My Accomplishments

My Accomplishments & Projects

Developed and deployed a secure, public-facing server infrastructure lab utilizing modern enterprise DevOps practices.

Headless Server Architecture: Built and configured a headless Debian server from scratch, managing manual network configurations and system initialization entirely via the CLI.
Secure Reverse Proxy: Implemented an Nginx web server configured as a reverse proxy to handle external routing, explicitly hardened against information leakage by disabling public server version tokens.
Modern Mesh Networking: Leveraged Tailscale Funnel to securely route public web traffic via encrypted WireGuard tunnels, bypassing restrictive carrier firewalls and enabling automated SSL/TLS termination without exposing raw router ports to the open internet.

Implemented strict access controls and automated lifecycle management to transform local hardware into a secure fortress environment.

Cryptographic Authentication: Disabled traditional password-based SSH access entirely across the network daemon, enforcing high-security Ed25519 public-key authentication fortified with local passphrases (MFA).
Automated Patch Management: Programmed automated background maintenance using unattended-upgrades and apt-listchanges to ensure daily, hands-free deployment of stable security patches and system logs.

Designed, implemented, and audited a fully segregated multi-subnet architecture using commercial routing and switching equipment.

Layer 2/3 Segmentation: Engineered custom 802.1Q Virtual Local Area Networks (VLANs) to completely isolate critical infrastructure assets, production gear, and public vectors into independent logical broadcast domains.
Inter-VLAN Routing: Deployed a secure Router-on-a-Stick (ROAS) topology across physical trunk ports, enabling strict firewall policy implementation to scrub traffic navigating between subnets.
Advanced Subnetting: Managed manual IPv4 VLSM allocations to maximize address spaces, mitigating resource conflicts and restricting malicious lateral movement within the physical boundaries of the network.
Full-Stack Troubleshooting: Proven diagnostic capability tracing hardware anomalies across Layer 1 (cabling/transceivers), Layer 2 (switching loops/VLAN mismatches), and Layer 3 (routing faults/gateway drops).

Bare-Metal Data Recovery: Successfully diagnosed a critical physical failure on a 3TB Hard Disk Drive utilizing low-level kernel diagnostics (dmesg) and smartctl storage monitoring attributes. Executed a bit-perfect data migration and block recovery sequence over to a high-density 4TB SSD array using rsync parameters.
Enterprise Image Management: Fabricated, optimized, and deployed 4 custom-spec bare-metal high-performance nodes integrated into a managed domain network environment. Configured comprehensive sector-level disk imaging for rapid disaster recovery deployments.

Python Automation Development: Programmed custom automation scripts tasked with executing repeatable web interactions, dynamic links, and programmatic order entries, eliminating menial tasks and accelerating system workflow efficiencies.
Low-Level Firmware Recovery: Restored a fully bricked Qualcomm Snapdragon device by manually sideloading, partitioning, and flashing custom OEM firmware via bare-metal diagnostic boot modes.