Ilia Tivin, Developer in Singapore, Singapore
Ilia is available for hire
Hire Ilia

Ilia Tivin

Verified Expert  in Engineering

Cybersecurity Expert and Developer

Location
Singapore, Singapore
Toptal Member Since
November 8, 2022

Ilia is a cybersecurity professional and a public speaker who has worked with clients in various domains such as government, defense, manufacturing, banking, and finance. He has designed secure, resilient, and adaptable architectures that stand the test of time. Ilia's broad background includes advising executive management on strategic security initiatives and how to progress them in the organization.

SecurityInformation SecuritySystem AdministrationSecurity ArchitectureSecurity Policies & ProceduresEndpoint SecurityCloudWeb SecurityCloud InfrastructureCloud SecurityCloud ArchitectureNISTGRCThreat AnalyticsCloudflareCOBITSoftware Asset Management (SAM)Data ProtectionCertified Information Systems Security Professional (CISSP)

Availability

Full-time

Preferred Environment

Windows, MacOS, Ubuntu, Threat Modeling, Secure Containers, Microsoft 365, Documentation, Security Advisory

The most amazing...

...result I've achieved during my career is training over 10,000 people in courses lasting from 45 minutes to five weeks.

Work Experience

Sessional Lecturer

2023 - PRESENT
James Cook University Australia
  • Worked as a lecturer for cybersecurity (risk management, IoT security, and advanced e-security).
  • Handled assessments, prepared course materials, and graded exams.
  • Received stellar feedback from students on how my lectures contributed to their interest in cybersecurity.
Technologies: Enterprise Cybersecurity, Internet of Things (IoT)

Managing Director

2021 - PRESENT
Locked Jar
  • Trained executive boards of companies with assets worth hundreds of billions.
  • Established new frameworks and processes for companies to manage their incident response and change management processes.
  • Helped secure funding for security departments in organizations based on devised strategies and stakeholder engagement efforts.
Technologies: Advisory, Business Management, Stakeholder Management, Security, Amazon Web Services (AWS), IT Security, Software Development Lifecycle (SDLC), Network Security, Threat Modeling, DevSecOps, NIST, Information Security, IT Audits, Risk Management, Cybersecurity, ICT Training, Cloud Security, CISSP, Single Sign-on (SSO), CISM, SOC 2, HIPAA Compliance, CISO, Regulations, International Data Privacy Regulations, DevOps, Security Policies & Procedures, Technical Writing, IT Management, Vulnerability Assessment, PCI, Business Services, Google Workspace, Gmail, VPN, AWS DevOps, Amazon S3 (AWS S3), CI/CD Pipelines, Asset Management, Graylog, ISO 27002, ISO 27001, Compliance, Azure DevOps, Azure, Database Security, Cloudflare, Linux, Request for Proposal (RFP), SAML, System-on-a-Chip (SoC), People Management, Google Cloud Platform (GCP), Kubernetes, Secure Containers, Container Orchestration, Threat Analytics, Incident Management, Monitoring, Audits, Leadership, Azure Network Security Groups, Microsoft 365, GRC, Security Audits, Group Policy, Data Protection, Governance, Data Governance, SharePoint, CrowdStrike, Critical Security Controls (CIS Controls), Security Design, Azure Active Directory, Lecturing, Learning, E-learning, AWS Certified Cloud Practitioner, System Administration, Blockchain, Crypto, Documentation, Risk Modeling, Risk Analysis, OWASP Top 10, SaaS Security, Security Advisory, Managed Security Service Providers (MSSP), Cloud, Managed Services, Infrastructure

Customer Success Manager

2019 - 2021
Cisco
  • Founded and led an internal cybersecurity and toastmasters community in the organization.
  • Formed, interviewed, and established a new security success management team for the region.
  • Created content and delivered weekly webinars for customers in the region to support global customer success teams.
Technologies: Cisco, Firewalls, Duo, Cisco Umbrella, Cloud Computing, Security, Amazon Web Services (AWS), IT Security, Network Security, Threat Modeling, DevSecOps, Information Security, Risk Management, Cybersecurity, ICT Training, Cloud Security, CISSP, Single Sign-on (SSO), CISO, Regulations, International Data Privacy Regulations, DevOps, Security Policies & Procedures, Technical Writing, IT Management, Business Services, Gmail, VPN, AWS DevOps, Amazon S3 (AWS S3), Asset Management, Azure DevOps, Azure, Linux, SAML, People Management, Secure Containers, Container Orchestration, Threat Analytics, Intrusion Detection Systems (IDS), Endpoint Security, Leadership, Microsoft 365, GRC, Security Audits, Group Policy, Data Protection, Governance, Data Governance, SharePoint, Critical Security Controls (CIS Controls), Security Design, Azure Active Directory, E-learning, System Administration, SOC 2, Documentation, OWASP Top 10, Security Advisory, Cloud, Infrastructure

