CHINMAY DHARAP

  |    |  

Certifications | Internship experience | Projects | Education | Publications | Awards | Volunteering | Blog

WHO AM I?

"A Cyber Ninja: Sharp, Ambitious, Knowledge-Hungry, and Ready to Multitask My Way Through Any Security Challenge!"

INTERNSHIP EXPERIENCE

Cuddlytails Inc. | Jersey City, New JerseyApr 2025 - July 2025

What did I do in my tenure?

• Reduced enterprise security risk by 25% by aligning 60+ internal policies with NIST SP 800-53, SP 800-171, and NIST CSF, strengthening compliance across IAM, MFA, Patch Management, and OT domains
• Accelerated SOC 2 readiness and security review efficiency by 40% by conducting end-to-end technical control gap assessments and streamlining design documentation
• Improved mobile application QA turnaround by 20% by identifying and reporting 25+ security bugs through manual and exploratory testing simulating real-world attacker behaviours
• Increased regulatory alignment across security protocols by conducting vulnerability analysis and mapping 100% of findings to frameworks like NIST and ISO 27001

Techincal Consulting & Research Inc. | Weston, ConnecticutSep 2024 - Mar 2025

What did I do in my tenure?

• Contributed to AI/ML security knowledge base by co-authoring a peer-reviewed paper presented at ASEE-NE 2025, advancing best practices for AI-driven privacy, misinformation, and secure digital behavior
• Increased cybersecurity awareness for 100+ small business participants by leading a Holiday Cybersecurity webinar through Virginia SBDC, covering common threat vectors and secure design principles
• Produced 3 technical whitepapers improving organizational tool adoption by analysing Azure WAF, Zscaler, and NIST 800-171 implementations and recommending compliance improvements
• Helped design AI security defenses for LLMs by simulating threats like prompt injection and data exfiltration, applying attacker-centric thinking to support runtime defense strategy development

Stevens Inst of Technology | Hoboken, New JerseyJun 2023 - May 2024

How I got the job:

• There was an attack on Stevens Community. One of the student's account was compromised and the attacker sent phishing emails from that account to alot of people at Stevnes
• I also got two emails and I understood that it was phishing so I wrote a brief report about it and sent it to the CISO and VP of IT Division at stevens. Luckily, because of that report they understood the scale of the attack and it was immediately mitigated
• Then two weeks later I got a call from CISO at Stevens and offered me this position

What did I do in my tenure?

• Accelerated incident response by monitoring and investigating 45-50 security incidents daily. I utilized Microsoft Defender for Office 365 and Armis to identify threats and respond swiftly.
• Ensured secure access for nearly 50,000 users by managing user access and authentication processes, leading to improved identity management. This was done through Okta, where I performed log analysis to investigate and resolve authentication-related incidents.
• Enhanced phishing incident response by being the only Student Worker with Security Administrator (second-highest in org) privileges, enabling faster resolution of access control issues. I assisted in performing soft deletes and managing Access Control Lists (ACLs) during phishing campaigns using elevated access permissions.
• Boosted security posture by 35% through optimizing vulnerability management. I led weekly vulnerability scans using Qualys and coordinated with the network team to prioritize and implement patches for critical vulnerabilities across on-prem servers and various campus departments.
• Reduced user account compromises by 60% and improved network security by isolating malicious and compromised devices, which boosted overall security by 65%. I achieved this by contributing to the Protect Stevens Initiative through effective collaboration with security teams.
• Maintained 100% endpoint compliance by implementing and enforcing endpoint security policies, resulting in enhanced device security. I used Microsoft Intune and Endpoint Central to ensure that Stevens-managed devices adhered to security policies such as Bitlocker compliance.
• Streamlined cybersecurity operations and improved response time by authoring Incident Response Playbooks and Standard Operating Procedures (SOPs). I created comprehensive documentation that improved team efficiency during incidents.
• Enhanced security team's ability to stay ahead of emerging threats by conducting research on threat actors and addressing security concerns in alignment with Protect Stevens protocols. I regularly analyzed industry reports and contributed insights to threat hunting efforts.
• Strengthened cybersecurity defenses by participating in adversary emulation and threat hunting exercises, leading to the mitigation of critical risks. I worked closely with the team to identify and emulate potential attack vectors, refining the organization's defense strategies.

