Cybersecurity Portfolio

Didiet has 5 years of experience in cybersecurity, familiar with multiple IT security best practices such as PCI-DSS, ISO 27001, CIS controls, and NIST Cybersecurity Framework.

Services Offered:

• IT Security Architecture
• IT Audit General Control
• Governance, Risk and Compliance (GRC)
• Vulnerability Assessment and Penetration Testing
• Information Security Incident Response

Certifications:

1. 2019, SISA Infosec, Certified Payment Card Industry Security Implementer (CPISI)
2. 2019, EC-Council, Certified Secure Computer User (CSCU)
3. 2017, Cisco Certified Network Associate CyberOps (CCNA CyberOps)
4. 2017, Cisco, Introduction to Cybersecurity
5. 2016, EC-Council, Certified Network Defender (CND)
6. 2016, Rapid7 Tech Workshop (Nexpose, AppSpider)
7. 2015, TrendMicro, DeepSecurity
8. 2015, Digital Forensics
9. 2014, Pentest and Forensics
10. 2013, EC-Council, Certified Ethical Hacker (CEH)
11. 2008, Bina Nusantara, Wireless Security

Project & Experience

IT General Control Audit

Business Challenge: The use of significant / dominant IT in business processes and financial transactions in a company makes the company must be able to understand and respond to risks arising from the use of IT.

Various IT audit drivers must be carried out by an entity, namely the rules / regulations of the government, operational effectiveness and governance, process improvement and to meet the certification standards.

Solution: Testing of general IT controls includes policies, procedures and their application that meet the principles: confidentiality, confidentiality, integrity, availability, authentication, and non- repudiation.

Reference: UU ITE No 11 tahun 2008, 38/POJK.03/2016, 21/SEOJK.03/2017, 16/8/PBI/2014.

Data Center Assessment (TIA-942)

Signaling IDS

Technology Enablers: SecurityGen.

Threat Intelligence Platform

Technology Enablers: Anomali Threatstream.

Network Detection Response (NDR)

Technology Enablers: Darktrace

Web Application Firewall (WAF)

Business Challenge: Keep away bad actors, botnets, and malicious traffic from accessing/ snooping the web application but in the process, it must not block legitimate traffic from accessing the web application.

Technology Enablers: WAF Cloudflare.

Security Information and Event Management (SIEM) Migration

Technology Enablers: AlienVault, Security Onion.

Vulnerability Management

Technology Enablers: Tenable Nessus, Rapid7 Nexpose, OpenVAS.

Penetration Testing Web Application using OWASP Methodology

Methodology: OWASP Web Security Testing Guide. 

Technology Enablers: OWASP ZAP.

Penetration Testing using NIST SP800-115 Methodology

Business Challenge: Every day there is always a vulnerability found by individuals or researchers in various software. System components, processes and software must be tested frequently to ensure security is maintained over time. Information system security control testing is very important to be carried out in any environmental changes such as the presence of new software or configuration changes to the system.

Solution: Test and assess information system security technically, analyze findings, and make mitigation strategies.

Methodology: NIST Special Publication 800-115, Technical Guide to Information Security Testing and Assessment. 

Penetration Testing Wireless Infrastructure

Business Challenge: Ensuring robust wireless network security, mitigating risks and vulnerabilities of Wireless Network.

Technology Enablers: InSSIDer, Aircrack-ng, Wireshark, Cain & Abel.

Low-Interaction Honeypot

Technology Enablers: Mikrotik RouterOS, Mikrotik as Low-Interaction Honeypot.

Port-Knocking

Technology Enablers: Mikrotik RouterOS, Port Knocking.

--

Didiet Kusumadihardja

 

You could reach me here.