Ilia Tivin, Developer in Singapore, Singapore
Ilia is available for hire
Hire Ilia

Ilia Tivin

Verified Expert  in Engineering

Cybersecurity Expert and Developer

Singapore, Singapore

Toptal member since November 8, 2022

Bio

Ilia is a cybersecurity professional and a public speaker who has worked with clients in various domains such as government, defense, manufacturing, banking, and finance. He has designed secure, resilient, and adaptable architectures that stand the test of time. Ilia's broad background includes advising executive management on strategic security initiatives and how to progress them in the organization.

Portfolio

James Cook University Australia
Enterprise Cybersecurity, Artificial Intelligence, Active Directory (AD)...
Locked Jar
Advisory, Business Management, Stakeholder Management, Security, AWS...
Cisco
Cisco, System Security, Duo, Cisco Umbrella, Cloud Computing, Security, AWS...

Experience

Availability

Full-time

Preferred Environment

Windows, MacOS, Ubuntu, Threat Modeling, Secure Containers, Microsoft 365, Documentation, Security Advisory

The most amazing...

...result I've achieved during my career is training over 10,000 people in courses lasting from 45 minutes to five weeks.

Work Experience

Sessional Lecturer

2023 - PRESENT
James Cook University Australia
  • Worked as a lecturer for cybersecurity (risk management, IoT security, and advanced e-security).
  • Handled assessments, prepared course materials, and graded exams.
  • Received stellar feedback from students on how my lectures contributed to their interest in cybersecurity.
Technologies: Enterprise Cybersecurity, Artificial Intelligence, Active Directory (AD), Microsoft Development

Managing Director

2021 - PRESENT
Locked Jar
  • Trained executive boards of companies with assets worth hundreds of billions.
  • Established new frameworks and processes for companies to manage their incident response and change management processes.
  • Helped secure funding for security departments in organizations based on devised strategies and stakeholder engagement efforts.
Technologies: Advisory, Business Management, Stakeholder Management, Security, AWS, IT Security, Software Development Lifecycle (SDLC), System Security, Threat Modeling, DevSecOps, NIST, Information Security, IT Audits, Risk Management, Cybersecurity, ICT Training, Cloud Security, CISSP, SSO Engineering, CISM, SOC 2( Service Organization Control), HIPAA Compliance, CISO, Regulations, International Data Privacy Regulations, DevOps, System Security, Technical Writing, IT Management, Vulnerability Assessment, PCI, Business Services, Google Workspace, Gmail, VPN, AWS DevOps, Amazon S3, CI/CD Pipelines, Asset Management, Graylog, ISO 27002, ISO 27001, Compliance, Azure DevOps, Azure, Database, Cloudflare, Linux, Request for Proposal (RFP), SAML, System-on-a-Chip (SoC), People Management, Cloud Engineering, Kubernetes, Secure Containers, Container Orchestration, System Security, Incident Management, Monitoring, Audits, Leadership, Azure Network Security Groups, Microsoft 365, GRC, Security Audits, Group Policy, Data Protection, Governance, Data Science, SharePoint Design, CrowdStrike, Critical Security Controls (CIS Controls), Security Design, Azure, Lecturing, Learning, eLearning Design, AWS Certified Cloud Practitioner, System Administration, Blockchain, Crypto, Documentation, Risk Modeling, Risk Analysis, OWASP Top 10, SaaS Security, Security Advisory, Managed Security Service Providers (MSSP), Cloud Engineering, Managed Services, Infrastructure, Active Directory (AD), Microsoft Development

Customer Success Manager

2019 - 2021
Cisco
  • Founded and led an internal cybersecurity and toastmasters community in the organization.
  • Formed, interviewed, and established a new security success management team for the region.
  • Created content and delivered weekly webinars for customers in the region to support global customer success teams.
Technologies: Cisco, System Security, Duo, Cisco Umbrella, Cloud Computing, Security, AWS, IT Security, System Security, Threat Modeling, DevSecOps, Information Security, Risk Management, Cybersecurity, ICT Training, Cloud Security, CISSP, SSO Engineering, CISO, Regulations, International Data Privacy Regulations, DevOps, System Security, Technical Writing, IT Management, Business Services, Gmail, VPN, AWS DevOps, Amazon S3, Asset Management, Azure DevOps, Azure, Linux, SAML, People Management, Secure Containers, Container Orchestration, System Security, Intrusion Detection Systems (IDS), System Security, Leadership, Microsoft 365, GRC, Security Audits, Group Policy, Data Protection, Governance, Data Science, SharePoint Design, Critical Security Controls (CIS Controls), Security Design, Azure, eLearning Design, System Administration, SOC 2( Service Organization Control), Documentation, OWASP Top 10, Security Advisory, Cloud Engineering, Infrastructure, Microsoft Development