Center of Excellence Hybrid Cloud Security Architect

2017 - 2019
Hewlett Packard Enterprise
  • Designed multi-service and product architectures for governments, financial institutions, manufacturing companies, and others.
  • Served as the point of contact for company security product vendors in the Asia-Pacific region.
  • Managed an internal cybersecurity community of over 1,000 members across Asia and organized biweekly internal newsletters and learning sessions.
Technologies: Security Architecture, Stakeholder Management, Stakeholder Engagement, Vendor Management, Security, Amazon Web Services (AWS), IT Security, Software Development Lifecycle (SDLC), Network Security, Threat Modeling, NIST, Information Security, IT Audits, Risk Management, Cybersecurity, ICT Training, Cloud Security, CISSP, Single Sign-on (SSO), CISO, Regulations, International Data Privacy Regulations, Security Policies & Procedures, Technical Writing, IT Management, PCI, Business Services, VPN, Amazon S3 (AWS S3), ISO 27002, ISO 27001, Compliance, Database Security, Linux, Request for Proposal (RFP), SAML, System-on-a-Chip (SoC), People Management, Secure Containers, Container Orchestration, Intrusion Detection Systems (IDS), Endpoint Security, Incident Management, Monitoring, Audits, GRC, Group Policy, Data Protection, Governance, Data Governance, SharePoint, Critical Security Controls (CIS Controls), Security Design, Lecturing, Learning, E-learning, AWS Certified Cloud Practitioner, System Administration, SOC 2, Documentation, Risk Modeling, Risk Analysis, OWASP Top 10, SaaS Security, Security Advisory, Managed Security Service Providers (MSSP), Cloud, Managed Services, Infrastructure

Business Development Manager

2014 - 2017
Hewlett Packard Enterprise
  • Grew the security services business in Asia-Pacific and Japan (APJ) by 30% year over year.
  • Trained security teams across Asia on new trends, security services, and stakeholder management.
  • Devised successful multi-year sales and service strategies for the Asia-Pacific region.
Technologies: Software Testing, Web Security, Application Security, Encryption, Business, Sales, Stakeholder Management, Business Development, New Business Development, Security, Amazon Web Services (AWS), IT Security, Software Development Lifecycle (SDLC), Network Security, Threat Modeling, NIST, Information Security, Risk Management, Cybersecurity, ICT Training, Cloud Security, CISSP, Single Sign-on (SSO), Regulations, International Data Privacy Regulations, Security Policies & Procedures, Technical Writing, Business Services, VPN, Amazon S3 (AWS S3), ISO 27002, ISO 27001, Compliance, Database Security, Linux, Request for Proposal (RFP), SAML, System-on-a-Chip (SoC), Endpoint Security, Incident Management, Monitoring, Leadership, GRC, Group Policy, Data Protection, Data Governance, SharePoint, Critical Security Controls (CIS Controls), Security Design, Lecturing, Learning, E-learning, System Administration, SOC 2, Documentation, Risk Modeling, OWASP Top 10, Security Advisory, Managed Security Service Providers (MSSP), Cloud, Managed Services, Infrastructure

Senior Security Consultant

2012 - 2014
HP Inc
  • Designed and implemented solution architectures for projects worth tens of millions of dollars.
  • Supported dozens of clients across the Asia-Pacific region on their security projects.
  • Innovated the implementation of security monitoring and use cases for financial fraud and money laundering.
Technologies: SIEM, Encryption, Symantec, ArcSight, Web Security, Advisory, IT Project Management, Security, Amazon Web Services (AWS), IT Security, Software Development Lifecycle (SDLC), Network Security, Threat Modeling, NIST, Information Security, IT Audits, Risk Management, Cybersecurity, ICT Training, Cloud Security, CISSP, Regulations, International Data Privacy Regulations, Security Policies & Procedures, Technical Writing, Vulnerability Assessment, PCI, ISO 27002, ISO 27001, Compliance, Database Security, Linux, Request for Proposal (RFP), System-on-a-Chip (SoC), Threat Analytics, Intrusion Detection Systems (IDS), Endpoint Security, Incident Management, Monitoring, Audits, Leadership, GRC, Security Audits, Data Protection, Data Governance, Critical Security Controls (CIS Controls), Security Design, Lecturing, Learning, E-learning, System Administration, Documentation, Risk Modeling, Risk Analysis, SaaS Security, Security Advisory, Managed Security Service Providers (MSSP), Cloud, Managed Services, Infrastructure

