✦ Seeking Full-Time Roles · Graduating Dec 2026

Twinkle Kamdar

MSIS · Information Security · Carnegie Mellon INI

CMU security grad student building defenses for AI systems that didn't exist two years ago.
I built IRIS, a real-time LLM security monitor catching prompt injection and cross-agent collusion with 93.1% precision.
The AI attack surface is growing faster than the defenses. I'm on the right side of that gap.

View Projects ↓▶ Watch IRIS DemoGitHubLinkedIn📄 Resume
Twinkle Kamdar
click me ✦
LLM Security Post-Quantum Crypto IDS/IPS Digital Forensics Zero Trust SIEM XGBoost Kubernetes SDN/OpenFlow Cloud Security MITRE ATT&CK Behavioral Analysis LLM Security Post-Quantum Crypto IDS/IPS Digital Forensics Zero Trust SIEM XGBoost Kubernetes SDN/OpenFlow Cloud Security MITRE ATT&CK Behavioral Analysis
✦ journey

My Story

work & education · newest first

Floatbot.AI
Security Analyst Intern
  • Building PCI DSS v4.0.1 compliance infrastructure: controls tracker, evidence mapping, and scoping documents across GCP US, Azure UAE, and GCP India CDE environments
  • Completed Coalition cyber insurance checklist across all domains: access control, SAT, endpoint security, network controls, and incident response
  • Drafted System Security Plan for FTI protection with network architecture diagrams in draw.io
  • Produced WAF vendor comparison, TWFG security questionnaire responses, and IRS Pub 1075 training materials
PCI DSS v4.0.1GCPAzureIRS Pub 1075Compliance
💼
May 2026 – Present
Remote · Milpitas, CA
Aug 2025 – Dec 2026
Pittsburgh, PA
🎓
Carnegie Mellon University
M.S. Information Security · INI

Intro to Information Security · Host-Based Forensics · Security in Networked Systems · AI & Security · Cloud Security · Network Forensics

MSISCybersecurityMachine LearningCryptography
Silver Touch Technologies
SOC Intern
  • Triaged security alerts and monitored network traffic using Wireshark, tshark, and Moloch/Arkime in a 24/7 SOC environment
  • Supported VAPT assessments and tracked 50+ CVEs across internal ticketing systems
  • Worked with SIEM tooling and Suricata IDS/IPS rules for threat detection
SIEMSuricataWiresharkVAPTCVE Tracking
💼
May – Jul 2024
India
2024 – 2025
Gandhinagar, India
💼
PDEU Deepfake Forensics Lab
Research Assistant
  • Assisted faculty with literature review and dataset management for deepfake detection research
  • Maintained experimental records and supported research reports and presentations
Deepfake DetectionResearchPython
Pandit Deendayal Energy University
B.Tech Computer Science Engineering

Cultural Club, Event Manager · Society of Mathematics · Zaayka Food & Culture Club

GPA 9.44 / 10
Computer ScienceNetworkingSecurity
🎓
Jul 2021 – May 2025
Gandhinagar, India
✦ featured projects

Flagship Work

End-to-end security systems. Production-ready, open source.

IRIS
IRIS
Identity Risk Intelligence System
Behavioral security monitor for LLM agent systems
93.1%
Precision
0.43ms
Latency
14
Collusion
894
Calls
↺ flip to know more
IRIS

Built a 5-layer real-time detection engine that catches indirect prompt injection, cross-agent collusion, and behavioral drift, attacks that bypass every standard defense. Core contribution: intent-action divergence detection using llama-3.3-70b to compare what an agent should do vs what it actually does.

LLM SecurityPythonXGBoostFastAPIStreamlitLangChain
↺ flip back
AEGIS
AEGIS
Autonomous Cybersecurity Intelligence System
Multi-layered autonomous IDS/IPS with post-quantum cryptography
3-layer
ML Ensemble
PQC
Post-Quantum
K8s
Zero Trust
NIST CSF
IR Auto
↺ flip to know more
AEGIS

Multi-layered threat detection platform combining rule-based IDS, Isolation Forest, and CICIDS2017-trained Random Forest with ensemble voting. Deployed in a Mininet SDN environment with post-quantum crypto (Dilithium3 + Kyber768), SHA-256 tamper-evident audit ledger, self-healing watchdog, NIST CSF IR automation, and Kubernetes Zero Trust.

