Projects
Raspberry Pi DNS Sinkhole & Recursive Resolver
Implemented a network-wide, local, DNS sinkhole with a recursive resolving solution using a Raspberry Pi. This project involved:
- Operating System: Installed and configured Raspberry Pi OS on a Raspberry Pi 3 Model B+.
- DNS Sinkhole: Deployed Pi-Hole to block unwanted domains at the network level, improving privacy and performance.
- Recursive DNS Resolver: Set up Unbound as a local, caching, and recursive DNS resolver to enhance DNS query speed and reduce reliance on external DNS providers.
- Network Configuration: Integrated the Raspberry Pi into the local network to serve DNS requests for all connected devices.
Secure Home Network Configuration
Designed and implemented a secure home network environment with a focus on privacy and robust access control. This was accomplished by choosing network equipment (Nest Pro Wifi) based on security evaluations such as NCC Group’s Security Assessment (PDF link). The network was configured with only WPA3 encryption, using a complex passphrase and a segmented Guest network for isolating untrusted devices.
VPN Implementation & Usage
Configured and utilized Virtual Private Networks (VPNs) across multiple devices and protocols to enhance online privacy and security.
Network Traffic Analysis
Employed network traffic analysis tools to monitor and inspect network communications for troubleshooting and security assessment purposes.
- Tooling: Utilized Fiddler for capturing and analyzing HTTP/HTTPS traffic, particularly in a work context.
- Analysis: Inspected network requests and responses to understand application behavior and identify potential issues.
Hardened Linux Desktop Deployment (Secureblue)
Installed and used Secureblue, a hardened derivative of Fedora Silverblue, as my primary Linux distribution for daily use. This distribution is designed with many default exploit mitigations (hardened memory allocator, USBGuard, removed suid-root and sudo in favor of run0) to enhance security on a platform known for lacking these.
Hardened Mobile OS Deployment (GrapheneOS)
Enhanced mobile security and privacy by installing and using GrapheneOS on my primary mobile device. GrapheneOS is a fork of the Android Open Source Project (AOSP) which excels in exploit mitigations, hardening, and privacy enhancements.
- Notable Features: General attack surface reduction and vastly improved exploit mitigation, Two-factor fingerprint unlock, Storage and Contact permission scopes, configurable automatic reboot, enhanced Android Verified Boot (AVB), latest Linux Kernel LTS point releases.
Windows System Hardening
Secured my Windows operating system installations using established hardening techniques. This involved utilizing HotCakeX’s Harden-Windows-Security scripts, which apply officially recommended and documented security configurations to Windows.
Web Hosting & Domain Management
Set up and managed multiple domains and websites, gaining experience in web infrastructure and administration.
- Domain Registration: Managed domains using Porkbun, a security-conscious domain registrar.
- Static Site Deployment: Deployed and managed static websites using Cloudflare Pages for robust performance and security.
- DNS Management: Configured and maintained DNS records through Cloudflare (e.g. A, CNAME, MX, and TXT), to ensure proper website resolution and email delivery.
E-commerce Platform Management
Launched and operated an e-commerce presence for a small business, handling online sales and fulfillment for personally roasted coffee.
- Platform: Utilized Square Online for the e-commerce storefront and payment processing, which was external to the main business informational site (Google Domains).
- Operations: Managed product listings, inventory, payment processing via Square, shipping logistics, and customer communication.
- Business Management: Gained experience in the technical and operational requirements of running an online retail business.
Certifications
CompTIA Certifications Path
I am currently progressing through the CompTIA certification pathway to build a strong foundational knowledge in Information Technology and Cybersecurity.
- CompTIA A+: In Progress
- Focusing on foundational IT skills across hardware, software, networking, security, and troubleshooting.
- CompTIA Network+: Planned
- To be pursued after completion of A+. Will cover network technologies, installation and configuration, media and topologies, management, and security.
- CompTIA Security+: Planned
- To be pursued after completion of A+ and Network+. Will focus on baseline cybersecurity skills, including threats, vulnerabilities, and attacks, architecture and design, implementation, operations and incident response, and governance, risk, and compliance.