Hi, I'm Navya Shah

Solving Problems at the Intersection of Product, Finance, and Security

I find the gaps - in products before they launch, in systems before they break, in processes before they slow someone down.
I work at the intersection of systems, data, and product, using Python, Java,SQL, and structured analysis to solve technical and operational problems. I’m interested in building reliable systems that support high-impact environments.

View My Work Get In Touch
Navya Shah

About Me

With a foundation in Economics and Data Science, I'm building my experience in cybersecurity by pursuing a Master's in Cybersecurity Engineering at USC, along with COMPTIA Security+ certification and Google's Cybersecurity Certificate. I'm passionate about data privacy and its far-reaching impact, particularly in protecting organizations that people trust every day. I deeply resonate with the ethical responsibility the role demands and believe it aligns with my values of ensuring equitable and trustworthy access to technology. With strong communication and programming skills, I want to support meaningful work and learn to stay resilient when facing an increasingly complex digital landscape.

My journey into building my career is rooted in my interdisciplinary background. I earned my BA in Economics and Data Science with a minor in Business Law from the University of Southern California, where I cultivated a deep understanding of how data, markets, and regulation interact. My interest in tech had always been present, but it was through working on real-world problems in finance, healthcare, and public policy that I became drawn to protecting the very systems that power modern life.

Throughout my undergraduate years, I worked on projects and internships that combined analytical thinking with purpose. At IREP Credit Capital, I supported rural entrepreneurship through micro-lending strategies. At Dalton Investments, I analyzed high-growth companies in emerging markets to inform investment decisions. And as a founding team member of Biokind Analytics, I partnered with healthcare nonprofits to streamline operations using data. In each of these roles, the increasing relevance of digital trust became impossible to ignore and I knew I wanted to be part of building modern systems from the ground up.

Now, as I approach my full-time role, I bring a unique lens: one shaped by economics, grounded in ethics, and powered by a passion for using tech to drive social good.

5+

Personal Projects

100+

Security Controls Mapped

5

Internships Experience

Experience

Cybersecurity Product Intern

Spin.AI

Sept 2025 - Present

Evaluating SaaS applications for security features, identity access models, and architectural risks. Mapping security controls to frameworks such as SOC 2 and NIST to improve compliance visibility.

  • What I learned: Developed expertise in SaaS security assessment, understanding how identity access models and architectural risks impact organizational security posture
  • What I learned: Gained deep knowledge of compliance frameworks (SOC 2, NIST) and how to map security controls to meet regulatory requirements
  • What I offer: Ability to evaluate and assess SaaS applications for security risks, translate technical findings into actionable recommendations, and contribute to product security roadmaps that enhance organizational compliance visibility

Information Security Intern

Quantech Datascience

Jun 2025 - Aug 2025

Assisted with vulnerability scans and SIEM investigations, supporting incident detection and response. Researched SaaS threat trends and attacker tools, producing intelligence briefs.

  • What I learned: Hands-on experience with vulnerability management and SIEM tools, understanding how to detect and investigate security incidents
  • What I learned: Developed research skills in threat intelligence, learning to analyze attacker methodologies and emerging SaaS security trends
  • What I offer: Practical skills in incident detection and response, threat research capabilities, and the ability to develop security policies and align IAM practices with organizational needs

Financial Analyst Intern

IREP Credit Capital

May 2024 - Jul 2024

Designed a loan default tracker analyzing 1,000+ accounts, improving accuracy of risk monitoring by 20% using behavioral buckets. Synthesized market data into insights for portfolio strategy.

  • What I learned: Developed analytical skills in risk assessment and data-driven decision making, understanding how to identify patterns and improve monitoring accuracy
  • What I learned: Gained experience in synthesizing complex data into actionable insights that inform strategic decisions
  • What I offer: Strong analytical and risk assessment capabilities, ability to work with large datasets, and translate data insights into strategic recommendations—skills directly applicable to threat analysis and security risk management

Teaching Assistant - Object-Oriented Programming

University of Southern California

Aug 2023 - May 2025

Supported 100+ students through help sessions and assignment reviews, clarifying coding concepts. Collaborated with professor to create grading rubrics that improved course feedback by 15%.

