Hi, I'm
Daud Aldumy
Cybersecurity Engineer · AppSec Specialist
I build secure systems, deliver red team strategies, and love to share knowledge in cybersecurity engineering. Always open for research, talks, or collaboration.
About Me
Cybersecurity enthusiast with hands-on experience in offensive security, application testing, and security education.
Who I Am
I’m a cybersecurity practitioner with a hands-on focus in offensive security with 5+ years experience, combining technical depth with real-world experience in penetration testing, red teaming, and application security. With a strong foundation in both structured internal security programs and high-stakes external environments like bug bounty platforms, I’ve consistently identified and reported high-impact vulnerabilities that improved organizational security posture.
I thrive in environments where adversarial thinking meets practical problem solving, whether it’s uncovering business logic flaws in complex web apps, simulating insider threats during red team engagements, or mentoring teams on how to build secure software from the ground up. My work bridges security research, testing, and collaboration, helping businesses move from reactive defense to proactive resilience.
Professional Highlights
- ✅ Red Team & Application Security
Led and executed end-to-end red team simulations, internal pentesting, and threat emulation to evaluate detection and response capabilities.
- ✅ Bug Bounty & Vulnerability Research
Successfully reported critical findings (e.g. IDOR, XSS, authentication bypass, logic flaws) across several private and responsible disclosure programs, enhancing security for real-world systems at scale.
- ✅ Technical Toolkit & Skills
Skilled with Burp Suite, Nuclei, ffuf, Nmap, SQLMap, Metasploit, Python, Docker, custom exploit scripting, API fuzzing, and post-exploitation techniques.
- ✅ Security Certifications:
CEH, ECIH, EHE, ISC2(CC), JNCIA, CAP, CNSP, CCSP-AWS, BTF, Cyber Security Analyst for Public Sector
Professional Experience
A journey through security-focused roles, research, and vulnerability hunting in various environments.
Security Awareness Content Educator
2025 – Present@Barengsinau — Youtube & TikTok ·
As a Security Awareness Content Educator on TikTok and YouTube @barengsinau, I create engaging and easy-to-understand cybersecurity content aimed to educating people about online threats, privacy, and digital safety. Since early 2025, I’ve built a growing digital presence by simplifying complex security concepts into relatable, visual storytelling, bridging the gap between technical knowledge and public awareness.
Security Engineer
2022 – PresentPT. JULO Teknologi Finansial — Indonesia (Remote) · Full Time
As a Security Engineer at JULO, I am responsible for conducting penetration testing, managing bug bounty operations, and supporting the organization in identifying and mitigating security risks. I work closely with internal and 3rd party teams to ensure that security issues are addressed effectively, while also developing automation tools to improve testing efficiency. My role contributes directly to strengthening the security posture of the company in a fast-paced fintech environment.
Security Consultant
2020 - PresentPT. Sapta Pilar Nusantara — Jakarta, Indonesia · Contract/Project based
As a Security Consultant at PT. Sapta Pilar Nusantara, I delivered cybersecurity consulting for enterprise clients: secure development, incident response, cloud security posture, technical training. Since 2020, I have contributed to building cybersecurity awareness and skills among professionals.
Security Engineer
2020 - 2022TELKOM UNIVERSITY — Bandung, Indonesia · Full Time
As a Security Engineer at Telkom University, I was responsible for conducting end-to-end security assessments on digital assets, including web applications, APIs, mobile apps, and network infrastructure. I contributed to strengthening the institution’s security posture by delivering actionable insights through structured testing and continuous monitoring.
Bugbounty Researcher
2019 - PresentVarious Platforms — Remote · Freelance
As a freelance Bug Bounty Researcher since 2019, I’ve actively contributed to global security programs by identifying and reporting real-world vulnerabilities across various platforms such as HackerOne, Bugcrowd, Intigriti, and private bounty programs. My work helps companies fix critical flaws before they can be exploited.
Education
Formal & Informal academic training in computer and network technology with a focus on cybersecurity principles.
🎓 Formal Education
Master of Data Science Cyber Security
2022 – 2024Swiss German University — GPA: 3.53 / 4.00
Specialized in designing and implementing cybersecurity frameworks, with a strong emphasis on risk communication with stakeholders, incident handling, digital forensics, and vulnerability management in real-world environments.
