Hey Aufar! Can you tell us a bit about Petrosea and your role?

I’m a backend developer at Petrosea, but my role also covers cloud architecture, security, DevOps, and systems engineering. Our engineering team is about 20 people, handling everything from backend and frontend development to security and ERP. 

Petrosea itself is a mining services company. We manage everything from pit to port, leveraging advanced IoT to track the entire mining process. For example, we can communicate directly with on-site equipment operators to optimize production for our clients. It’s a big part of how we’ve positioned ourselves as a mining-tech leader in Indonesia.

Petrosea is recognized as a technology leader. How does digital transformation play into that?

We’re proud to be part of the World Economic Forum’s Global Lighthouse Network, one of only two companies in Indonesia to hold that recognition for Industry 4.0 adoption. Technology is at the heart of our efficiency and leadership. Applying advanced IoT, automation, and cloud solutions helps us operate better, faster, and safer than traditional mining companies.

Why is security so critical in your industry?

Because we embed technology everywhere, any security breach could disrupt operations, compromise client confidentiality, or even halt production. Mining and energy companies in Indonesia have become frequent cyberattack targets, and we see this trend across both public and private sectors. For us, security has always been a top priority, and the growing number of attacks just adds urgency.

“Any breach could risk operations or client confidentiality. Security is not optional. It’s essential.”

What triggered Petrosea’s focus on a new security solution?

After our acquisition, our stock value grew significantly. That increased visibility also attracted more attention from outside threat actors. We already had security measures in place, but our processes were fragmented. Codebase scans were manual, compliance checks required extra effort, and we lacked a unified platform to bring everything together.

What challenges did you face before Aikido?

We used multiple tools, like vulnerability scanners, container scans, and code quality scanners, all separated. That meant manual work combining reports, checking compliance frameworks like ISO manually, and slow decision-making because there was no single view of our security posture. With operations across multiple sites, we needed full coverage, not just at headquarters.

What stood out about Aikido during your evaluation?

Three things impressed us. First, the ease of implementation. The connectors were ready to use, so integration with our cloud and codebase took minimal effort.

Second, AutoFix combined with false-positive filtering. Other platforms just dump vulnerabilities on you, but Aikido filters out false positives and creates one-click fixes automatically. 

Finally, compliance reporting. We went from spending hours compiling reports to exporting ready-to-use compliance data in seconds.

“The fastest time we fixed a vulnerability was just 5 seconds after detection. That is efficiency.”

How was the onboarding experience?

Very smooth. We connected Aikido to our code repositories and cloud environments, waited for the first scan, and instantly saw our security posture with clear, actionable insights. No steep learning curve. Everything was straightforward, and the time to value was immediate.

How has Aikido impacted your daily work?

The false-positive filter alone is a game changer. It removes so much unnecessary noise. The AutoFix feature is equally impressive. Once a vulnerability is detected, we can fix it in as little as five seconds. That used to take hours or even days. Beyond saving time, the knowledge base helps our whole team understand vulnerabilities better. It is no longer just the security team’s job, developers themselves gain awareness and respond faster.

“Efficiency. That’s the word. Aikido makes security faster, easier, and smarter, letting us focus on what matters most.”

How does this tie into compliance and ESG?

Cybersecurity is part of our ESG strategy under the governance pillar. With Aikido, compliance reporting is automated, and we can easily demonstrate secure software development practices to both regulators and management.

What measurable outcomes have you seen since adopting Aikido?

The most tangible outcome is time saved. Vulnerability fixes that previously took hours now take seconds with AutoFix. We also cut the time spent on compliance reporting by at least 80% because reports are now generated automatically rather than compiled manually. Beyond that, our developers now engage directly with security issues thanks to the platform’s knowledge base. Security awareness across the team has grown significantly, making it a shared responsibility rather than something handled only by the security team.

“With Aikido, we saved hours on reporting, cut vulnerability remediation to seconds, and gave developers the knowledge to own security.”

Any final thoughts?

I really like the product, the UI, the UX, and the whole user experience. It has saved us time, improved our security posture, and made the process so much easier for everyone involved. I want to thank the Aikido team for building such a powerful platform and for always being there when we had questions.

“Keep up the good work. Aikido is an excellent product with an amazing team behind it.”

‍