// Selected work

Things I've built

← Home

Infrastructure that runs in production, not a sandbox. Each project is built, operated, and documented to the same standard I'd hold at work.

10
total projects
6
active
2
in progress
5
field notes

Active

PROJECT Active

SecureBytes Platform

Self-managed Proxmox cluster running production-style network and security infrastructure. Wildcard TLS, public status page, and selective Cloudflare Tunnel exposure.

ProxmoxpfSenseUniFinginx
PROJECT Active

securebytes.net

Personal engineering platform built with Astro and deployed globally through Cloudflare Pages - enterprise-grade security, zero infrastructure, $0/month.

AstroCloudflare PagesWAFTLS 1.3
PROJECT Active

Network Design Lab

Multi-vendor lab on Cisco Modeling Labs and EVE-NG. Routing, switching, wireless, security, SD-WAN, identity, and observability platforms for design validation, failure testing, and certification work.

Cisco CMLEVE-NGIOS-XRNX-OS
PROJECT Active

Tailscale Zero-Trust Access

Identity-based remote access to private infrastructure over a WireGuard overlay. No open inbound ports, deny-by-default ACLs as policy-as-code, Pi-hole as subnet router. The internal network is never directly reachable from the internet.

TailscaleWireGuardPi-holeZero Trust ACLs
PROJECT Active

SecureBytes NOC Stack

Internal observability stack for the platform: Grafana dashboards over Prometheus with Node Exporter on every Proxmox node, LXC, and VM. Sixty-second scrape interval, push notifications via ntfy.

GrafanaPrometheusNode Exporterntfy
PROJECT Active

BGP Mesh with Private ASNs

Full eBGP triangle across a two-node Proxmox cluster and pfSense edge firewall using FRRouting. Private ASNs, redundant path learning, zero static routes. The same routing protocol that runs the internet, running in a home lab.

FRRoutingeBGPProxmox VE 9.2pfSense Plus

In progress

PROJECT In Progress

AWS Detection Engineering Portfolio

Production-quality Sigma rules for AWS IAM privilege escalation, each validated end-to-end against CloudGoat scenarios using Stratus Red Team and CloudTrail.

AWSSigmaCloudGoatStratus Red Team
PROJECT In Progress

Network Automation Toolkit

Migrating platform service provisioning from imperative shell scripts to Ansible playbooks, covering LXC bootstrap, nginx vhost templating, Pi-hole DNS records, and TLS cert distribution.

AnsiblePythonBashCloudflare API

Completed

Cisco CML · Lab Completed

Akwaaba Solutions Environment

Enterprise network simulation in Cisco Modeling Labs. Three-zone topology with BGP peering, ASA perimeter security, NAT, and segmented DMZ servers.

BGP ASAv DMZ IOS NAT ACL
Cisco CML · Lab Completed

Cisco FTD + FMC Enterprise Security Lab

Multi-site Firepower lab in CML. Two FTD firewalls managed by a central FMC — ACP, IPS, URL filtering, NAT, and full event analysis.

FTD FMC ACP IPS NAT CML