I am an IT professional with a primary focus on offensive and application security engineering. I have been involved in hacking and security since 2009, with over 15 years of experience in the field. I have worked professionally in the IT industry for the past 7 years.
Since 2013, I have spoken about security topics as a keynote speaker and educator, providing practical cybersecurity mentorship, courses, seminars/webinars, and training workshops. I have been skilled in PHP programming and web development since 2011 and I am proficient in database management and GNU/Linux system administration.
Currently, I am building an Application Security (AppSec) program at the Batam Indonesia Free Zone Authority (BIFZA) as part of the software development process and assisting with penetration testing across all of our external surfaces, including actively monitoring digital assets. In my free time, I have helped identify and exploit security vulnerabilities in various global companies and organizations such as Cisco, Salesforce, Gojek, PUBG, ABB, MTN Group, government sites, and more.
During my tenure, I have excelled in:
- Building a scalable application security program with a DevSecOps initiative that helps organizations deliver more high-quality secure products/applications.
- Nurturing agile secure SDLC practices to ensure resilient and secure software development.
- Conducting thorough web application security assessments and penetration testing that assist organizations in mitigating risks before they are exploited by attackers.
- Leading vulnerability management efforts, including research, identification, triaging, and developing mitigation strategies that help organizations reduce their overall risks.
- Providing comprehensive cybersecurity training and mentoring, fostering a culture of awareness and vigilance.
- Spearheading cybersecurity strategic planning, policy development, and effective management.
Specialties
- Application Security Engineering
- Web Application Penetration Testing
- Cybersecurity Training & Mentoring
- Web Application Security
- Vulnerability Assessment & Management
- DevSecOps Engineering
- GNU/Linux System Administration
- PHP Programming
- Advanced Reconnaissance, OSINT, and External Attack Suface Management/Monitoring