  • What I learned: Developed strong communication and teaching skills, learning to explain complex technical concepts clearly and adapt explanations to different learning styles
  • What I learned: Gained experience in creating structured frameworks (grading rubrics) that improve processes and outcomes
  • What I offer: Excellent communication skills for collaborating with security teams, ability to document processes and create clear frameworks, and experience in continuous improvement—valuable for security awareness training, documentation, and team collaboration

Skills & Technologies

Technical Skills

Python
Java
SQL
Linux/Unix

Security & Compliance

IAM & Access Reviews
Vulnerability Scanning
SIEM (Splunk)
SOC 2 & NIST

Tools & Technologies

AWS
Active Directory
Tableau
Wireshark

Projects and Research

Continuous Compliance Engine (SOC 2 Controls-as-Code)

Built an internal compliance monitoring web app that evaluates SOC 2 controls (CC6.1, CC7.2, CC8.1) and PCI DSS controls (PCI.DSS.1.1, PCI.DSS.1.2, PCI.DSS.1.3) using mocked system evidence, stores immutable audit-ready snapshots + evaluations in PostgreSQL, and surfaces compliance status through a clickable dashboard with control-level drilldowns and alerts.

SOC 2 Automation FastAPI PostgreSQL
View on GitHub

Commons — AI-Powered Student Networking Platform

A campus-exclusive web app built at AthenaHacks 2025 that connects students based on shared courses, interests, and mentorship preferences. Used the Gemini API to power AI-driven peer recommendations beyond basic course matching. Contributed to full-stack development across the React frontend and Node.js/Express backend, and helped shape the UI and user flows in Figma. Features include .edu email verification, real-time messaging, advanced filtering, and opt-in peer mentorship matching. Awarded Best Hack in Tech at AthenaHacks 2025.

React Node.js MongoDB Gemini API Figma Tailwind CSS
View Demo

Policy Project

This project focuses on the design and evaluation of security policies for organizations handling electronic Protected Health Information (ePHI). The work applies industry standards such as HIPAA and the NIST 800-66 framework to analyze access control, encryption, data segregation, logging, and recovery mechanisms across on-prem and cloud environments. Using a real-world healthcare data workflow, the project translates regulatory requirements into enforceable technical controls, demonstrating how security policy design directly impacts confidentiality, integrity, and availability in sensitive systems.

HIPAA Compliance Access Control NIST Framework ePHI Security
Download PDF

Research Paper: Decentralized Key Management

This research paper explores decentralized key management systems and how they challenge traditional Public Key Infrastructure (PKI) models. The paper analyzes how blockchain-based frameworks, decentralized identifiers (DIDs), and threshold cryptography redistribute trust away from centralized authorities and toward cryptographic protocols. Through architectural analysis and real-world case studies, the work evaluates the security benefits, scalability, and trade-offs of decentralized key management.

Decentralized Key Management Blockchain Security Cryptography
Download PDF

Research Paper: Biometric Authentication

This paper examines biometric authentication systems through the lens of privacy, security failures, and global regulation. It analyzes biometric error models, data integrity risks, and the consequences of irrevocable identity compromise, while comparing regulatory approaches across the United States, Europe, India, and China. highlights the tension between convenience, surveillance, and user privacy, and emphasizes the need for stronger governance as biometric technologies become increasingly embedded in everyday systems.

Biometric Authentication Privacy Security Analysis
Download PDF

Cybersecurity Consulting Case Challenge

This challenge simulated a cybersecurity consulting engagement, requiring the assessment of organizational security risks, threat exposure, and control gaps under real-world constraints. The work focused on translating technical findings into business impact, prioritizing risks, and proposing mitigation strategies aligned with operational and regulatory considerations. The final deliverable emphasized structured analysis and clear recommendations tailored to for the client.

Cybersecurity Consulting Risk Assessment Threat Modeling
Download File

Get In Touch

Let's work together!

I'm always interested in new opportunities and exciting projects. Whether you have a question or just want to say hi, I'll try my best to get back to you!

navyashah6@gmail.com
Los Angeles, CA 90007
University of Southern California

Get In Touch

Click the button below to send me a message through Google Forms.

Send Message

This will open a secure Google Form in a new tab where you can send me your message.