About Me.

// introduction

I'm Rizky Aditya, a cybersecurity professional based in South Jakarta, Indonesia, working across Governance, Risk & Compliance (GRC), Offensive Security, and Security Operations. I help organizations build security programs that hold up under audit and under attack.

On the governance side, I deliver ISO/IEC 27001, 27701, and 42001 consulting — from gap analysis through certification — alongside risk assessments, SoA development, and UU PDP compliance advisory. On the offensive side, I conduct web application, mobile, and API penetration tests following OWASP and PTES methodology. On the blue team side, I have hands-on experience deploying and operating SIEM environments, building detection rules, and coordinating incident response for clients in banking, healthcare, and critical infrastructure.

I hold Lead Auditor certifications in ISO 27001, 27701, and 42001 from Mastermind Assurance, alongside ISC2 Certified in Cybersecurity and several other professional credentials. Currently contributing to 24+ engagements at Whitesec ID.

// expertise

grc

  • · ISO/IEC 27001:2022 Implementation & Certification
  • · ISO/IEC 27701 Privacy Information Management
  • · ISO/IEC 42001 AI Management System
  • · Gap Analysis & Readiness Assessment
  • · Risk Assessment & Risk Treatment Plan
  • · Statement of Applicability (SoA) Development
  • · Security Policy & Procedure Development
  • · Internal Audit Support & Evidence Preparation
  • · Incident Management & Response Planning
  • · Business Continuity & Disaster Recovery Planning
  • · Third-Party & Supplier Risk Management
  • · Data Protection Impact Assessment (DPIA)
  • · UU PDP Compliance Advisory
  • · Security Awareness Program Development
  • · Asset Management & Information Classification
  • · Compliance Monitoring & Continuous Improvement

vapt

  • · Web Application Penetration Testing
  • · Mobile Application Security
  • · API Security Testing
  • · Vulnerability Assessment
  • · OWASP Top 10 Assessment
  • · Attack Surface Analysis

sec-eng

  • · SIEM Deployment & Configuration (Wazuh / ELK)
  • · Threat Detection Rule Development
  • · Log Analysis & Alert Triage
  • · Security Event Monitoring
  • · Endpoint Telemetry Analysis
  • · Incident Response Support
  • · Linux Security Hardening
  • · SOC Operations Support

// certifications

isoISO 27001:2022 Lead Auditor
isoISO 27701:2025 Lead Auditor
isoISO 42001:2023 Lead Auditor
securityCertified in Cybersecurity
securityStudent Summit 2025
securityEthical Hacker
securityBug Bounty Masterclass
securityOWASP Top 10 2025
cloudCloud Technical Essentials
cloudCybersecurity Professional
cloudSecurity, Compliance and Identity Fundamentals