Niladri Biswas

Cyber Risk, Compliance & Information Security | M.Tech Information Security | Graduating June 2026

📍 Naihati, West Bengal, India  |  📧 niladri.assurance@gmail.com  |  🔗 LinkedIn

---

About

Information Security M.Tech student at West Bengal University of Technology (MAKAUT), focused on Governance, Risk, and Compliance (GRC). Hands-on project experience in vulnerability risk assessment, web application risk analysis, social engineering risk assessment, security control monitoring, and audit evidence collection — each project producing professional deliverables with CVSS-scored findings, business impact analysis, and remediation recommendations.

Work grounded in ISO 27001 principles, NIST CSF, and MITRE ATT&CK — with a documentation-first approach that reflects how GRC functions operate in practice.

Open to GRC Analyst Intern roles. Available from June 2026.

---

Core Competencies

GRC & Risk	Security & Technical
Risk Assessment & Prioritisation (CVSS v3.0, EPSS)	Vulnerability Scanning — Nessus Essentials
ISO 27001 Principles & NIST CSF	SIEM Monitoring & Log Analysis — Splunk
Security Policy & Control Evaluation	Web Application Testing — Burp Suite, OWASP
Vulnerability Assessment & Risk Reporting	Network Traffic Analysis — Wireshark, Suricata
Incident Documentation & Escalation Workflows	Phishing Investigation & IOC Extraction
Audit Support & Evidence Collection	MITRE ATT&CK Mapping
Business Impact Analysis	Linux CLI & Windows Event Logs
Technical Report Writing for Non-Technical Stakeholders	Python (scripting)

---

GRC Projects

All five projects produce audit-grade deliverables — risk reports with CVSS-scored findings, business impact analysis, ISO 27001 / NIST CSF control mapping, and remediation recommendations. Not just technical writeups.

---

GRC-P1 — Vulnerability Risk Assessment & Remediation Prioritisation | Nessus Essentials

Conducted a structured vulnerability risk assessment against Metasploitable2 in an isolated lab environment. Discovered 69 vulnerabilities including 6 Criticals (CVSS 9.8–10.0): Bind Shell Backdoor, VNC Default Password, SSL v2/v3, CVE-2008-0166. Applied CVSS v3.0 + EPSS scoring to produce a P1–P4 risk priority matrix with business impact analysis — directly mirroring GRC risk register and treatment planning practice. All findings mapped to ISO 27001 Annex A controls and NIST CSF.

Nessus Essentials 10.11.2 Nmap CVSS v3.0 EPSS Metasploitable2 ISO 27001 NIST CSF Kali Linux

🔗 View Project →

---

GRC-P2 — Web Application Risk Assessment | OWASP Top 10 & CVSS Scoring

Assessed DVWA against OWASP Top 10. Identified 4 High/Critical vulnerabilities — SQLi (CVSS 9.8), Brute Force (7.5), XSS (7.3), CSRF (6.5). Analysed HTTP traffic via Burp Suite proxy interception. Delivered a professional risk report with CVSS-scored findings, business impact analysis, remediation guidance, and MITRE ATT&CK mapping — format directly replicable as an internal audit deliverable.

Burp Suite CE DVWA CVSS v3.0 OWASP Testing Methodology MITRE ATT&CK Kali Linux

🔗 View Project →

---

GRC-P3 — Social Engineering Risk Assessment & Incident Reporting | Email Forensics

Investigated a live phishing email. Performed manual header analysis, SPF/DKIM/DMARC authentication checks, and IOC extraction. Enriched indicators via VirusTotal, AbuseIPDB, and WHOIS. Classified attack as Advance Fee Fraud (T1566 – Phishing) and produced a structured incident report with business impact analysis and control recommendations — demonstrating third-party risk and human-risk assessment skills directly applicable to GRC.

Email Header Analysis VirusTotal AbuseIPDB WHOIS MITRE ATT&CK T1566

🔗 View Project →

---

GRC-P4 — Security Control Monitoring & Risk Documentation | Splunk SIEM

Deployed Splunk Enterprise to ingest Windows Security logs. Identified unauthorised access attempts via EventID 4625 analysis and SPL-based detection rules. Established threshold-based alerting aligned with access control monitoring — supporting continuous compliance oversight. Produced a structured incident report with risk impact and remediation recommendations mapped to MITRE ATT&CK (T1110, TA0006).

Splunk Enterprise Splunk Universal Forwarder Windows Event Logs SPL MITRE ATT&CK Kali Linux

🔗 View Project →

---

GRC-P5 — Network Threat Detection & Audit Evidence Collection | Suricata + Wireshark

Configured Suricata IDS with 48,701 ET detection rules. Triaged 249 real alerts across four attack types — Nmap SYN Scan, SSH Brute Force, ICMP Recon, TCP Flood. Correlated IDS alerts to packet-level evidence in Wireshark (8,344 packets, 3,130 TCP conversations). Produced a structured incident report mapped to the cyber kill chain — replicating the audit evidence and control-testing documentation expected in a GRC function.

Suricata 8.0.3 Wireshark Nmap Kali Linux

🔗 View Project →

---

Certifications

Certification	Issuer
Certified in Cybersecurity (CC)	ISC2
Security, Compliance & Identity Fundamentals (SC-900)	Microsoft
National Workshop on Cryptology 2025 (3-day on-site, hands-on)	IIT Bhilai
Cyber Security Awareness Workshop	NCIIPC — National Critical Information Infrastructure Protection Centre
Ethical Hacker · Introduction to Cybersecurity · Networking Essentials	Cisco
Cloud Computing	NPTEL — IIT Kharagpur
Cloud Security and Emerging Technologies	Cloud Security Alliance
DevOps & Software Engineering Specialization	IBM

---

Education

M.Tech — Information Security | West Bengal University of Technology (MAKAUT) | 2024 – June 2026

B.Tech — Computer Science & Engineering | Regent Education & Research Foundation Group of Institutions | 2021 – 2024 | CGPA: 8.68

Diploma — Electrical Engineering | Regent Institute of Science & Technology | 2017 – 2020 | OGPA: 8.2

---

_{All project repositories include complete documentation — methodology, risk findings, audit-grade reports, remediation recommendations, and annotated evidence screenshots.}