Rohan Thapa Shrestha
Security Analyst | VAPT & Forensics
Security Analyst specializing in Vulnerability Assessment & Penetration Testing, Incident Response, and Blockchain Forensics. Focusing on securing networks and tracing digital threats.
01.About Me
Hello! I'm Rohan, a Security Analyst based in Kathmandu, Nepal. My journey into cybersecurity began with a foundation in Computer Science and front-end development, which gave me a unique perspective on how applications are built—and how they can be broken.
Currently working at Monal Tech, I spend my days conducting VAPT on networks and applications, investigating security incidents, and performing forensic analysis on blockchain transactions.
I am passionate about "learning by doing", constantly practicing in labs and simulations to stay ahead of emerging threats.
Education
BCS (Hons)
Sunway College of Kathmandu (2021-24)
Focus Areas
VAPT • SOC • Blockchain Forensics
Experience
Security Analyst
Monal Tech (Jun 2024 - Present)
02.Technical Arsenal
VAPT
Comprehensive vulnerability assessment and penetration testing on networks, web apps, and mobile applications.
Blockchain & Forensics
Tracing illicit crypto activities, ransomware payments, and digital evidence analysis for investigations.
Network Security
Deep understanding of protocols, traffic analysis, and network defense strategies.
SIEM & Monitoring
Log analysis, alert rule creation, and incident response using enterprise SIEM platforms.
03.Experience
Security Analyst
Monal Tech | Chabahil-7, Nepal
- ▹Conduct Penetration Testing and Vulnerability Assessments on client networks and applications.
- ▹Perform forensic analysis of cryptocurrency transactions using Chainalysis to trace fraud and ransomware.
- ▹Draft comprehensive VAPT reports with risk assessments and remediation plans.
- ▹Train team members and investigate security incidents and threats.
Front-End Developer (Intern)
Coding Glory | Kathmandu
- ▹Built responsive web pages using HTML5, CSS3, and React.js.
- ▹Collaborated on UI components and optimized website performance.
- ▹Gained hands-on experience with Git/GitHub and deployment processes.
Specialized Training
Cybersecurity & VAPT Intensive (7-12 Dec 2025)
Nepal Electricity Authority (NEA) | Pulchowk, Lalitpur
Completed an intensive 7-day cybersecurity training program focused on foundational VAPT concepts and hands-on lab exposure. The curriculum covered network security fundamentals, service enumeration techniques, and basic vulnerability identification methodologies.
Gained practical experience with web application security concepts aligned with OWASP Top 10, including vulnerability validation in controlled lab environments using industry-standard tools such as Nmap, Burp Suite, Nikto, and Wireshark.
Volunteer Role: Assisted coworkers during hands-on training sessions, helping participants understand networking concepts, tool usage, and troubleshooting common lab environment issues.
04.Case Studies & Labs
Web App VAPT
Methodology-focused case study on testing a mock e-commerce application. Identified SQL Injection and XSS vulnerabilities using Burp Suite.
Crypto Fraud Investigation
Simulated forensic investigation of a ransomware payment. Traced transaction hops using blockchain explorers to identify the destination wallet.
SIEM Alert Detection
Implemented Wazuh agents to detect SSH brute force attacks. Configured custom rules and dashboards to visualize attack patterns.
Security Automation
Created an automated workflow using n8n to parse phishing emails and check attachments against VirusTotal API.