{ "@context": "https://manishpandey.co.in/api/me.json", "name": "Manish Pandey", "tagline": "Cybersecurity Architect & Researcher", "title": "Manish Pandey · Cybersecurity Architect & Researcher", "description": "Cybersecurity architect and researcher. 13+ years across application, infrastructure, cloud, and AI security. Writing, research, and lab notes from Bengaluru.", "experience_years": 13, "career_start_year": 2012, "location": "Bengaluru, India", "education": [ { "degree": "M.Tech, Data Science", "institution": "BITS Pilani", "url": "https://www.bits-pilani.ac.in/" } ], "focus_areas": [ { "name": "Threat Modeling", "subtopics": [ "STRIDE", "PASTA", "attack trees", "five-zone method for agentic AI" ] }, { "name": "Application Security Testing", "subtopics": [ "web", "API", "mobile", "manual + tool-assisted" ] }, { "name": "Secure Code Review", "subtopics": [ "Python", "Java", "JavaScript/TypeScript", "Go", "C#" ] }, { "name": "Vulnerability Management", "subtopics": [ "triage", "ownership models", "SLA design", "program metrics" ] }, { "name": "Adversary Simulation", "subtopics": [ "MITRE ATT&CK", "purple team", "red team", "LLM/agent red teaming" ] }, { "name": "Cloud Security", "subtopics": [ "AWS", "Azure", "GCP", "IAM", "CI/CD" ] }, { "name": "DevSecOps", "subtopics": [ "SAST", "SCA", "IaC scanning", "secrets detection", "pipeline gates" ] }, { "name": "AI Red Teaming", "subtopics": [ "LLM jailbreak chains", "tool misuse", "goal hijack", "OWASP ASI01–10" ], "current_focus": true }, { "name": "Machine Learning Security", "subtopics": [ "MAESTRO framework", "training data integrity", "model supply chain", "inference-time risk" ], "current_focus": true } ], "current_research": [ "Five-zone threat modeling for production agentic AI systems", "Adversarial test corpora for domain-specific LLMs (healthcare, finance)", "ML security reviews that go past the model boundary into weights and data" ], "knows_about": [ "Threat Modeling", "Application Security Testing", "Secure Code Review", "Vulnerability Management", "Adversary Simulation", "Cloud Security", "DevSecOps", "Machine Learning Security", "AI Red Teaming", "Threat Modeling for AI Systems" ], "speaking": { "available": true, "employment_constraint": "Cadence is selective; four to six invitations per year.", "formats": [ "Keynote", "Workshop", "Panel", "Internal lunch-and-learn" ], "topics": [ { "title": "Red Teaming Generative AI", "summary": "Why prompts are payloads, and what an adversarial test plan looks like for systems that 'reason' over untrusted text.", "audience": "Engineering teams, AI platform teams, security leadership", "formats": [ "Keynote", "Workshop", "Panel" ] }, { "title": "Threat Modeling AI Agents (STRIDE Is Not Enough)", "summary": "Why classical frameworks miss EchoLeak-class attacks, and the five-zone methodology that finds them.", "audience": "Security architects, engineering leadership", "formats": [ "Keynote", "Workshop" ] }, { "title": "MAESTRO for ML Security", "summary": "CSA's layered framework, applied. What it catches that classical AppSec doesn't, and how to build it into your ML platform without slowing the team.", "audience": "ML platform teams, security architects", "formats": [ "Workshop", "Internal lunch-and-learn" ] }, { "title": "Building a Security Practice Around LLM Products", "summary": "How to stand up the controls, runbooks, and culture for organizations shipping generative AI features, without reinventing the wheel.", "audience": "CISOs, security leadership, AppSec leads", "formats": [ "Keynote", "Panel" ] }, { "title": "The Five-Zone Method", "summary": "Input/retrieval, reasoning, action, state, coordination. A practitioner's map for agentic AI threat modeling that goes beyond enumeration.", "audience": "Security architects, threat modeling practitioners", "formats": [ "Workshop", "Internal lunch-and-learn" ] } ], "booking_url": "https://cal.com/manishpandey05/30min" }, "writing": { "feed": "https://manishpandey.co.in/rss.xml", "topics": [ "ai-security", "threat-modeling", "llm", "agentic-ai", "red-teaming", "iot", "infrastructure-security", "ml-security", "frameworks", "leadership", "strategy", "tooling", "resilience", "compliance", "pentesting", "iso-27001", "fundamentals" ], "total_posts": 10, "recent": [ { "title": "Why STRIDE Breaks When You Threat Model AI Agents (And What to Do Instead)", "slug": "why-stride-breaks-when-you-threat-model-ai-agents-and-what-to-do-instead", "url": "https://manishpandey.co.in/why-stride-breaks-when-you-threat-model-ai-agents-and-what-to-do-instead/", "published": "2026-03-24", "description": "STRIDE was built for deterministic systems. Agentic AI breaks its core assumptions. Here is a five-zone method that actually finds EchoLeak-class attacks.", "primary_tag": "ai-security" }, { "title": "Red Teaming Generative AI: Language as the New Exploit Vector", "slug": "red-teaming-generative-ai-why-language-is-the-new-exploit-vector", "url": "https://manishpandey.co.in/red-teaming-generative-ai-why-language-is-the-new-exploit-vector/", "published": "2026-02-13", "description": "Prompts are payloads. Why classical red-teaming misses LLM-native attacks, and how to design adversarial tests that surface jailbreaks, tool misuse, and goal hijack.", "primary_tag": "ai-security" }, { "title": "How to Fortify IoT Devices Against Hidden Cyber Threats", "slug": "how-to-fortify-iot-devices-against-hidden-cyber-threats", "url": "https://manishpandey.co.in/how-to-fortify-iot-devices-against-hidden-cyber-threats/", "published": "2025-10-11", "description": "IoT devices fail open by default. A pragmatic checklist for hardening firmware, networks, and lifecycle management against the threats most teams overlook.", "primary_tag": "iot" }, { "title": "Build Ironclad ML Security Fast: MAESTRO Framework Explained", "slug": "build-ironclad-ml-security-fast-maestro-framework-explained", "url": "https://manishpandey.co.in/build-ironclad-ml-security-fast-maestro-framework-explained/", "published": "2025-10-02", "description": "CSA's MAESTRO framework, explained for practitioners. Layer-by-layer attack surface, control mapping, and how to apply it to your ML pipeline this week.", "primary_tag": "ml-security" }, { "title": "Win the AI Security Battle: Essential Moves for Leaders", "slug": "win-the-ai-security-battle-essential-moves-for-leaders", "url": "https://manishpandey.co.in/win-the-ai-security-battle-essential-moves-for-leaders/", "published": "2025-10-02", "description": "Five concrete moves security leaders should make this quarter to keep up with AI adoption, without slowing the teams shipping it.", "primary_tag": "ai-security" } ] }, "contact": { "email": "hello@manishpandey.co.in", "security_email": "security@manishpandey.co.in", "site": "https://manishpandey.co.in", "linkedin": "https://www.linkedin.com/in/manishkp", "github": "https://github.com/Antak108", "booking": "https://cal.com/manishpandey05/30min", "response_time_business_days": 2, "open_to": [ "writing collaborations", "research", "talks", "podcasts" ] }, "site_meta": { "version": "v1.6", "generator": "Astro + handwritten", "analytics": "Plausible (cookieless)", "last_built": "2026-05-21T11:15:34.611Z", "license_note": "Site content © Manish Pandey. Quotes welcome with attribution to manishpandey.co.in." } }