Awards & Recognitions 🏆

• Passion for Technology Graduate Award: Awarded from over 8,000 students across campus for exceptional contribution to Stevens Cybersecurity Team and as one of only 2 students to hold the prestigious Information Security Specialist role

References:

#	Name	Position	Recommendation
1	Jeremy Livingston	Chief Information Security Officer	Letter of Recommendation
2	Rafat Azad	Cybersecurity Engineer	Letter of Recommendation

A. P. Shah Institute of Technology | Thane, IndiaJun 2021 - May 2022

What did I do in my tenure?

• Engineered a secure, CMS-based academic portal using PHP and MySQL, improving accessibility by 60% for 200+ users while ensuring robust protection of academic data and enabling future scalability through modular backend architecture.
• Architected and implemented role-based access controls (RBAC) across three granular permission tiers, reducing access misconfigurations by 70% and enforcing least privilege principles at the application level to mitigate lateral movement risks.
• Hardened the web application against common injection attacks by integrating input validation, output sanitization, and parameterized SQL queries, achieving a 90% reduction in the injection attack surface in alignment with OWASP secure coding practices.
• Developed a custom authentication framework leveraging PHP-native password hashing algorithms and minimized direct DB privileges, reducing the likelihood of credential theft and brute-force attacks by 50% and supporting secure user session management.
• Refactored the codebase into modular components and optimized SQL queries, reducing backend maintenance efforts by 50% and enabling faster feature deployment and easier security auditing for long-term system maintainability.
• Led the migration to a CMS-backed content update model, streamlining faculty workflows and reducing manual update errors, while incorporating secure SDLC principles and CI-ready deployment processes to ensure safe and consistent releases.

PROJECTS

Project RapidLock: Real-Time Physical Threat Containment

Oct 2023 – May 2024

Tools used: MS Power Automate

Learn more

Project Title: Project RapidLock: Real-Time Physical Threat Containment

Overview:

This project aimed to automate the emergency doors lockdown process at Stevens using Microsoft Power Automate, improving security response times in critical situations.

Context:

Stevens Police Department needed a stable solution for initiating a full campus lockdown. The existing process required connecting to a VPN, logging into a server, and manually initiating lockdown mode for all campus doors controlled by a Transact System. This multi-step process was time-consuming and inefficient in emergency situations.

Challenge:

The manual steps involved in initiating a campus-wide lockdown delayed response times and required multiple actions that could complicate the process during an emergency.

Solution:

Using Microsoft Power Automate, I developed a cloud-based flow that mimicked the entire process of logging into the client and initiating the lockdown mode. To enhance security, we installed the flow directly on the main server and restricted access to a single individual’s Stevens account, protected by 2FA. We also integrated a physical button compatible with Power Automate for faster activation of the lockdown.

Implementation Details:
Input:

• Power Automate Flow: The flow automates logging into the Transact System client and initiating the lockdown.
• Physical Button: A compatible button that triggers the flow when pressed.

Flow Breakdown:

• Cloud Flow Automation: The flow logs into the Transact System, navigates to the door monitoring client, and triggers the lockdown sequence.
• Security Enhancements: Access was restricted to the Stevens Police account, which was protected by two-factor authentication (2FA).

Output:

The automation drastically reduced the time to initiate a lockdown and simplified the process for Stevens Police.

Impact:

The Police department appreciated the solution, and after successful testing, the physical button was implemented as a quick and secure way to trigger a campus-wide lockdown.

Close

NetSentry: Intelligent Subnet Discrepancy Detector

Sep 2023 – Oct 2024

Tools used: Python, Excel

Learn more

Project Title: NetSentry: Intelligent Subnet Discrepancy Detector

Overview:

The objective of this project was to automate the verification of network subnet boundaries during the configuration of an active network mapping tool. This script compares original network configurations against exported data from the tool, streamlining the process and reducing manual effort.

Context:

As part of adding a new network mapping tool to our infrastructure, the network team defined the network boundaries, which the security team needed to verify. The task involved comparing two large Excel sheets: one with the original configurations and another with the tool’s exported data. Manual comparison was inefficient, so I developed a Python script to automate this process.

