MS Cybersecurity @ NYU Tandon · Open to Opportunities

Adrian Necaj

Adrian
Necaj

Cybersecurity graduate student at NYU Tandon (4.0 GPA, Cyber Fellows Scholar) and Cyber Intern at the NYS Executive Chamber's Chief Cyber Office. RIT alum. Building real defenses for real threats — GRC, cloud security, threat intelligence, and research.

View My Work → Get in Touch

Who I Am

ABOUT ME

I'm a Master's student in Cybersecurity at NYU Tandon School of Engineering (4.0 GPA, Cyber Fellows Scholar), building on my B.S. in Computer Security from Rochester Institute of Technology, where I also minored in Web Development and immersed in Economics. I'm passionate about bridging technical security with organizational governance — making cybersecurity decisions align with business goals, risk appetite, and compliance standards.

Currently interning at the NYS Executive Chamber's Chief Cyber Office, where I map CIS Controls across state agencies, author weekly threat intelligence memos briefed to the Director of Security & Intelligence, and design incident reporting infrastructure. I identified unintended vulnerabilities during a beta test that triggered a formal red team review.

My academic work spans IEEE research on behavioral GRC, IoT network segmentation, cryptographic deepfake defense, and full-stack vulnerability management tooling. I'm fluent in English and Albanian, conversational in Spanish and French.

Location
Queens, New York City
Email
an4837@nyu.edu
Currently At
NYS Chief Cyber Office
MS Program
NYU Tandon · GPA 4.0
LinkedIn
in/anecaj
Languages
EN · AL · ES · FR
4.0
GPA at NYU
15+
Projects
4
Research Papers
🏛
Cyber Fellow

Capabilities

SKILLS

// Security & GRC

Governance, Risk & Compliance (GRC)
NIST / CIS / OWASP / MITRE ATT&CK
Penetration Testing & Ethical Hacking
Risk & Vulnerability Management
Threat Intelligence & Policy Writing

// Tools & Platforms

Nessus / Rapid7 / OpenVAS / Wazuh
SIEM / XDR / ServiceNow
AWS Security Groups, VPCs, NACLs
GNS3 / Active Directory / Virtualization
Linux · Windows · MacOS

// Development & Research

Python (Automation, Data Analysis)
R (Visualization, Statistical Analysis)
Secure Web Dev — HTML/CSS/JS/Flask/PHP
SQL / MySQL Database Design
Academic Research & IEEE Writing

Background

EXPERIENCE & EDUCATION

// Professional

FEB 2026 — PRESENT

Executive Chamber Cyber Intern

@ NYS Chief Cyber Office · New York, NY

Current Role
  • Coordinate state agency CIS Controls v8.1.2 mapping across IT and OT domains; build R/Python-embedded Excel workbooks to surface compliance gaps
  • Author weekly threat intelligence memos and AI policy research briefed to the Director of Security & Intelligence
  • Designed a cybersecurity incident reporting interface for the NYS CCO website; identified vulnerabilities during beta testing that prompted a formal red team review
  • Conduct policy research on disinformation countermeasures, rural hospital cybersecurity, and critical infrastructure

JAN 2023 — APR 2023

Information Security Intern

@ Rochester Institute of Technology

  • Integrated Rapid7 with ServiceNow to automate vulnerability management — reduced manual monitoring by 30%, improved response time by 20%
  • Conducted security assessments and vulnerability scans using Nessus and OpenVAS
  • Assisted in developing internal security policies and cybersecurity awareness training

AUG 2022 — DEC 2022

Jr. Application Administrator

@ Rochester Institute of Technology

  • Managed ServiceNow applications — software updates, bug fixes, customizations
  • Collaborated cross-functionally to integrate ServiceNow workflows across SecOps and ProCard teams
  • Developed documentation and SOPs to support platform maintenance and team onboarding

MAY 2019 — PRESENT

Doorman & Building Operations

@ Douglas Elliman Real Estate · NYC

  • Managed building logistics, security protocols, and resident communications at a high-profile NYC property
  • Demonstrated professionalism serving high-profile tenants; adapted operations during pandemic-era workflow changes

// Education & Certifications

SEP 2025 — MAY 2027

M.S. Cybersecurity

@ NYU Tandon School of Engineering

Current · 4.0 GPA · Cyber Fellows Scholar

Applied Cryptography, OS Security, Information Security & Privacy, Database Systems. Research: behavioral GRC, IoT segmentation, media provenance cryptography.

AUG 2019 — MAY 2024

B.S. Computer Security

@ Rochester Institute of Technology

Major in Cyber Security · Minor in Web Development · Immersion in Economics. Ethical hacking, risk management, digital forensics.
Dean's List '21–'24 · RIT Founders Scholarship · Major GPA 3.42

2015 — 2019

High School Diploma — 4.0 GPA

@ Benjamin N. Cardozo H.S., Queens NYC

Arista Honor Society · National Honors Society.

Certification

Google IT Support Specialization

@ Google / Coursera

Troubleshooting, networking, OS, system administration, and security fundamentals.

