Open to Full-Time & Freelance Opportunities

Hi, I'm John

I design and build production-ready, secure web systems — from MERN/Next.js SaaS apps to CI/CD pipelines, cloud infrastructure, and adversarial security research. I make hard problems look simple.

Download CV

MERN / Next.js

AWS / DevOps

Red & Blue Team

Networking / AD

Expertise

Skills & Capabilities

A breadth of technical skills developed across full-stack development, cloud infrastructure, networking, and offensive/defensive security.

Full-Stack Development

Building scalable, type-safe web applications end-to-end.

React / Next.js95%

Node.js / Express92%

TypeScript90%

MongoDB / Mongoose88%

PostgreSQL82%

REST & GraphQL APIs90%

Redis / Caching80%

System Design85%

Cloud & DevOps

Automating infrastructure, CI/CD pipelines, and cloud architecture.

AWS (EC2, S3, RDS, Lambda)88%

Docker / Compose92%

GitHub Actions CI/CD90%

Terraform (IaC)78%

Kubernetes (EKS)72%

Nginx / Load Balancing85%

CloudFront / CDN82%

Linux Administration88%

Networking & Infrastructure

Designing and securing enterprise network infrastructure.

Routing & Switching (Cisco)85%

Firewall Config (pfSense, ASA)82%

VLANs & Network Segmentation88%

DNS / DHCP / BGP80%

Windows Server / AD85%

VPN (IPSec, OpenVPN)78%

VoIP / SIP Security72%

WiFi / AP Security75%

Cybersecurity

Offensive and defensive security across networks, endpoints, and applications.

SOC L1 & L2 Operations90%

Red Teaming / Pentesting85%

Active Directory Attacks88%

C2 Frameworks (Sliver)80%

OWASP Top 10 / Web Security92%

SIEM / Threat Detection85%

Malware Analysis (basics)70%

CCTV / Physical Security75%

Portfolio

Featured Projects

Real-world systems I've designed and built — covering full-stack SaaS, security tooling, DevOps automation, and infrastructure.

fullstack

SecureVault SaaS

Multi-tenant secret management platform that lets teams store, rotate, and audit environment variables and API keys with fine-grained RBAC. Secrets are encrypted at rest with AES-256 and in-transit via mutual TLS.

Next.js

Node.js

MongoDB

Redis

AWS KMS

Docker

JWT

TypeScript

Private

security

Zero-Trust API Gateway

Reverse-proxy gateway enforcing mTLS, OAuth2 token validation, per-route rate limiting, IP reputation scoring, and request/response payload inspection against the OWASP Top 10.

Node.js

Nginx

Redis

OAuth2 / PKCE

Docker

Prometheus

Grafana

TypeScript

Private

devops

DevSecOps CI/CD Pipeline

End-to-end pipeline that blocks deployments on SAST findings (Semgrep), dependency CVEs (Trivy), DAST scan failures (OWASP ZAP), and container image policy violations (OPA/Conftest).

GitHub Actions

Docker

Trivy

Semgrep

OWASP ZAP

Terraform

AWS ECS

OPA

Private

security

Active Directory Attack Lab

Isolated virtualized environment simulating a real enterprise AD forest (Windows Server 2022, multiple domains, GPOs). Includes automated attack playbooks: Kerberoasting, Pass-the-Hash, DCSync, and Golden Ticket via Sliver C2.

Windows Server 2022

Sliver C2

BloodHound

Impacket

Mimikatz

Kali Linux

VMware

Elastic SIEM

Private

security

SOC Detection Platform

Real-time threat detection and incident-response dashboard correlating logs from firewalls, endpoints, and cloud services using Sigma detection rules. Automated playbooks triage and escalate alerts with enriched context.

Elastic Stack (ELK)

Sigma

Python

Grafana

Kafka

MITRE ATT&CK

React

FastAPI

Private

infrastructure

Cloud Infrastructure Monitor

Full-stack observability platform aggregating metrics from AWS CloudWatch, on-premise network devices (SNMP), and application traces (OpenTelemetry) into a unified dashboard with intelligent alerting.

React

Node.js

AWS CloudWatch

Prometheus

Grafana

OpenTelemetry

PostgreSQL

Docker Compose

Private

More projects on GitHub, including open-source security tooling.

View All on GitHub

Offensive & Defensive

Security Expertise

From adversary simulation and Active Directory exploitation to SOC operations and threat detection engineering.

