layout: default title: Projects —
Featured Project Case Studies
IAM Job Scout: Automated Job Board for IAM Professionals
Objective: Build an automated, production-grade web application that helps junior to mid-level Identity & Access Management (IAM) professionals discover relevant job opportunities across the USA. The application automatically searches for IAM job postings using Google Custom Search Engine, filters out senior positions, and presents them in a clean, searchable interface with smart filtering and monitoring capabilities.
Core Technologies & Stack
Key Features
- Smart Job Filtering: Automatically excludes senior/advanced roles while focusing on junior to mid-level positions (0-5 years experience)
- Full-Text Search: Search across job title, company name, and description with real-time results
- Location Filtering: Geographic filtering to find jobs in specific regions
- Multiple Sorting Options: Sort by newest, oldest, relevance, or company name
- Auto-Cleanup: Jobs older than 30 days are automatically removed to keep listings fresh
- Similar Job Suggestions: View related opportunities when viewing job details
- Admin Panel: Secure, password-protected admin interface for manual job scanning
- Demo Mode: Works without API keys using sample data for testing
- API Token Protection: Secure endpoints for cron-triggered operations
- Production Monitoring: Built-in Prometheus metrics and Grafana dashboard support
Intelligent Filtering Logic
Excluded Keywords (Senior Roles): senior, sr, principal, architect, lead, manager, director, head, vp, staff, distinguished, chief
Included Keywords (Junior/Mid Roles): analyst, associate, administrator, engineer, specialist, iam, identity, okta, entra, azure ad, sso, saml, oidc, scim, iga, pam, sailpoint, saviynt, ping, cyberark
Experience Filters: Include 0-5, 1-3, 2-4, 3-5 years | Exclude 7+, 10+, 12+ years
Production-Grade Monitoring & Observability
Application Performance Metrics
HTTP request duration histograms (p50, p95, p99), request rate by endpoint, error rate tracking, and concurrent request monitoring
Business Metrics
Total jobs in database, new jobs this week, saved/applied job tracking, scan success rate, and last successful scan timestamp
Database & System Metrics
Query duration tracking, active connection pool utilization, database operations by type, memory usage, and Python garbage collection metrics
API Endpoints & Architecture
Public Endpoints: Main job board with search/filters, individual job details, admin login, JSON API for jobs/stats, health check, Prometheus metrics
Protected Endpoints (Session Auth or API Token): Manual job scan trigger, automatic cleanup of old jobs (30+ days)
Deployment Options
Render (Recommended)
Easiest deployment with built-in cron job support, automatic HTTPS, and zero-config environment
Fly.io
Docker-based deployment with generous free tier and global edge network support
VPS
Full control deployment on DigitalOcean, AWS Lightsail, or Ubuntu Server with Docker Compose
Security Features
- Password-Protected Admin Panel: Secure authentication for manual job scanning operations
- API Token Authentication: X-ADMIN-TOKEN header validation for cron job endpoints
- Session Secret Encryption: Secure session management with cryptographic session keys
- Environment Variable Configuration: Sensitive credentials stored outside codebase
- Production Security Recommendations: Documented best practices for secure deployment
Technical Highlights & Best Practices
Asynchronous API with automatic OpenAPI documentation, type hints, and validation
Prometheus metrics with Grafana dashboards for real-time performance tracking and alerting
APScheduler for background tasks with configurable daily scanning and automatic cleanup
Docker and Docker Compose setup for consistent deployment across all environments
SQLite for development/small deployments, PostgreSQL support for production scale
Comprehensive Documentation
✓ Quick Start Guide - Get monitoring running in 10 minutes
✓ Complete Monitoring Guide - Comprehensive documentation with examples
✓ Architecture Diagram - Visual guide to monitoring setup
✓ Docker Networking Guide - Tips for container deployments
✓ Prometheus Configuration Examples - Ready-to-use configs
✓ Alert Rules - Production-ready alerting setup
Enterprise IAM Lab: Hybrid Identity Architecture
Objective: Build a comprehensive 500-1000 user enterprise Identity and Access Management (IAM) environment. This production-grade homelab simulates a medium-sized organization's hybrid identity infrastructure with industry best practices for zero-trust security and modern access management.
