CASE STUDY
COMBAT MISSION → HQ

TOP Group

Full-stack technology transformation: from crisis firefighting to systematic operations. Built 5 functions from scratch with 2.4x ROI and significant risk reduction.

* Specific financial figures omitted to comply with NDA

Peak Coordination
100+
People during crisis periods
ROI on IT Investment
2.4x
First year return
Security Incidents
0
Critical breaches prevented
Employees Supported
600+
Across TOP Group
Platform Scaling
14K→40K
RPS in first 3 months
Functions Built
5
Platform, DevOps, Security, Procurement, IT
Recognize These Patterns?
Warning signs that preceded the situation described in this case

Operational Signals

Day-to-Day
  • Recurring incidents with unclear ownership: Same issues keep happening, nobody knows who's responsible for fixing them permanently
  • DevOps in reactive mode: Team only responds to emergencies, zero capacity for improvements or tech debt
  • Restart-first culture: Default response to problems is "restart the service" without understanding root cause
  • No visibility into infrastructure: Questions like "how many servers do we have?" can't be answered confidently

Organizational Signals

Structure
  • IT responsibilities scattered: Internal IT tasks handled by people for whom it's not their core job
  • Security exists only on paper: Policies documented but not enforced, no active monitoring
  • Key people burning out: Same individuals always on incident calls, no rotation possible
  • No dedicated functions: Missing formal IT, Security, or Platform teams

Growth Signals

Scaling
  • Infrastructure not keeping pace: Business growing faster than systems can support
  • Manual processes breaking: What worked at 50 people doesn't work at 200
  • Onboarding/offboarding chaos: New hires wait days for access, leavers retain access for weeks
  • Multiple projects, fragmented tools: Each team has their own systems with no integration

1. Platform Team

New FunctionCross-functionalStability
Scaling
14K→40K RPS
What Was Built
  • Formed cross-functional Platform Team from the most skilled and proactive engineers identified during incident calls
  • Platform scaling from 14K to 40K+ RPS within first 3 months
  • Implemented post-incident actions discipline
  • Introduced root cause analysis culture: understand why it fails, not just restart
  • Basic request tracing to improve monolith observability
Key Achievements
  • Eliminated recurring outages under normal load
  • Handled extreme peak events: Hamster, Dogs, Major, Catizen token listings
  • Foundation for future growth established
  • Transferred to CTO Q4 '24

2. DevOps

CI/CDInfrastructureK8S
Retention
100%
What Was Built
  • Split team into two tracks: ops (daily firefighting) and dev (tech debt & progress) — before this everyone was burning out
  • Kubernetes (K8S) implementation for container orchestration
  • Migration from AWS to on-premise (Servers.com)
  • Complete CI/CD pipeline rebuild for Kubernetes
  • Service Desk with SLA control
Key Achievements
  • Created foundation for sustainable progress
  • Significant monthly infrastructure cost reduction
  • Removed underperformers, hired strong talent
  • 100% team retention, no burnout
  • Earn and Trading Assets launched on time
  • Transferred to new Head of DevOps Q2 '25

3. Security

New Function24/7 SOCDevSecOpsMPC
Incidents
0
What Was Built
  • Hired CISO and together built the entire Security team and processes from scratch
  • 24/7 Security Operations Center with rapid incident response
  • MPC architecture for blockchain transactions
  • SAST scanning integrated into CI/CD pipeline
  • Secret rotation automation and management
  • BugBounty program on HackerOne
Key Achievements
  • 0 critical security incidents
  • Security embedded at every development stage
  • Architectural reviews for key services (Fireblocks, ZTNA, Earn, Payments)
  • Prevented multiple critical vulnerabilities
  • Transferred to CTO Q3 '25

4. Procurement & Logistics

New FunctionAutomation
Cycle
2x faster
What Was Built
  • Digitized procurement workflows in Jira
  • Vendor registry with full history
  • Device lifecycle management
  • Equipment logistics coordination
Key Achievements
  • 2x faster procurement cycle
  • Eliminated duplicate requests
  • Full transparency on all purchases
  • Transferred to CTO Q4 '25

