ES Developer · Digital Interaction
KPI Period: Apr 2025 – Mar 2026
Solo Maintainer · Full-Stack · AI
Products: 4 · Customers: 4
Harry Sunaryo
Year in Review
Programmer / ES Developer — Annual Performance Summary — FY 2025–2026
00
Penilaian Kerja
Sasaran Hasil (KPI Scorecard)
NO KEY PERFORMANCE INDICATOR TARGET BOBOT CATATAN REALISASI NILAI
1 Frekuensi Pengiriman Produk
Frekuensi aplikasi yang berhasil dikembangkan (Apr 2025 - Mar 2026).		 Minimal 4 produk inti 25% Berhasil mengembangkan 4 platform inti hingga versi stabil v1.2+:
  • Cyber Command (v1.2.0 - Case Mgmt)
  • SOC Remediation Tools (v1.1.7 - Queue/CrowdStrike)
  • SOC Report Generator (v1.2.0 - PDF Engine)
  • CSIRT Portal (v1.2.0 - CTI Hub)
 4
2 Ketepatan Waktu Pengiriman Proyek
Kesesuaian peluncuran aplikasi dengan rencana strategis yang ditetapkan.		 Sesuai rencana peluncuran 15% Mengirimkan 42 rilis selama 14 bulan, menjaga ritme pengembangan dua mingguan untuk Cyber Command dan alur kerja JIRA SLA. 4
3 Keandalan & Uptime Layanan
Menjaga stabilitas layanan produksi aktif dan pipa data kritis.		 Rata-rata skor keandalan ≥ 3 10% Mengimplementasikan Service Health History (v1.2.0) dan Notification Logging (v1.1.1). Memperbaiki logika anti-breach dan bug refresh status untuk memastikan uptime 100%. 4
4 Efisiensi Resolusi (MTTR)
Kecepatan perbaikan dari deteksi bug hingga resolusi akhir di semua lingkungan.		 SLA Produksi & Non-Prod 10% Mengimplementasikan Dynamic SLA Resolution by Priority (v1.1.2) dan Analyst Load Charts (v1.1.9) untuk mengoptimalkan waktu resolusi. 4
5 Tata Kelola & Dokumentasi
Kelengkapan dokumentasi teknis dan standar penyimpanan repositori source code.		 100% ketersediaan dokumen 10% Menjaga kepatuhan README 100% di Azure DevOps. Mengimplementasikan Asset Critical Labels dan Triage Guidelines (v1.1.4). 4
6 Riset & Inovasi Teknologi
Melakukan riset dan memberikan wawasan teknologi untuk mendukung tim/pelanggan.		 Minimal 1 wawasan per kuartal 10% Menerapkan riset ke produksi: Azure KQL-to-Canvas (AI), WhatsApp Community Notifications, dan NVD NIST CVE API (v1.1.3). 4
7 Koordinasi & Manajemen Tugas
Pelaksanaan tugas atasan dan koordinasi operasional harian yang efektif.		 Daftar tugas mingguan & update harian 10% Menginisiasi ES Knowledge Base dengan manajemen tugas; menjaga rutinitas Morning Meeting dan MoM Notion. 4
01
Core Work
SOC Products Built
Product 01
Cyber Command
Full-featured ticketing & case management system for SOC operations. 13 releases this cycle, serving 4 customers.
React Supabase Case Mgmt SLA Engine AI Insights WhatsApp
Product 02
SOC Report Generator
Automated, templated PDF report generation for SOC deliverables. Turns raw incident data into structured customer-ready reports.
Python Jinja2 PDF Templating
Product 03
SOC Remediation Tools
Integration layer enabling automated endpoint security actions across 4 major platforms from a single interface.
Python OpenTAXII SentinelOne CrowdStrike TrendMicro
Product 04
CSIRT Portal
Cyber threat intelligence portal with live CVE feeds, image galleries, and curated Google Alerts by threat category.
React Supabase NVD NIST Unsplash API Google Alerts
02
Commercial Impact
Customers Handled
BQUIK
AEON Mall
Compnet
Namicoh
Solo Maintainer Note
Harry is the only person maintaining all SOC services. This includes working outside office hours and remaining standby during public holidays to ensure notification pipelines and uptime are maintained across all 4 customer environments.
03
Delivery Cadence
Release History
Releases per Month
By Release Type
Version Product Date Release Type Highlights
04
Execution
Task & Work Breakdown
Task Status Distribution (43 tasks)
43 TASKS
Finished22
Completed3
Executing4
On Hold7
Open7

