My Projects 2025

Role: Information Security (InfoSec) Contributor
Status: Ongoing (2025)
Environment: SaaS / B2B / AI-Enabled Platform

As part of a real-world InfoSec team, I contributed to the development of an internal cybersecurity and compliance framework for a startup SaaS solution. This project supports both regulatory readiness and customer trust through structured security practices aligned with leading standards.

Key Contributions:

• Developed internal InfoSec documentation aligned with NIST CSF 2.0, SOC 2 Trust Services Criteria, and ISO/IEC 27001:2022

• Mapped internal processes and architecture to cybersecurity controls covering governance, access management, vulnerability handling, and threat response

• Participated in internal penetration testing and validation, documenting security findings and risk ratings

• Created security-focused content for customer-facing assurance, ensuring clarity without exposing architecture

• Collaborated with engineering and leadership to integrate security into design decisions using Zero Trust principles and secure-by-default practices

Tools Used:
General-purpose tools such as vulnerability scanners, documentation platforms, secure communication protocols, and internal asset registries (specific tools not disclosed for confidentiality)

Impact:
This project helped lay the foundation for future compliance efforts and external audits. It also strengthened my practical knowledge of risk management, control implementation, and InfoSec communication in a real business context.