5. Internal IT

New FunctionZero TrustMDMCMDB
Employees
600+
What Was Built
  • Jira as core system: Made Jira the backbone for multiple processes, enabling higher automation and efficiency
  • Zero Trust (Cloudflare WARP): Unified VPN, device-based auth, 15 min recovery
  • MDM: Intune (Windows) + JAMF (Mac) for 450+ devices, 95%+ compliance
  • CMDB: Real-time asset visibility (±24h), automated sync via N8N
  • Unified Platform: SSO/Entra ID, @top.team domain
  • AI Platform: TOP AI assistants for helpdesk and HR
Key Achievements
  • Onboarding: Days → Hours
  • Offboarding completeness: 40% → 99%
  • Asset visibility: 0% → 99%
  • Supporting 600+ employees across TOP Group
  • Transferred to CTO Q4 '25

Initial Situation

High Risk
  • No IT function: Group of 600+ employees with no dedicated Internal IT team
  • No security function: No SOC, no DevSecOps, no vulnerability management
  • Fragmented infrastructure: Multiple projects with independent, incompatible systems
  • Recurring outages: Platform stability issues affecting business operations
  • Scaling limits: Platform couldn't handle growing load (14K RPS ceiling)
  • No asset visibility: Unknown device inventory, no CMDB
  • Manual processes: Onboarding/offboarding, procurement, access management all manual

Approach: Systematic Transformation

Methodology
  • Immediate stabilization: Address critical platform issues first
  • Foundation building: Create core infrastructure before adding features
  • Automation first: Build automated processes from day one
  • Security baked in: Integrate security at every stage, not bolted on
  • Unified platform thinking: Design for multi-project organization
  • Measurable outcomes: Track ROI and risk reduction from start
  • Team sustainability: Prevent burnout while delivering results

Role Evolution & Scope

Chief Problem SolverGroup CIOFully Autonomous
Phase 1: Chief Problem Solver (May–Nov 2024)
  • High-trust interim leader with mandate to fix what's broken and build what's missing
  • Led deep technical audit: architecture, infrastructure, cost inefficiencies
  • Took over and transformed dysfunctional DevOps function
  • Built cross-functional Platform Team for stability and scalability
  • Coordinating across 100+ people during peak crisis periods
  • Supported hiring and onboarding of new CTO
Phase 2: Group CIO (Nov 2024–Dec 2025)
  • Promoted to lead technology operations across TOP group of companies
  • Expanded scope: crisis response → strategic IT transformation
  • Building unified infrastructure and processes across portfolio
  • Direct reports: ~20 people across 5 functions at peak
  • Systematic handover of all functions by end of engagement
Operating Style

"I introduced you in one channel, and you did everything else yourself."

— CEO feedback on autonomy level

Business Impact Summary
Measurable outcomes across efficiency, risk, and operations
ROI
2.4x
First year return on investment
Security Incidents
0
Critical breaches
Team Retention
100%
No burnout during crisis

Efficiency Gains

High Impact
Process Improvements
Automated processes0 → All core via Jira
Onboarding timeDays → Hours
Offboarding completeness40% → 99%
Asset visibility0% → 99%
Test environmentsNone → Functional
Procurement cycle2x faster
Overall operational efficiencySignificant annual savings

Risk Mitigation

Critical
Security & Continuity
Zero Trust architectureImplemented
Access recovery timeDays → 15 min
Device compliance0% → 95%+
SOC coverage0 → 24/7
Vulnerability detectionAutomated CI/CD
Critical security incidents0
Risk postureEnterprise-grade

Lasting Impact: What Remains

Foundation
Organizational Foundation
  • Internal IT function supporting 600+ employees
  • Security function with 24/7 SOC and DevSecOps
  • Unified IT platform for entire TOP Group
  • Foundation for scaling across portfolio
Operational Excellence
  • Automated onboarding/offboarding workflows
  • Centralized procurement with lifecycle management
  • Real-time asset visibility and control
  • Unified service desk for all requests