Center of Excellence Hybrid Cloud Security Architect

2017 - 2019
Hewlett Packard Enterprise
  • Designed multi-service and product architectures for governments, financial institutions, manufacturing companies, and others.
  • Served as the point of contact for company security product vendors in the Asia-Pacific region.
  • Managed an internal cybersecurity community of over 1,000 members across Asia and organized biweekly internal newsletters and learning sessions.
Technologies: Security Architecture, Stakeholder Management, Stakeholder Engagement, Vendor Management, Security, AWS, IT Security, Software Development Lifecycle (SDLC), System Security, Threat Modeling, NIST, Information Security, IT Audits, Risk Management, Cybersecurity, ICT Training, Cloud Security, CISSP, SSO Engineering, CISO, Regulations, International Data Privacy Regulations, System Security, Technical Writing, IT Management, PCI, Business Services, VPN, Amazon S3, ISO 27002, ISO 27001, Compliance, Database, Linux, Request for Proposal (RFP), SAML, System-on-a-Chip (SoC), People Management, Secure Containers, Container Orchestration, Intrusion Detection Systems (IDS), System Security, Incident Management, Monitoring, Audits, GRC, Group Policy, Data Protection, Governance, Data Science, SharePoint Design, Critical Security Controls (CIS Controls), Security Design, Lecturing, Learning, eLearning Design, AWS Certified Cloud Practitioner, System Administration, SOC 2( Service Organization Control), Documentation, Risk Modeling, Risk Analysis, OWASP Top 10, SaaS Security, Security Advisory, Managed Security Service Providers (MSSP), Cloud Engineering, Managed Services, Infrastructure, Microsoft Development

Business Development Manager

2014 - 2017
Hewlett Packard Enterprise
  • Grew the security services business in Asia-Pacific and Japan (APJ) by 30% year over year.
  • Trained security teams across Asia on new trends, security services, and stakeholder management.
  • Devised successful multi-year sales and service strategies for the Asia-Pacific region.
Technologies: Software Testing, System Security, Application Security, Encryption, Business, Sales, Stakeholder Management, Business Development, New Business Development, Security, AWS, IT Security, Software Development Lifecycle (SDLC), System Security, Threat Modeling, NIST, Information Security, Risk Management, Cybersecurity, ICT Training, Cloud Security, CISSP, SSO Engineering, Regulations, International Data Privacy Regulations, System Security, Technical Writing, Business Services, VPN, Amazon S3, ISO 27002, ISO 27001, Compliance, Database, Linux, Request for Proposal (RFP), SAML, System-on-a-Chip (SoC), System Security, Incident Management, Monitoring, Leadership, GRC, Group Policy, Data Protection, Data Science, SharePoint Design, Critical Security Controls (CIS Controls), Security Design, Lecturing, Learning, eLearning Design, System Administration, SOC 2( Service Organization Control), Documentation, Risk Modeling, OWASP Top 10, Security Advisory, Managed Security Service Providers (MSSP), Cloud Engineering, Managed Services, Infrastructure

Senior Security Consultant

2012 - 2014
HP Inc
  • Designed and implemented solution architectures for projects worth tens of millions of dollars.
  • Supported dozens of clients across the Asia-Pacific region on their security projects.
  • Innovated the implementation of security monitoring and use cases for financial fraud and money laundering.
Technologies: SIEM, Encryption, Symantec, System Security, System Security, Advisory, IT Project Management, Security, AWS, IT Security, Software Development Lifecycle (SDLC), System Security, Threat Modeling, NIST, Information Security, IT Audits, Risk Management, Cybersecurity, ICT Training, Cloud Security, CISSP, Regulations, International Data Privacy Regulations, System Security, Technical Writing, Vulnerability Assessment, PCI, ISO 27002, ISO 27001, Compliance, Database, Linux, Request for Proposal (RFP), System-on-a-Chip (SoC), System Security, Intrusion Detection Systems (IDS), System Security, Incident Management, Monitoring, Audits, Leadership, GRC, Security Audits, Data Protection, Data Science, Critical Security Controls (CIS Controls), Security Design, Lecturing, Learning, eLearning Design, System Administration, Documentation, Risk Modeling, Risk Analysis, SaaS Security, Security Advisory, Managed Security Service Providers (MSSP), Cloud Engineering, Managed Services, Infrastructure

