Shreya
Kannabiran.
Cybersecurity & Compliance Analyst. I help teams stay audit-ready under ISO 27001, SOC 2, HIPAA and PCI DSS — and pressure-test what they ship with penetration testing and ethical hacking.
- role
- Infosec Analyst
- org
- Mithra Consulting
- focus
- ISO 27001 · SOC 2
- tools
- Burp · OWASP ZAP · Nmap
- based
- Chennai, IN
- stack
- Kali · Python · AWS
Compliance-minded, offensively curious.
B.Tech Computer Science graduate specializing in cybersecurity and IoT. Skilled in penetration testing, ethical hacking, and security tooling — OWASP ZAP, Burp Suite, Wireshark and the wider Kali stack.
Through internships and academic work I've built practical exposure to ISO 27001, SOC 2, HIPAA and PCI DSS — through audit support, policy development and compliance documentation.
Education
Where I've worked.
- Feb 2026 — PresentCURRENT
Infosec Analyst
Mithra Consulting· Chennai, IN- Converted from intern to full-time Infosec Analyst on program completion.
- Support ISO 27001 and SOC 2 Type I / II audit activity across multiple clients.
- Help implement and monitor security controls aligned with ISO 27001 and SOC 2.
- Maintain policies, procedures and control documentation to keep clients audit-ready.
- Contributed to HIPAA and PCI DSS policy development initiatives.
- Oct 2025 — Jan 2026
Infosec Intern
Mithra Consulting· Chennai, IN- Conducted web vulnerability assessments and penetration testing on client projects.
- Identified, documented and remediated security vulnerabilities across web applications.
- Practical exposure to ISO 27001, SOC 2 and HIPAA via audit prep and compliance assessments.
- Feb 2025 — Jun 2025
Cybersecurity Intern
QRSolutions· Remote · Australia- Performed penetration testing on test environments to surface vulnerabilities and misconfigurations.
- Simulated real-world attack scenarios with Burp Suite, OWASP ZAP and Nmap.
- Delivered structured vulnerability reports — recognised by supervisors for clarity.
- Trained in AWS (EC2 / S3 / IAM) and DevOps CI/CD; hands-on with Cypress and Postman.
- Feb 2023 — Apr 2023
Product Intern
Merkrr.io· Remote- Built a beta-tester recruitment web app for an early-stage SaaS product.
- Chose Bubble.io for velocity — shipped the site in time for official product launch.
- Implemented backend to capture and store beta-tester sign-ups.
Tools I reach for.
A working stack across compliance, offensive testing and everyday engineering — grouped by how I actually use them.
Governance & Compliance
policies · audit prep · control monitoring
Offensive Security
web vuln assessment · test-env pentesting
Networks & Systems
traffic analysis · crypto basics · linux
Cloud & DevOps
aws services · pipeline exposure
Programming & Data
scripting · analytics · dashboards
QA & API Testing
automation · endpoint testing
Selected work.
Four projects, equal weight — academic labs to security tooling.
IoT Face Recognition Security System
Group build of a facial-recognition access system on a Raspberry Pi + camera module. Captures and stores facial signatures for identification, then decides entry based on match confidence.
Amazon Prime Shows — Data Visualization
Analysed Amazon Prime movie and TV catalogue — release dates, ratings, genres. Delivered an interactive Tableau dashboard letting viewers filter titles by year and genre.
AI for Dark Web Forensics
Team project designing an AI system to identify and analyse dark-web activity around illicit drugs and major crimes. ML-based threat classification with Python-driven data processing and predictive analytics for forensic workflows.
Ethical Hacking with Python
Collaborative project focused on identifying and mitigating security vulnerabilities using Python-based ethical hacking techniques — scripted recon, exploitation and post-analysis inside controlled environments.
Certifications.
Google Cybersecurity Professional Certificate
SecurityCisco Introduction to Cybersecurity
SecurityJr. Penetration Tester — Learning Path
SecurityPre-Security
SecurityClaude Code 101
AIClaude 101
AIB2 First
LanguageB1 Preliminary
LanguageLet's put the
controls to work.
Open to security engineering, compliance analyst and offensive security roles — full-time or contract. Reach out and I'll get back within 48 hours.