Siriwat (Tenny) Vongtip

Cybersecurity Specialist & Technology Strategist

Education

Masters in Information Security Engineering

SANS Technology Institute
2023 - 2026

Bachelor of Science in Computer Science

Southern New Hampshire University
2021-2023

GIAC Web Application Penetration Tester (GWAPT)

GIAC
September 2025

GIAC Security Essentials (GSEC)

GIAC
May 2023

GIAC Certified Incident Handler (GCIH)

GIAC
August 2023

GIAC Certified Intrusion Analyst (GCIA)

GIAC
November 2023

GIAC Strategic Planning, Policy & Leadership (GSTRT)

GIAC
May 2024

GIAC Defense Security Architecture (GDSA)

GIAC
January 2025

GIAC Cloud Security Automation (GCSA)

GIAC
March 2025

CompTIA A+

CompTIA
December 2021

Languages

  • English (Native)
  • Thai (Conversational)

Interests

  • Cybersecurity Research
  • Cloud Security Architecture
  • Network Security Engineering
  • IoT Security
  • Threat Intelligence
  • Security Automation

Blog

Cybersecurity & Technology Blog

Welcome to my blog where I share insights on cybersecurity, technology trends, and professional development in the field of information security.

DevSecOps CI/CD Security NIST Research Federal Security

From Pipeline to Policy: Writing a Research Whitepaper on Federal CI/CD Security

How my hands-on experience building CI/CD pipelines turned into a formal research whitepaper mapping federal security guidance against real-world pipeline vulnerabilities.

From Pipeline to Policy: Writing a Research Whitepaper on Federal CI/CD Security

One of the most rewarding parts of the SANS Master’s program has been the push to take what you’ve seen in production and turn it into something rigorous. For my research project, I’m doing exactly that: writing a whitepaper that bridges the gap between federal CI/CD security guidance and what actually shows up in real pipelines.

Where the Idea Came From

I’ve spent years building and maintaining CI/CD pipelines across GitHub Actions, GitLab CI/CD, and Azure DevOps. Two patterns kept showing up regardless of team size or agency:

Read More →
GWAPT Web Application Security Penetration Testing Burp Suite Krakow

GWAPT Journey: The Reality of Web Application Security Testing

Exploring the challenges and time-intensive nature of web application security testing, even with professional tools like Burp Suite.

GWAPT Journey: The Reality of Web Application Security Testing

As I prepare for my upcoming GWAPT (GIAC Web Application Penetration Tester) certification, I’ve been reflecting on the incredible complexity and time-intensive nature of web application security testing. It’s fascinating how the virtual world has evolved to such an accessible state, yet the underlying security challenges remain as intricate as ever.

The Time Investment Reality

One of the most eye-opening aspects of web application security testing is just how time consuming it can be. Even with professional-grade tools like Burp Suite Professional at your disposal, the process requires an immense amount of patience, persistence, and deep technical understanding.

Read More →
DevSecOps Cybersecurity CI/CD Azure DevOps

DevSecOps Best Practices: Integrating Security into CI/CD Pipelines

Exploring effective strategies for integrating automated security scanning into modern development pipelines.

DevSecOps Best Practices: Integrating Security into CI/CD Pipelines

In today’s rapidly evolving cybersecurity landscape, the integration of security practices into the development lifecycle has become paramount. DevSecOps represents a cultural shift that emphasizes the importance of security as a shared responsibility across development, operations, and security teams.

The Foundation of DevSecOps

DevSecOps builds upon the principles of DevOps while adding security as a core component. This approach ensures that security is not an afterthought but rather an integral part of the development process from the very beginning.

Read More →