO 42001, OWASP LLM Top 10, SOC 2, HIPAA.


☁️ Cloud Security Projects

Automated AWS security auditor replicating the AWS Security Assurance team's engagement workflow. Audits IAM, S3, CloudTrail, Security Groups β€” maps every finding to NIST CSF, SOC 2 TSC, CIS AWS Benchmark v2.0. Generates structured audit evidence and CISO-ready PDFs.

Python boto3 Streamlit AWS NIST CSF SOC 2 CIS Benchmark


πŸ” Security Operations & GRC

Full-stack SOC lab for Tamil Nadu's state power grid. Wazuh + TheHive + MISP processing 8,760 hours of SCADA data. 20 custom detection rules mapped to MITRE ATT&CK for ICS. Python anomaly detection (Z-Score, IQR, Isolation Forest) with 90% recall across 5 attack scenarios.

Wazuh TheHive MISP Python MITRE ATT&CK for ICS OT Security

Wazuh SIEM processing 720 hours of synthetic SCADA data. 3 custom detection rules mapped to MITRE ATT&CK for ICS (T0855, T0856, T0814). Interactive Streamlit dashboard with live alert feed and MITRE heatmap.

Wazuh SIEM Python Streamlit MITRE ATT&CK for ICS SCADA

Simulated full Rhysida attack chain (CISA AA23-319A). 15 custom Wazuh detection rules covering all 15 MITRE ATT&CK techniques across 10 attack phases. Full IR report with attack timeline, IOC analysis, and root cause analysis.

Wazuh MITRE ATT&CK Incident Response CISA Threat Detection

Post-incident GRC assessment of the 2024 Rhysida breach (791,784 individuals). 30 risks identified (12 Critical) across NIST CSF 2.0. HIPAA compliance at 63% with $5M–$15M penalty exposure. Interactive Streamlit risk dashboard.

NIST CSF 2.0 HIPAA IEC 62443 Risk Assessment Streamlit

Third-party risk management framework (Epic, Cerner, Philips, Baxter, Change Healthcare). 15 vendors assessed across 3 tiers. Dedicated medical device OT vendor track with FDA 510(k) and SBOM requirements. 50-question vendor assessment.

NIST SP 800-161 HIPAA IEC 62443 Vendor Risk TPRM Streamlit

SOC 2 compliance gap analysis of the 2022 LastPass breach. Findings mapped to SOC 2 Trust Services Criteria, NIST CSF, ISO 27001. Interactive Streamlit compliance dashboard with control heatmap.

SOC 2 NIST CSF ISO 27001 GRC Compliance Streamlit

HCA Healthcare β€” Data Governance & AI Risk (Mobile Heartbeat Capstone)

Enterprise data governance program for HCA Healthcare subsidiary. Built system catalog (200+ assets), retention schedule aligned to HIPAA/IRS/ERISA. CISO-sponsored. Locked as "GRC and Data Governance Analyst – Capstone" on resume.

NIST AI RMF ISO 42001 HIPAA Data Governance Microsoft 365


πŸ“Š Research & Publications

IEEE CONIT 2024 β€” CNN-LSTM Hybrid Model for Network Intrusion Detection
Published research on deep learning for IDS classification. Presented at the 2024 IEEE Conference on Interdisciplinary Approaches in Technology and Management.


🧰 Technical Stack

Domain Tools & Frameworks
AI Agent Security AIOST Β· A-ACAF Β· A-ACAF-RT Β· NIST AI RMF Β· ISO 42001 Β· OWASP LLM Top 10
SIEM / Detection Wazuh Β· Splunk Β· Snort Β· Wireshark Β· TheHive Β· MISP
Cloud Security AWS Β· boto3 Β· IAM Β· S3 Β· CloudTrail Β· Security Groups
Offensive Security Metasploit Β· Nmap Β· Burp Suite Β· Nessus Β· SQLMap
GRC Frameworks NIST CSF 2.0 Β· NIST AI RMF Β· ISO 27001 Β· ISO 42001 Β· HIPAA Β· SOC 2 Β· MITRE ATT&CK
Cloud / DevOps AWS Β· Docker Β· Kubernetes Β· Python Β· FastAPI Β· Streamlit Β· Git
Data Governance Microsoft Purview Β· Microsoft Lists Β· Microsoft 365

πŸ“œ Credentials & Education

  • πŸŽ“ MS Cybersecurity β€” Northeastern University (2026, STEM OPT eligible)
  • πŸ† CompTIA Security+ SY0-701
  • πŸ“„ IEEE CONIT 2024 β€” CNN-LSTM Network Intrusion Detection (published research)
  • πŸ”¬ Graduate Capstone β€” AI governance & data retention for HCA Healthcare (CISO-sponsored)

🎯 Active Search

Seeking roles in:

  • AI Agent Governance β€” Auditing, risk assessment, compliance validation of deployed agents
  • GRC / Compliance β€” Risk management, control assurance, frameworks (NIST, ISO, HIPAA)
  • Cloud Security β€” AWS auditing, control assurance, compliance automation
  • Security Operations β€” SOC analysis, threat detection, incident response

Open to: Full-time, contract, or consulting engagements. F-1 OPT eligible. Target relocation: Fremont, CA (August 2026).


Email: raman.as@northeastern.edu
LinkedIn: https://linkedin.com/in/ashwathanarayan
GitHub: https://github.com/ashwatha4502


Built by someone who believes security is not hope β€” it's data.

Popular repositories Loading

  1. Ashwatha4502 Ashwatha4502 Public

  2. ashwatha4502.github.io ashwatha4502.github.io Public

    HTML

  3. a-acaf-agent-assurance a-acaf-agent-assurance Public

    Control assurance tool for deployed AI agents, scored against NIST AI RMF, ISO/IEC 42001, and OWASP LLM Top 10.

    Python

  4. aws-assurance-framework aws-assurance-framework Public

    AWS control assurance auditor mapped to NIST CSF, SOC 2 TSC, and CIS Benchmark v2.0

    Python

  5. ai-grit ai-grit Public

    NIST AI RMF risk assessment + 25-vector red team toolkit for local LLMs

    Python

  6. lastpass-soc2-assessment lastpass-soc2-assessment Public

    SOC 2 gap assessment of the 2022 LastPass breach, with TSC maturity scoring

    Python