Key Lessons: Crisis Transformation

Methodology
  • Systematic approach: Building functions from scratch requires methodology, not just execution
  • Automation from day one: Manual processes don't scale; automate early
  • Security built in: Security and efficiency must be integrated, not bolted on
  • Unified platform thinking: Multi-project organizations need shared infrastructure
  • Team sustainability: 100% retention during crisis proves sustainable pace matters
  • Measurable outcomes: ROI and risk reduction metrics justify investments
  • Resilient systems: Well-built systems survive organizational changes

The Challenge

In May 2024, I joined Wallet in Telegram — one of TOP Group's projects — where the product was going down daily.

What I found:

  • Internal IT responsibilities scattered across people for whom it wasn't their core focus
  • No Security function or processes around it
  • DevOps drowning in routine and tech debt — lost visibility into their own infrastructure
  • Incident response reduced to "tell us what to restart, we'll restart it"

Mapping the Problems

My first step was talking to key people and mapping problems from each perspective, then correlating them to identify the most critical issues. In parallel, I joined incident calls. What I saw there was eye-opening: the team had no understanding of what was happening and was simply restarting systems one by one hoping something would stick.

I started building a culture of "understand before you restart — because after it's too late to diagnose." This shift allowed us to finally see the root causes, implement hot fixes, and start making architectural changes.

Building Platform Team & Scaling for Launch

I identified the most skilled and proactive engineers and formed a dedicated Platform Team. Leading it daily, we started tackling the most critical areas. Within days, the major fires were out and the product stabilized.

The next challenge: Major token listings — Dogs and Hamster — were on the horizon. Impossible to handle with the current architecture: a monolith with direct access to a single database. We had less than two months.

Reinforcing the System

Rebuilding from scratch wasn't an option. Instead, we reinforced the existing system:

  • Database scaling: Increased server capacity, added read replicas, distributed load
  • Query optimization: Moved from direct DB calls to controlled queue-based execution
  • Caching layer: Deployed Redis as hot cache, rewrote core operations to use it
  • Blockchain refactoring: Redesigned logic to handle high volumes of deposits and withdrawals

Dogs Listing: The Test

During the Dogs listing, we outlasted everyone — even Binance went down while we were still standing. I watched the traffic climb: 20K... 30K... 40K RPS. After several minutes, our system finally gave in.

But the recovery that followed wasn't the old blind restart-everything approach — we now had pieces of understanding, not complete blindness.

Hamster Listing: 60K RPS

After the post-mortem, we had less than a month until Hamster. We pushed through another round of optimizations and hit 60K RPS.

Honest reflection: I couldn't ensure uninterrupted operation under that load. Too little time, too weak a starting point for that scale. But the infrastructure and team that handled 60K RPS were leagues ahead of where we'd been just 3-4 months earlier.

This foundation enabled the new CTO, once hired, to immediately begin a full-scale product rebuild. I didn't just help the business squeeze maximum value from what existed — I built the platform for what came next.

DevOps Transformation

After handing off the Platform Team and product development to the CTO, I focused on DevOps — which clearly couldn't handle the current situation.

The problem: The Head of DevOps had no picture of what was happening and no control over his team. No attempts to change anything. After a month of trying to fix the department through him, I gave up and made the decision to let him go, taking direct control of the team.

Restructuring the Team

First, I pulled several people out of the daily grind so they could start clearing tech debt instead of drowning in routine. In parallel, I began monitoring individual performance.

One underperformer stood out significantly. I tried to fix the situation, until HR came to me: "Pavel, there are complaints that since you arrived, this person can't take a walk in the park or swim in the pool during the workday." We had to part ways — lots of words, little action. I opened hiring and brought in several new people.

The Long Transition

We decided that DevOps would strategically report to the CTO, but I would maintain operational control for now. We found a new Head of DevOps, but his start was delayed by 5 months.

