Harry Sunaryo — KPI Dashboard

Releases Shipped

v0.1 → v1.2

Products Built

production

Customers

active

Tasks Logged

25 closed

Research Topics

self-initiated

Internal Apps Managed

solo

Performance Overview

Key Performance Indicators

NO	KEY PERFORMANCE INDICATOR	TARGET	BOBOT (%)	CATATAN REALISASI
1	Frekuensi aplikasi yang berhasil dibuat dalam kurun waktu yang ditetapkan (1 April 24 - 31 Maret 25)	Minimal 4 item	25%	1. Cyber Command - Ticketing System SOC. 2. SOC Remediation Tools 3. SOC Report Generator 4. CSIRT Portal
2	Pengembangan aplikasi tepat waktu sesuai dengan rencana yang ditetapkan	Kesesuaian launch app dengan rencana	15%	Ritme Pengembangan: • 42 total rilis dalam 14 bulan (April 2025 – Mei 2026). • Menjaga ritme mingguan yang konsisten sesuai permintaan Tim SOC untuk Cyber Command. Sorotan Produk: • Cyber Command (v1.2.0): Case Management, RBAC, AI Integration, dan Dashboard. • Remediation Tools: Eksekusi berbasis antrean dan integrasi CrowdStrike/SentinelOne. • CSIRT Portal: Feed CVE real-time, NVD NIST API, dan dasbor intelijen ancaman.
3	Service up time dan reliability dari aplikasi yang aktif digunakan terjaga dengan baik	Rata rata penilaian 3	10%	Perbaikan Bug/Pembaruan: Migrasi domain (ps→es), pemutakhiran PHP 8.2 & CI4 (ES Discovery), penyelesaian korupsi DB/dampak BCP, pembaruan library kedaluwarsa untuk 4 aplikasi internal. Pemantauan Kesehatan: Pemeliharaan mandiri (solo) kesehatan layanan SOC (WA Notif, Remediation, Report Gen), standby harian termasuk akhir pekan/hari libur.
4	Waktu perbaikan sesuai dengan yang telah ditetapkan	- Aplikasi Produksi: < 4 jam (SLA) - Aplikasi Non-Produksi: < 2 hari (Upaya Terbaik)	10%	Produksi: Cyber Command, SOC Report, Remediation Tools, CSIRT Portal. Non-Prod/Internal: ES Discovery, Catalog, PM Catalog, Data Protection, Knowledge Base. Dikelola mandiri dengan ketersediaan on-call 24/7 termasuk hari libur.
5	Kelengkapan dokumen teknis dan penyimpanan source code	100% dokumen tersedia	10%	1. Tersedia dokumentasi proyek (README) di Azure DevOps 2. Tersedia catatan rilis di halaman web (Riwayat rilis lengkap terjaga)
6	Melakukan research dan insight/rekomendasi teknologi yang relevan dan dapat digunakan untuk mendukung pekerjaan, tim atau kebutuhan customer	Minimal 1 insight teknologi per quarter dapat dimanfaatkan dan terdokumentasi	10%	Teknologi Produksi Utama: • Supabase (Realtime, Auth, RPC) • WAHA (Integrasi WhatsApp) • Cloudflare Pages/Tunnel • Azure KQL (Dasbor) Riset & Eksplorasi: • AI Agents (CrewAI, Langgraph) • Agentic AI (Open Code/Paperclip) • Databricks & Azure AI Foundry • NVD NIST API integration
7	Tugas dari atasan terlaksana dan mengkoordinasikan pekerjaan harian dengan baik	Tersedia daftar tasks mingguan dan update status harian	10%	Alat & Infrastruktur: • ES Knowledge Base: Portal mandiri untuk manajemen tugas dan koordinasi tim. • Notion: Repositori terpusat untuk MoM dan dokumentasi proyek. Aktivitas & Kolaborasi: • Pertemuan Pagi: Sinkronisasi harian dan pembaruan status yang konsisten. • Pair Programming: Pengembangan kolaboratif dengan Glenn (Pair Programmer).
8	Creativity	Inovasi dalam pemilihan teknologi	5%	• Supabase (PostgreSQL RPC): Memindahkan logika kompleks ke database untuk performa maksimal dan kemudahan pemeliharaan. • WAHA & Bot Automation: Notifikasi WhatsApp real-time yang andal untuk tim operasional SOC. • Cloudflare Ecosystem: Akses aman via Tunnel dan hosting performa tinggi via Pages. • Modern Web Frameworks: Penggunaan React untuk dashboard yang responsif dan ringan. • Agentic AI Implementation: Langchain, LangGraph, Ollama, Opencode, dan Paperclip. • Google Stitch: Implementasi framework desain untuk estetika UI/UX yang lebih premium dan intuitif.
9	Information Seeking	Proaktif mencari tren teknologi baru	5%	• Melakukan riset mendalam terhadap Backend-as-a-Service (BaaS) yang menghasilkan implementasi Supabase dengan performa tinggi. • Investigasi protokol komunikasi WhatsApp yang stabil untuk menemukan solusi WAHA sebagai pengganti library lama. • Eksplorasi Google Stitch dan prinsip desain modern untuk meningkatkan kualitas visual dan pengalaman pengguna.

