Hi, I'm Saniya Bhaladhare
> About Me
"My journey into cybersecurity started in the structured world of Governance, Risk, and Compliance. At KPMG India, I spent over a year working across 7 RBI/SEBI-regulated financial institutions — running maturity assessments, closing control gaps, drafting enterprise security policies, and sitting across the table from CISOs to walk through remediation roadmaps. That work gave me a deep understanding of how adversaries think, how organizations fail, and how controls either hold or collapse under pressure."
But something shifted when AI systems started showing up in enterprise environments. Traditional security policies were not built for models that hallucinate, drift, or get manipulated through prompt injection. That gap became an obsession — and it pushed me toward the technical side of security in a way compliance work alone never could.
At Avaly.ai, I built LLM-powered audit agents, designed vendor self-assessment frameworks across 7 trustworthiness domains, and mapped 227 controls across NIST AI RMF and ISO/IEC 42001. Alongside that, I've built security tooling from scratch — a phishing detection system that flags AI-generated spoofing patterns, and a DevSecOps pipeline that automates SAST, SCA, and DAST scanning on every commit to catch vulnerabilities before they ship.
I care about how attacks actually work, how detection breaks down, and how security can be engineered into systems rather than bolted on afterward. I'm now formalizing that thinking into my Master's thesis at UW Bothell, building an AI Security Compliance Framework for LLM deployments. I'm looking for a team that operates at this intersection — where frameworks meet real threats, and where engineering and risk speak the same language."
Academic focus
Cybersecurity Engineering at UW Bothell. Focus on AI RMF and Cloud Security.
Industry Exp
2+ years at KPMG and Avaly.AI in AI Security & GRC.
AI Security Mission
Developing automated security agents that align with NIST AI RMF and ISO 27001 to scale secure AI adoption.
Professional Timeline
AI Security Engineer Intern
Avaly.ai
- ▹Architected an LLM-powered AI Audit Agent operationalizing 227 controls across NIST AI RMF and ISO/IEC 42001, cutting manual audit effort by ~20%.
- ▹Designed an AI Security Vendor Self-Assessment framework across 7 trustworthiness domains with maturity-based scoring.
- ▹Conducted AI threat modeling for LLM apps, mapping threats (prompt injection, model inversion, data leakage) to NIST AI RMF mitigations.
- ▹Led AI-focused tabletop exercises simulating model abuse and AI system failure scenarios.
Cybersecurity Analyst
KPMG India
- ▹Led compliance assessments across 7 RBI/SEBI-regulated institutions, evaluating 70+ controls per engagement.
- ▹Identified 80+ control gaps at a large bank, driving remediation that elevated maturity from 2.5 to 3.8.
- ▹Drafted 5 enterprise security policies and SOPs aligned with ISO 27001 and RBI requirements.
- ▹Owned Asset Management workstream end-to-end, improving control effectiveness by ~30%.
- ▹Presented risk posture findings to CISOs and senior leadership across 7 to 10 stakeholder sessions per engagement.
- ▹Assessed IAM, QRadar SIEM, RSA Archer GRC, and cloud controls across AWS, Azure, and GCP.
Cybersecurity Intern
KPMG India
- ▹Supported regulatory audits through control walkthroughs, evidence validation, and compliance documentation.
- ▹Assisted in ISO 27001 and NIST CSF policy drafting, improving audit preparedness and governance quality.
- ▹Transitioned into full workstream ownership as Analyst following internship completion.
Featured Projects
SecurePipe — DevSecOps CI/CD Security Pipeline
Architected a GitHub Actions CI/CD pipeline with intentionally vulnerable Python services, integrating Bandit (SAST), Semgrep, pip-audit (SCA), and OWASP ZAP (DAST) to automate end-to-end vulnerability detection on every commit.
InboxGuard - Phishing Email Analysis Tool
Built a Python-based phishing detection system to flag AI-generated spoofing patterns, malicious URL behavior, and brand impersonation.
Keylogger Malware Simulation
Simulated malware TTPs, anti-forensics, and persistence features to test system resilience.
Community Leadership
President, Women in Cybersecurity (WiCyS)
UW Bothell Student Chapter
Leading an 8-member team to host hackathons and events for 80+ students, fostering cybersecurity education and community across the university.
Technical Arsenal
$ GRC & Compliance
Primary Focus$ AI Security
Specialization$ Security Operations
Core Skills$ Cloud & Development
Certifications & Awards
AWS Certified AI Practitioner
Amazon Web Services
In ProgressNetwork Defense Essentials
EC-Council CodeRed
VerifiedEthical Hacking Essentials
EC-Council CodeRed
VerifiedDark Web Series
EC-Council CodeRed
VerifiedISO/IEC 27001 Information Security Associate
SkillFront
Verified$ Notable Achievements
CTF Winner at UWB GreyHats
Successfully solved complex challenges across OSINT, cryptography, web-exploitation, and reverse-engineering categories.
Get In Touch
I'm currently actively job searching for Cybersecurity and AI Security roles. Let's connect!
Chat With My Assistant
Have specific questions about my NIST AI RMF experience or GRC skills? Use the chat widget in the bottom right for instant answers.