↑ 58% of tasks fully resolved (finished + completed)

Tasks by Work Category
Bug / Tshoot
14
Feature
12
DevOps/Infra
6
Integration
7
Research
4

32.5% troubleshooting reflects real-world solo maintainer workload

05
Legacy Maintenance
Internal Apps Portfolio
Apps Under Management
ES Catalog
Maintenance
Bug fixes, domain migration, string updates PS→ES
ES Discovery
Upgrade
Full migration to PHP 8.2 + CI4. First CI/CD + automated testing implemented via Azure Pipelines.
ES PM Catalog
Maintenance
DB tshoot, library updates, department rename
ES Data Protection
Maintenance
Bugfixes, BCP impact recovery
Notable Activities
MIGRATION
Domain: ps.compnet.co.id → es.compnet.co.id across all internal apps
UPGRADE
ES Discovery → PHP 8.2 + CI4 + Azure Pipeline CI/CD (first in team)
SUPPORT
Assisted Pak Syaiful (Asisten Manager) with critical app bugs and database recovery
FIRST TEST
First automated testing written on any project this cycle — ES Discovery
06
Self-Initiated
Research & Exploration
Topics Explored (not assigned — personal initiative)
AI Agent (CrewAI) Langchain + Langgraph Agentic AI (Open Code, Paperclip) Databricks Azure ACA / Functions / Logic Apps / AI Foundry AWS Lambda + SQS Cloudflare Worker / Pages / Tunnel / D1 JIRA (Custom SLA, Apps, Confluence) Azure Pipelines CI/CD

All research self-initiated. Several findings directly influenced production decisions (Azure Pipeline → CI/CD for ES Discovery, Agentic AI → active daily use in development workflow).

07
Narrative
What This Year Tells
From Research to Real Revenue
Started this SOC journey from scratch — from researching tools (JIRA), to building a full custom ticketing platform, to now running it for 4 paying customers. The entire product lifecycle was owned by one person.
Developer + Maintainer + Support
Not just building features — Harry is the solo on-call engineer for all SOC services. Weekend tshoot, holiday standby, notification health checks. No team backup. 100% solo ownership.
CI/CD & Testing Milestone
First ever CI/CD pipeline implemented via Azure Pipelines on ES Discovery. First automated tests written. A foundation for better engineering practices — now needs to be extended across all projects.
AI as Daily Tooling
Actively using Open Code + Paperclip as an AI pair programmer for orchestrating dev work. Research in CrewAI and Langchain directly feeding into the AI SOC Agent roadmap.
Identified Gap — Testing Coverage
Testing is the known debt. Due to time constraints as a solo maintainer across both SOC and internal apps, automated tests have only been implemented on ES Discovery. This is a clear priority for the next cycle — bring testing to all active projects, especially Cyber Command and the Remediation Tools.
08
Own Initiative
ES Knowledge Base
SELF-INITIATED PROJECT · ACTIVE
ES Knowledge Base
A dedicated project portal built this year that now powers task management for Harry and Glenn (pair programmer). Replaced ad-hoc tracking with a structured system. The fact that this was self-initiated and became team infrastructure says everything about ownership mentality.
KB
ES Developer · Digital Interaction
KPI Period: Apr 2024 – Mar 2025
Projects: 14 · In Production: 8
Tech Stack: 32 · Customers: 3
Harry Sunaryo
Year in Review
Programmer / ES Developer — Annual Performance Summary — FY 2024–2025
00
Penilaian Kerja
Sasaran Hasil (KPI Scorecard)
NO KEY PERFORMANCE INDICATOR TARGET BOBOT CATATAN REALISASI NILAI
1 Frekuensi Pengiriman Produk
Frekuensi aplikasi yang berhasil dikembangkan (1 April 24 - 31 Maret 25).		 Minimal 4 item 25% 1. Cyber Command - Ticketing System SOC.
2. SOC Remediation Tools
3. SOC Report Generator
4. CSIRT Portal 		4
2 Ketepatan Waktu Pengiriman Proyek Kesesuaian launch app dengan rencana 15% Pemberian Catatan Rilis (Release Notes) secara berkala untuk seluruh proyek aktif. 4
3 Keandalan & Uptime Layanan Rata-rata penilaian 3 10% 1. Pemeliharaan Korektif: Perbaikan bug & pembaruan sistem.
2. Pemantauan Kesehatan: Alarm Service khusus untuk deteksi error real-time. 		4
4 Efisiensi Resolusi (MTTR) SLA Aplikasi Produksi & Non-Produksi 10% Rata-rata waktu penyelesaian dari deteksi bug hingga resolusi akhir. 4
5 Tata Kelola & Dokumentasi 100% dokumen tersedia 10% 1. Tersedia dokumentasi proyek (README) di Azure DevOps.
2. Tersedia catatan rilis pada halaman web platform. 		4
6 Riset & Inovasi Teknologi Minimal 1 wawasan teknologi per kuartal 10% Penggunaan alat: Supabase, Cloudflare, WhatsApp Automation.
Dokumentasi Riset: Brief | Catatan Positif. 		4
7 Manajemen Tugas & Koordinasi Daftar tugas mingguan & update harian 10% Alat: ES Knowledge Management / Task Management.
Aktivitas: Morning Meeting, MoM (Notion). 		4
14
Total Projects
all categories
8
In Production
live & running
3
Customers Served
OTO, SOC, PSSE
32
Tech Stack Items
learned & used
6
AI-Integrated Projects
AI-powered
4
Innovations Built
novel solutions
01
Core Work
Project Portfolio
By Status
Production
8
Suspended
3
Internal
2
Hold
1
By Category
SOC
6
Security
4
Internal Tool
3
Research
1
Project Customer Status Type Tech Stack AI
02
Stakeholders
Customers & Teams
OTO
Automotive
SOC Team
Internal Security
PSSE
Internal Team
Bea Cukai
Government
03
Activity
Project Timeline
Projects Started per Month
By Project Type
Development
7
DevOps
3
Innovation
3
Maintenance
1
Research
1
04
Growth
Tech Learnings
Skills Acquired & Applied This Cycle
Frontend
Vue 3 Composition API
Quasar Framework
AstroJS
Storybook
Vue-KBar
Real-time charts (Supabase)
UI/UX Redesign
Browser Extension Dev
Backend
ExpressJS
Laravel
Golang
Supabase
xAPI & LRS
AWS Lambda / API Gateway / SQS
JIRA Cloud API
Confluence Integration
AI
Gemini Integration
CrewAI
RAG with Langchain
OpenAI Integration
DevOps
Conventional Commits
Performance Testing (k6, JMeter)
Cloudflare Tunnel
PM2
Sentry Integration
Lazy-loading optimization
Security
MFA Implementation
Email Security Bypass
SLA Counter
MITRE ATT&CK Framework
RAW Log Processing
05
Highlights
Standout Contributions
SOC Infrastructure Built from Zero
Deployed JIRA + Confluence SOC setup, WhatsApp automation, and AWS Lambda SOC pipeline — forming the backbone of what would later become Cyber Command.
Security Awareness Platform (OTO)
Full redesign to LinkedIn-style learning UI, Gophish deep integration, quiz management with import — delivered to an external paying customer.
Phishing Tool (OTO)
End-to-end phishing campaign platform. Learned customer environment integration, email security bypass, and stress-tested with k6 & Apache JMeter.
AI SOC Agent Research
Pioneered CrewAI-based AI Agent exploration for SOC automation. Goal-based reasoning, external tool connections, and self-improvement pipeline prototyped.
Foundation Year — From Security Projects to SOC Platform
This year established the full SOC stack from scratch: ticketing (JIRA), automation (AWS Lambda, WhatsApp), browser tooling (SOC Extension), and the AI Agent groundwork. All of this became the direct foundation for the FY 2025–2026 Cyber Command platform.
06
Self-Initiated
Research & Exploration
Topics Explored
Gemini AI Integration CrewAI Agent Framework RAG with Langchain OpenAI Integration AWS Lambda / API Gateway / SQS Supabase Realtime MITRE ATT&CK Framework Email Security Bypass k6 Performance Testing Cloudflare Tunnel Browser Extension Dev xAPI & LRS SIGMA Detection Rules