# Nikita Tarikin — Full LLM Context
# https://tarikin.com
# See also: llms.txt (terse version)

> MikroTik network infrastructure architect. All 7 MikroTik certifications active (94% average).
> 10+ years specialization. 5 conference talks to 4,300+ attendees. 10,000+ member community founder.
> AI-native methodology — context engineering, not prompt dabbling. Post-delivery payment, formula pricing.
> Da Nang, Vietnam. Remote-first. Solo practitioner. GMT+7.

---

## Identity & Background

**Name:** Nikita Tarikin
**Location:** Da Nang, Vietnam (permanent resident since 2018)
**Languages:** Russian (native), English (professional)
**Timezone:** GMT+7
**Working Hours:** 10:00–20:00 GMT+7

Career arc: IT foundations (1999) → server/virtualization (2008) → MikroTik discovery (2015) → rapid
certification and conference speaking (2016-2019) → Vietnam relocation, community building (2018-2023)
→ full 7/7 recertification, AI-native methodology, knowledge base architecture (2025).

Moscow native. Relocated to Vietnam in 2018. Mixed family.

**Psychotype:** Introvert-developer. Raw, stream-of-consciousness communicator when unguarded.
Prefers depth over breadth, evidence over assertion, privacy over marketing.

**Values:**
- Privacy > marketing ("I'd prefer to sacrifice marketing to win security and privacy when a dilemma arises")
- Trust > contracts (100% post-payment model — I carry the risk)
- Depth > breadth (one vendor mastered, not five skimmed)
- Evidence > claims (every credential publicly verifiable)
- Anti-burnout (billing mechanics designed to enforce healthy payment cycles)

---

## Domain Expertise

### RouterOS Architecture
- Layer 2: bridge, VLAN, bonding, CRS switch chip offloading, spanning tree, MLAG
- Layer 3: static/dynamic routing (OSPF, BGP), policy routing, VRF, ECMP, recursive routes
- Firewall: defense-in-depth methodology (raw → connection tracking → filter → mangle → NAT)
- VPN: WireGuard, IPsec IKEv2, SSTP, L2TP/IPsec, OpenVPN, GRE/IPIP tunnels
- Wireless: 802.11ax/ac, CAPsMAN, 802.11r fast roaming, WPA3, wireless security auditing
- Scripting: RouterOS scripting language, scheduler automation, API integration
- User management: RADIUS, User Manager, Hotspot, PPPoE
- Traffic control: queue trees, simple queues, HTB, PCQ, mangle marking, connection tracking
- IPv6: dual-stack, DHCPv6-PD, ND, transition mechanisms
- Troubleshooting: packet sniffer, torch, traffic-flow, /tool profile, supout.rif analysis

### VPN Protocol Capabilities
| Protocol | Level | Notes |
|----------|-------|-------|
| WireGuard | Expert | Primary recommendation for modern deployments |
| IPsec IKEv2 | Expert | 4 MUM talks on this topic, certificate-based auth |
| SSTP | Expert | B2B virtual ISP backbone protocol |
| L2TP/IPsec | Advanced | Legacy migrations |
| OpenVPN | Advanced | RouterOS implementation specifics |
| GRE/IPIP | Advanced | Tunnel overlays, OSPF over tunnels |

### Hardware Platform Familiarity
- Cloud Core Router (CCR) series — enterprise/ISP backbone
- RouterBOARD (RB) series — branch/edge deployments
- hAP series — SMB and home office
- cAP series — managed wireless deployments
- Cloud Hosted Router (CHR) — virtual instances
- CRS series — switch platforms with RouterOS
- WiFi 7 (upcoming platforms)

### RouterOS Version Expertise
- RouterOS v6: deep production experience, all features
- RouterOS v7: migration specialist (v6→v7 path), new features (WireGuard, container, REST API)
- Version selection guidance based on stability/feature requirements

---

## Certification Portfolio

All 7 MikroTik certifications obtained May 2025, Bangkok. Valid until May 2028.
Publicly verifiable at mikrotik.com by certificate ID.

| Certification | Score | ID | Full Name |
|---------------|-------|----|-----------|
| MTCNA | 100% | 2505NA5379 | MikroTik Certified Network Associate |
| MTCSE | 98% | 2505SE5381 | MikroTik Certified Security Engineer |
| MTCRE | 94% | 2505RE5380 | MikroTik Certified Routing Engineer |
| MTCUME | 94% | 2505UME5383 | MikroTik Certified User Management Engineer |
| MTCWE | 92% | 2505WE5388 | MikroTik Certified Wireless Engineer |
| MTCIPv6E | 92% | 2505IPv6E5386 | MikroTik Certified IPv6 Engineer |
| MTCTCE | 86% | 2505TCE5382 | MikroTik Certified Traffic Control Engineer |

