Infrastructure Engineer · Sysadmin · IT
Building reliable self-hosted infrastructure and multi-site networks from the ground up. Based in New Jersey — open to full-time infrastructure and IT roles.
About
I hold an A.S. in Computer Science and have spent my personal time designing and maintaining real infrastructure — a self-hosted server stack and a multi-site business network spanning three locations, connected via site-to-site VPN.
Much of what I do outside of work mirrors real-world infrastructure responsibilities: network segmentation, Docker stack management, DNS troubleshooting, securing public-facing services, and maintaining reliable systems across multiple locations.
I pick things up fast, I don't shy away from the terminal, and I care about doing things right. Looking to bring that hands-on experience into a full-time infrastructure or IT role.
Skills
Deploying and managing multi-container environments with Docker and Docker Compose. Comfortable with Dockge for stack management.
Multi-site network design with UniFi, VLAN segmentation, site-to-site VPN, reverse proxying with Caddy, and network-level ad blocking with Pi-hole.
Day-to-day server administration over SSH, file management, scripting, and system monitoring on Ubuntu/Debian-based systems.
Running and maintaining production-like services including file storage, password management, NVR, and monitoring dashboards.
Exposing services securely to the public internet with HTTPS, access controls, and keeping attack surface minimal.
Keeping tabs on service health, resource usage, and uptime. Comfortable reading logs and diagnosing issues across the stack.
Actively working toward certifications and expanding into new areas of infrastructure and systems administration.
Projects
A fully containerized homelab running on a single machine, publicly accessible via a custom domain. Services include Nextcloud for file storage, Vaultwarden for password management, Frigate for NVR camera monitoring aggregating feeds from 7 IP cameras across 3 sites, Pi-hole for network-wide DNS ad blocking, and a Caddy reverse proxy handling HTTPS for all services via Cloudflare DNS challenge. Everything is orchestrated with Docker Compose and managed through Dockge.
Designed and deployed a segmented network infrastructure across three locations — a primary residence and two small businesses — each running a UniFi Dream Router 7 connected via UniFi site-to-site VPN. Each site is divided into purpose-specific VLANs to isolate traffic, enforce security boundaries, and follow PCI-DSS network segmentation best practices for POS isolation.
The primary site runs 4 VLANs covering secure devices, the infrastructure server, IoT smart home devices, and VPN clients including a WireGuard remote access tunnel. Branch site A runs 8 VLANs separating POS, surveillance (4 IP cameras feeding Frigate), IoT climate control, a Simplisafe security system, guest WiFi, staff WiFi, and VoIP. Branch site B runs 4 VLANs for secure devices, surveillance (3 IP cameras), POS, and guest WiFi. 19 VLANs total across all sites.
Custom-built ITX server housed in a Fractal Ridge case, purpose-designed for low-footprint 24/7 operation. Specced with an AMD Ryzen 7 5700G for its integrated graphics — eliminating the need for a discrete GPU while keeping power consumption low. 64 GB of DDR4 gives the system plenty of headroom to run all Docker containers simultaneously without contention.
Storage is tiered: a Samsung 970 Evo 1 TB NVMe handles the OS and active container data for fast I/O, an 8 TB Seagate Barracuda handles bulk storage for Nextcloud, and a 4 TB WD Purple — a surveillance-grade drive rated for continuous write workloads — handles Frigate's camera footage from 7 IP cameras across 3 sites. Powered by a Silverstone 500W 80+ Gold SFX unit keeping the whole build compact and efficient.
Built and maintained a high-performance ITX workstation used for infrastructure experimentation, container testing, scripting, and validating network configurations before deploying to production. Housed in a Cooler Master NR200P V2 with a Lian Li Gallahad II 240mm AIO and powered by a Corsair SF1000 for clean, stable power in a compact form factor.
Specced with an AMD Ryzen 9 9800X3D, Gigabyte RTX 3080 Ti, and 32 GB of G.Skill DDR5 6000 MHz on a Gigabyte B650I AORUS Ultra. Storage runs across two Samsung 970 Evo NVMe drives — 2 TB and 4 TB — providing fast local storage for VMs, Docker testing environments, and development tooling.
Problems solved
Securely exposing self-hosted services to the public internet
Public-facing access is minimized to only required services, with HTTPS handled through Caddy and automatic TLS renewal via Cloudflare DNS challenge. Each service sits behind its own subdomain with no direct exposure to the internet.
Preventing guest and POS devices from reaching each other or internal systems
Dedicated VLANs per device class with inter-VLAN routing disabled. POS systems are fully isolated on their own VLAN following PCI-DSS segmentation best practices. Guest WiFi has no path to internal resources.
Centralizing camera footage from 7 IP cameras across 3 physically separate sites
Cameras at branch sites stream over site-to-site VPN tunnels back to Frigate running on the home server. Footage is stored on a WD Purple surveillance-grade drive rated for continuous write workloads.
Managing multiple Docker stacks without SSH for every change
Dockge provides a web UI for managing all Docker Compose stacks, viewing logs, and restarting services. Accessible through internal networking and secured remote access via Caddy reverse proxy.
Experience
Identified a critical security gap — all business, POS, guest, and IoT devices operating on a single flat LAN with no segmentation. Designed and deployed full VLAN segmentation across 8 VLANs as the sole person responsible for the network infrastructure.
Sole person responsible for network design, POS system setup, VoIP provisioning, IP camera installation, and ongoing infrastructure maintenance across the business.
Led the business formation process — handling legal entity setup, documentation, and compliance requirements to establish the salon as a registered business entity.
Managed vendor relationships and coordinated third-party service providers for technology and operational needs across the business.
Contact
I'm actively looking for full-time opportunities in IT infrastructure, sysadmin, or network engineering. If you think I'd be a good fit, reach out.
Download Resume ↓