Yogi Kortisa

Offensive & Application Security Engineer

kortisa.com yogikortisa@gmail.com 0895-2381-5871 -

Summary

I’m a Cybersecurity Professional focusing primarily on application/product security engineering and penetration testing. I have been in hacking and security since 2009, and I have experience working for a company and the government professionally for the past six years. I have talked about various topics on information security as a keynote speaker and educator since 2013 and provide practical cybersecurity online courses, training, seminars, and workshops. I have been skilled in PHP programming and web development since 2011, database management, and GNU/Linux system administration.

Currently, I’m building application security (AppSec) programs with the DevSecOps initiative at Batam Indonesia Free Zone Authority (BIFZA) as part of the secure software development processes and aiding with vulnerability management across all of our internal and external surfaces, including active monitoring of digital assets. In my free time, I have helped identify and exploit security vulnerabilities in various global companies and organizations, such as Cisco, Salesforce, Gojek, PUPG, ABB, MTN Group, government sites, and more.

Core Competencies

Web Application Penetration Testing, Web Application Security, Application Security Engineering, Vulnerability Assessment & Management, GNU/Linux System Administration, Cybersecurity Training/Mentoring, and Community Building.

Education & Certification

2024 Certified Network Security Practitioner (CNSP), The SecOps Group

2024 Web application Penetration Tester eXtreme (eWPTX), INE

2023 CompTIA PenTest+, CompTIA

2022 Certified AppSec Practitioner (CAP), The SecOps Group

2022 Certified Network Defender (CND), EC-Council

2020 Certified Ethical Hacker (CEH) Practical, (expired) EC-Council

2020 Junior Penetration Tester (eJPT), eLearnSecurity

2020 Certified Secure Computer User (CSCU), EC-Council

2017 FORESEC Certified Network Security (FCNS), FORESEC

2013-2017 Bachelor of Applied Science (BASc), Multimedia Networking, GPA: 3.64, State Polytechnic of Batam

Experiences

2022-present Offensive & Application Security Engineer, BIFZA - Batam Indonesia Free Zone Authority

Building a scalable application security program with a DevSecOps initiative that helps BIFZA deliver more high-quality secure products/applications.
Nurturing agile secure SDLC practices to ensure resilient and secure software development.
Conducting thorough Vulnerability Assessment & Penetration Testing (VAPT) that assist BIFZA in mitigating risks before they are exploited by attackers.
Leading vulnerability management efforts, including research, identification, triaging, and developing mitigation strategies that help BIFZA reduce their overall risks.
Providing comprehensive cybersecurity training and mentoring, fostering a culture of awareness and vigilance.
Spearheading cybersecurity strategic planning, policy development, and effective management.
Effectively manage tasks while providing mentorship to junior security team members.
Lead research and development efforts in security and hacking, staying at the forefront of emerging threats and technologies.

2021-present Founder, Security Researcher & Consultant, hackerotodidak.com

Cybersecurity consultancy and education services. Providing vulnerability assessment, web application penetration testing, application security program building, DevSecOps implementation, cybersecurity education, training, and mentoring.

2021-present Independent Security Researcher, various VDP & BBP

Security research on various Vulnerability Disclosure Program (VDP), Bug Bounty Program (BBP), and platforms such as HackeOne and YesWeHack. I found security vulnerabilities recognized by Cisco, Salesforce, Gojek, PUPG, ABB, MTN Group, government sites, and more.

2013-present Cyber Security Educator, various edutech platform, event, and private 1-on-1

Offering private online courses on IT security and practical ethical hacking through various platforms such as superprof.co.id. Deliver keynote speeches on IT security at national events, IT community gatherings, local police departments, colleges, high schools, and more.

2024 Cybersecurity Mentor, skilvul.com

IBM SkillsBuild for AI Cybersecurity Bootcamp Program.

2023 Cyber Security Instructor, polibatam.ac.id

Delivered two days of Penetration Testing Internal Boot Camp: Web Pentesting Fundamental. Cyber Security Engineering study program, State Polytechnic of Batam.

2022-2023 Cyber Security Instructor & Mentor, Sekolah Hacker (sekolahdigitalcilsy.com/hacker)

Online Bootcamp and Mentoring Program face to face (live) to educate you to become a Cyber Security Engineer Red team in 16 weeks with guaranteed job acceptance. I achieved the distinction of Best Instructor in batches 13 and 17.

2022 Cyber Security Mentor, adinusa.id

Cyber Security Mentor at Cybersecurity Training Sub Batch 1 2022 - Mastercard Academy 2.0.

2022 Cyber Security Trainer, rainusa.co.id

Delivered two days of full Cybersecurity Training with high-quality materials for several corporate IT staff.