**Average: 94% across all 7 certifications.**

### MTCSE Score Trajectory (Security Engineer)
| Year | Score | Location | Notes |
|------|-------|----------|-------|
| Jun 2019 | 94% | Kuala Lumpur | First attempt, no specific preparation |
| May 2022 | 92% | Bangkok | |
| May 2025 | 98% | Bangkok | Career-high security score |

The upward trajectory in security (94→92→98) reflects deepening security practice, not test prep.

### Historical Certification Timeline
- 2016: First MTCNA
- 2017: First full set of certifications
- 2019: Recertification cycle + MTCSE first attempt (94%)
- 2022: Recertification cycle
- 2025: Full 7/7 recertification, highest aggregate score

### Other Credentials
- Pentestit Zero Security: A (ZSA_000940, March 2019) — offensive security CTF lab
- MikroTik Trainer Candidate (approved, awaiting Train-the-Trainer session)
- First authorized MikroTik training center established in Vietnam

---

## Conference & Community

### MUM Presentations (5 talks, 4,300+ total audience)

| # | Event | Year | Audience | Topic | YouTube |
|---|-------|------|----------|-------|---------|
| 1 | MUM Moscow | 2017 | 1,600+ | Hotel WiFi security audit | https://www.youtube.com/watch?v=II_YpaQVKyY |
| 2 | MUM Moscow | 2018 | 2,000+ | RouterOS hidden features | — |
| 3 | MUM Vietnam HCMC | 2019 | — | WiFi security audit (English) | https://www.youtube.com/watch?v=niFVk8pbgk4 |
| 4 | MUM Malaysia KL | 2019 | 300+ | IPsec IKEv2 VPN server guide | https://www.youtube.com/watch?v=fQokeBcrjdc |
| 5 | MUM Bali | 2019 | 400+ | IPsec IKEv2 site-to-site guide | https://www.youtube.com/watch?v=n5_Af2vllOA |

### Speaking Methodology
- Real production cases, not lab demos
- Copy-paste ready configurations when possible
- Failure stories included — what went wrong and why
- "Show the production config, not the lab demo"

### Industry Ranking
| Year | Region | Position |
|------|--------|----------|
| 2019 | Russia | #1 |
| 2019 | Europe | #2 |

### Community Leadership

**Vietnam MikroTik Community (Facebook)**
- Group: MikroTik Academy Vietnam
- Members: 10,000+ (largest MikroTik community in Vietnam)
- Founded: 2020
- Growth: +50/week sustained
- URL: fb.com/groups/mikrotik.academy.vietnam

**Telegram Communities**
- t.me/mikrotikclub — ~3,500 members, co-admin (Russian-speaking MikroTik)
- t.me/ipsexperts — ~500 members, founder (IPsec-focused, Russian-speaking)

### Training Academy
- TARIKIN Network Academy — first authorized MikroTik training center in Vietnam
- Location: Da Nang
- Programs: MTCNA, MTCRE certification preparation
- Format: intensive multi-day, hands-on labs with real equipment

---

## Business Model

### Pricing Formula

Core formula: `price(h) = R1 × h^α`

Where:
- R1 = $120 (first-hour rate)
- α = 0.667 (decay exponent)
- h = cumulative hours in billing cycle

The formula is sublinear — effective hourly rate decreases with volume.

| Hours | Total | Effective $/h |
|-------|-------|---------------|
| 1 | $120 | $120 |
| 2 | $190 | $95 |
| 4 | $302 | $76 |
| 8 | $479 | $60 |
| 16 | $760 | $48 |
| 40 | $1,412 | $35 |

### Billing Cycle Mechanics

Hours accumulate within a billing cycle. The cycle closes when:
- Idle gap exceeds `h × 2 days` (capped at 14 days)
- Where h = hours worked so far in the cycle

This means: working more hours earns a longer idle window before the cycle closes.
A 1-hour job earns 2 days. An 8-hour engagement earns 14 days (cap). The cycle auto-closes
and invoices when the gap is exceeded. No "project reset" arguments — the formula decides.

