whoami
Security Engineer @ Dkatalis. I find vulnerabilities before attackers do.
Previously secured platforms at Gojek (30M+ users) and GovTech Edu under Ministry of Education, Culture, Research and Technology (50M+ users).
Discovered a vulnerability in Google Cloud's firewall product that affected users worldwide—Google patched it globally. Earned $50,000+ in bug bounties by proving payment systems could be exploited.
Beyond breaking things, I build them: threat intelligence pipelines, AI-assisted code review systems, and security automation that scales. I write about what I learn.
skills
credentials
Certs: OSCP, OSWE, CREST CRT/CPSA
Education: MBA (Quantic), Computer Science (BINUS)
ls writing/
-
CTI: Dark Web Credential Monitoring Is Expensive Regret Notification
What processing 500GB of stealer logs daily taught me about threat intelligence. Credential monitoring is sold as early warning but often acts as late-stage notification.
-
They Tested Everything Except What Failed
Dissecting the Rp 270 billion ($16.8M) Indonesian securities breach. Four firms compromised despite passing security audits.
-
Google Cloud Armor Vulnerability Discovery
Found a critical WAF bypass in Google Cloud Armor. Google patched it globally.
-
Beyond SAST: Building a Multi-LLM Judge
Using multiple LLMs as judges to cut through SAST false positives. Context-aware security analysis that actually finds real bugs.
-
Strategic Detection Engineering at Scale
Building proactive threat detection for government platforms serving 50M+ users. Detection over reaction.
ls projects/
-
Threat Intelligence Platform
500GB+/day processing • 3TB peaks • 790k+ records per search
Distributed threat intelligence system built to handle massive data volumes that commercial platforms couldn't address affordably. Multi-component architecture with load-balanced data ingestion, automated discovery pipeline for continuous monitoring, and analysis engine for credential validation.
Key win: Identified exposed VPN credentials before attackers accessed them, enabling proactive security intervention.
Python, NLP Classification, Data Pipeline Architecture, Queue Management -
JA3 DDoS Mitigation System
Stopped 65M+ req/sec from 20,000+ distributed IPs
Solution addressing a government platform's massive DDoS attack where traditional IP blocking proved ineffective due to the attack's distributed nature. Deep traffic analysis revealed SSL/TLS client fingerprint patterns.
Key win: Discovered all attack traffic used only 3 JA3 fingerprints despite thousands of source IPs—enabled complete attack blockade. Contributed JA3 support to Terraform's GCP provider for automated future prevention.
Google Cloud Armor, JA3 Fingerprinting, Terraform, SSL/TLS Analysis -
SAST-LLM Judge
Multi-AI pipeline for real vulnerability detection
Multi-AI system reducing false positives in static analysis security testing. Traditional SAST tools flood teams with noise—this system actually understands context. Pipeline: Claude Code analyzes codebase and traces data flows → DeepSeek and OpenAI assess independently → Claude API judges findings → Generates JIRA tickets with exploitation paths.
Tested against: OWASP NodeGoat and Juice Shop vulnerability test suites.
Claude API, DeepSeek, OpenAI, Python github.com/jjoelk/sast-llm-judge -
Security Asset Dashboard
Post-merger infrastructure visibility at GoTo
Unified security visibility platform correlating cloud infrastructure and API gateway data. Automated system integrating multiple data sources: fetching VM/computing assets from GCP, retrieving API inventory from Kong, correlating with security assessment records, and linking issues to remediation merge requests.
Key questions answered: VM internal/external classification, vulnerability assessment completion status, API penetration testing coverage.
GCP APIs, Kong API Gateway, Dashboard Development