Infrastructure

Autonomous design, construction, and operation of an enterprise-grade infrastructure. See PDF Report

Project Description

This project moved beyond theory to gain hands-on experience with physical hardware. The objective was to build a complete enterprise network from scratch, focusing on security through strict network segmentation. By creating logical separation between administrative, user, and server domains, I ensured granular control over all traffic flows.

Key components deployed within this segmented architecture include:

• Security & Observability: Implemented a full SIEM stack using Elastic (ELK), Fleet, Elastic Defend, and Auditd for centralized logging and alerting.
• Identity & Collaboration: Deployed LDAP/LAM for centralized identity management and Nextcloud for secure collaboration.
• Perimeter Security: Configured an OPNsense firewall for network control and a WireGuard VPN for secure remote access.
• Automation: Used Ansible for streamlined deployment and configuration management.

Added Value & Professional Objectives

Working with real hardware required addressing complex operational issues, such as service interoperability and network misconfigurations, providing a full lifecycle experience:

• Technical Versatility: Validated expertise across Linux, virtualization, routing, and directory services.
• System Hardening: Demonstrated the ability to design secure-by-default architectures using modern segmentation and monitoring tools.
• Operational Readiness: Confirmed the capability to design, secure, and maintain a modern enterprise information system (IS) from the ground up.