Core Work

SOC Products Built

Product 01

Cyber Command

Full-featured ticketing & case management system for SOC operations. 13 releases this cycle, serving 4 customers.

React Supabase Case Mgmt SLA Engine AI Insights WhatsApp

Product 02

SOC Report Generator

Automated, templated PDF report generation for SOC deliverables. Turns raw incident data into structured customer-ready reports.

Python Jinja2 PDF Templating

Product 03

SOC Remediation Tools

Integration layer enabling automated endpoint security actions across 4 major platforms from a single interface.

Python OpenTAXII SentinelOne CrowdStrike TrendMicro

Product 04

CSIRT Portal

Cyber threat intelligence portal with live CVE feeds, image galleries, and curated Google Alerts by threat category.

React Supabase NVD NIST Unsplash API Google Alerts

Commercial Impact

Customers Handled

BQUIK

AEON Mall

Compnet

Namicoh

Solo Maintainer Note

Harry is the only person maintaining all SOC services. This includes working outside office hours and remaining standby during public holidays to ensure notification pipelines and uptime are maintained across all 4 customer environments.

Delivery Cadence

Release History

Releases per Month

By Release Type

Version	Product	Date	Release	Type	Highlights

Execution

Task & Work Breakdown

Task Status Distribution (43 tasks)

Finished22

Completed3

Executing4

On Hold7

Open7

↑ 58% of tasks fully resolved (finished + completed)

Tasks by Work Category

Bug / Tshoot

Feature

DevOps/Infra

Integration

Research

32.5% troubleshooting reflects real-world solo maintainer workload

Legacy Maintenance

Internal Apps Portfolio

Apps Under Management

ES Catalog

Maintenance

Bug fixes, domain migration, string updates PS→ES

ES Discovery

Upgrade

Full migration to PHP 8.2 + CI4. First CI/CD + automated testing implemented via Azure Pipelines.

ES PM Catalog

Maintenance

DB tshoot, library updates, department rename

ES Data Protection

Maintenance

Bugfixes, BCP impact recovery

Notable Activities

MIGRATION

Domain: ps.compnet.co.id → es.compnet.co.id across all internal apps

UPGRADE

ES Discovery → PHP 8.2 + CI4 + Azure Pipeline CI/CD (first in team)

SUPPORT

Assisted Pak Syaiful (Asisten Manager) with critical app bugs and database recovery

FIRST TEST

First automated testing written on any project this cycle — ES Discovery

Self-Initiated

Research & Exploration

Topics Explored (not assigned — personal initiative)

AI Agent (CrewAI) Langchain + Langgraph Agentic AI (Open Code, Paperclip) Databricks Azure ACA / Functions / Logic Apps / AI Foundry AWS Lambda + SQS Cloudflare Worker / Pages / Tunnel / D1 JIRA (Custom SLA, Apps, Confluence) Azure Pipelines CI/CD

All research self-initiated. Several findings directly influenced production decisions (Azure Pipeline → CI/CD for ES Discovery, Agentic AI → active daily use in development workflow).

Narrative

What This Year Tells

From Research to Real Revenue

Started this SOC journey from scratch — from researching tools (JIRA), to building a full custom ticketing platform, to now running it for 4 paying customers. The entire product lifecycle was owned by one person.

Developer + Maintainer + Support

Not just building features — Harry is the solo on-call engineer for all SOC services. Weekend tshoot, holiday standby, notification health checks. No team backup. 100% solo ownership.

CI/CD & Testing Milestone

First ever CI/CD pipeline implemented via Azure Pipelines on ES Discovery. First automated tests written. A foundation for better engineering practices — now needs to be extended across all projects.

AI as Daily Tooling

Actively using Open Code + Paperclip as an AI pair programmer for orchestrating dev work. Research in CrewAI and Langchain directly feeding into the AI SOC Agent roadmap.

