About PT PISTIS DIGITAL INDONESIA (PISTIS)

Pistis is a security services & solutions company that was established by a team that has good expertise
with commitment to information security. Pistis helped some of the organization from various
industries to significantly improve information security and information technology performance by
optimizing the use of information technology and information technology security systems.
Pistis consultants total experiences has over 40 man-years in information security field, and has
successfully deliver lots of information security services and solutions project to various industries and
organization including critical systems infrastructure, banking and finance, oil and gas, defence, and
government.

Why PISTIS
Pistis consultants has worked with many large multinational companies including banks, payment
gateway companies, insurance, etc. over years of major system and cyber-/information security
assessment and audit experiences, performing cyber security services for these organizations in
Indonesia and ASIA.
Pistis believes Pistis are in the best position to provide any client with the quality services that can
exceed client’s expectation, due to the following reasons:
 Pistis consultants have performed numerous assessments
and consulting service on IT Security Audit.
 Pistis fully understands the Cyber Security Threats, NIST
and PCI-DSS requirements, circulars, and guidelines as well
as other relevant requirements including Personal Data
Protection Principles, to be used and referenced for
performing the independent assessment upon the
information systems.

PISTIS Security Consultants

Pistis consultancy team are recognized by our customers as multi-skilled, pragmatic practitioners of
the Information Assurance engineering discipline. The team is composed of professionals with high
levels of competences, all of whom have significant technical experience in the area of information
system security and more specifically of application security, centralized or distributed network
architectures. They also have a great knowledge of policy and standards documentation creation and
maintenance.
The team members possess relevant Information Assurance qualifications and training such as:

1. CISSP | Certified Information Systems Security Professional

CISSP is the World’s Premier Cybersecurity Certification. It becomes a golden standard for
cyber security especially for IT Security Consultant. The CISSP certification is taken up by IT

PT. PISTIS Digital Indonesia | Page 1 of 11

 professionals to become an information assurance professional and will help clients to define
the design, architecture, controls, and management of highly secure business environments.
2. CEH | Certified Ethical Hacker
Certified Ethical Hacker qualify our expert to have a skill required to do penetration testing
services and Security analysis and audit. Our experts show a great passion for security updates
and help our client fortify their defense system and also could help to deliver security as a
service
3. ECIH | EC-Council Certified Incident Handler
The EC-Council Certified Incident Handler is responsible to handle and respond to the
computer security incidents in an information system. ECIH will address various underlying
principles and techniques for detecting and responding to current and emerging computer
security threats. Our experts will be able to create incident handling and response policies,
risk assessment methodologies and deal with various types of computer security incidents.
4. CHFI | Computer Hacking Forensic Investigator
CHFI responsible to uncover and analyze complex digital evidence which is then used to hunt
down and prosecute cyber criminals. People who held CHFI certification ensuring that the
investigation and its findings are legally admissible.
5. ECSA | EC-Council Certified Security Analyst
ECSA is a further step after CEH with more deep analysis about performing penetration
testing. People who held ECSA will help organization to analyst any vulnerabilities that might
be found during penetration testing and provide solutions to remediate vulnerabilities.
6. ISO 27001 | ISO 27001 Lead Implementer
ISO 27001 LI is a professional certification for professionals specializing in information security
management systems (ISMS) based on the ISO/IEC 27001 standard. This professional
certification is intended for information security professionals wanting to understand the
steps required to implement the ISO 27001 standard (as opposed to the ISO 27001 Lead
Auditor certification which is intended for an auditor wanting to audit and certify a system to
the ISO 27001 standard).

Penetration Testing Service Technical Proposal | PT. PISTIS Digital Indonesia | Page 2 of 11
PISTIS CYBER SECURITY CONSULTING SERVICES

Vulnerability
Assessment &
Penetration Test
Incident
Secure Coding Management
Security Training Consultation
Stress Test /
Cybersecurity Architecture, BCP/DRP
DDoS
Maturity Configuration Review &
Simulation
Assessment Review & Awareness Consultation
Test
Consultation Training &
Risk SOC Maturity
Assessment & Phising Assessment
Security Audit Data Campaign Security
Policy and Classification monitoring Digital
Strategy / Governance and Forensics
Review Consultation supervision
ISO27001 Red Team
Consultation & Exercise &
Implementation Training

PISTIS IT & SECURITY SOLUTIONS

 Public Key Infrastructure  Network Access Control

 Security Information and Event  Centralized Network Configuration

Management (SIEM) Monitoring
 Firewall & Intrusion Prevention System  Performance Monitoring

