Harley Schaeffer

Systems Administrator | Network Architecture | Security

Month: February 2026

System Administrator

February 12, 2026 /

2018 – Present

Enterprise infrastructure and network engineering role supporting manufacturing operations and production environments. Led network redesign initiatives, virtualization deployments, monitoring stack development, and security hardening efforts.

Key Focus Areas:

  • Network architecture & segmentation
  • VMware ESXi infrastructure
  • Security hardening & endpoint control
  • Automation & scripting
  • Monitoring & visibility engineering

Home Lab Architecture

February 12, 2026 /

I maintain a production-style home lab designed to simulate enterprise infrastructure, network segmentation, security monitoring, and automation workflows. The environment allows controlled experimentation with architecture decisions, lifecycle management, and automation tooling in a risk-free setting.

Core Infrastructure

Built on Dell hardware running VMware ESXi, this environment mirrors enterprise virtualization strategy.

  • Designed custom datastore and storage layout
  • Engineered VM allocation strategy for infrastructure and security systems
  • Implemented lifecycle management including firmware and BIOS updates

Active Directory Environment

Dedicated AD domain environment for policy and identity experimentation.

  • Group Policy testing and deployment simulation
  • Administrative privilege control modeling
  • Account lifecycle automation testing

Network Architecture & Segmentation

Architected internal network segmentation to replicate enterprise routing and isolation models.

  • VLAN-based segmentation strategy
  • pfSense firewall managing routing and policy enforcement
  • DMZ architecture isolating outward-facing services
  • Mesh network supporting segmented internal topology

Perimeter & Public Services

Designed secure exposure of public-facing services.

  • Deployed outward-facing web server within segmented DMZ
  • Engineered firewall rules isolating public traffic from internal systems
  • Validated NAT, port forwarding, and rule auditing workflows

Security Monitoring

Implemented layered visibility into internal traffic.

  • Deployed Security Onion for IDS monitoring
  • Performed traffic inspection across segmented zones
  • Tuned log visibility and alerting strategies

Automation & Tooling

Integrated automation across infrastructure lifecycle.

  • PowerShell-based automation within lab environment
  • Patch validation workflows
  • Software lifecycle testing via Winget and Chocolatey
  • Custom network reporting and analysis scripts

Cloud & Edge Services

Extended lab environment to public edge infrastructure.

  • Configured Cloudflare DNS and reverse proxy for public-facing services (e.g., foundry.gameonmarathon.com)
  • Implemented SSL/TLS termination and certificate management
  • Managed DNS routing and traffic filtering
  • Segmented public application traffic via DMZ architecture

Automation Framework Development

Developed modular automation framework within Home Assistant to test event-driven workflows.

  • Built reusable YAML-based automation packages
  • Implemented conditional logic and state-based triggers
  • Structured configuration for scalable expansion and lifecycle control

Projects & Infrastructure Work

February 12, 2026 /

Network Architecture & Segmentation

Led a full network redesign initiative including VLAN overhaul, segmentation strategy, and IP plan re-architecture.

  • Programmed and maintained Cisco core switching infrastructure
  • Eliminated unmanaged switches and standardized switching stack
  • Improved broadcast control and network visibility

Remote Production Site Connectivity

Designed and implemented GRE tunnel connectivity supporting a remote production environment (Yale Residential Locks).

  • Established secure site-to-site routing
  • Enabled production continuity during infrastructure transition

Security Hardening & Compliance

Focused on reducing enterprise risk through access control and endpoint hardening.

  • Removed local admin access via GPO (except approved accounts)
  • Deployed McAfee encryption and resolved BitLocker integration issues
  • Led Security Task Force initiatives
  • Implemented Security Onion IDS for network monitoring

Monitoring & Visibility Engineering

Built centralized visibility into infrastructure health and performance.

  • Implemented SNMP + Grafana alerting stack
  • Deployed SolarWinds N-able from scratch
  • Developed custom network monitoring tools (MAC tracing, ARP/DHCP correlation, SQL monitoring)

Virtualization & Infrastructure Architecture

Designed and deployed VMware ESXi infrastructure from hardware to production workloads.

  • Architected Dell-based virtualization stack including datastore layout
  • Configured vSwitches, port groups, and VLAN tagging aligned with segmentation strategy
  • Integrated ESXi host with core switching and firewall policies
  • Migrated physical services (Domain Controller, DHCP) into virtual environment
  • Implemented lifecycle management and backup/resiliency practices

Automation Engineering

Built automation tooling to reduce manual effort and improve operational consistency.

  • Developed CompXfer to automate Windows 7 → 10 migrations (profiles, printers, drives)
  • Authored PoShPatch for lightweight remote patch execution across endpoints
  • Created Log4jSherlock vulnerability scanner (CVE-2021-44228 family)
  • Built Selenium automation for web-managed device configuration
  • Implemented Winget/Chocolatey-driven software lifecycle automation
  • Developed custom PowerShell network reporting tools

© 2026 Harley Schaeffer

Theme by Anders NorenUp ↑