Than Htet (Ivan)

Cybersecurity · VAPT & Penetration Testing · Security Operations · Healthcare IT Security
Singapore· +65 8755 3980· ivan@ivanthan.uk· linkedin.com/in/ivan3890· ivanthan.uk
Than Htet (Ivan)

Professional Summary

Cybersecurity practitioner with 11+ years of IT and healthcare-systems grounding. Hands-on VAPT and penetration testing (Metasploit, Burp Suite, nmap; CVSS 3.1 / 4.0 and MITRE ATT&CK mapping), vulnerability assessment (Nessus), malware analysis / DFIR, and exploit development — built on a decade of Windows Server hardening, patch and vulnerability remediation, and security compliance in defence- (MINDEF) and hospital-grade environments. CEH in progress; completed the Corelan Heap Exploitation Masterclass. Seeking a Security Analyst, VAPT / Penetration Testing, SOC, or Cybersecurity Engineer role backed by real-world systems and operations experience.

Core Competencies & Technical Skills

Cybersecurity
Penetration testing / VAPT, vulnerability assessment (Nessus), Metasploit, Burp Suite, nmap / gobuster / ffuf, Hydra / hashcat, CVSS 3.1 & 4.0, MITRE ATT&CK, malware analysis / DFIR, exploit development, Kali & Parrot Linux
Systems & Infrastructure
Windows Server 2008/2012/2019, Hyper-V, VMware, Proxmox, Active Directory concepts, patch management, change management, IT asset management, backup & DR, RIS/PACS administration, DICOM & HL7
IT Support & Service Desk
L1/L2 incident management, ticketing & escalation, troubleshooting, end-user & desktop support, user access provisioning, SOP / knowledge-base authoring, UAT, remote support
Databases & Scripting
SQL, Oracle SQL, Bash / Shell scripting, PowerShell
AI & Development
Python, FastAPI, REST APIs, local LLMs (Ollama), Claude API, prompt engineering, AI agents & automation, n8n, PWAs, HTMX / Alpine / Tailwind, pytest, mypy
DevOps & Delivery
Git, CI, Docker, Cloudflare Pages builds & deploys, Kanban / Agile project tracking, web app maintenance & deployment, PWA delivery
Cloud & Tools
Cloudflare Pages & Tunnel, Supabase, Docker, VS Code, SSH, Windows & Linux

Professional Experience

Cybersecurity & DevOps Intern — REDFACE Research
  • DevOps & internal tooling: helped build and maintain the team's internal operations and project-management system with a Kanban workflow for tracking work across projects (operations.redfacers.com).
  • Web maintenance & deployment: maintain and ship updates to the REDFACE front-end / marketing site (uat.redfacers.com) and the Junior Academy learning site (academy.redfacers.com) — builds and deploys on Cloudflare Pages.
  • Cybersecurity research: red-team research and detection-engineering studies; completed the Corelan Heap Exploitation Masterclass; produced VAPT-style write-ups with CVSS and MITRE ATT&CK mapping.
Imaging IT Specialist — Parkway Hospitals Singapore
  • First point of contact (L1/L2) for 200+ radiologists and radiographers on RIS/PACS and clinical-AI system issues — logged accurate incident tickets with vendors, tracked resolution, and kept clinical teams updated to minimise disruption to patient workflows.
  • Partnered with Infrastructure, Cybersecurity, and IT teams on patch cycles, IT asset management, and security compliance for Radiology; handled user access provisioning and authentication setup during rollout of 4 AI diagnostic platforms (Sensecare, Annalise, Teamplay, Radimetrics).
  • Authored SOPs and quick-reference guides for common imaging faults, giving clinical staff a self-service path before vendor escalation and reducing repeat tickets.
IT Specialist, RIS/PACS (ASEAN) — Philips Enterprise Diagnostic Informatics (EDI), APAC
  • Day-to-day administration of RIS/PACS at SingHealth and MINDEF — Windows Server 2008/2012 on bare-metal and Hyper-V; L1/L2 incident management, scheduled maintenance windows, and preventive health checks across ASEAN client sites.
  • Applied OS patches and remediated findings from Nessus vulnerability assessments across defence-grade imaging environments; maintained DICOM/HL7 interface compliance and PHI data-protection standards.
  • Performed root-cause analysis on complex failures and documented findings for engineering; part of the 24/7 on-call rotation for critical incident response.
Than Htet (Ivan)  ·  Page 1 of 2
IT Executive, RIS/PACS (ASEAN) — Carestream Health Singapore
  • Installed and configured RIS/PACS on Windows Server 2008/2012 across ASEAN hospital sites; handled L1/L2 tickets, UAT sign-off, change-management coordination, and after-hours on-call coverage.
  • Transitioned to Philips when Carestream's Vue RIS & Vue PACS product line was acquired by Philips — the entire department moved across, along with the existing customer base and the same team.
Project Manager & Senior Service Engineer — Biz-Partner Group Co., Ltd
  • Installed and commissioned medical imaging systems (DR, CR, X-Ray, Ultrasound) at hospitals across Myanmar, including end-to-end DICOM/HL7 integration with existing PACS and EMR environments.
  • Led projects as both PM and lead engineer — scoped deliverables, coordinated subcontractors, and drove client sign-off from kick-off through commissioning.

Key Projects

CyberQuest — cross-generational cyber-education game
  • Designed and built a calm, accessible security-awareness game where each case is playable two ways — an interactive visual puzzle or a real terminal — on one objective. React 19, TypeScript, Rive, xterm.js; offline-first PWA; WCAG 2.2 AA+ (axe-tested).
  • 18 dual-mode cases across a story-gated progression map with earned achievement badges; AI hint co-pilot (Cloudflare Workers AI) with an authored static fallback; Supabase accounts + cloud sync. Fully test-driven (350+ tests).
MerLinn — locally-hosted personal AI assistant
  • Built a chat-first AI assistant from scratch (Python 3.13, FastAPI, HTMX/Alpine/Tailwind, Typer CLI, installable PWA) — local Ollama by default with opt-in Claude API fallback per call.
  • Implemented an agent substrate (skills, sub-agents, tools, hooks, MCP, memory, permissions) with an autonomous coding agent and self-improvement engine; 260+ tests, ~85% coverage, mypy strict, CI green.
TryHackMe CTF Engagements — 4 rooms, full VAPT reports
  • HackPark (CVE-2019-6714 RCE → SYSTEM), Mr. Robot (web → reverse shell → SUID privesc), Masquerade (DFIR: EVTX 4104 + RC4/AES-CBC C2 decryption), Kernel Blackout (Windows kernel-mode rootkit in C via DKOM).
  • Produced VAPT reports with CVSS 3.1 and MITRE ATT&CK mapping — 13 findings across the engagements.
CyberGuard — security-awareness platform · Home Cybersecurity Lab
  • CyberGuard: full-stack awareness game — 58+ missions across 4 age groups, XP/badges, Supabase backend, deployed on Cloudflare Pages (cyberguard.ivanthan.uk).
  • Home lab: Proxmox hypervisor on Dell OptiPlex with a Kali VM for pentesting/malware analysis; self-hosted n8n automation via Docker with Cloudflare Tunnel for secure remote access.

Certifications

CVSS v4.0 — Vulnerability Scoring · FIRST.org · 2026
Professional Certificate in Cybersecurity · MAGES Institute · 2025–2026
Corelan Heap Exploitation Masterclass · Corelan × REDFACE · 2026
Certified Ethical Hacker (CEH) · In progress
MCP — SQL Database 2005 · Microsoft
MTA — Windows Server Administration · NICF · Microsoft

Education

Higher Diploma in Information Technology · Major in Web Development
Bachelor of Arts · Major in English
Languages
English — Fluent
Burmese — Native
Availability
Immediate
National Service
Reservist
Salary
Negotiable

References

Michael Chua — Founder, REDFACE Research (Offensive Security & AI)
mike@redfacers.com
Aung Kean Boon Jonathan — Assistant Manager, Parkway Radiology
jonathan.aung@parkwayradiology.com.sg
Arshad Jamal — Service Manager, Philips EDI
arshad.jamal@philips.com
Sithu Aung — CEO, Biz-Partner Group
ceo@bpgmyanmar.com
Than Htet (Ivan)  ·  Page 2 of 2