500+

CVEs Triaged

via SOC operations

20+

AD Attack Paths

lab-validated techniques

10/10

OWASP Coverage

categories hands-on

L1 & L2

Incidents Handled

SOC analyst experience

attack-kill-chain.sh

# Unified Kill Chain — Red Team Workflow

[01] Recon

Passive/active enumeration, OSINT, BloodHound

[02] Weaponise

Payload generation, shellcode, Sliver implants

[03] Deliver

Phishing, supply chain, exposed services

[04] Exploit

CVE exploitation, Kerberoasting, PTH

[05] C2 & Pivot

Sliver C2, lateral movement, DCSync

[06] Detect

Sigma rules, SIEM alerts, IR playbooks

ad-techniques.log

# Active Directory Attack Techniques (MITRE ATT&CK)

T1558.003Credential Access

Kerberoasting

Request TGS tickets for service accounts and crack offline

Impacket GetUserSPNsHashcatRubeus

T1550.002Lateral Movement

Pass-the-Hash

Reuse NTLM hashes without cracking for lateral movement

Impacket psexecCrackMapExecMimikatz

T1003.006Credential Access

DCSync

Simulate DC replication to dump all domain hashes

Mimikatz lsadump::dcsyncImpacket secretsdump

T1558.001Persistence

Golden Ticket

Forge Kerberos tickets using the KRBTGT hash for long-term access

Mimikatz kerberos::goldenRubeus

T1046Discovery

Network Discovery

Map internal network, identify domain controllers, admin shares

BloodHoundNmapPowerView

T1071.001Command & Control

C2 over HTTPS

Maintain persistent access via encrypted C2 callbacks

Sliver C2Cobalt StrikeMetasploit

OWASP Top 10 — Full Coverage

A01

Broken Access Control

Unauthorised access to resources or actions

A02

Cryptographic Failures

Weak or missing encryption of sensitive data

A03

Injection

Unsanitised input reaches interpreters (SQL, LDAP, OS)

A04

Insecure Design

Missing threat modelling and security architecture

A05

Security Misconfiguration

Unnecessary features, default credentials, verbose errors

A06

Vulnerable Components

Outdated or unpatched libraries and frameworks

A07

Auth Failures

Weak auth, credential stuffing, broken session management

A08

Software Integrity Failures

Unsigned updates, insecure CI/CD, unverified serialisation

A09

Logging & Monitoring Failures

Insufficient logging lets breaches go undetected

A10

SSRF

Server-side requests to internal/unintended targets

C2 Framework Experience — Sliver

Hands-on experience deploying and operating the Sliver C2 frameworkin isolated lab environments. Skills include implant generation (HTTPS/mTLS beacons), operator management, post-exploitation modules (BOF execution, SOCKS proxying), and writing detection rules for Sliver's IOCs in Elastic SIEM. All activity is conducted in air-gapped lab environments for research and detection development.

Architecture

System Design & Scalability

How I think about building systems that handle millions of requests, recover from failures, and stay secure under load.

Production Web Architecture — AWS Reference

Client

Browser / Mobile

CDN

CloudFront

WAF / ALB

AWS WAF + ALB

App Servers

ECS Fargate × N

Redis Cache

ElastiCache

Primary DB

RDS PostgreSQL

Read Replica

RDS Read Replica

Object Store

S3 + Glacier

Application LayerCaching / CDNSecurity / Load BalancingData Layer

Horizontal Scaling

Stateless application servers behind an ALB, auto-scaled with AWS ECS/EKS based on CPU and request latency metrics.

Multi-Layer Caching

CDN (CloudFront) → Redis (session + query cache) → DB query cache. Cache-aside pattern for dynamic data with TTL-based invalidation.

Data Architecture

Primary RDS (PostgreSQL) with read replicas for analytics. MongoDB for document workloads. S3 for object storage with lifecycle policies.

Security by Design

WAF at the edge, mTLS between services, secrets in AWS Secrets Manager, VPC with private subnets, zero-trust network policies.

Event-Driven Architecture

Kafka/SQS for async processing of heavy tasks. Dead-letter queues for error resilience. Saga pattern for distributed transactions.

Observability

OpenTelemetry for distributed tracing, Prometheus + Grafana for metrics, structured JSON logging to Elastic, alerting via PagerDuty.

Writing

Security & Engineering Blog

Practical write-ups on red teaming, DevSecOps, web security, and system architecture — the things I learn building and breaking systems.

Red Team / Blue Team12 min

Kerberoasting From Both Sides: Attack Execution and Detection With Elastic SIEM

A deep dive into how Kerberoasting works under the hood, step-by-step execution against a lab AD environment, and the exact Sigma rules to detect it in production.

Active DirectoryKerberosSIEM

March 18, 2026Read more

DevSecOps10 min

Shift-Left Security: Building a Zero-Compromise CI/CD Pipeline With GitHub Actions

How I wired Semgrep, Trivy, OWASP ZAP, and OPA into a single GitHub Actions workflow that blocks PRs on security findings — without slowing down the team.

GitHub ActionsSemgrepTrivy

February 27, 2026Read more

Web Security15 min

OWASP Top 10 for Next.js Apps: A Practical Hardening Checklist

Working through every OWASP Top 10 category with concrete Next.js / Node.js mitigations — from injection prevention to security logging and monitoring.

OWASPNext.jsWeb Security

January 14, 2026Read more

View All Posts

Get In Touch

Let's Work Together

Have a project, security assessment, or collaboration in mind? I'm available for full-time roles, freelance engagements, and consulting.

I typically respond within 24 hours. For urgent security matters or professional enquiries, email is the fastest route.

hello@example.com

GitHub

github.com/johndoe

linkedin.com/in/johndoe

Currently Available

Open to full-time positions, security consulting, and freelance web development.