About
Cybersecurity MSc student and Server Architect, blending the worlds of digital defense and infrastructure management. My journey, rooted in server orchestration, virtualization, and Kubernetes, now extends into the realm of information security. As I guide organizations through the complex landscape of modern IT infrastructure, I’m simultaneously exploring the frontiers of cyber defense and ethical hacking at the University of Surrey. Beyond academia and professional engagements, my passion for continuous learning drives me to experiment with secure coding practices in Go, implement privacy-focused self-hosted solutions, and explore the security implications of local LLMs. I find the perfect balance between intense focus and relaxation in the strategic world of Counter-Strike, where split-second decisions mirror the fast-paced nature of cybersecurity. This blog chronicles my journey through the cybersecurity landscape, documenting everything from setting up secure Kubernetes clusters to analyzing the latest threat intelligence. Join me as I navigate the intersection of infrastructure, self-hosting, and cybersecurity, sharing insights, challenges, and discoveries along the way.
Tech Stack Overview
- Infrastructure: Proxmox VMs form the backbone, providing a robust and flexible foundation for virtualization, with a focus on implementing security best practices at the hypervisor level.
- Orchestration: Kubernetes orchestrates containerized applications across the Proxmox-powered cluster, emphasizing secure configurations, pod security policies, and network policies for enhanced protection.
- Ingress & Security: Traefik serves as the ingress controller, managing external access to services, coupled with Cert-Manager for automated SSL/TLS certificate provisioning. Additional security layers include Web Application Firewall (WAF) integration and regular security audits.
- Container Registry: Zot efficiently handles the storage and management of container images, with implemented vulnerability scanning and signed image enforcement to ensure the integrity and security of our application resources.
- Web Hosting: Powered by Astro, this website showcases a modern, performant front-end experience, all hosted on the Kubernetes cluster. Security measures include Content Security Policy (CSP) implementation, regular dependency audits, and DDoS protection.
- Security Monitoring: A custom-built Security Information and Event Management (SIEM) system aggregates logs from all components, utilizing machine learning for anomaly detection and automated incident response.
- Penetration Testing: Regular internal and external penetration tests are conducted to identify and address potential vulnerabilities across the entire stack.