Hi, I'm Kanika — a Thai cybersecurity student wrapping up my B.Tech in Computer Science & Engineering (Cybersecurity) at the National Forensic Science University, India. I'm an ICCR Scholar.
My work spans security monitoring, threat detection, incident response, and GRC. What I enjoy most is bridging the gap between raw technical findings and things people can actually act on whether that's a well-tuned detection rule, a clear risk report, or a tool that makes security less intimidating for teams without a dedicated security person.
| Area | Tools & Technologies |
|---|---|
| Languages & Scripting | Python SQL Bash |
| SIEM & Monitoring | Datadog Splunk Graylog — log analysis, alert tuning, event correlation |
| Frameworks | MITRE ATT&CK NIST CSF PCI DSS ISO 27001 CIS Controls |
| Web & App Security | OWASP Top 10 — vulnerability identification, web app assessment |
| Network Analysis | Wireshark Nmap — traffic inspection, host and service discovery |
| Risk & Compliance | Risk assessments, KRI tracking, audit documentation, remediation reporting |
| Cloud | AWS — IAM, CloudTrail, CloudWatch log review |
| Platforms | Linux Windows macOS |
Security Monitoring & Incident Detection
Designing detection rules, performing alert triage, investigating security events, and digging into SIEM logs to surface threats early.
Risk Management & GRC
Conducting risk assessments, developing KRIs, writing compliance documentation, and mapping controls to NIST CSF, ISO 27001, PCI DSS, and CIS.
Application Security
Identifying vulnerabilities aligned with OWASP Top 10, understanding attacker techniques, and supporting vulnerability tracking and remediation.
Python Flask React.js Vite Nmap OWASP ZAP SQLite Docker
SMEs make up over 43% of global cybercrime targets, yet most don't have the budget or headcount for regular security audits. This platform automates the full audit pipeline — scanning, analysis, compliance mapping, and reporting — in one unified open-source tool built with non-technical users in mind.
What it covers:
| Module | Description |
|---|---|
| Network scanning | Host discovery, port enumeration, service fingerprinting (Nmap, Masscan) |
| Web app scanning | OWASP Top 10 testing — SQLi, XSS, misconfigs, SSL/TLS weaknesses (ZAP, Nikto) |
| Configuration auditing | Hardcoded secrets, exposed .env files, insecure server settings (TruffleHog, Lynis) |
| Database auditing | Exposed ports, default credentials, excessive privileges |
| Compliance mapping | Findings mapped to ISO 27001, NIST CSF, and PCI DSS controls |
| Reporting dashboard | Risk-scored findings with remediation guidance — exportable as PDF, HTML, JSON, CSV |
The goal was to translate raw tool output into something a founder or small IT team could actually read and act on, with clear risk scores, business-impact explanations, and guided next steps.
Python Whisper NLP TF-IDF Logistic Regression Scikit-learn Streamlit
Vishing (voice phishing) is one of the fastest-growing social engineering threats, and it hits harder in regions where most detection tools only support English. This tool analyzes live phone call audio and flags potential scam calls in real time, with full support for both Thai and English.
How it works:
- Captures and transcribes live audio using OpenAI Whisper (speech-to-text)
- Runs the transcript through a Logistic Regression classifier trained on character-level TF-IDF features
- Flags social engineering patterns — urgency cues, impersonation language, pressure tactics, financial lures
- Returns a real-time risk verdict with 95.4% classification accuracy on multilingual test data
