11 projects spanning security engineering, full-stack development, and infrastructure operations. Built in the home lab, shipped to production, and documented in detail.
FEATUREDACTIVE
HomeLab Corp
Enterprise Security Simulation
A 4-node enterprise network simulation built on real hardware. DC-01 runs Active Directory with full domain infrastructure. WEB01 hosts production web services behind Nginx. KALI01 runs attack exercises that generate real telemetry. WAZUH01 aggregates all logs, runs detection rules, and fires alerts. This is not a virtual sandbox — it's a production-grade simulation environment.
12+ custom Wazuh detection rules deployed
SSH brute force detection with IP blocking
Real-time file integrity monitoring on all endpoints
Windows Server 2022Ubuntu 22.04WazuhActive DirectoryKali Linux
An immersive SOC analyst training platform with a cyberpunk aesthetic. Features real-time alert queues, an interactive network topology map in 3D, case management workflows, and SIEM log analysis exercises. Designed to simulate the experience of a Tier 1 SOC shift without needing access to enterprise tooling.
3D network topology with Three.js
Real-time alert simulation engine
Case escalation workflow with state management
Next.js 15React Three FiberZustandTypeScriptFramer Motion
A full-stack SaaS platform for immigration professionals. Multi-tenant architecture with role-based access control, document management with encryption at rest, Stripe payment integration, and email automation. Deployed on Ubuntu with Nginx reverse proxy, SSL/TLS via Let's Encrypt, and PM2 process management.
Production RBAC implementation demonstrating Principle of Least Privilege. Custom permission system with granular route-level and resource-level access control. Audit logging for all permission changes. Used as a reference implementation for client projects.
Real-time messaging application with end-to-end encrypted channels, file sharing, and presence indicators. WebSocket server with Redis pub/sub for horizontal scaling. Security-first implementation — no message content logged on the server, ephemeral session keys.
WebSocket authentication with JWT rotation
Redis pub/sub for scalable real-time events
No plaintext message storage — forward secrecy design
Library of custom Wazuh detection rules authored for the home lab environment. Covers SSH brute force detection, Nmap scan detection, Hydra credential attack identification, web application attack patterns (Gobuster, Dirb), and Windows event log rules for domain controller anomalies.
SSH brute force: detect after 5 failed attempts in 60s
Nmap SYN scan detection via iptables integration
Wazuh active response — automatic IP block on trigger
Browser-based 3D chess game built with Three.js. Full chess rules with check/checkmate detection via chess.js. Smooth piece animations, interactive camera rotation, and legal move highlighting. Used as a deep-dive into 3D graphics and WebGL rendering — directly applicable to security visualization work.
Python tool for parsing and normalizing security logs from multiple sources — Wazuh JSON exports, syslog, Windows Event XML. Outputs normalized CSV for import into analysis tools. Includes pattern matching for common attack signatures and timeline reconstruction for incident investigations.
This portfolio — built with security and premium UX as primary requirements. Full security hardening: CSP headers, CSRF protection on forms, rate limiting (3 contacts/hour), IP hashing before storage, honeypot field, no raw IPs ever stored. R3F 3D particle field, custom gold cursor, grain overlay, and animated terminal.
CSP + HSTS + X-Frame-Options security headers
CSRF tokens + Zod validation on all API routes
Rate limiting with RateLimiterMemory (3/hour contact)
Next.js 15React Three FiberFramer MotionPrismaNextAuth
Python wrapper around nmap that automates network discovery scans in the lab environment, stores results in SQLite, and diffs against previous scans to identify new hosts, open ports, or changed service versions. Used to maintain an accurate asset inventory of the home lab network.
Group Policy Objects for hardening the home lab domain (HOMELAB.CORP). Implements CIS Benchmark recommendations: account lockout policies, password complexity, audit policy, SMB signing enforcement, LLMNR disable, PowerShell logging, and Windows Event Forwarding to Wazuh. All GPO settings documented and version-controlled.