During this time, I tried to:

  • Avoid major team changes
  • Prevent burnout from the intense workload
  • Keep delivering on development tasks

At some point it became clear the team was at its limit. Together with the CTO, we decided to reduce the load. It was a daily battle between team survival and business demands.

Gradually, as we closed tech debt, development life started improving. In April, the new Head of DevOps finally joined, and I handed over the team.

Building Security Function

In parallel with DevOps, by August 2024 it became clear that without a Security function, we were in serious trouble. I hired a CISO who assembled an InfoSec team and started building processes.

The challenge: Development was focused on business features. DevOps was dying under load. Any InfoSec processes that required involvement outside the InfoSec team were met with resistance — there simply wasn't bandwidth.

Together with the CISO, I identified the most critical security tasks and started pushing them through using my authority to prioritize. Tasks began getting done.

This battle for resources wasn't easy. The CTO and CISO were in constant conflict. But I saw nothing wrong with it — the conflict was constructive and kept the overall scope moving forward.

* Further details under NDA

Security was eventually transferred to the CTO.

Building Internal IT Function

Also in August 2024, understanding that without a dedicated Internal IT function things would fall apart, I decided to hire a Head of Internal IT. We assembled a team and started building processes.

Jira as the Central System

By November 2024, it became clear we needed a central system to hold critical information and serve as the foundation for automation and process optimization. The choice fell on Jira. We hired a Jira administrator and began digitizing processes.

Unified IT Infrastructure

In December, I received a request: "Pavel, can you set up unified email for C-level? Tired of switching between multiple inboxes."

I took time to think — and came up with a concept of unified IT infrastructure. The unified email wasn't just an inbox for sending messages, but a single identifier across all core group systems, enabling seamless access for all employees across the group — not just C-level.

1

Zero Trust & WARP

Challenge: No secure access solution, especially for employees in restricted locations.

Solution: Cloudflare Zero Trust (WARP) with automatic bypass mechanisms. Device-based auth. Recovery time: 15 minutes.

2

CMDB System

Challenge: No visibility into IT assets, licenses, or equipment.

Solution: CMDB with automatic sync via N8N. Real-time accuracy (±24 hours), automated alerts.

3

MDM Control

Challenge: 450+ devices with no centralized management.

Solution: Intune (Windows) + JAMF (Mac). Automatic compliance checks, faster software rollout.

4

Unified Infrastructure

Challenge: Fragmented tools across TOP Group.

Solution: Unified AD/Entra ID, merged Google Workspaces and HiBob, @top.team domain.

5

Procurement Automation

Challenge: Manual, opaque procurement. Delays, duplicate requests.

Solution: Digitized in Jira, vendor registry, full device lifecycle management.

6

AI Platform

Challenge: Multiple individual ChatGPT subscriptions, no centralized AI.

Solution: Built TOP AI platform with assistants for helpdesk and HR.

Internal IT was transferred to the CTO in Q4 2025.

Lasting Impact

Over 1 year and 8 months, I built 4 functions from scratch, transformed 1, and handed them all over to permanent leadership:

  • Platform Team (new) → CTO (Q4 2024)
  • DevOps (transformed) → Head of DevOps (Q2 2025)
  • Security (new) → CTO (Q3 2025)
  • Procurement & Logistics (new) → CTO (Q4 2025)
  • Internal IT (new) → CTO (Q4 2025)

What remained after I left:

  • 5 functioning teams with clear ownership
  • All core processes running through Jira with defined workflows
  • 24/7 SOC and security processes in place
  • 600+ employees supported by unified IT infrastructure
  • 100% team retention throughout the engagement
When This Case Is Relevant
Scaling faster than your infrastructure can support
Multiple projects or products with fragmented IT
No dedicated Security, IT, or Platform functions
DevOps team drowning in reactive work
Recently hired CTO who needs operational foundation
Preparing for major growth or compliance requirements
Recognize this pattern?

This case is usually relevant earlier than it looks.
If your company still works because a small group of people personally holds it together — this is the moment when the system can still be rebuilt without a crisis.

Schedule a Call View More Projects