Open to Work · Junior Security Analyst / Penetration Tester

Than Htet (Ivan)
Cybersecurity Professional

Cybersecurity professional with 11+ years securing healthcare IT for SingHealth, MINDEF, and Parkway Hospitals — Nessus vulnerability management, OS hardening, PHI/HIPAA compliance. Completed hands-on VAPT engagements: CVE exploitation, privilege escalation chains, CVSS 3.1 & 4.0 reporting. Pursuing CEH at MAGES Institute.

0+
Years in IT
0
Completed CTFs
0
VAPT Findings
View Projects Resume GitHub
🛡️
terminal — kali@ivan
career

Professional Experience

Parkway Hospitals Singapore
Imaging IT Specialist
Sep 2023 – Sep 2025
  • Managed critical radiology imaging infrastructure (Vue RIS/PACS, Infinitt CPACS) at 99% uptime
  • Supported secure rollout of clinical AI platforms: Sensecare AI, Annalise AI, Teamplay AI
  • Implemented authentication and authorisation for 200+ radiology staff
  • Monitored network logs for DICOM transmission anomalies; patch management and vulnerability remediation
Philips Enterprise Diagnostic Informatics (EDI) — APAC
IT Specialist (RIS/PACS) — ASEAN
Aug 2019 – Apr 2022
  • Managed mission-critical healthcare IT for tier-1 clients: SingHealth and MINDEF (Singapore MoD)
  • Executed Nessus vulnerability scans and Windows OS hardening for RIS/PACS servers
  • Root cause analysis for complex enterprise server and imaging system failures
Carestream Health Singapore
IT Executive (RIS/PACS) — ASEAN
Nov 2018 – Jul 2019

RIS/PACS installation, L1/L2 support, and UAT management for radiology imaging systems.

Biz-Partner Group Co., Ltd — Myanmar
Project Manager & Senior Service Engineer
Feb 2015 – Sep 2018
  • Led healthcare IT solution deployments from kick-off through client acceptance
  • Serviced medical imaging equipment (DR, CR, X-Ray, Ultrasound) with EMR/PACS integration
portfolio

Security Projects

🤖

Mr. Robot CTF — Full Root Compromise

✓ root@mrrobot — all 3 keys retrieved

Black-box penetration test of a WordPress server. Chained WordPress credential brute force → theme editor RCE (PHP reverse shell injection) → MD5 hash cracking → SUID nmap privesc to root. Full VAPT report with CVSS 3.1 scoring.

nmap Hydra WordPress hashcat Root ✓
🎡

HackPark CTF — Windows SYSTEM Compromise

✓ NT AUTHORITY\SYSTEM

Exploited CVE-2019-6714 (BlogEngine.NET 3.3.6 RCE) via Metasploit. Escalated to SYSTEM using insecure scheduled task discovered via WinPEAS. Full VAPT report produced.

Metasploit Burp Suite WinPEAS CVE-2019-6714 SYSTEM ✓
🏠

Home Cybersecurity Lab

✓ Self-hosted & operational

Dell OptiPlex running Proxmox hypervisor with Kali Linux VM for penetration testing and malware analysis. n8n automation server on Docker with Cloudflare Tunnel for secure remote access anywhere.

Proxmox Kali Linux Docker n8n Cloudflare
💥

Corelan Heap Masterclass

✓ Completed — Jan 2026

Professional exploit development training covering heap overflow techniques, use-after-free, heap spray, and advanced Windows binary exploitation with WinDbg. Completed under Redfacers programme.

Heap Exploitation Windows x86 WinDbg Assembly
📋

Combined VAPT Report — Dual Target

✓ 8 findings, 2 systems

Professional-grade dual-target VAPT report covering HackPark and Mr. Robot — 8 total findings, CVSS 3.1 vectors, exploitation evidence, attack timelines, and remediation guidance to pentesting report standard.

VAPT CVSS 3.1 Report Writing
🏥

Healthcare IT — 11 Years of Infrastructure

✓ SingHealth · MINDEF · Myanmar hospitals

Windows Server 2008/2012/2019 (hardware + Hyper-V) for DICOM imaging servers. Full installation of X-Ray, DR, CR, and Ultrasound systems across Myanmar. Nessus scanning and OS hardening for defence-grade clients.

DICOM / HL7 Windows Server Hyper-V Nessus MINDEF · SingHealth
CyberGuard

CyberGuard — Interactive Security Awareness Platform

✓ Live — cyberguard.ivanthan.uk

Full-stack cybersecurity awareness game with 58+ real-world missions across 4 age groups. Features XP progression, badge system, difficulty scaling, hobby-matched scenarios, and global leaderboard. Built with vanilla JS + Supabase, deployed on Cloudflare Pages.

JavaScript Supabase Cloudflare Pages Game Design Live ✓
→ cyberguard.ivanthan.uk
academic

Group Project and Presentation

Study group presentations completed as part of the MAGES CEH curriculum.

Cybersecurity Threat Landscape

Overview of the current threat landscape — malware taxonomy (trojans, worms, ransomware), Advanced Persistent Threats, emerging threats (AI-driven attacks, deepfakes, supply chain, quantum computing), attack vectors, and threat actor profiles.

Malware APT Threat Actors Social Engineering
👥 Andrew · Ivan · Mohammad Ashraff · Shariffah Farhana

Network, Web & WiFi Security

Presentation covering network security fundamentals, web application attack techniques, and wireless network vulnerabilities — including attack vectors, exploitation techniques, and defensive measures.

Network Security Web Attacks WiFi Security Exploitation
👥 Andrew · Ivan · Mohammad Ashraff · Shariffah Farhana
technical

Skills

Offensive Security

  • Penetration Testing
  • Vulnerability Assessment
  • Web App Exploitation
  • Privilege Escalation
  • Exploit Development

Security Tools

  • nmap / gobuster / ffuf
  • Metasploit Framework
  • Burp Suite
  • Hydra / hashcat
  • Nessus / WinPEAS
  • WinDbg

Infrastructure

  • Kali Linux / WSL
  • VMware / Proxmox / Hyper-V
  • Docker / n8n
  • Windows Server 2008–2019
  • OpenVPN / NordVPN
  • AdGuard Home

Reporting & Standards

  • VAPT Report Writing
  • CVSS 3.1 Scoring
  • OWASP Top 10
  • MITRE ATT&CK
  • PHI / HIPAA

Dev & AI Tools

  • VS Code / SSH Remote
  • Bash / Shell Scripting
  • Python
  • SQL / Oracle SQL CLI
  • HTML / CSS / JS
  • Claude CLI / Gemini CLI

Domain Expertise

  • DICOM Security
  • RIS / PACS Systems
  • Medical Device Sec
  • HL7 Integration
  • Termux / Android Root
credentials

Education & Certifications

CEH — EC-Council
In Progress

Certified Ethical Hacker (CEH)

MAGES Institute of Excellence · 2025–Present

Corelan RF
Completed

Heap Masterclass — Exploit Development

Corelan × Redfacers · Jan 2026

Completed

Microsoft Certified Professional (MCP)

SQL Database Administration · Microsoft

Completed

MTA: Windows Server Administration

NICF · Microsoft

University of Cambridge
Completed

Higher Diploma in IT — Web Development

University of Cambridge · Major in Web Dev

Yangon University of Distance Education 🎓
Completed

Bachelor of Arts

Yangon University of Distance Education · English

get in touch

Contact