 Network Access Control  Centralized IP and DNS Management

 Anti-Malware Solutions  Wireless IPS

 Email Encryption Solutions  Clean Pipe Solution

 Bandwidth Management

 Application and Database Firewall

 WAN Optimization

 Cloud, Virtualization Solution

PT. PISTIS Digital Indonesia | Page 3 of 11

APPENDIX A. CVS OF SELECTED CONSULTANTS

 William Anwar (Project Manager)

William Anwar is project manager, with a focus on IT Security field for more than seventeen
years, including audits, assessments, penetration test, digital forensic, security R&D, as well as
the design of IT security awareness program, ISO27001, IT security architecture
Achievement & Certification:
 2016 : ISO/IEC 27001 Lead Implementer
 2022 : ISO/IEC 27001 Senior Lead Implementer
Main Project Experience:
 2013 : Team Leader for IT Managed services in German- Indonesian Chamber of Industry
and Commerce(EKONID)
 2014 : Project manager for IT Managed services and unified communication in Schneider
Electric, Indonesia
 2015 : As Team Leader for Consultancy of Information security architecture in State
Cryptography Agency, Indonesia
 2016: As Project Field Manager for Cyber Defense 2016 in Ministry of Defense,Indonesia
 2018 : As Project Manager for Provisioning Public Key Infrastructure in Pertamina Hulu
Mahakam
 2019 : As Project Manager for Cyber Monitoring System in SatSiber,TNI
Seminar / Lecturing / Training :
 2002 : Database visual programming
 2007 : vSphere overview
 2015 : CISSP Training
 2016 : ISO 27001 Lead Implementer Training

| PT. PISTIS Digital Indonesia | Page 4 of 11

 Kalpin Erlangga Silaen, M.Kom, CISSP, CEH, ECIH, ECSA, CHFI, CEI, ISO 27001
LI (Senior Consultant)
Kalpin Erlangga is senior IT security consultant, digital forensics and penetration tester for
various industry such as banking and finance, telecommunications, payment gateway,
government and other industries with more than 15 years in security experience. Kalpin is also a
lecturer for Swiss German University and Binus International University with subject Network
Forensics, Ethical Hacking, Web and Mobile Application Security, Digital Forensics and Incident
Handling.

Achievement & Certification:

 2013 & 2014 Cyber Defense Competition held by Ministry of Defense 1st Winner
 2014: CISSP Certification
 2014: CEH Certification
 2015: ECIH Certification
 2016: ECSA and CHFI Certification
 2016: ISO/IEC 27001 Lead Implementer
Research Paper:
 2014 – Mobile Digital Forensics with consent Data Privacy – Swiss German University
 2016 – A Novel Countermeasure to Prevent XMLRPC Wordpress Attack – IEEE
 2018 – Techniques & Strategies to Empower Cyber Security – Asia Pacific School on
Internet Governance (APSIG)
 2019 – 2020 – Honeynet Threat Sharing Platform – The Information Society Innovation
Fund (ISIF Asia) and Swiss German University
 2020 – XT-POT: eXposing Threat Category of Honeypot-based Attacks ResearchGate
Main Project Experience:
 2012: Project Leader Penetration Testing for Telkom Network & Infrastructure Security
Assesment
 2013 & 2014: Project Leader & Pentester for iPayMu Web Application Security

| PT. PISTIS Digital Indonesia | Page 5 of 11

 Assessment
 2014: Project Leader & Blackbox Pentester for Ministry of Transportation (Kemenhub)
 2013: Project Leader & Pentester for Trimegah Network Infrastructure Security
Assessment

Seminar / Lecturing / Training :

 2014: Hacking Presentation at Cyber Defense Seminar at ITB, Bandung
 2015: Hacking & Security Seminar at Maranatha University, Bandung
 2017 – Now: Lecturer at Binus International University, Jakarta
 2017 – Now: Lecturer at Swiss German University, Jakarta
 2021: 2 (two) class CISSP trainer

| PT. PISTIS Digital Indonesia | Page 6 of 11

 Christian Riesaputra (Senior Consultant)
Christian Riesaputra is an experienced IT & information security consultant with a focus on
IT Security field for more than nine years, including audits, assessments, penetration test, digital
forensic, security R&D, as well as the design of IT security awareness program, ISO27001, IT
security architecture, and other areas for government, private sector organizations/enterprises
in more than six countries.
Achievement & Certification:
 2012: CISSP
Main Project Experience:
 2012: Security assessment and penetration test for mining contractor and operator
company – Led a security assessment and penetration test of infrastructure, physical
security, and people awareness (social engineering) in multiple sites with different mining
companies.
 2012: Security assessment and audit for the biggest bank in Indonesia - Internal audit
engagement program to help internal audit perform security testing & audit, and conduct
a technical workshop for knowledge development of internal audit team.
 2012: Consultation to develop Security Architecture & Security Service Catalogue for
central bank of the Republic of Indonesia
 2013: Security Assessment and Penetration Test for Oil & Gas exploration and production
company.
 2013: ISO 27001 Gap analysis and Implementation advisory for Indonesian government
procurement regulator - Perform gap analysis, SOA, develop policy and procedure,
assessment of controls to comply with ISO 27001 and 27002, and assistance trough
ISO27001 lifecycle to achieve certification.
 2014: Consultation to develop information classification and risk assessment
methodology for Indonesia Ministry of ICT regarding the implementation of root CA.
 2015: Web & mobile penetration test for water supply company in Macao
 2015: Web penetration test for American clothing brand and retailer in Korea

