Projects & Research

Security research, architecture work, and independent builds.

A public-safe view of work spanning infrastructure security, threat visibility, lab development, and builder-driven projects. The goal is specificity without exposing employer, topology, addressing, configuration, or operational detail.

Security Architecture & Research

Mini case studies, sanitized by design.

These are real areas of professional focus described at the architecture and lesson level. Specific employer, topology, addressing, configuration, and operational details are intentionally omitted.

Distributed Honeypot Architecture Concepts

Context: Independent and professional research into distributed defensive decoy concepts across varied network contexts.
Challenge: Collect useful attack signal without creating a path into production systems or publishing implementation details that would increase risk.
Approach: Focus on isolation, controlled exposure, telemetry collection, repeatable review, and correlation of activity patterns rather than production adjacency.
Value: Demonstrates security architecture thinking around deception, signal quality, containment, and operational risk.
Security Note: Exact deployment model, routing, addressing, tooling configuration, provider details, and collected data are intentionally omitted.

Internal Honeynet Design Principles

Context: Design work around controlled internal deception environments for detection engineering and telemetry validation.
Challenge: Create realistic enough signals to support defensive learning without exposing live architecture, credentials, or sensitive workflows.
Approach: Use production-like concepts at a safe abstraction level: service behavior, segmentation assumptions, logging paths, containment boundaries, and detection use cases.
Value: Shows how network architecture, identity, telemetry, and incident response assumptions can be tested before they matter in an incident.
Security Note: Specific topology, system names, emulation details, logs, and detection logic are withheld.

Threat Visibility from Network Signals

Context: Work connecting infrastructure telemetry to security visibility across routing, switching, firewall, VPN, wireless, DNS, authentication, and monitoring signals.
Challenge: Security tooling is only useful when the underlying infrastructure model is understood and the signals can be trusted.
Approach: Evaluate where signals originate, what context they include, where failover changes visibility, and how infrastructure events can support detection and response.
Value: Demonstrates practical understanding of how security visibility depends on network design and operational context.
Security Note: No internal dashboards, logs, queries, device names, addressing, or vendor-specific configurations are published.

Security-First Network Segmentation

Context: Segmentation strategy for campus-scale and multi-site infrastructure where business function, supportability, and risk reduction have to coexist.
Challenge: Segmentation often fails when it is treated as a diagram exercise instead of an operational architecture problem.
Approach: Ground segmentation in real traffic flows, identity boundaries, monitoring requirements, firewall policy, change review, and incident response needs.
Value: Shows the ability to translate security goals into network designs that can be operated and maintained.
Security Note: Specific zones, VLANs, firewall rules, diagrams, traffic flows, and organization-specific constraints are omitted.

Multi-Site Infrastructure Modernization

Context: Architecture and lifecycle planning for distributed environments with routing, switching, wireless, firewalls, carrier services, and monitoring dependencies.
Challenge: Modernization has to improve security, availability, supportability, and lifecycle posture without destabilizing production operations.
Approach: Coordinate refresh planning, standards, carrier/vendor strategy, documentation, maintenance windows, and resilient design review.
Value: Demonstrates infrastructure leadership that connects technical decisions to operational risk and long-term maintainability.
Security Note: Site names, vendor account details, internal diagrams, implementation schedules, and sensitive architecture details are withheld.

Vendor-Neutral Platform Planning

Context: Evaluation of infrastructure and security platforms through reliability, security capability, interoperability, lifecycle, operational fit, and total cost.
Challenge: Platform decisions can become expensive and brittle when driven by brand preference or short-term feature comparison alone.
Approach: Compare platforms against supportability, visibility, lifecycle, failure behavior, integration needs, and long-term operational standards.
Value: Shows mature infrastructure judgment and the ability to plan beyond procurement.
Security Note: Commercial terms, vendor account details, internal scoring, and organization-specific evaluations are not published.

Independent Builds & Lab Work

Hands-on projects that show the same architecture instincts outside work.

This track is for public projects, lab progression, tooling ideas, and systems built because the problem was interesting enough to solve directly.

Open source / design phase

Hoardarr

Context: Independent software project for homelab operators and large media hoarders running the ARR stack.
Challenge: Real storage environments evolve gradually. Disks are acquired opportunistically, pools age, migrations are disruptive, and ARR tools need stable paths.
Approach: Design an ARR-first storage lifecycle control plane around mergerfs, ZFS, SnapRAID, SMART telemetry, stable namespaces, migration workflows, and guardrails for destructive operations.
Value: Demonstrates builder energy, storage architecture thinking, operational safety, and product-minded workflow design outside formal enterprise infrastructure work.
Note: Project is currently in the design and architecture phase.

GitHub Repository Project Website

Long-running lab

Home Lab Progression

Context: A decades-long lab practice spanning Windows NT, Ethernet cabling, Cisco racks, diagrams, virtualization, telemetry, honeypots, and security research.
Challenge: Build enough real infrastructure to learn failure modes, design tradeoffs, and operational consequences without experimenting on production systems.
Approach: Iterate through physical hardware, simulation, virtualization, storage, monitoring, segmentation, and controlled security research environments.
Value: Shows long-term hands-on learning, failure, investment, documentation, and practical architecture judgment.
Note: Public lab content avoids exact topology, addressing, credentials, tooling configuration, and sensitive operational detail.

View Lab Progression