All Projects
This page collects my networking, cybersecurity, and homelab infrastructure projects in one place.
Hybrid Identity Infrastructure Lab
I designed and deployed a hybrid identity environment with Active Directory, Microsoft Entra ID, Entra Connect synchronization, hybrid device join, and LDAP-based authentication into a centralized ITSM platform
Ticketing Systems
Designed and deployed a GLPI ITSM platform integrated with Active Directory to better understand enterprise help desk workflows, centralized authentication, ticket operations, and role-based access control concepts.
Split DNS with AdGuard and Bootstrap Resilience
Reworked DNS responsibilities so infrastructure devices were not fully dependent on the same internal DNS stack they needed in order to recover or boot correctly.
VLAN Segmentation and Access Control Design
Designed a segmented homelab network with management, services, clients, IoT, and lab VLANs, then applied narrow Layer 3 access rules instead of broad trust between networks.
Cloudflare, Reverse Proxy, and Public Service Exposure
Published selected services behind Cloudflare and reverse proxying while separating public access from internal management paths and validating the correct upstream targets.
Metrics Node Hardening and Visibility Improvements
Audited a monitoring node with multiple exposed services, improved visibility and management access patterns, and extended diagnostics through a Raspberry Pi jump box and read-only AI-assisted analysis.
Raspberry Pi Management Jump Box
Built a dedicated management node to provide redundant remote access, internal troubleshooting capability, and a safer path for administration when primary tooling is unavailable.
Dual-Domain Email Authentication and Identity Design
Configured separate homelab and professional domains with Google Workspace and implemented SPF, DKIM, and DMARC to ensure secure, authenticated, and reliable email delivery.
Secure Remote Access Design with Tailscale and WireGuard.
Designed a secure remote access solution using Tailscale (WireGuard-based) with subnet routing to access internal networks without public exposure.
End-to-End Packet Flow Analysis Across a Segmented Network.
Traced how traffic moves from a client VLAN to an internal service through DNS resolution, switching, routing, VLAN tagging, and ACL evaluation to build a stronger troubleshooting model.