Security Consultant

2010 - 2012
Self-employed
  • Managed large banking security projects and trained internal teams to analyze and respond to incidents.
  • Served as a trainer for Symantec security products in the Middle East.
  • Oversaw and managed the implementation of projects with an estimated worth of tens of millions of dollars.
Technologies: ArcSight, Symantec, Symantec Brightmail, Data Loss Prevention (DLP), IT Project Management, ICT Training, Security, IT Security, Network Security, Threat Modeling, NIST, Information Security, IT Audits, Cybersecurity, CISSP, Security Policies & Procedures, Technical Writing, Vulnerability Assessment, Gmail, Compliance, Database Security, Linux, System-on-a-Chip (SoC), Endpoint Security, Monitoring, Audits, GRC, Security Audits, Data Protection, Data Governance, Security Design, Lecturing, Learning, System Administration, SOC 2, Documentation, Risk Modeling, Security Advisory, Infrastructure

Senior Cybersecurity Consultant

2008 - 2010
We!
  • Managed a dozen clients and their deployments in different industries concurrently.
  • Innovated deployment of projects that vendors passed on as being too complex.
  • Oversaw sales cycles from the initial inquiry stage to the board presentations, justifications, and purchasing.
Technologies: SIEM, ArcSight, Databases, Security Architecture, Log Management, Security, IT Security, Network Security, Threat Modeling, NIST, Information Security, IT Audits, Cybersecurity, ICT Training, CISSP, Security Policies & Procedures, Technical Writing, Vulnerability Assessment, Compliance, Database Security, Linux, System-on-a-Chip (SoC), People Management, Intrusion Detection Systems (IDS), Monitoring, Audits, Data Protection, Data Governance, Security Design, System Administration, SOC 2, Documentation, Risk Modeling, Security Advisory, Managed Services, Infrastructure

Virufy Secure Architecture

http://www.virufy.org
Virufy is a healthcare startup focused on identifying COVID-19 through cough samples that are analyzed using machine learning.

I designed the cloud architecture of Virufy to account for the solution's security, governance, and agile development. Furthermore, I was in charge of additional support in the form of compliance mapping, grant applications, testing of the other vendors' solutions, implementation, and management.

Critical Information Infrastructure Risk and Threat Modeling

I was hired by a top-tier broadcasting corporation to carry out a thorough threat modeling, risk evaluation, and review of pertinent materials, asset logs, and past assessments. The intention was to offer consultation services concerning crucial information infrastructure to assist the firm in pinpointing and reducing potential cyber risks.

The process commenced with an assessment of the corporation's existing methods and procedures, employing surveys and exploratory workshops to detect any deficiencies in its operations. I meticulously scrutinized the company's IT structure, including its networks, systems, and applications, to locate any weak points susceptible to cybercriminal exploits.

Using updated threat modeling methods, I managed to spot potential areas of attack and rank the risks, considering their probability and potential impact. I also checked the company's asset registers and earlier assessments to ensure critical assets were handled.

Based on what I found, I prepared a straightforward report for the company. It listed the risks and weak points we had identified, and I suggested some possible ways to lessen these issues.

Tabletop Exercises for the Board and Rewrite of Incident Response Procedures

I thoroughly reviewed a large investment holding company's incident response and business continuity procedures. The task began with studying relevant documents and organizing stakeholder workshops to understand their concerns.

Utilizing the knowledge of a specialized team, we examined past incident reports, existing procedures, and industry standards. This data informed our stakeholder workshops and guided our process.

