<img height="1" width="1" style="display:none" alt="" src="https://www.facebook.com/tr?id=367542720414923&amp;ev=PageView&amp;noscript=1">


CISO Asia Logo-1



Exclusive interview with Wahyu Agung Prasetyo, Head of Information Security Management at Bank Danamon (Indonesia)

Wahyu Agung Prasetyo Bank Danamon


Wahyu Agung will be joining us on Day 3 - Thursday  19th November.

Leading in crisis: creating a successful incident response plan

  • Defining the processes to respond to incidents quickly, effectively and with minimal consequences
  • Developing a scenario exercise to predict risks and anticipate how prepared you are for an attack
  • What are the best strategies to minimise financial and reputational losses?

Watch on-demand


Tell us a little about your background and how you got to your current role.

Wahyu Agung Prasetyo is an Information Security and Cybersecurity professional with over 15 years of experience in strategizing and implementing risk-based security management programs

Learning from experience is the best teacher in my life. I have been interested in the IT world since I was in high school, especially in graphic design and research into hacking activities. At that time, the internet connection was still not as sophisticated as it is today, only relying on a telephone line connection, xDSL. Interested in how to use another customer ID when connecting to the internet. This experience led me to become more involved in the IT field even though I was a physics engineering background. In a professional career, prior to joining a banking financial institution, I worked as an IT trainer as well as a consultant in the fields of computer networks, information security and business process improvement and IT at several companies and banks in Indonesia.

Apart from network and trust, banking is a unique organization in placing its human resources in several strategic positions including my current position at PT Bank Danamon Indonesia as Information Security Management Head.

I try to continue to develop knowledge and join the network of world cyber security communities, such as ISACA, EC-Council, ISC2, Cisco, CompTIA, Blockchain Council, IBM, including maintaining certifications issued by these institutions.



What is the biggest challenge you face within your role today and how are you looking to tackle it?

Well. Adequate visibility and integration of cyber insider handling is currently a challenge faced by professionals working in information / cyber security. The use of emerging technologies in increasingly massive cyber-attacks makes us have to develop more sophisticated technology-based handling systems such as Machine Learning or AI that are able to quickly detect cyber-attacks before they become cyber incidents. The use of ML or AI itself also has its own technological risks that require us to be able to accurately analyze the forms of these threats. This is what makes us as information / cybersecurity professionals required to continue to learn and develop ourselves both from a technical perspective and communication with the business team.


In what ways are you working with your business to help drive value and insight driven decision-making?

Business in nature is always profit-oriented and sometimes overcompensates other than these aspects. This is the key when discussing with the Business team because information security is usually considered a barrier in carrying out their initiatives. However, by providing intense understanding and communication accompanied by adequate awareness of all stakeholders, gradually, the Business team can understand the importance of information security in systems, applications or products being developed. Of course, through various approaches, both top down and bottom up. Some practical examples that have been carried out include assisting in providing a comprehensive review of the potential risks that may occur to conducting an assessment of the initiatives they are developing.


What has been your biggest success for 2020 so far?

I prefer to see the success that I've experienced as an inseparable part of the success of the organization where I work today. Task that can be measured is project based work. The implementation of Cyber Threat modeling in critical bank applications is one of the projects that can be said to be successful because it involves many bank-wide stakeholders. Others, in addition, in line with our strategy, several projects related to Risk Assessment and Cyber security awareness, such as the Phishing Email Simulation, have been successful projects.


Describe a way that you help your organisation understand the value of cybersecurity?

In a simple way is to provide role models for cybersecurity / information in our daily lives. End users, in my view, simply practicing the information security policy that already approved by Management. An example is how to respond if you get a suspicious email that could potentially lead to phishing. Another example is how to treat personal data / information so that it is always secure at the time of creation, storage or transmission to other entitled parties. By applying this in everyday life, if we did it together at any time, will provide big positive changes for each company which ultimately contributes to values ​​that are in line with the company's mission and vision.

The second method, integrating with business functions is the right way to understand the value of cybersecurity. Many organizations develop Information Security matrices as part of their business organizational structure, e.g. we can call BISO function or Business Information Security Officer or Information Security Champions. One of the reasons is that the Business function as the first line of defense has sufficient and specific visibility to the potential cyber risks they are working on. With this method, it is hoped that BISO / IS Champions can provide a more comprehensive and targeted analysis and assessment in accordance with their respective business processes.