| PT. PISTIS Digital Indonesia | Page 7 of 11

  2015: Web & Infrastructure pentest for Hong Kong Internet Registration Corporation
Limited
 2016: Security assessment, penetration test, configuration review of web application,
mobile application, and infrastructures for one of the biggest bank in Malaysia.
 2019: Security asessment of Industrial Control System for the biggest British multinational
consumer goods company factories in Vietnam & Indonesia.
 2020: Security assessment, architecture review, and penetration test of mobile banking,
internet banking, and ATM for 2 private banks in Cambodia
Seminar / Lecturing / Training :
 2012: Speaker at Forum Of Incident Response And Security Teams Technical Colloquium
(FIRST TC), Bali

| PT. PISTIS Digital Indonesia | Page 8 of 11

 Abraham Ferdinand Inoerawan (Senior Solution Architect)
Abraham Ferdinand Inoerawan is an experienced IT & information security consultant and
developer with a focus on IT Security and Cryptography field for more than ten years, including
Secure Coding, Reverse Engineering, Cryptography, Public Key Infrastructure, and Security
Research and Development with Java, Python, C, C++, Swift, and Dart Programming Language.
Research Paper:
 2011 – Desain Protokol Kriptografi untuk Pengamanan Dokumen pada Lelang Elektronik
– Konferensi Nasional Sistem dan Informatika
 2011 – Secure Cryptographic Protocol for Authentication Service in Internet Banking –
International Information System Conference
 2018 – Evaluation Level of Trust on Implementing Public Key Infrastructure in
Procurement System Certificate Authority which is held by National Crypto Agency
American Scientific Publisher
Main Project Experience:
 2009 - 2013: Lembaga Kebijakan Pengadaan Pemerintah – Document encryption and
Public Key Infrastructure implementation
 2010: UKP4 Kepresidenan – Development of network encryption and document
encryption application
 2010: National Crypto Agency of Indonesia – Block cipher algorithm design
 2014: National Crypto Agency of Indonesia – Crypto implementation on ARM Cortex M4
for voice encryption
 2015: National Crypto Agency of Indonesia – Crypto implementation on Radio Encryption
 2016: Indonesia Ministry of Defense – Email & Web Security and Cyber Defense
 2017: Indonesia Ministry of ICT – National Root Certification Authority and S/MIME
implementation for PNSMail
 2017: XecureIT – Development of DCI Toolkit, a Public Key Infrastructure Client for
Dekstop
 2017: XecureIT – Development of PeSankita Indonesia

| PT. PISTIS Digital Indonesia | Page 9 of 11

  2018: XecureIT – Development of XecureCA
 2020: XecureIT – Development of Palapa Collaboration Platform
Seminar / Lecturing / Training :
 2008: Pairing Based Cryptography Conference – London, England
 2012: EJBCA Course – Stockholm, Sweden
 2013: International Cryptology Conference – Santa Barbara, California
 2014: Fast Software Encryption – London, England
 2014: Current Trends in Cryptology (CTCrypt) – Moscow, Russia
 2015: International Workshop on SPAWC – Stockholm, Sweden
 2015: Reverse Engineering Course – Philadelphia, US

| PT. PISTIS Digital Indonesia | Page 10 of 11

 Andy Minar Widjaja CISSP (Senior Consultant)
Andy Minar Widjaja is an experienced IT and Information Security consultant with a focus on
IT Security field for more than fifteen years, including audits, assessments, digital forensic,
security R&D, as well as the design of IT security awareness program, ISO27001, IT security
architecture, and other areas for government, private sector organizations.
Achievement & Certification:
 2003: CISSP Certification
Main Project Experience:
 2021: Tilkaka PSRE Berinduk consultancy
 2020: DTA PSRE Berinduk consultancy
 2019: IT Enterprise Architecture and Roadmap
 2018: Information Security Management System consultancy
 2017: Design and Implementation of Public Key Infrastructure for Enterprise

Seminar / Lecturing / Training :

 2021: 2 (two) class CISSP trainer

| PT. PISTIS Digital Indonesia | Page 11 of 11