About

Infrastructure & Security Engineer based out of Massachusetts. I've been in IT since 2016 — started pulling cable and troubleshooting end-users at a nonprofit, worked through sysadmin and cloud security roles, and gradually shifted my focus toward platform engineering, automation, and security architecture. The through-line has always been the same: make it more reliable, more secure, and more automated than I found it.

What I'm building

🖥️ `pi-cluster` — GitOps Homelab (Active)

A production-minded bare-metal ARM64 k3s cluster on a Raspberry Pi 4, managed entirely with FluxCD. Git is the only source of truth — if it's not in the repo, it doesn't exist.

Secrets: SOPS + age encryption, never plaintext in Git
Ingress: Cloudflare Tunnel for zero-trust external access
Apps: linkding, Ghost blog, Obsidian LiveSync (CouchDB) — all declarative, all reconciled
Learned the hard way: recovered from a force-push that triggered Flux pruning and wiped my cloudflared deployment. git reflog is a skill.

This is where I experiment before I deploy at work. The tooling here maps directly to what production platform engineering looks like.

☁️ `serverless-api` — AWS Serverless + Security

Hardened serverless API on AWS using least-privilege IAM, CORS controls, secrets management, and fully automated deployment via CI/CD. No manual steps post-deploy.

🎮 `enshrouded-docker` — Containerized Game Server (DevOps)

Immutable container infrastructure with runtime auto-update logic, semantic versioning, CI/CD publishing via GitHub Actions, and non-root execution with minimal attack surface. Built through real CI/CD failures — Wine + Docker on Ubuntu 22.04 with WineHQ and Xvfb.

🔐 SOAR + EDR Integration — Security Automation

Automated security orchestration workflows integrating EDR with alerting pipelines — custom detection rules, response playbooks, and hardened cloud VMs for telemetry analysis.

On the roadmap

Talos Linux · Cilium CNI · Kube-VIP · kube-prometheus-stack

Moving from "it works" to "it's observable, resilient, and enterprise-grade."

The journey (2016 → now)

2016 → IT Support / Helpdesk
       Cabling, AV, break-fix, networking fundamentals

2020 → Systems Administrator
       M365 migrations, HIPAA security program, MDM at scale

2022 → IT Support + Security
       Vuln management, network config, L1 incident response

2023 → Cloud Admin / Security
       XDR rollout, CASB, IAM/Conditional Access, hybrid cloud

2024 → Infrastructure Security Eng.
       IaC, GitOps, DevSecOps, compliance frameworks

The homelab is where the theory meets the metal.

Certifications & Education

CISM® CompTIA CCAP CSIS WGU — Network Engineering & Cybersecurity

Tools & Stack

Kubernetes / k3s FluxCD Azure Microsoft Sentinel Splunk / ELK Nessus / Rapid7 Palo Alto Networks Zero Trust NIST CSF CIS v8

Hey, I'm Jonathan 👋

What I'm building

🖥️ `pi-cluster` — GitOps Homelab (Active)

☁️ `serverless-api` — AWS Serverless + Security

🎮 `enshrouded-docker` — Containerized Game Server (DevOps)

🔐 SOAR + EDR Integration — Security Automation

On the roadmap

The journey (2016 → now)

Certifications & Education

Tools & Stack

Find me

Hey, I'm Jonathan 👋

What I'm building

🖥️ pi-cluster — GitOps Homelab (Active)

☁️ serverless-api — AWS Serverless + Security

🎮 enshrouded-docker — Containerized Game Server (DevOps)

🔐 SOAR + EDR Integration — Security Automation

On the roadmap

The journey (2016 → now)

Certifications & Education

Tools & Stack

Find me

🖥️ `pi-cluster` — GitOps Homelab (Active)

☁️ `serverless-api` — AWS Serverless + Security

🎮 `enshrouded-docker` — Containerized Game Server (DevOps)