My Work

PORTFOLIO

State Government · Policy

NYS CCO Cyber Survey & Reporting Interface

CIS Controls v8.1.2 mapping across state agencies, R/Python data tools to surface compliance gaps, and a cybersecurity incident reporting interface that triggered a formal red team review after beta vulnerabilities were discovered.

CIS ControlsR & PythonThreat IntelPolicy
NYS Government · Internal

Web & Database

Vulnerability Management System

Three-tier Flask/MySQL CRUD application modeling a government cyber office workflow — tracking assets, CVEs, analyst assignments, and remediation actions. Includes ER model, stored procedures, ML risk-scoring function, and trigger automation.

FlaskMySQLPythonCVSS Scoring
NYU Coursework · Academic

Research · IEEE Paper

Behavioral Risk Integration in GRC Frameworks

Human-integrated GRC framework demonstrated 37.5% reduction in social engineering incidents (p<0.001) vs. traditional approaches. ML behavioral risk scoring achieved 82% predictive accuracy in a 200-user simulated enterprise over 30 days.

GRCMachine LearningIEEESocial Engineering
GitHub →

Research · IEEE Paper

IoT Network Segmentation for Residential Buildings

Simulated flat vs. VLAN-segmented architectures for 40 IoT devices using GNS3 and Python. Demonstrated 67% reduction in lateral movement success, 5x increase in time-to-compromise, and 180% improvement in detection rates via Zero Trust isolation.

GNS3VLAN / Zero TrustPythonIoT Security
GitHub →

Research · Applied Cryptography

Cryptographic Deepfake Defense System

C2PA-compliant media provenance system: ECDSA P-256 signing, SHA-256 content fingerprinting, perceptual hashing, and RFC 3161 trusted timestamping. Addresses deepfakes at capture-time — directly motivated by disinformation work at the NYS CCO.

ECDSAC2PApHashPKITLS 1.3
NYU Applied Cryptography

Malware Analysis

WannaCry Malware Analysis

Deep forensic analysis of WannaCry ransomware — encryption mechanism, lateral movement via EternalBlue/DoublePulsar, and kill-switch discovery. Controlled lab environment using Wireshark, x32dbg, VirusTotal, and MalwareDB.

ForensicsWiresharkx32dbgReverse Engineering
View on GitHub →

IoT Security · RIT Capstone

Lightweight IoT Authentication Protocol

Authentication protocol for resource-constrained IoT devices — comparative analysis of existing methods, implementation in simulated environments, dynamic key management to reduce computational overhead while enhancing security.

IoT SecurityCryptographyKey ManagementNIST
View on GitHub →

Cybersecurity Initiative

ReelEducation Security Program

Security design for a virtual education company — NIST air gap policies, VM hardening, VLAN/subnet enforcement, and CIS compliance framework. Comprehensive final report and presentation delivered to client.

NISTCISVM HardeningVLANs
View on GitHub →

Metadata & OSINT

TaleSocial Metadata Analysis

Full analysis of TaleSocial — HTML/CSS/JS parsing, WHOIS lookups, metadata exposure risk evaluation, and vulnerability identification. Actionable mitigation plans delivered in a structured client-facing report.

Metadata ForensicsOSINTWHOISPen Testing
Internal / Academic

Business Continuity

IT Disaster Recovery Plan

Full IT disaster recovery framework covering LAN, WAN, and remote connectivity — RTO/RPO objectives, failover procedures, key stakeholder identification, and department-specific recovery plans.

Disaster RecoveryBusiness ContinuityRTO / RPO
View on GitHub →

Policy & GRC

Cybersecurity Policy Briefs

Policy briefs on Facial Recognition Technology and the Data Economy — applying a public policy lens to technical cybersecurity issues with regulatory and strategic analysis. Evidence-based recommendations.

Policy WritingGRCFRTData Economy
View on GitHub →

Risk Management

Healthcare Risk Assessment Scenario

Comprehensive risk assessment for a teaching hospital — FIPS 199 categorization, MITRE ATT&CK and STRIDE threat modeling, and quantitative/qualitative risk mitigations for critical patient data systems.

FIPS 199MITRE ATT&CKSTRIDEHIPAA
View PDF →

Full Stack Development

AdrianHub — Personal Portfolio Platform

Full-stack interactive portfolio with Google Analytics integration, modal pop-ups, hover effects, and Git version control. HTML5, CSS, PHP, JavaScript, Bootstrap.

HTML5 / CSSPHPJavaScriptGoogle Analytics
Live Site →

Writing

LATEST POSTS

// Loading posts...

View All Posts →

Get in Touch

CONTACT

Let's Connect

Whether you want to discuss an open role, talk threat intelligence, collaborate on research, or just connect with someone who thinks constantly about cybersecurity risk — reach out. Queens, NYC. Open to remote and hybrid.

an4837@nyu.edu
📍
Queens, New York City
🎓
NYU Tandon · MS Cybersecurity · 2027

// MS Cybersecurity student (May 2027). Open to summer 2026 internships, full-time security engineering and GRC roles post-graduation, and consulting engagements. NYC-based, open to remote.

Download Resume →
Connect on LinkedIn →