Finally, I crafted a comprehensive security plan addressing the identified gaps, which was later presented to the company's board. They decided to significantly increase their security investments in the upcoming years, aiming to bolster their incident response and business continuity procedures. This work was a step toward enhancing the company's asset protection and reputation.
Image of Ask a Cybersecurity Engineer: Trending Questions About AI in Cybersecurity publication
Publication

Ask a Cybersecurity Engineer: Trending Questions About AI in Cybersecurity

https://www.toptal.com/cybersecurity/questions-about-ai-cybersecurity
2019 - 2021

Master's Degree in Management Studies

University College Dublin - Singapore

2017 - 2019

Bachelor's Degree in Information Management

University College Dublin - Singapore

2001 - 2004

Technical Diploma in Electronics, Micro-computers, and Software Engineering

ORT Israel - Arad, Israel

SEPTEMBER 2023 - PRESENT

Certified Information Security Manager (CISM)

ISACA

NOVEMBER 2022 - PRESENT

Certified Information Systems Security Architecture Professional (CISSP-ISSAP)

ISC2

APRIL 2022 - PRESENT

ITIL 4 Strategist: Direct, Plan, and Improve

Axelos

FEBRUARY 2021 - PRESENT

Information Systems Security Management Professional (CISSP-ISSMP)

ISC2

FEBRUARY 2017 - PRESENT

Certificate of Cloud Security Knowledge v.4

Cloud Security Alliance

SEPTEMBER 2016 - PRESENT

Certified Cloud Security Professional (CCSP)

ISC2

AUGUST 2010 - PRESENT

Certified Information Systems Security Professional (CISSP)

ISC2

Tools

ArcSight, VPN, Symantec Brightmail, Cisco Umbrella, Graylog, Azure Network Security Groups

Industry Expertise

Cybersecurity, E-learning, Security Advisory, Network Security

Other

Management Information, Security Management, Information Security Management Systems (ISMS), Incident Response, Security Assessment, Security Engineering, Web Security, Cloud, Cloud Infrastructure, Cloud Computing, Disaster Recovery Plans (DRP), Business Continuity Planning (BCP), Business Continuity & Disaster Recovery (BCDR), Virtualization, Risk Assessment, Strategic Planning, SIEM, Security Architecture, Log Management, ICT Training, Advisory, Compliance, Security, IT Security, Threat Modeling, NIST, Information Security, IT Audits, Certified Information Systems Security Professional, Risk Management, Architecture, Cloud Security, CISSP, CISM, SOC 2, CISO, Security Policies & Procedures, Technical Writing, Business Services, ISO 27002, ISO 27001, Cloudflare, System-on-a-Chip (SoC), Cloud Architecture, Threat Analytics, Endpoint Security, Incident Management, Monitoring, Audits, Microsoft 365, GRC, Security Audits, Critical Security Controls (CIS Controls), Lecturing, Security Design, Learning, AWS Certified Cloud Practitioner, System Administration, Documentation, Risk Modeling, Risk Analysis, Managed Security Service Providers (MSSP), Managed Services, Infrastructure, IT Project Management, Identity & Access Management (IAM), Application Security, Containers, Enterprise Architecture, System Development, Sustainable Business Management, SLA Management, Operating Models, IT Governance, Stakeholder Management, Capacity Planning, Data Loss Prevention (DLP), Encryption, Business, Sales, Business Development, New Business Development, Stakeholder Engagement, Vendor Management, Cisco, Firewalls, GDPR, Software Development Lifecycle (SDLC), SecOps, Single Sign-on (SSO), Regulations, International Data Privacy Regulations, IT Management, Vulnerability Assessment, Google Workspace, Gmail, Asset Management, Systems, Assets, Request for Proposal (RFP), People Management, Intrusion Detection Systems (IDS), Leadership, Data Protection, Governance, Data Governance, CompTIA, SaaS Security, Business Management, Research, Finance, Change Leadership, Organizational Change Management (OCM), IoT Security, Leadership Development, Knowledge Management, Culture Development, Electronics, Software Engineering, Microcomputers, Shell Scripting, Symantec, COPPA, Operations, PCI, AWS DevOps, CI/CD Pipelines, OWASP, SCIM, Crisis Management, Communication, Business Continuity, Secure Containers, Container Orchestration, Group Policy, CrowdStrike, Higher Education, Crypto, OWASP Top 10, Enterprise Cybersecurity, Internet of Things (IoT)

Paradigms

Management, DevSecOps, DevOps, Software Testing, HIPAA Compliance, Azure DevOps

Platforms

Windows, MacOS, Ubuntu, AWS Cloud Computing Services, Amazon Web Services (AWS), Azure, SharePoint, Duo, Linux, Google Cloud Platform (GCP), Kubernetes, Blockchain

Storage

Database Security, Azure Active Directory, Contabo, Databases, Amazon S3 (AWS S3)

Languages

Assembly, SAML

Frameworks

COBIT

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring