So Osvaldo

Information Systems student at Ma Chung University specializing in Cybersecurity. Currently serving as a GRC & IT Assurance Intern at PT ITSEC Asia Tbk — safeguarding enterprises through governance, risk management, and compliance excellence.

About Me

I am a dedicated Information Systems student at Ma Chung University, specializing in Cybersecurity, with a deep commitment to protecting critical data, infrastructure, and digital ecosystems.

Currently, I serve as a Governance, Risk, and Compliance (GRC) & IT Assurance Intern at PT ITSEC Asia Tbk, one of Indonesia's leading cybersecurity firms. In this role, I execute hands-on IT security audits, compliance assessments, and risk evaluations — mapping organizational controls against major frameworks including ISO 27001, NIST CSF 2.0 and COBIT 2019.

My expertise spans IT Governance, Enterprise Risk Architecture, Advanced Threat Analysis, and Data Automation — driven by a passion for translating complex security challenges into strategic, actionable governance solutions. I believe cybersecurity is not just about technology; it’s about building a culture of resilience and trust.

Beyond traditional cybersecurity, I am actively expanding my technical horizon into Artificial Intelligence. I am currently deep-diving into Large Language Models (LLMs), exploring Cloud AI APIs, deploying Local LLMs for privacy-first architecture, and experimenting with Model Context Protocol (MCP) Servers to securely bridge AI capabilities with enterprise workflows.

Core Competencies

GRC & Security Frameworks

NIST CSF 2.0 ISO 27001 COBIT 2019 Enterprise Risk Architecture IT Governance SAP GRC Compliance Auditing

Security Operations & Analysis

Advanced Threat & Vulnerability Analysis Threat Analysis (TTPs) OWASP Top 10 CIA Triad Automated Security Telemetry

Data Automation & Enterprise Systems

CRM Salesforce ETL Pipeline Automation Data Quality Assurance (QA) Database Administration Google Looker Studio

Technical & Analytical Tools

Wireshark Nmap Burp Suite Linux CLI Python SQL AI Security Research Local LLMs AI APIs MCP Servers

Certifications & Credentials

Google Cybersecurity Specialist

Coursera Professional Certificate — 2025

Comprehensive certification covering security foundations, SIEM tools, network security, incident response, and risk management aligned with industry standards.

SAP GRC in S/4HANA Public Cloud

SAP Record of Achievement — 2025

Specialized training in SAP Governance, Risk, and Compliance principles applied within modern S/4HANA cloud environments for enterprise risk oversight.

Experience & Leadership

GRC / IT Assurance Intern

Feb 2026 — Present

PT ITSEC Asia Tbk · Jakarta, Indonesia

Execute hands-on IT security, auditing, and compliance assessments within professional enterprise security environments. Analyze technical workflows and map organizational controls against major frameworks including ISO 27001 and NIST CSF 2.0. Contribute to governance and risk management initiatives that strengthen enterprise security posture.

Coordinator of Organization Commission

Sep 2024 — Aug 2025

BPM FTD · Ma Chung University

Conducted rigorous quality assurance and side-by-side (SxS) compliance checks on 20+ annual organizational reports (LPJ & Proposals), ensuring 100% data accuracy and strict adherence to administrative SOPs. Defined and implemented optimized SOPs that streamlined institutional workflows and reduced administrative errors across the faculty. Led a 9-member commission team in collaboration with deans and program heads.

Flagship Projects

FLAGSHIP PROJECT
Monorepo

AI Quiz Maker

A multi-generational AI-powered quiz generation platform that transforms documents, text, and files into intelligent, adaptive assessments — evolving from a simple proof-of-concept to a fully offline, privacy-first desktop flagship.

v1.0.0 The Proof of Concept

The original prototype built with Vanilla JavaScript and a PHP backend, powered by the Gemini API. This served as the foundational proof-of-concept, demonstrating the core capability of generating structured quizzes from raw text input.

Vanilla JS PHP Gemini API
v2.0.0 Production Web Application

A complete architectural overhaul to a modern React/Vite serverless stack. Features Google Authentication, multi-AI cloud provider support (Gemini, OpenAI, Anthropic, NVIDIA NIM), and advanced export capabilities. Live in production with a growing user base.

React Vite Gemini OpenAI Anthropic NVIDIA NIM Google Auth Serverless
v3.0.0 · IN DEVELOPMENT The Ultimate Desktop Flagship

Built on a Native Electron architecture, V3 represents the ultimate evolution — 100% Offline Local AI (LM Studio / Ollama) with a strict Privacy-First design. Zero database, zero telemetry, zero external calls. Features Bring Your Own Key (BYOK) and 20MB local file parsing — putting full AI power directly in the user's hands with absolute data sovereignty.

Electron 100% Offline AI Privacy-First LM Studio Ollama BYOK Local File Parsing Zero Telemetry

Enterprise System Log Analysis & Data Automation

Engineered a robust backend ETL pipeline. Developed customized Python scripts and advanced SQL queries to automate the extraction, parsing, and strict auditing of large-scale raw system logs. Implemented automated anomaly detection to identify logical flaws, procedural deviations, and enforce strict data hygiene.

Python SQL ETL Pipeline Log Auditing Data Hygiene Anomaly Detection

BPIPI Compliance Auditing & Risk Assessment

Conducted end-to-end operational risk assessments using the ISO 31000:2018 framework. Developed comprehensive compliance audit checklists mapped to ISO 27001 controls to systematically identify security integration gaps and translate them into actionable governance insights for corporate management.

ISO 31000:2018 ISO 27001 Compliance Auditing Risk Assessment

Advanced Security Breach Deconstruction — Sony 2014

Researched attacker Tactics, Techniques, and Procedures (TTPs) associated with the Lazarus Group. Analyzed critical failures in technical controls (absence of 2FA, unencrypted sensitive data, flat network architecture) and corporate governance flaws to map comprehensive business and operational impacts.

TTPs Analysis Threat Intelligence Security Governance

Let’s Connect

I am open to professional networking, GRC consulting opportunities, and cybersecurity architecture discussions. Whether you’re looking for a passionate security professional, a compliance analyst, or simply want to exchange ideas — let’s connect and explore how we can build a more secure digital future together.