IDS/IPSPost-Quantum CryptoKubernetesEnsemble MLSDN/OpenFlow
↺ flip back
✦ coursework

CMU Projects

Graduate-level security engineering at Carnegie Mellon INI.

ZeroSeg
ZeroSeg
Live Microsegmentation Monitor
ML-driven network microsegmentation with 100% block rate
95.31%
Accuracy
100%
Block Rate
↺ flip to know more
ZeroSeg

ML-driven network microsegmentation using XGBoost and DBSCAN on UNSW-NB15. Ryu OpenFlow 1.3 on Mininet with a real-time Flask event-stream dashboard. 95.31% accuracy and 100% cross-segment block rate.

XGBoostDBSCANSDNMininetFlaskOpenFlow
↺ flip back
Mirai Botnet
Botnet Forensics & Detection
Simulated Mirai attacks with Suricata IDS rules and forensic analysis
↺ flip to know more
Mirai Botnet

Simulated Mirai botnet attacks using Security Onion for forensic analysis. Built custom Suricata IDS rules and deep network traffic analysis using Moloch/Arkime. Delivered a comprehensive forensic report covering attack vectors, IoC extraction, and detection signatures.

Security OnionSuricataMoloch/ArkimeForensicsIDS
↺ flip back
AWS Scanner
AWS Environment Security Auditor
Python CLI for scanning AWS environments for misconfigurations
↺ flip to know more
AWS Scanner

Command-line tool that scans AWS environments for security misconfigurations across IAM, S3, EC2, Security Groups, and more. Generates prioritized findings with remediation steps.

AWSPythonCLICloud SecurityIAMS3
↺ flip back
Forensic Time Cop
Forensic Time Cop
Anti-Forensics Detection Framework
14-822 Host-Based Forensics · CMU
Cross-platform timestomping & log manipulation detection
5
Detection Rules
2
Platforms
↺ flip to know more
Forensic Time Cop

Cross-platform anti-forensics detection framework for Windows and Linux. Python rule engine targeting MFT timestomping, event log manipulation, prefetch tampering, and USN journal anomalies. Streamlit/Plotly dashboard for timeline reconstruction. Published research paper.

with Kaivalya & Aarya

Digital ForensicsAnti-ForensicsPythonMFTWindowsLinux
↺ flip back
K8s-Guard
Kubernetes Threat Detection Lab
14-742 AI and Security · CMU
SIEM-integrated K8s detection for container escape & lateral movement
↺ flip to know more
K8s-Guard

Kubernetes threat detection integrating Security Onion (NSM), Falco (syscall monitoring), and Filebeat. Detected container escape, privilege escalation, and lateral movement. Handled SIEM architecture and detection engineering.

KubernetesFalcoSecurity OnionSIEMFilebeat
↺ flip back
✦ skills

Technical Stack

Languages
PythonCC++JavaSQLBash
Security Tools
WiresharktsharkSuricataSecurity OnionMoloch/ArkimeFalcoFilebeatExifToolKAPEMFTECmdanalyzeMFTpython-evtxpfSenseFortiGate
ML / AI
XGBoostRandom ForestIsolation ForestDBSCANscikit-learnLangChainLangGraphGroq APIOllamaQwen3
Cloud & Infrastructure
GCPAzureAWSDockerKubernetesColimaMininetGNS3OpenFlow/RyuFaucet/OVSAnsibleSalt
Web & APIs
FastAPIFlaskStreamlitPlotlyNext.jsTypeScript
Frameworks & Standards
NIST CSFPCI DSS v4.0.1SOC 2MITRE ATT&CKMITRE ATLASCVSSCWEIRS Pub 1075SSAE18
Digital Forensics
Windows ForensicsLinux ForensicsMFT AnalysisEVTX AnalysisAndroid ForensicsTimeline ReconstructionAnti-Forensics Detection
Compliance
ScrutCoalitiondraw.ioMicrosoft Forms
✦ get in touch

Contact.