Security-focused builder working on distributed systems, cloud infrastructure, and practical defense engineering.
Production-like self-hosted infrastructure for operating critical services and conducting security testing, built on hardened Fedora systems with infrastructure-as-code, isolated container workloads, and segmented, zero-trust networking.
Custom OpenWRT-based network architecture implementing VLAN segmentation, IPv4/IPv6 routing, DNS control, and traffic isolation to enforce secure boundaries and understand low-level networking behavior.
Hands-on security lab reproducing and analyzing OWASP Top 10 vulnerabilities, focusing on exploitation techniques, detection strategies, and practical mitigation in modern web applications.
Identity-gated access, private service exposure, and policy enforcement across self-hosted infrastructure.
Reproducible provisioning and configuration management with Terraform, Ansible, and version-controlled workflows.
VLAN-based isolation, deny-by-default firewalling, and reduced lateral movement across internal services.
Host and network telemetry pipelines with Wazuh, Suricata, and monitoring built for attack validation.
Stack: Proxmox, OpenWRT, Terraform, Ansible, Cloudflare Zero Trust, Wazuh, Suricata, Linux
A self-hosted security engineering environment built on a multi-node Proxmox cluster, focused on validating zero-trust access, segmented networking, infrastructure automation, and detection pipelines under realistic attack scenarios.
Access
Cloudflare Access, Authentik OIDC, secure tunnels, no direct public exposure.
Network
Segmented VLANs, policy-driven firewalling, and controlled east-west traffic.
Automation
Provisioning and configuration as code with reproducible deployment workflows.
Detection
Telemetry, alerting, and attack-simulation-driven monitoring validation.
“Built to secure, tested to fail, refined to hold.”
Open to security, infrastructure, and research collaboration.