Sarika Bhatta
Cybersecurity researcher,
technical writer,
and conference speaker.
Based in Kathmandu. Working at SecurityPal.
About
I’m a Cybersecurity Research Analyst at SecurityPal, where I evaluate security postures and help organizations understand their risk landscapes. Before that, I spent nearly three years as a Technical Writer at Programiz, making complex programming concepts accessible to millions of learners worldwide.
My work sits at the intersection of security research and clear communication. I believe that cybersecurity knowledge shouldn’t be locked behind jargon. It should be practical, understandable, and actionable, especially for small and medium enterprises in emerging economies.
I’m currently conducting independent research on cybersecurity maturity among SMEs in Nepal, examining how smaller organizations can adopt frameworks like NIST CSF without enterprise-level resources.
“Security is a process, not a product, and it starts with understanding.”
My approach to security research
Interests
Experience
2025 – Present
Cybersecurity Research Analyst
SecurityPal
Evaluating organizational security postures, conducting risk assessments, and contributing to security research that helps companies maintain robust compliance standards.
2022 – 2025
Course Author / Technical Writer
Programiz
Developed programming tutorials in Python, JavaScript, C#, SQL, and Java for a global audience of millions. Authored content on cybersecurity, web security, and ethical coding practices.
2019 – 2023
BSc. Computer Science & IT
Tribhuvan University
Developed a solid foundation in core computing concepts including data structures, operating systems, and databases, with a focus on computer networks and information security.
Certification
CompTIA Security+
Industry-standard certification validating core cybersecurity skills and knowledge.
Award
National First Runner-Up
Code for Change Hackathon: built Kheti City, an urban farming project integrating technology and sustainable practices.
Research & Speaking
SME Cybersecurity Maturity in Nepal
Ongoing Research
Investigating how small and medium enterprises in Nepal can assess and improve their cybersecurity posture using adapted frameworks like NIST CSF, despite limited resources and expertise.
Future Action Summit
Bangkok, Thailand
Presented on the challenges of implementing cybersecurity standards in developing economies, with a focus on practical, low-cost approaches for SME resilience.
APrIGF 2025
Asia Pacific Regional IGF
Contributed to discussions on internet governance, digital security policy, and the role of multi-stakeholder collaboration in strengthening regional cyber resilience.
Recent Writing
Why You Shouldn't Treat All Vendors Equally: The Key to Scalable TPRM
The biggest mistake TPRM programs make is treating every vendor equally. Here's a framework for triaging vendors based on inherent risk.
February 10, 2026
SOC 2 Type II Explained: Everything You Need to Know in Plain English
A plain-English walkthrough of SOC 2 Type II reports — what's inside them, how to read them, and why they matter for your organization.
July 16, 2025
Everything You Need to Know About Security, Compliance & Governance
A clear breakdown of the terms you'll encounter in information security — policies, standards, frameworks, regulations, and how compliance actually works.
May 8, 2025