Challenge:

Manually cross-checking hundreds of rows of network subnets in Excel was time-consuming and prone to error, making the process cumbersome.

Solution:

The solution involved creating a Python script that automatically compares the network addresses between the two sheets and identifies any mismatches. Below is a detailed breakdown of the approach:

Implementation Details:
Input:

• 2 Excel File:
  One for the original subnet list and another for the exported data from the tool.
• Columns:
- List 1: Original subnet configurations.
- List 2: Exported configurations from the network tool.

Script Breakdown:

• IP/Subnet Extraction: The script extracts the IP address and subnet from each entry using a regular expression:

• Network Calculation: Converts the IP and subnet into a network address:

• Comparison Logic: Compares the extracted network addresses from List 2 with those from List 1:

Output:

The script produces a status report that adds a new column to the Excel sheet, indicating whether each network address is correctly configured or not.

Sample Example:

Here's a small example of how the script checks for mismatches

Close

VulnFlow: Automated Vulnerability Data Cleanup Engine

Jul 2023 – Sep 2023

Tools used: Qualys, Python, Bash, Excel

Learn more

Project Title: VulnRefine: Automated Vulnerability Data Cleanup Engine

Overview:

The objective of this project was to automate the cleaning of raw vulnerability data from Qualys, making it compatible with Grafana for data visualization. The automation reduced manual effort and made the process more efficient.

Context:

During a Vulnerability Assessment and Penetration Testing (VAPT) task, we were using Grafana to visualize vulnerability data. However, the raw output from Qualys was incompatible with Grafana’s validation requirements, requiring manual cleaning of the data to make it suitable for visualization.

Challenge:

Manually cleaning the raw data from Qualys for multiple scan result files was a tedious process, taking at least an hour each time.

Solution:

To streamline the process, I developed a Python script to automate the cleaning of Excel files. The script removed unnecessary columns, reformatted the data to meet Grafana’s validation requirements. After rigorous testing over three months, we implemented the automation for weekly use, saving approximately two hours per week as the script now completes the process in a matter of seconds.

Implementation Details:
Input:

• Raw output Excel files from Qualys containing vulnerability data.

Key Automations:

• Deleting unnecessary rows: The script automatically skips the first few rows in each file that contain irrelevant information not required for Grafana ingestion.

• Renaming columns: The script changes column headers (e.g., renaming ‘Asset Tags’ to ‘Asset Group’) to match Grafana's requirements.

• Adjusting risk scores: The script updates the risk score in certain cases, such as when an asset is classified as "Internet Facing," ensuring accurate data representation.

• Removing unnecessary tags: The script filters and removes tags not relevant to the analysis, leaving only essential tags for Grafana's dashboard.

• VLOOKUP implementation: A VLOOKUP function is included to merge additional data (such as server types) from a separate lookup file into the main file.

Output:

The script outputs a cleaned Excel file that is compatible with Grafana for direct use in dashboards.

Impact:

The automated solution saved up to two hours of manual work per week, allowing the security team to focus on higher-value tasks. The script now processes multiple scan result files in a matter of seconds.

Close

EDUCATION

PUBLICATIONS

• Piliouras, T., & Crasto, S., & Dharap, C., & Yu, P. L., & Gupta, N. (2025, March), "Teaching Students Essential Survival Skills in the Age of Generative Artificial Intelligence Critical Thinking, Digital Literacy, and Cybersecurity Awareness" Paper presented at 2025 Northeast Section Conference, University of Bridgeport, Bridgeport, CT. 10.18260/1-2-1115.1153-54984  

AWARDS

• Passion for Technology Graduate Award: Awarded from over 8,000 students across campus for exceptional contribution to Stevens Cybersecurity Team and as one of only 2 students to hold the prestigious Information Security Specialist role

• Leading by Example Award: Honoured for exemplary service and commitment as a returning peer mentor for 2 consecutive semesters by guiding students through their academic & social integration, demonstrating a strong example for fellow mentors

• Ultimate Team Player Award: Recognized as being one of 25 mentors from nearly 2,600 students, for mentoring incoming international masters students, to help them transition into Graduate Life at Stevens