Profiles search

Burman N.

Head of Information Security with CMU CISO Program Certification, CMU SEI Cyber Forensics and Incident Response (CyFIR) Professional Certification

Pittsburgh, PA, United States

Details

Education: Executive Education

CMU CISO Certificate Program

Carnegie Mellon University - Heinz College of Information Systems and Public Policy

2018 : 2019

Master of Science in Information Security Policy and Management (MSISPM)

Information Security Policy and Management

Carnegie Mellon University

2012 : 2014

ST (Bachelor Degree)

Informatics Engineering - Distributed System

Institut Teknologi Bandung (ITB)

1998 : 2002

High School

SMA Negeri 1 Palembang

1995 : 1998

Experience: 2021 : Present

Undisclosed Financial Services Company

Head of Information Security (EM)

Lecturer of Master of Information Technology :

1. Cryptography and Blockchain Technology

- Private and Permissioned Ethereum Blockchain

- Web3.js interaction to Solidity Smart Contract

2. Ethical Hacking and Incident Handling

- Regular Basic pentesting knowledge

2017 :

Swiss German University

Lecturer

* Provides advisory towards IT Security and conducts Incident Response and Investigation

* Validates alerts from Secure Email Gateway (SEG), End-user Detection and Responses (EDR) Console, towards email attachments with macro as malware dropper that has been downloaded to user's device. Tools : didier's oledump, OllyDbg, IDA Free.

* Conduct Incident Handling based on Security Orchestration Automation and Response (SOAR) ticket from multiple sensors such as Host Data Loss Prevention (Host DLP), Secure Access Service Edge (SASE), End-user Detection and Response (EDR), Secure Email Gateway (SEG) that were collected in Security Incident and Event Management (SIEM).

* Improve spoof mail threat detection time by decreasing validating time from L1-L3 down to 25% using Python script to consume the real-time SEG API by applying 3 strong indicators of spoof mail extracted from 20k+ spoof emails passed to user's inbox.

* Decreasing 10% of incident response time of docker incidents by automating artifact collection of incident from multiple nodes of dockers.

2020 : 2021

Undisclosed Technology Company

Technical IT Security Advisor and Investigator

Lead IT GRC Team to :

a. Run IT GRC Program :

Identify and enhance the list of IT assets;

Conduct and measure inherited IT risks from identified IT assets;

Write IT security policies based on last measurements;

Perform monitoring and measuring gap and deviation between policies and implementations;

Enhance existing policies;

Repeat.

b. Provide IT Security compliances advisory and technical control towards certain issues.

c. Conducted Digital Forensics Investigation towards hacking incidents on Cloud Provider VM instances. Tools involved : SDK connection from provider, SANS SIFT, The Sleuth Kit, Autopsy, Hopper Disassembler v4

2019 : 2020

Undisclosed Technology Company

IT Governance, Risk, and Compliance Officer

* Provided IT Technical Advisory for Payment System Industry and its security, including Digital Currency (CBDC), Chip Card Specification (NSICCS) and National QR Code (QRIS).

* Led Digital Forensics Team to conduct several internal IT incident cases, evaluated the root cause, and provide recommended course of action to increase governance and risk management in IT Operations. Tools involved : SANS SIFT, timeline analysis using Splunk

2018 : 2019

Undisclosed Company

Assistant Director

Company: Undisclosed Financial Services Company

Years of Experience: 23

Spoken Language: Bahasa Indonesia (Indonesian), English

Skills

Access Control, Business Continuity, Computer Forensics, Computer Security, Databases, Disaster Recovery, Enterprise Network Security, Ethereum, Identity and Access Management (IAM), Information Security, Information Security Management, Information Technology, iPhone, ITIL, IT Security Assessments, IT Security Operations, J2EE, Java, Java Enterprise Edition, JavaScript, Leadership, Linux, Networking, Network Security, Oracle, Penetration Testing, Pki, Programming, Requirements Analysis, Risk Management, SDLC, Security, Security Incident Response, Smart Contracts, Software Development, Solidity, SQL, Systems Analysis, Unix, Web3, web3.js

About

Detest stagnancy, love challenging jobs, self-motivated, and think out-of-box. Experienced in Java Development and Information Security, specialized in Cyber Forensics and Incident Response. A holder of EC-Council's Certified Ethical Hacker (CEH) v4.1, EXIN's ITIL V2, CERT® Certified Cyber Forensics and Incident Response (CyFIR) Track and ISC2 CISSP. CMU CISO Certificate Program graduate with Honorable Mention Project Group Final Presentation.

Specialties: IT Forensics (network and host-based), Secure Programming, Java Development, Penetration Tester, Computer Network Security, Cyber Forensics Analyst, Blockchain and Smart Contract Development on Ethereum.