Skip to main content

Projects

Here's a curated showcase of projects I've architected and implemented. These range from enterprise infrastructure deployments to personal lab experiments that push the boundaries of what's possible with modern DevOps tools.

🔧 Network Segmentation + VLAN Rollout

Objective: Restructure flat Layer 2 network into segmented VLANs for enhanced security and performance
Environment: Manufacturing plant with 200+ devices
Technologies: Cisco Catalyst, Meraki, Palo Alto Firewalls, DHCP, VLAN tagging, Cisco DNA Center

Implementation Highlights:

  • Designed and deployed 8 VLANs separating IT/OT networks, guest access, and management traffic
  • Configured inter-VLAN routing with Palo Alto firewall policies
  • Reduced broadcast domains by 75%, improving network performance
  • Implemented zero-trust segmentation following NIST guidelines
Impact: Improved security posture, reduced attack surface, enabled granular traffic monitoring

🖥️ Automated Patch Management (WSUS + PowerShell)

Objective: Automate monthly Windows patching across 150+ servers with minimal downtime
Environment: Enterprise Windows Server infrastructure
Technologies: WSUS, PowerShell, Group Policy Objects (GPO), Task Scheduler

Implementation Highlights:

  • Developed PowerShell scripts for automated patch approval and deployment scheduling
  • Created maintenance windows with automated pre/post-reboot checks
  • Built compliance dashboard tracking patch status across server fleet
  • Implemented rollback procedures for failed updates
Impact: Reduced manual patching time by 80%, achieved 95%+ patch compliance rate

☁️ Personal Homelab (Virtualization + Monitoring)

Objective: Build a production-grade home lab for learning and testing enterprise tools
Environment: Self-hosted infrastructure with 24/7 uptime
Technologies: Proxmox, pfSense, Zabbix, Docker, Ansible, Grafana, Pi-hole

Architecture Components:

  • Proxmox hypervisor hosting 15+ VMs (Linux/Windows mix)
  • pfSense firewall with VPN (WireGuard), DNS filtering, and traffic shaping
  • Zabbix + Grafana for infrastructure monitoring and alerting
  • Docker swarm running containerized services (Nextcloud, Git server, media server)
  • Automated provisioning with Ansible playbooks
  • Internal CA for SSL/TLS certificates
Impact: Hands-on learning environment for DevOps tools, serves as proof-of-concept for enterprise solutions

🔐 Security Event Monitoring PoC

Objective: Detect lateral movement and suspicious activity in Windows networks
Environment: Lab simulation with attack scenarios
Technologies: Wazuh SIEM, ELK Stack (Elasticsearch, Logstash, Kibana), Sysmon, Windows Event Forwarding

Implementation Highlights:

  • Deployed Wazuh agents across lab environment for centralized log collection
  • Configured Sysmon for detailed process, network, and file activity logging
  • Built custom detection rules for SMB enumeration, privilege escalation, and credential theft
  • Created Kibana dashboards for real-time security monitoring
  • Simulated MITRE ATT&CK techniques to validate detection capabilities
Impact: Successfully detected 90%+ of simulated attacks, validated SIEM effectiveness for production use

Interested in discussing these projects?

I'd love to share more details about the technical challenges and solutions.

Get in Touch