Identified Gap — Testing Coverage

Testing is the known debt. Due to time constraints as a solo maintainer across both SOC and internal apps, automated tests have only been implemented on ES Discovery. This is a clear priority for the next cycle — bring testing to all active projects, especially Cyber Command and the Remediation Tools.

Own Initiative

ES Knowledge Base

SELF-INITIATED PROJECT · ACTIVE

ES Knowledge Base

A dedicated project portal built this year that now powers task management for Harry and Glenn (pair programmer). Replaced ad-hoc tracking with a structured system. The fact that this was self-initiated and became team infrastructure says everything about ownership mentality.

Total Projects

all categories

In Production

live & running

Customers Served

OTO, SOC, PSSE

Tech Stack Items

learned & used

AI-Integrated Projects

AI-powered

Innovations Built

novel solutions

Performance Overview

Key Performance Indicators

NO	KEY PERFORMANCE INDICATOR	TARGET	BOBOT (%)	CATATAN REALISASI
1	Frekuensi aplikasi yang berhasil dibuat dalam kurun waktu yang ditetapkan (1 April 24 - 31 Maret 25)	Minimal 4 item	25%	1. Cyber Command - Ticketing System SOC. 2. SOC Remediation Tools 3. SOC Report Generator 4. CSIRT Portal
2	Pengembangan aplikasi tepat waktu sesuai dengan rencana yang ditetapkan	Kesesuaian launch app dengan rencana	15%	Manajemen Rilis: • Menjaga siklus rilis yang konsisten untuk semua 14 portofolio proyek. • Memberikan pembaruan tepat waktu untuk alat keamanan inti termasuk PS Suite, Presence, dan SAP. Kontribusi Inti: • Alat Keamanan: Pengembangan PhishReport dan Alat Phishing. • Migrasi Legacy: Pemeliharaan dan pembaruan berkelanjutan untuk platform legacy internal.
3	Service up time dan reliability dari aplikasi yang aktif digunakan terjaga dengan baik	Rata rata penilaian 3	10%	Perbaikan Bug/Pembaruan: Migrasi domain (ps→es), penyelesaian korupsi DB/dampak BCP, pembaruan library kedaluwarsa untuk aplikasi internal, anti breached SLA function, Customer Report Cyber Command, dan Notification. Pemantauan Kesehatan: Pemeliharaan mandiri (solo) kesehatan layanan SOC, standby harian termasuk akhir pekan/hari libur.
4	Waktu perbaikan sesuai dengan yang telah ditetapkan	- Aplikasi Produksi: < 4 jam (SLA) - Aplikasi Non-Produksi: < 2 hari (Upaya Terbaik)	10%	Produksi: JIRA Cloud, Confluence SOC, WA Bot, AWS SOC Automation, SOC Extension. Non-Prod/Internal: PS Suite, Presence, SAP, PhishReport, riset ATC. Pemelihara tunggal untuk semua alat keamanan dan infrastruktur IR.
5	Kelengkapan dokumen teknis dan penyimpanan source code	100% dokumen tersedia	10%	1. Tersedia dokumentasi proyek (README) di Azure DevOps 2. Tersedia catatan rilis di halaman web
6	Melakukan research dan insight/rekomendasi teknologi yang relevan dan dapat digunakan untuk mendukung pekerjaan, tim atau kebutuhan customer	Minimal 1 insight teknologi per quarter dapat dimanfaatkan dan terdokumentasi	10%	Teknologi Produksi Utama: • Supabase Realtime • WhatsApp Bot automation • AWS Lambda SOC pipeline • Quasar/AstroJS & Extensions Riset & Eksplorasi: • Generative AI (Gemini/OpenAI) • MITRE ATT&CK mapping • SIGMA rules • k6/JMeter performance testing
7	Tugas dari atasan terlaksana dan mengkoordinasikan pekerjaan harian dengan baik	Tersedia daftar tasks mingguan dan update status harian	10%	Alat & Koordinasi: • ES Task Management: Alat internal untuk pelacakan aktivitas harian. • Notion / JIRA: Digunakan untuk catatan rapat dan manajemen tugas proyek. Aktivitas Rutin: • Sinkronisasi Harian: Pertemuan pagi dan pelaporan status yang konsisten. • Koordinasi Tim: Komunikasi proaktif di berbagai proyek keamanan internal.
8	Creativity	Inovasi dalam pemilihan teknologi	5%	• Supabase (PostgreSQL RPC): Memindahkan logika kompleks ke database untuk performa maksimal dan kemudahan pemeliharaan. • WAHA & Bot Automation: Notifikasi WhatsApp real-time yang andal untuk tim operasional SOC. • Cloudflare Ecosystem: Akses aman via Tunnel dan hosting performa tinggi via Pages. • Modern Web Frameworks: Penggunaan Quasar & AstroJS untuk dashboard yang responsif dan ringan. • Agentic AI Implementation: Membangun AI Agents untuk otomatisasi alur kerja keamanan yang kompleks. • Automated PDF Engine: Solusi kreatif pembuatan laporan SOC otomatis menggunakan engine berbasis Puppeteer. • Google Stitch: Implementasi framework desain untuk estetika UI/UX yang lebih premium dan intuitif.
9	Information Seeking	Proaktif mencari tren teknologi baru	5%	• Melakukan riset mendalam terhadap Backend-as-a-Service (BaaS) yang menghasilkan implementasi Supabase dengan performa tinggi. • Investigasi protokol komunikasi WhatsApp yang stabil untuk menemukan solusi WAHA sebagai pengganti library lama. • Mempelajari teknologi Secure Tunneling dan Edge Computing yang mendasari penggunaan Cloudflare Ecosystem. • Analisis benchmark performa frontend modern yang berujung pada pemilihan Quasar & AstroJS untuk dashboard SOC. • Riset arsitektur Agentic AI (CrewAI, Langgraph) untuk mengaktifkan kapabilitas agen keamanan otonom. • Eksplorasi Google Stitch dan prinsip desain modern untuk meningkatkan kualitas visual dan pengalaman pengguna. • Studi mendalam tentang otomatisasi browser yang menghasilkan solusi Puppeteer PDF Engine untuk pelaporan.