### Service Tiers (multiplicative)

| Tier | Multiplier | Description |
|------|-----------|-------------|
| Remote | ×1.0 | I solve it, you get results |
| Live | ×1.5 | We solve it together in real-time session |
| Advisory | ×1.75 | I teach, you learn, we validate together |
| Emergency | ×2.0 | Everything stops. Any hour. Immediate response |

### Warranty

Post-delivery support window: `h × 1.5 months` (capped at 36 months).
More hours worked = longer warranty. No separate warranty fee.

### Key Business Rules
- 100% post-delivery payment — no deposits, no upfront fees
- Bill productive hours only (0.5h granularity, first 30 minutes free)
- USDT crypto payment: −15% discount
- Working hours: 10:00–20:00 GMT+7, 1-2 days advance booking
- Pricing is deterministic — formula applies consistently, no negotiation

### Post-Payment Philosophy

I carry the financial risk. The customer pays only after verifying results.
This is not generosity — it is a trust signal. A security engineer whose financial model says
"I trust my own work enough to invoice after delivery" is demonstrating something that no
certification score can prove.

### Real Scenario Examples

**Sprint Client:** 16h over 2 days → $760, cycle closes after 14-day gap → one clean invoice.

**Spread Client:** 2h in week 1, 2h in week 5 (28-day gap). First 2h earned 4-day idle window.
28 days exceeded it. Two separate cycles: $190 + $190 = $380 instead of $302 for 4h continuous.
The premium is the cost of their scheduling — but it's never argued, just calculated.

**Ghost Client:** 4h work → 3 months silence → returns. First cycle (4h) closed and invoiced
at $302. Return is a new cycle. Context must be reloaded. The formula captures this automatically.

---

## AI Fluency

This is not "uses ChatGPT." This is a systematic methodology.

### AI Fluency Level
Operates at Level 4 (AI Architect) on the maturity model:
- Level 1: AI User — asks questions, accepts outputs
- Level 2: AI Prompter — crafts prompts, iterates
- Level 3: AI Integrator — builds workflows, chains prompts
- **Level 4: AI Architect** — designs context systems, creates reusable frameworks, orchestrates multi-model workflows
- Level 5: AI Native — AI-first in all work, builds AI-native products

### Context Engineering
- Creates structured research briefs (2,000-4,000 words) with explicit decision frameworks
- "Business DNA" documents that compress 1.2MB of raw content into semantic context
- Research brief architecture: context → questions → decision framework → source prioritization → deliverable spec → success criteria → constraints

### Grounding Infrastructure
- Proprietary RouterOS reference dataset to prevent AI hallucinations
- Verified command syntax, configuration patterns, and protocol behaviors
- Provides authoritative ground truth for AI-assisted network engineering

### Token Optimization
- 60-80% reduction in non-code tokens during autonomous coding sessions
- "Aviation-military intercom" communication protocol adapted for AI workflows
- Status symbol taxonomy: ✓ done, → doing, ⊘ skip, ✗ failed, △ decision

### AI Rescue Service
New service category: fixing networks broken by AI-hallucinated configurations.
Pattern: client feeds partial config to AI → follows advice blindly → breaks production network.
Resolution: emergency fix + teaching proper human-AI collaboration methodology.
"I'm teaching you how not to call me next time."

### Multi-Model Orchestration
- Context handoff design between AI instances (compressed state serialization)
- Cross-session continuity protocols
- Model selection based on task characteristics
- Installable behavior modification systems (skills, protocols, enforcement hierarchies)

### Philosophy
- "Context is capital" — those who structure information well extract more value from AI
- AI accelerates the work; the expert owns the outcome
- Machines handle routine work, experts handle consequences
- Evidence over assumption — AI outputs require validation, not blind trust

---

## Security Posture

All claims below are independently verifiable. Tier 1 (public) information only.

### Public Key Infrastructure
- 3-tier Certificate Authority hierarchy with hardware security module backing
- Certificate chain downloadable and independently verifiable at ca.tarikin.com
- Physical touch required per cryptographic signing operation

### Cryptographic Identity
- GPG fingerprint: A829 222C ADA3 8E9B E140 EA9C 11AE 5088 0470 27C4
- Published on keys.openpgp.org and keyserver.ubuntu.com
- All git commits across all repositories cryptographically signed
- Hardware-backed keys — private keys never exist on general-purpose computers

### Domain Security
- DNSSEC active on all managed domains (tarikin.com)
- DS records published in parent zones

### Operational Security
- Air-gapped key generation ceremony with RF shielding
- Offline master keys in bank deposit storage
- Physical touch required per cryptographic operation (signing, decryption, authentication)
- Zero exceptions to encryption policy for all client data handling