Bachelor's degree of Computer Engineering
2020 – 2022Telkom University — GPA: 3.81 / 4.00
Balanced academic excellence with professional experience as a Security Engineer, while actively contributing to community-based technology initiatives and public-sector digital development.
Diploma's degree of Computer Engineering
2016 – 2019Telkom University — GPA: 3.86 / 4.00
Awarded 3rd Place – Outstanding Student Award (Mawapres Diploma 2019). Actively engaged in research labs, robotics competitions, and student assistant. Balancing academic excellence with practical experience and campus leadership.
🧠 Certifications
- [Red Team] [EC-Council] CEH - Certified Ethical Hacker
- [Blue Team] [EC-Council] ECIH – Certified Incident Handler
- [Red Team] [EC-Council] EHE – Ethical Hacking Essentials
- [Red Team] [SecOps] CAP - Certified AppSec Practitioner
- [Red Team] [SecOps] CCSP-AWS - Certified Cloud Security Practitioner
- [Blue Team] [SecOps] CNSP - Certified Network Security Practitioner
- [Blue Team] [ISC2] CC - Certified in Cybersecurity
- [Blue Team] [CyberWarFare] BTF - Blue Team Fundamentals
- [Blue Team] [Digitalent] Cyber Security Analyst for Public Sector
- [Blue Team] [Juniper Networks] JNCIA - Juniper Networks Certified Associate
- [Blue Team] [HackerRank] Python (Basic)
My Projects
A collection of selected works that reflect real-world security challenges, research, and community-focused tech solutions.
Reverse Engineer a Unity Game - Digimon Rumble Arena
A personal reverse engineering project where I analyzed a Unity-based game to bypass long in-game progression and unlock hidden characters, exploring how game logic, memory structures, and asset controls are implemented.
Performance of Slotted ALOHA in User-Centric Cell-Free Massive MIMO
A research project from my bachelor’s thesis that was selected for presentation at an international IEEE conference, exploring how wireless systems can be made more efficient and reliable in the future.
Threat Hunting Training and Simulation for BPK
Conducted a hands-on cybersecurity training focused on threat hunting techniques using BlueteamLabs and local lab environments to help BPK teams detect and analyze advanced threats proactively.
E-Commerce Platform Development for Sariraya Japan – API Integration & Security Testing
Supported the digital transformation of Sariraya, Japan’s pioneer in halal food business, by helping build a secure and scalable online store platform for both web and mobile users.
Security Awareness Campaign for Civitas Academic Telkom University
Led a comprehensive security awareness campaign for over 30,000 students and staff at Telkom University, focusing on practical cybersecurity practices to enhance digital safety across the academic community.
Cybersecurity Gap Assessment for ICT Master Plan at UNP
Contributed to the development of UNP’s ICT Master Plan by conducting a focused security gap assessment and providing practical recommendations to improve current system resilience.
Village Fund Transparency Dashboard – Innovillage Program 2021
Developed a digital dashboard that integrates financial and village information systems to improve transparency and public access to village fund usage in Buton Tengah, Southeast Sulawesi.
Cybersecurity Trends and System Awareness Presentation at Korlantas Polri
Delivered a presentation on current cybersecurity trends and system risks to internal staff at Korlantas Polri, aimed at increasing awareness, understanding potential threats, and promoting proactive security practices.
Development of Village Information System and Village Profiles for Buton Tengah, Southeast Sulawesi
Contributed to the development of digital village systems and profile websites for 35 villages in Buton Tengah, supporting local government transparency, digital literacy, and community empowerment in partnership with Telkom University.
GNS3 Training and Ethical Hacking Lab Simulation for the KKP
Conducted a hands-on training and built a localized ethical hacking lab using GNS3 to introduce basic cybersecurity concepts for internal staff at KKP bridging theory with practical network defense.
Let’s Connect
Interested in collaboration, freelance appsec audit, or just want to talk infosec? I’d love to hear from you.
📡 Reach Me
You can reach me through the platforms below — whether it’s for a red team engagement, appsec consultation, or just to geek out on vuln research:
🧠 What I'm Currently Exploring
Automated Security Workflows
Building efficient pipelines to integrate security checks into DevOps processes with minimal manual intervention.
ML for Threat Detection
Using lightweight machine learning models to identify anomalies and reduce false positives in SOC environments.
Collaborative Threat Modeling
Facilitating structured discussions between engineers, product teams, and security to map attack surfaces and mitigate design flaws.