About Me
Risal Muhammed Kizhakel Nasar
Cyber Security Engineering | Security Automation | Threat Detection | Technology Risk Management | Cyber Risk Analytics
I am a Cyber Security professional with over 16 years of experience across Technology, Financial Services and Insurance industries, including roles at PayPal, Prudential, Aviva, Grab and Credit Suisse.
My core focus is building automation-driven security engineering systems that reduce risk at scale.
I specialize in:
- Threat Detection Engineering
- Security Automation, Orchestration and Response
- Cyber Risk Analytics
- Cloud Security
- DevSecOps & CI/CD Security Controls
- Identity & Access Risk Analytics
- Data Security & Secrets Detection
- Vulnerability Management
- Data Loss Prevention
What I Actually Do
I design and build security systems that:
- Detect threats programmatically
- Correlate and enrich risk signals
- Automate remediation workflows
- Produce actionable analytics for management
- Scale securely in cloud-native environments
Much of my work involves Python-based automation platforms, data pipelines, Kubernetes deployments, CI/CD integration, and analytics-driven risk reduction.
I do not just assess risk — I engineer systems that continuously detect and reduce it.
Engineering Philosophy
Security should not depend on manual effort.
It should be:
- Automated
- Measurable
- Version-controlled
- Deployable
- Scalable
I have built platforms that reduced execution time by 75%, improved firewall rule accuracy from 50% to 95%, and automated vulnerability analytics on datasets exceeding 400,000 records.
I approach security like software engineering — because that is what modern security truly is.
Credentials
- CISSP
- CISA
- AWS Certified Security – Specialty
- Microsoft Azure Security Engineer Associate
First Class Honours Engineering Graduate from Nanyang Technological University (NTU), Singapore.
Why This Website Exists
This site is where I publish:
- Practical security engineering insights
- Automation patterns
- Threat detection implementations
- DevSecOps design concepts
- Risk analytics techniques
The goal is simple:
To contribute meaningful engineering knowledge to the security community — not theory, but implementation.