Security Consultant

2010 - 2012
Self-employed
  • Managed large banking security projects and trained internal teams to analyze and respond to incidents.
  • Served as a trainer for Symantec security products in the Middle East.
  • Oversaw and managed the implementation of projects with an estimated worth of tens of millions of dollars.
Technologies: System Security, Symantec, Symantec Brightmail, Data Loss Prevention (DLP), IT Project Management, ICT Training, Security, IT Security, System Security, Threat Modeling, NIST, Information Security, IT Audits, Cybersecurity, CISSP, System Security, Technical Writing, Vulnerability Assessment, Gmail, Compliance, Database, Linux, System-on-a-Chip (SoC), System Security, Monitoring, Audits, GRC, Security Audits, Data Protection, Data Science, Security Design, Lecturing, Learning, System Administration, SOC 2( Service Organization Control), Documentation, Risk Modeling, Security Advisory, Infrastructure

Senior Cybersecurity Consultant

2008 - 2010
We!
  • Managed a dozen clients and their deployments in different industries concurrently.
  • Innovated deployment of projects that vendors passed on as being too complex.
  • Oversaw sales cycles from the initial inquiry stage to the board presentations, justifications, and purchasing.
Technologies: SIEM, System Security, Database, Security Architecture, Log Management, Security, IT Security, System Security, Threat Modeling, NIST, Information Security, IT Audits, Cybersecurity, ICT Training, CISSP, System Security, Technical Writing, Vulnerability Assessment, Compliance, Database, Linux, System-on-a-Chip (SoC), People Management, Intrusion Detection Systems (IDS), Monitoring, Audits, Data Protection, Data Science, Security Design, System Administration, SOC 2( Service Organization Control), Documentation, Risk Modeling, Security Advisory, Managed Services, Infrastructure

Virufy Secure Architecture

http://www.virufy.org
Virufy is a healthcare startup focused on identifying COVID-19 through cough samples that are analyzed using machine learning.

I designed the cloud architecture of Virufy to account for the solution's security, governance, and agile development. Furthermore, I was in charge of additional support in the form of compliance mapping, grant applications, testing of the other vendors' solutions, implementation, and management.

Critical Information Infrastructure Risk and Threat Modeling

I was hired by a top-tier broadcasting corporation to carry out a thorough threat modeling, risk evaluation, and review of pertinent materials, asset logs, and past assessments. The intention was to offer consultation services concerning crucial information infrastructure to assist the firm in pinpointing and reducing potential cyber risks.

The process commenced with an assessment of the corporation's existing methods and procedures, employing surveys and exploratory workshops to detect any deficiencies in its operations. I meticulously scrutinized the company's IT structure, including its networks, systems, and applications, to locate any weak points susceptible to cybercriminal exploits.

Using updated threat modeling methods, I managed to spot potential areas of attack and rank the risks, considering their probability and potential impact. I also checked the company's asset registers and earlier assessments to ensure critical assets were handled.

Based on what I found, I prepared a straightforward report for the company. It listed the risks and weak points we had identified, and I suggested some possible ways to lessen these issues.

Tabletop Exercises for the Board and Rewrite of Incident Response Procedures

I thoroughly reviewed a large investment holding company's incident response and business continuity procedures. The task began with studying relevant documents and organizing stakeholder workshops to understand their concerns.

Utilizing the knowledge of a specialized team, we examined past incident reports, existing procedures, and industry standards. This data informed our stakeholder workshops and guided our process.

