I maintain a production-style home lab designed to simulate enterprise infrastructure, network segmentation, security monitoring, and automation workflows. The environment allows controlled experimentation with architecture decisions, lifecycle management, and automation tooling in a risk-free setting.

Core Infrastructure

Built on Dell hardware running VMware ESXi, this environment mirrors enterprise virtualization strategy.

  • Designed custom datastore and storage layout
  • Engineered VM allocation strategy for infrastructure and security systems
  • Implemented lifecycle management including firmware and BIOS updates

Active Directory Environment

Dedicated AD domain environment for policy and identity experimentation.

  • Group Policy testing and deployment simulation
  • Administrative privilege control modeling
  • Account lifecycle automation testing

Network Architecture & Segmentation

Architected internal network segmentation to replicate enterprise routing and isolation models.

  • VLAN-based segmentation strategy
  • pfSense firewall managing routing and policy enforcement
  • DMZ architecture isolating outward-facing services
  • Mesh network supporting segmented internal topology

Perimeter & Public Services

Designed secure exposure of public-facing services.

  • Deployed outward-facing web server within segmented DMZ
  • Engineered firewall rules isolating public traffic from internal systems
  • Validated NAT, port forwarding, and rule auditing workflows

Security Monitoring

Implemented layered visibility into internal traffic.

  • Deployed Security Onion for IDS monitoring
  • Performed traffic inspection across segmented zones
  • Tuned log visibility and alerting strategies

Automation & Tooling

Integrated automation across infrastructure lifecycle.

  • PowerShell-based automation within lab environment
  • Patch validation workflows
  • Software lifecycle testing via Winget and Chocolatey
  • Custom network reporting and analysis scripts

Cloud & Edge Services

Extended lab environment to public edge infrastructure.

  • Configured Cloudflare DNS and reverse proxy for public-facing services (e.g., foundry.gameonmarathon.com)
  • Implemented SSL/TLS termination and certificate management
  • Managed DNS routing and traffic filtering
  • Segmented public application traffic via DMZ architecture

Automation Framework Development

Developed modular automation framework within Home Assistant to test event-driven workflows.

  • Built reusable YAML-based automation packages
  • Implemented conditional logic and state-based triggers
  • Structured configuration for scalable expansion and lifecycle control