# Manish Pandey ยท Cybersecurity Architect & Researcher > Personal site of Manish Pandey. Cybersecurity architect and researcher with 13+ years across application security, infrastructure, cloud, secure code review, vulnerability management, and adversary simulation. Current focus: threat modeling for agentic AI and ML security aligned to the CSA MAESTRO framework. Writing, research, and lab notes from Bengaluru. ## About - [About](https://manishpandey.co.in/about/): bio, career timeline, methodology, what I believe - [Practice](https://manishpandey.co.in/practice/): eight practice areas including threat modeling, AppSec, code review, vulnerability management, adversary simulation, cloud, DevSecOps, and ML security - [Lab](https://manishpandey.co.in/lab/): open-source contributions, current research threads, knowledge graph ## Writing Full-content RSS feed: https://manishpandey.co.in/rss.xml JSON Feed (modern complement): https://manishpandey.co.in/feed.json - [Why STRIDE Breaks When You Threat Model AI Agents (And What to Do Instead)](https://manishpandey.co.in/why-stride-breaks-when-you-threat-model-ai-agents-and-what-to-do-instead/) _(ai-security)_ _[10 min read]_: STRIDE was built for deterministic systems. Agentic AI breaks its core assumptions. Here is a five-zone method that actually finds EchoLeak-class attacks. - [Red Teaming Generative AI: Language as the New Exploit Vector](https://manishpandey.co.in/red-teaming-generative-ai-why-language-is-the-new-exploit-vector/) _(ai-security)_ _[27 min read]_: Prompts are payloads. Why classical red-teaming misses LLM-native attacks, and how to design adversarial tests that surface jailbreaks, tool misuse, and goal hijack. - [How to Fortify IoT Devices Against Hidden Cyber Threats](https://manishpandey.co.in/how-to-fortify-iot-devices-against-hidden-cyber-threats/) _(iot)_ _[5 min read]_: IoT devices fail open by default. A pragmatic checklist for hardening firmware, networks, and lifecycle management against the threats most teams overlook. - [Build Ironclad ML Security Fast: MAESTRO Framework Explained](https://manishpandey.co.in/build-ironclad-ml-security-fast-maestro-framework-explained/) _(ml-security)_ _[4 min read]_: CSA's MAESTRO framework, explained for practitioners. Layer-by-layer attack surface, control mapping, and how to apply it to your ML pipeline this week. - [Win the AI Security Battle: Essential Moves for Leaders](https://manishpandey.co.in/win-the-ai-security-battle-essential-moves-for-leaders/) _(ai-security)_ _[4 min read]_: Five concrete moves security leaders should make this quarter to keep up with AI adoption, without slowing the teams shipping it. - [Elevate Cyber Defense: Start Threat Modeling Now](https://manishpandey.co.in/elevate-cyber-defense-start-threat-modeling-now/) _(threat-modeling)_ _[3 min read]_: Why threat modeling is the highest-leverage activity in a security program, and how to start without buying tooling or hiring consultants. - [Transform Your Security Strategy with Leading Threat Modeling Tools](https://manishpandey.co.in/transform-your-security-strategy-with-leading-threat-modeling-tools/) _(threat-modeling)_ _[34 min read]_: A practitioner's comparison of OWASP Threat Dragon, IriusRisk, Microsoft Threat Modeling Tool, and others, with concrete picks by team size and maturity. - [Cyber Resilience: How to Implement Cutting-Edge Threat Modeling Techniques](https://manishpandey.co.in/cyber-resilience-how-to-implement-cutting-edge-threat-modeling-techniques/) _(threat-modeling)_ _[19 min read]_: Beyond STRIDE: attack trees, PASTA, kill chains, and how to combine them into a methodology your engineers will actually use. - [Advance Your Security: PenTesting's Critical Edge in ISO 27001](https://manishpandey.co.in/advance-your-security-pentestings-critical-edge-in-iso-27001/) _(compliance)_ _[6 min read]_: Where pentesting fits inside an ISO 27001 program, what auditors look for, and how to scope tests so they produce defensible evidence, not just findings. - [Empower Your Security: Essential Insights into Threat Modeling](https://manishpandey.co.in/empower-your-security-essential-insights-into-threat-modeling/) _(threat-modeling)_ _[9 min read]_: A foundational guide to threat modeling: what it is, when to do it, who should be in the room, and the seven questions every model must answer. ## Topics - **threat-modeling** (4): [Elevate Cyber Defense: Start Threat Modeling Now](https://manishpandey.co.in/elevate-cyber-defense-start-threat-modeling-now/); [Transform Your Security Strategy with Leading Threat Modeling Tools](https://manishpandey.co.in/transform-your-security-strategy-with-leading-threat-modeling-tools/); [Cyber Resilience: How to Implement Cutting-Edge Threat Modeling Techniques](https://manishpandey.co.in/cyber-resilience-how-to-implement-cutting-edge-threat-modeling-techniques/); [Empower Your Security: Essential Insights into Threat Modeling](https://manishpandey.co.in/empower-your-security-essential-insights-into-threat-modeling/) - **ai-security** (3): [Why STRIDE Breaks When You Threat Model AI Agents (And What to Do Instead)](https://manishpandey.co.in/why-stride-breaks-when-you-threat-model-ai-agents-and-what-to-do-instead/); [Red Teaming Generative AI: Language as the New Exploit Vector](https://manishpandey.co.in/red-teaming-generative-ai-why-language-is-the-new-exploit-vector/); [Win the AI Security Battle: Essential Moves for Leaders](https://manishpandey.co.in/win-the-ai-security-battle-essential-moves-for-leaders/) - **iot** (1): [How to Fortify IoT Devices Against Hidden Cyber Threats](https://manishpandey.co.in/how-to-fortify-iot-devices-against-hidden-cyber-threats/) - **ml-security** (1): [Build Ironclad ML Security Fast: MAESTRO Framework Explained](https://manishpandey.co.in/build-ironclad-ml-security-fast-maestro-framework-explained/) - **compliance** (1): [Advance Your Security: PenTesting's Critical Edge in ISO 27001](https://manishpandey.co.in/advance-your-security-pentestings-critical-edge-in-iso-27001/) ## Reference pages - [Now](https://manishpandey.co.in/now/): what I'm currently focused on. Updated monthly. - [Learning](https://manishpandey.co.in/learning/): current papers, books, side projects. - [Colophon](https://manishpandey.co.in/colophon/): how the site is built; tech and design philosophy. ## Speaking - [Speaking topics](https://manishpandey.co.in/speaking/): keynote, workshop, panel formats available. Four to six invitations a year. ## Machine-readable - Identity JSON: https://manishpandey.co.in/api/me.json, structured profile (focus areas, education, contact, current_focus markers) - Build probe: https://manishpandey.co.in/health.json, site build timestamp + commit SHA for uptime / deploy checks - RSS: https://manishpandey.co.in/rss.xml - JSON Feed: https://manishpandey.co.in/feed.json - RFC 9116 security contact: https://manishpandey.co.in/.well-known/security.txt - Sitemap index: https://manishpandey.co.in/sitemap-index.xml - Image sitemap: https://manishpandey.co.in/image-sitemap.xml ## Note on usage Quoting with attribution to manishpandey.co.in is welcome. Bulk training-data ingestion without attribution is not. Author bylines are stable; URLs preserve their original slugs. Content is hand-authored, the site emits `` on every page.