Finally, I crafted a comprehensive security plan addressing the identified gaps, which was later presented to the company's board. They decided to significantly increase their security investments in the upcoming years, aiming to bolster their incident response and business continuity procedures. This work was a step toward enhancing the company's asset protection and reputation.
2019 - 2021

Master's Degree in Management Studies

University College Dublin - Singapore

2017 - 2019

Bachelor's Degree in Information Management

University College Dublin - Singapore

2001 - 2004

Technical Diploma in Electronics, Micro-computers, and Software Engineering

ORT Israel - Arad, Israel

SEPTEMBER 2023 - PRESENT

Certified Information Security Manager (CISM)

ISACA

NOVEMBER 2022 - PRESENT

Certified Information Systems Security Architecture Professional (CISSP-ISSAP)

ISC2

APRIL 2022 - PRESENT

ITIL 4 Strategist: Direct, Plan, and Improve

Axelos

FEBRUARY 2021 - PRESENT

Information Systems Security Management Professional (CISSP-ISSMP)

ISC2

FEBRUARY 2017 - PRESENT

Certificate of Cloud Security Knowledge v.4

Cloud Security Alliance

SEPTEMBER 2016 - PRESENT

Certified Cloud Security Professional (CCSP)

ISC2

AUGUST 2010 - PRESENT

Certified Information Systems Security Professional (CISSP)

ISC2

Tools

System Security, VPN, Google Workspace, Symantec Brightmail, Cisco Umbrella, Graylog, Azure Network Security Groups

Industry Expertise

Cybersecurity, eLearning Design, Security Advisory, System Security

Paradigms

Management, DevSecOps, DevOps, Software Testing, HIPAA Compliance, Azure DevOps

Platforms

Windows Development, MacOS, Ubuntu, AWS, AWS, Azure, SharePoint Design, Microsoft Development, Duo, Linux, Cloud Engineering, Kubernetes, CrowdStrike, Blockchain

Storage

Database, Azure, Contabo, Database, Amazon S3

Languages

Assembly, SAML

Frameworks

COBIT

Other

Management Information, Security Management, Information Security Management Systems (ISMS), Incident Response, Security Assessment, Security Engineering, System Security, Cloud Engineering, Cloud Infrastructure, Cloud Computing, Disaster Recovery Plans (DRP), Business Continuity Planning (BCP), Business Continuity & Disaster Recovery (BCDR), Virtualization, Risk Assessment, Strategic Planning, SIEM, Security Architecture, Log Management, ICT Training, Advisory, Compliance, Security, IT Security, Threat Modeling, NIST, Information Security, IT Audits, Certified Information Systems Security Professional, Risk Management, Architecture, Cloud Security, CISSP, CISM, SOC 2( Service Organization Control), CISO, System Security, Technical Writing, Business Services, ISO 27002, ISO 27001, Cloudflare, System-on-a-Chip (SoC), Cloud Architecture, System Security, System Security, Incident Management, Monitoring, Audits, Microsoft 365, GRC, Security Audits, Critical Security Controls (CIS Controls), Lecturing, Security Design, Learning, AWS Certified Cloud Practitioner, System Administration, Documentation, Risk Modeling, Risk Analysis, Managed Security Service Providers (MSSP), Managed Services, Infrastructure, IT Project Management, Identity & Access Management (IAM), Application Security, Containers, Enterprise Architecture, System Development, Sustainable Business Management, SLA Management, Operating Models, IT Governance, Stakeholder Management, Capacity Planning, Data Loss Prevention (DLP), Encryption, Business, Sales, Business Development, New Business Development, Stakeholder Engagement, Vendor Management, Cisco, System Security, GDPR, Software Development Lifecycle (SDLC), SecOps, SSO Engineering, Regulations, International Data Privacy Regulations, IT Management, Vulnerability Assessment, Gmail, Asset Management, Systems, Assets, Request for Proposal (RFP), People Management, Intrusion Detection Systems (IDS), Leadership, Data Protection, Governance, Data Science, CompTIA, SaaS Security, Business Management, Research, Finance, Change Leadership, Organizational Change Management (OCM), System Security, Leadership Development, Knowledge Management, Culture Development, Electronics, Software Engineering, Microcomputers, Shell Scripting, Symantec, COPPA, Operations, PCI, AWS DevOps, CI/CD Pipelines, OWASP, SCIM, Crisis Management, Communication Coaching, Business Continuity, Secure Containers, Container Orchestration, Group Policy, Higher Education, Crypto, OWASP Top 10, Enterprise Cybersecurity, Artificial Intelligence, Active Directory (AD)

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring