(Ivan)

IT Support · DevOps · AI · Cybersecurity
Let's connect
IT Support & Systems Admin Infrastructure & Cloud DevOps & Automation AI Engineering Cybersecurity & VAPT Healthcare IT

01CTF Writeups

02Works

🛡️ Live · React 19 + Rive · offline-first PWA · WCAG 2.2 AA+

CyberQuest — learn real cyber skills, one case at a time

✓ cyber-quest.pages.dev

A calm, cross-generational cyber-skills game. Every case is playable two ways on one objective — an accessible visual puzzle or a real terminal — so a curious 12-year-old and a 60-year-old learn side by side.

18
Dual-mode cases
5
Regions on a gated map
350+
Automated tests
AA+
WCAG 2.2 accessible

Solve cases across a story-gated world map that unlocks as you progress, earn achievement badges for real mastery (solve both ways, finish with no hints, clear a region), and get nudged by an AI hint co-pilot that never gives the answer away. Built test-first, with a Skills Passport of genuine, NICE-aligned competencies.

Offline-first, keyboard- and screen-reader-friendly, light or dark. Intrinsic motivation by design — no streaks, no dark patterns.

Under the hood: a framework-free, strict-TypeScript core (no any) drives both play modes from a single case contract; React 19 shell, Cloudflare Workers AI hints with an authored fallback, Supabase auth with offline-first sync, and a CI gate — typecheck, lint, and 350+ tests including automated accessibility — on every commit.

React 19 TypeScript Rive xterm.js Supabase Cloudflare Pages Accessibility Live ✓
→ play at cyber-quest.pages.dev
CyberGuard shield Public beta · v2.1 · ASEAN · APAC · Global

CyberGuard — cybersecurity training that feels like a game

✓ cyberguard.ivanthan.uk

Play through 100+ real scams from 13 countries. Five adaptive skill tiers — from password basics to APT defense. Built for everyone from kids to security professionals.

100+
Real-world scenarios
13
Country libraries
5
Adaptive skill tiers
$0
During community beta

Pick your skill tier — Kids, Teens, Adults, Seniors, or Expert — and play through missions built from actual scams circulating right now. Scenarios match your context (gamers get gaming scams, grandparents get pension cons, security pros get APT incidents), so the lessons stick. Earn XP, unlock badges, climb the global leaderboard.

No credit card. No tracking. 30-second start.

JavaScript Supabase Cloudflare Pages Game Design Live ✓
→ play free at cyberguard.ivanthan.uk
MerLinn — half lion, half circuit In active development · v0.2.0 · Private beta

MerLinn — your AI, your hardware, your data

✓ Ongoing · invite-only

A locally-hosted, chat-first personal AI assistant built from scratch. Runs local open-weights models (Ollama) on the home server by default — no per-token billing, no conversations training someone else's model, no cloud lock-in. Optional Claude API fallback only when explicitly opted in per call.

10+
Build phases shipped
260+
Tests · 85% coverage
$0
Per-message cost
3
Surfaces: Web · CLI · PWA

Mirrors professional AI agent architecture — skills, sub-agents, tools, memory, hooks, MCP, permissions — so productivity tooling drops in unmodified. Includes an autonomous coding agent that runs the full UNDERSTAND → PLAN → SCAFFOLD → IMPLEMENT → TEST → DELIVER loop with approval gates.

Web UI works on every device, installs as a standalone PWA on iOS & Android with the lion-head logo on the home screen. Sessions auto-title themselves, transcripts persist locally, memory engine scores and decays "instincts" over time. Real persona system — knows your name, identifies as MerLinn, never as the underlying model.

Why "MerLinn"? A play on the Merlion and the Burmese word Linn (လင်း), meaning light or bright. It sounds like Merlin the wizard — the spelling is a nod to my dual identity as a Burmese in Singapore.

Python 3.13 FastAPI Ollama Claude API HTMX + Alpine PWA SQLite + JSON Ongoing
→ private repo · invite-only
Portfolio archive

CTF Writeups & VAPT Portfolio

✓ 4 rooms · 13 findings

Curated CTF archive organised by primary skill. Each engagement ships five docs: README, writeup, beginner walkthrough, formal VAPT with CVSS 3.1 + MITRE ATT&CK, Q&A cheatsheet.

VAPT CVSS 3.1 MITRE ATT&CK
→ github.com/r3b3Lli0uskID
Home lab

Proxmox / Kali / n8n Lab

✓ Self-hosted · always on

Dell OptiPlex running Proxmox with Kali VM for pentest and malware analysis. n8n automation via Docker + Cloudflare Tunnel for secure remote access.

Proxmox Kali Docker
→ ongoing
Training · Jan 2026

Corelan Heap Masterclass — Exploit Development

✓ Completed

Professional heap-exploitation training: heap overflow, use-after-free, heap spray, Windows binary exploitation with WinDbg. Delivered under the REDFACE Research Programme.

Heap Exploitation WinDbg Assembly
→ verify credential
11 years

Healthcare IT Infrastructure

✓ SingHealth · MINDEF · Parkway

Windows Server 2008/2012/2019 (hardware + Hyper-V) for DICOM imaging. X-Ray, DR, CR, Ultrasound system deployments across Myanmar. Nessus scanning, OS hardening, PHI/HIPAA compliance.

DICOM / HL7 Nessus Hyper-V
→ career timeline below

03Journey

Sep 2023 — Sep 2025

Imaging IT Specialist

Parkway Hospitals Singapore

Managed critical radiology imaging infrastructure (Vue RIS/PACS, Infinitt CPACS) at 99% uptime. Supported secure rollout of clinical AI: Sensecare, Annalise, Teamplay. Authn/authz for 200+ radiology staff. DICOM transmission anomaly monitoring; patch management & vulnerability remediation.

Aug 2019 — Apr 2022

IT Specialist (RIS/PACS) — ASEAN

Philips Enterprise Diagnostic Informatics — APAC

Mission-critical healthcare IT for tier-1 clients: SingHealth and Singapore MINDEF. Nessus vulnerability scans and Windows OS hardening for RIS/PACS servers. Root-cause analysis for complex imaging system failures.

Nov 2018 — Jul 2019

IT Executive (RIS/PACS) — ASEAN

Carestream Health Singapore

RIS/PACS installation, L1/L2 support, and UAT management for radiology imaging systems.

Feb 2015 — Sep 2018

Project Manager & Senior Service Engineer

Biz-Partner Group — Myanmar

Led healthcare IT deployments from kick-off through client acceptance. Medical imaging equipment (DR, CR, X-Ray, Ultrasound) with EMR/PACS integration.

04Certifications

Completed

CVSS v4.0 — Vulnerability Scoring

FIRST.org · Apr 2026
→ view certificate
CEH — EC-Council
In Progress

Certified Ethical Hacker v13 (CEH)

EC-Council · 2025–Present
MAGES Institute of Excellence
Completed

Professional Certificate in Cybersecurity

MAGES Institute of Excellence · Sep 2025 – Apr 2026
Corelan RF
Completed

Heap Masterclass — Exploit Development

Corelan × REDFACE Research · Jan 2026
→ verify credential
Completed

Microsoft Certified Professional (MCP)

SQL Database Administration · Microsoft
Completed

MTA Windows Server Administration

Microsoft

05Contact

Looking for someone who bridges IT support, systems & infrastructure, DevOps, AI, and security — backed by 11 years of healthcare-IT discipline? Let's talk.