Core Work

Project Portfolio

By Status

Production

Suspended

Internal

Hold

By Category

SOC

Security

Internal Tool

Research

Project	Customer	Status	Type	Tech Stack	AI

Stakeholders

Customers & Teams

OTO

Automotive

● CLIENT

SOC Team

Internal Security

● INTERNAL

PSSE

Internal Team

● INTERNAL

Bea Cukai

Government

● CLIENT

Activity

Project Timeline

Projects Started per Month

By Project Type

Development

DevOps

Innovation

Maintenance

Research

Growth

Tech Learnings

Skills Acquired & Applied This Cycle

Frontend

Vue 3 Composition API

Quasar Framework

AstroJS

Storybook

Vue-KBar

Real-time charts (Supabase)

UI/UX Redesign

Browser Extension Dev

Backend

ExpressJS

Laravel

Golang

Supabase

xAPI & LRS

AWS Lambda / API Gateway / SQS

JIRA Cloud API

Confluence Integration

Gemini Integration

CrewAI

RAG with Langchain

OpenAI Integration

DevOps

Conventional Commits

Performance Testing (k6, JMeter)

Cloudflare Tunnel

PM2

Sentry Integration

Lazy-loading optimization

Security

MFA Implementation

Email Security Bypass

SLA Counter

MITRE ATT&CK Framework

RAW Log Processing

Highlights

Standout Contributions

SOC Infrastructure Built from Zero

Deployed JIRA + Confluence SOC setup, WhatsApp automation, and AWS Lambda SOC pipeline — forming the backbone of what would later become Cyber Command.

Security Awareness Platform (OTO)

Full redesign to LinkedIn-style learning UI, Gophish deep integration, quiz management with import — delivered to an external paying customer.

Phishing Tool (OTO)

End-to-end phishing campaign platform. Learned customer environment integration, email security bypass, and stress-tested with k6 & Apache JMeter.

AI SOC Agent Research

Pioneered CrewAI-based AI Agent exploration for SOC automation. Goal-based reasoning, external tool connections, and self-improvement pipeline prototyped.

Foundation Year — From Security Projects to SOC Platform

This year established the full SOC stack from scratch: ticketing (JIRA), automation (AWS Lambda, WhatsApp), browser tooling (SOC Extension), and the AI Agent groundwork. All of this became the direct foundation for the FY 2025–2026 Cyber Command platform.

Self-Initiated

Research & Exploration

Topics Explored

Gemini AI Integration CrewAI Agent Framework RAG with Langchain OpenAI Integration AWS Lambda / API Gateway / SQS Supabase Realtime MITRE ATT&CK Framework Email Security Bypass k6 Performance Testing Cloudflare Tunnel Browser Extension Dev xAPI & LRS SIGMA Detection Rules