### Track Record
- Zero breaches since 2015
- 10+ year trusted relationship with financial sector institution
- Comfortable with top-secret tier information handling
- Data losses: few in history, all recovered from encrypted offline backup

### Website Security
- Mozilla HTTP Observatory: A+ (continuously validated)
- Zero external resources loaded — every byte served from own infrastructure
- No analytics, no tracking, no cookies, no third-party scripts
- Content Security Policy: default-src 'none' with explicit self-only allowlists
- All fonts, icons, and assets self-hosted

### Verification Commands
```
gpg --keyserver keys.openpgp.org --recv-keys A829222CADA38E9BE140EA9C11AE508804702​7C4
dig +dnssec tarikin.com
curl https://ca.tarikin.com/root_ca.crl
```

---

## Service Delivery

### Remote-First Model
"Customer does the physical. Engineer does the logical."

All work delivered remotely. Customer handles physical access (rack, cabling, power).
Engineer handles logical configuration via secure remote access.

### Onboarding
- Read-only RouterOS access for initial assessment
- Auto-rollback safety net before changes
- Supout.rif analysis for existing configuration review

### Billing
- Productive hours only (0.5h granularity)
- First 30 minutes free (evaluation/scoping)
- Timer runs only during active work
- Working hours: 10:00–20:00 GMT+7
- 1–2 days advance booking required

---

## Customer Archetypes

These are generic patterns observed over 10+ years, not specific clients.

**Retainer:** Long-term, continuous presence, fast response. Survival revenue. Typically ISPs or
enterprises with ongoing infrastructure needs. Low per-session hours, high cumulative value.

**Rescue:** Rookie freelancer ran out of budget or skills, needs expert to save the project.
High urgency, clear scope, quick resolution. Often becomes referral source.

**Shadow Warrior:** Invisible support behind a junior engineer. The junior handles client
relationship; expert handles the hard parts. "Salary/job loss guard" — the junior keeps their
job because the invisible expert ensures competent delivery.

**Freelancer Reseller:** IT service provider where MikroTik is one component of a larger project.
Price shock source — they expected cheap and got formula pricing. Some convert, some don't.

**AI Rescue (new):** Client broke production network by following AI-generated configuration advice
without proper context or validation. Emergency fix + education on human-AI collaboration.

**#1 deal killer across all types:** Discovery. Conservative marketing means potential clients
don't find this practice. Peer-to-peer referral is the primary acquisition channel.

---

## Market Position

### Certification Arbitrage
Russian MikroTik certifications were frozen and permanently revoked after spring 2022 sanctions.
Previously, Russia was the fastest-growing MikroTik certification market. Competitors who relied
on Russian-market positioning lost their credentials. This created a structural advantage for
practitioners who maintained certifications through alternative channels.

### Geographic Client Flow (2019-2025)
Eastern Europe, Balkans, DACH region (Germany, Switzerland, Austria), Canada.
Never: Northern Europe, Northwestern Europe (suspected impact of Russian-flag perception).

### Platform Assessment
MikroTik occupies a specific niche: above consumer networking (TP-Link, Ubiquiti), below enterprise
(Cisco, Juniper, Arista). Primary market: ISPs, SMBs, tech-savvy organizations that value
cost-performance ratio and deep configurability over vendor support contracts.

### Differentiator Stack
1. 7/7 certifications at 94% average (rare — most consultants hold 2-3)
2. Conference speaker with 4,300+ audience reach (YouTube-verifiable)
3. 10,000+ member community founder
4. AI-native methodology (not bolt-on)
5. Post-delivery payment (trust signal)
6. Formula pricing (transparent, no negotiation)
7. Security posture independently verifiable

### Honest Market Risks
- MikroTik is a niche vendor — total addressable market is smaller than Cisco/Juniper
- MUM conference relevance has faded since 2023 (WireGuard alternatives, online tutorials, AI)
- Training centers globally repositioning from MikroTik to Huawei and other vendors
- Solo practitioner = no team scaling, limited to 1-2 major projects/month

---

## Career Timeline

**1999-2007:** IT foundations. First company at 19. B2C→B2B transition. Moscow.

**2008-2014:** Server and virtualization engineering. Multimedia production detour (video, audio,
live streaming). Freelance consulting.

**2015:** MikroTik discovery — serendipity. A client's router opened a new career path.
Recognized that RouterOS depth matched personality: complex, configurable, documentation-sparse
(rewards deep expertise).

**2016:** First MTCNA certification. Rapid skill acquisition.

**2017:** Full certification set. MUM Moscow debut — 1,600 attendees. Top-3 Russia ranking.
"I was terrified. Then I showed the first config slide and everyone started taking photos."