2019-2022 Application Engineer, Security Champion, BIFZA - Batam Indonesia Free Zone Authority

Observe, synthesize, theorize, explore, design, develop, test, implement, improve, scale-up application at BIFZA.
Building a Security Champions program to bridge security gaps between development, operations, and security departments.
Conducting research on Application Security (AppSec) and Vulnerability Management programs.
Providing assistance with penetration testing across both our internal and external surfaces, including actively monitoring digital assets.

2017-2019 Full-stack Developer & Lead Software Engineer, PT Indonesia Villajaya

Lead and manage a team of programmers, coach and guide the development of the team members, share knowledge, motivate and inspire others to generate new ideas, estimate time to accomplish programming tasks and commit to meeting all objectives.
Build customized Enterprise Resource Planning (ERP) system, Point of Sales (POS), recruitment online, and other web-based application systems, system integration, API, etc.
Monitoring and maintaining for existing applications in entire branch offices as well as observe for any potential improvements.

Publications

“Not Your Typical” Cybersecurity Awareness Training, Udemy Course

SQL Injection Detection Using Code Review & Penetration Testing, Academic Journal

This study aims to test the effectiveness of the methods Code Review and Penetration Testing in detecting SQL injection security holes in the web application.

Multiple Vulnerabilities Found at surabaya.go.id, Hackerotodidak Blog

I described the process of how I found multiple vulnerabilities on a government site.

Data Breached: 5.399 Data Pribadi CPNS Pemko Batam 2018 Bocor!, Hackerotodidak Blog

How I accidentally found my PII leaked on the internet caused by security issues on a government site.

Talks

2024 Responsible Disclosure: Let’s be Friends with Hackers & Hack Ethically!, Keynote Speaker - JogjaCyberSecurity Zero to Hero #3

2022 Berkarier Sebagai Cyber Security, Keynote Speaker - Sekolah Hacker

2022 Cyber Incident Management, Moderator - Peresmian Tim Tanggap Insiden Siber CSIRT – BP Batam

2022 Free Open Source Software (FOSS) Day 2022: “Open Source For All Generations”, Panelist - Batam Linux User Group (BLUG)

2021 Responsible Disclosure Policy dan Web Security Assessment Sebagai Solusi Keamanan Aplikasi Web, Keynote Speaker - Kick-Off dan Pembentukan Advisory Board Polibatam Cyber Team

2021 Benchmarking: Pengelolaan Security Operation Center (SOC) untuk kegiatan Pengembangan Laboratorium SOC-RKS, Moderator - Program Studi Rekayasa Keamanan Siber Politeknik Negeri Batam

2021 Keamanan Digital Online Shop dan Maraknya Penjualan Data Pribadi, Panelist - TechoTalk Cyber Charity

2021 Bootcamp #1: Cybersecurity Fundamental, Mentor - Hacker Otodidak Bootcamp

2021 The Myth of Social Engineering: “Phising Teknik Kacangan, Data Saya Aman Dibagikan, Siapa Juga yang Mau Hack?”, Panelist - Batam IT Security (BITS)

2020 Turn Back Cybercrime Through Open-Source Intelligence (OSINT), Keynote Speaker - Akademi Berbagi Nasional (akademiberbagi.org)

2020 Hack Yourself Before Others Do! Introduction to Offensive Cybersecurity, Keynote Speaker - Rainusa & Surabaya Hacker Link

2020 Belajar Linux? Apa Ada Untungnya?”, Keynote Speaker - Belajar & Berbagi (B&B) Batam Linux User Group (BLUG)

2018 Cybersecurity Awareness Pada Pelaksanaan Pemilu 2019, Keynote Speaker - Local Police Department (POLDA Batam)

2018 Free Open Source Software (FOSS) Day 2018: “Community Meet Up”, Moderator - Batam Linux User Group (BLUG)

2015-2016 Practical Ethical Hacking with Kali Linux, Trainer - Open Source Competition (OSC) CTF Category

2015 Web Development Fundamental Workshop, Trainer - Batam Linux User Group (BLUG)

2015 GNU/Linux & Open Source Fundamental, Keynote Speaker - Free Open Source Software (FOSS) Day

2015 Networking with GNU/Linux, Trainer/Mentor - SMK Real Informatika

2013-2017 Network Security Training, Trainer - Batam Linux User Group (BLUG)

Projects

HackerOtodidak.com - Cybersecurity consulting & cyber education learning platform to become an Ethical Hacker by autodidact way.

Batam Open Source & CTF Competition (OSC) - The first and largest Open Source & CTF competition held in Batam every year.

Free Open Source Software (FOSS) Day - The first and largest annual celebration, exhibition, public education effort with the aim of increasing awareness of Free & Open Source Software (FOSS) and its virtues, and encouraging its use held in Batam every year.

Application Security (AppSec) Program at BIFZA - Build AppSec security program and integrate into software development process.

Penetration Testing on JALA System - Conduct penetration testing on a web application.

Vulnerability Assessment on Scuto Gading Serpong - Conduct vulnerability assessment on a web application.