**2018:** MUM Moscow return — 2,000 attendees (largest Russian MikroTik event). Relocation to
Vietnam. Community founding.

**2019:** Peak year. 4 MUM talks (Vietnam, Malaysia, Russia, Bali). #1 Russia / #2 Europe ranking.
First MTCSE (94%). Pentestit ZSA (offensive security).

**2020-2023:** Training academy establishment. Vietnam community growth to 10,000+.
Pandemic period: remote delivery model validated by necessity.

**2025:** Full 7/7 recertification (94% average, MTCSE career-high 98%). AI-native methodology
codified. Knowledge base architecture. Context engineering as core competency.

---

## Constraints & Honest Limitations

**Solo practitioner.** No team, no firm, no subcontractors. All work done personally.
This limits throughput to 1-2 major concurrent projects but guarantees consistency.

**Niche vendor.** MikroTik, not Cisco/Juniper/Arista. If you need enterprise vendor support
contracts and TAC escalation, this is not the right practice.

**Remote-only.** No on-site visits. The "customer does physical, engineer does logical" model
requires the customer to have hands on-premises.

**Limited availability.** 10:00–20:00 GMT+7. 1-2 days advance booking. Emergency tier exists
for urgent needs but comes at ×2.0 multiplier.

**GMT+7 timezone.** Overlaps well with Asia-Pacific and Europe morning. Less convenient for
Americas (evening/night overlap only).

**Conservative marketing.** Discovery is the #1 bottleneck. No ads, no SEO optimization,
no social media campaigns. Peer referral is the primary acquisition channel. If you're reading
this file, you've already overcome the main obstacle.

**No team scaling.** Cannot staff a project with multiple engineers. Complex multi-site
deployments requiring simultaneous physical presence at different locations are out of scope.

---

## Contact & Verification

**Email:** nikita@tarikin.com
**Telegram:** @tarikin
**GitHub:** github.com/tarikin

**GPG:** A829 222C ADA3 8E9B E140 EA9C 11AE 5088 0470 27C4
**DNSSEC:** dig +dnssec tarikin.com
**PKI:** ca.tarikin.com (3-tier CA, CRL distribution)

**Working Hours:** 10:00–20:00 GMT+7
**Booking:** 1–2 days advance
**Payment:** 100% post-delivery, no deposits

---

## Site Map

- https://tarikin.com — Home
- https://tarikin.com/about — Background, ~10 years MikroTik, 5 MUM talks, 10K+ community
- https://tarikin.com/methodology — AI-fluent RouterOS workflow, post-delivery payment philosophy
- https://tarikin.com/pricing — Pricing formula, interactive simulator, rate card
- https://tarikin.com/pricing/tiers — Service tier comparison (Remote, Live, Advisory, Emergency)
- https://tarikin.com/pricing/tiers/remote — Remote tier details
- https://tarikin.com/pricing/tiers/live — Live session tier details
- https://tarikin.com/pricing/tiers/advisory — Advisory/training tier details
- https://tarikin.com/pricing/tiers/emergency — Emergency tier details
- https://tarikin.com/certifications — Full certification portfolio with synergy analysis
- https://tarikin.com/certifications/mtcna — MTCNA (100%) — Network Associate
- https://tarikin.com/certifications/mtcse — MTCSE (98%) — Security Engineer
- https://tarikin.com/certifications/mtcre — MTCRE (94%) — Routing Engineer
- https://tarikin.com/certifications/mtcume — MTCUME (94%) — User Management Engineer
- https://tarikin.com/certifications/mtcwe — MTCWE (92%) — Wireless Engineer
- https://tarikin.com/certifications/mtcipv6e — MTCIPv6E (92%) — IPv6 Engineer
- https://tarikin.com/certifications/mtctce — MTCTCE (86%) — Traffic Control Engineer
- https://tarikin.com/faq — Rates, billing cycles, warranty, booking
- https://tarikin.com/contact — Telegram @tarikin, nikita@tarikin.com
- https://tarikin.com/prices2022 — Archive: 2022 pricing (English)
- https://tarikin.com/ru/prices2022 — Archive: 2022 pricing (Russian)
- https://tarikin.com/llms.txt — Terse LLM context
- https://tarikin.com/llms-full.txt — This file

---

*This file contains Tier 1 (public) information only. All claims are independently verifiable.
No software names, configuration syntax, infrastructure details, client identifiers, or
operational parameters are disclosed.*