Core Technologies & Protocols
Key Features
- Hybrid Identity Architecture: Seamless AD + OKTA + Microsoft Entra ID integration
- Tiered Admin Model: Microsoft Tier 0/1/2 with privilege separation
- Network-Based Conditional Access: IP zones, geographic controls, Tor blocking
- Graduated MFA: Hardware-protected for public networks, standard for corporate
- Multi-Protocol Support: SAML 2.0, OAuth 2.0, OIDC, SWA, LDAP, Kerberos, WS-Federation
- Automated Provisioning: OKTA Expression Language for dynamic group assignment
Implementation Progress
Enterprise Security Homelab: Cross-Platform Infrastructure
Objective: Build a comprehensive, enterprise-grade cybersecurity homelab implementing professional security practices. This advanced lab environment mimics real-world infrastructure for Blue Team operations, Red Team simulation, and DevSecOps practices across both Linux and Windows platforms with cross-platform automation, SIEM monitoring, and secure remote access.
Core Technologies & Infrastructure
Key Features & Architecture
- pfSense Enterprise Firewall: Advanced VLAN routing with 6-VLAN segmentation and security policies
- Cross-Platform Automation: Ansible managing 6 systems across Linux and Windows seamlessly with service accounts
- Comprehensive Security Monitoring: Wazuh SIEM collecting and analyzing logs from all platforms in real-time
- Infrastructure Observability: Grafana + Prometheus monitoring system health and performance metrics
- Secure Remote Access: Tailscale mesh VPN with WireGuard encryption for global connectivity
- Professional Authentication: SSH ED25519 keys for Linux, WinRM with service accounts for Windows
- VLAN Isolation: Management (10), BlueTeam SIEM (20), RedTeam Reserved (30), DevOps (40), Enterprise (50), Monitoring (60)
Deployed Infrastructure
Linux Systems (4): Ansible Controller (Ubuntu), TCM Ubuntu, Grafana Server (Ubuntu), Wazuh SIEM (Rocky Linux)
Windows Systems (2): Windows Host Laptop (Dev/Testing), Windows Server 2022 (Enterprise Services)
Network: pfSense Firewall, TP-Link Managed Switch with VLAN support
Implementation Status
Use Cases & Capabilities
- Blue Team Operations: Comprehensive threat detection with Wazuh SIEM monitoring across all platforms
- Cross-Platform Management: Unified Ansible automation for consistent Linux and Windows configuration
- Infrastructure Observability: Real-time performance monitoring and dashboards via Grafana/Prometheus
- Red Team Simulation: Dedicated VLAN for controlled attack simulation and penetration testing (planned)
- Security Research: Multi-platform testing environment for security tools and configurations
- DevSecOps Development: Foundation for CI/CD security pipeline integration (future)
AWS Cost Optimizer
Objective: Develop an automated AWS cost optimization tool that identifies and implements cost-saving opportunities across AWS infrastructure. This project combines infrastructure analysis, intelligent recommendations, and automated remediation to help organizations reduce cloud spending without compromising performance or reliability.
Core Technologies & Components
Key Features
- Infrastructure Analysis: Comprehensive scanning of AWS resources to identify underutilized and oversized instances
- Intelligent Recommendations: Data-driven suggestions for cost optimization including instance rightsizing, reserved instance strategies, and storage optimization
- Automated Remediation: Implement cost-saving actions automatically or with approval workflows
- Cost Tracking: Monitor estimated savings and actual cost reductions over time
- Reporting Dashboard: Detailed reports and visualizations of optimization opportunities and savings
Optimization Areas
Compute Optimization: EC2 instance rightsizing, stopping idle instances, reserved instance recommendations
Database Optimization: RDS instance rightsizing, storage optimization, backup retention policies
Network Optimization: Unused Elastic IPs, cross-AZ data transfer optimization, NAT gateway efficiency
Storage Optimization: Unattached volumes, S3 storage class analysis, old snapshot cleanup
Cost-Saving Mechanisms
1. Right-Sizing Analysis
Analyzes CPU, memory, and network utilization patterns over time to recommend optimal instance types. Organizations typically save 20-40% by downsizing over-provisioned instances.
2. Reserved Instance (RI) Optimization
Identifies consistent workloads suitable for Reserved Instances and Savings Plans, providing up to 70% savings compared to on-demand pricing. Tool recommends optimal RI purchase strategies.
3. Idle Resource Elimination
Detects and flags unused EC2 instances, RDS databases, EBS volumes, and Elastic IPs. Quick wins for cleanup typically yield 10-25% immediate cost reduction.
4. Storage Tiering
Recommends moving infrequently accessed data to cheaper storage classes (S3 Standard-IA, Glacier). Can save 70-90% on storage costs for archival data.
5. Automation Scheduling
Implements automated start/stop schedules for non-production environments, saving 40-60% on compute for development and testing workloads.
Business Benefits & ROI
Cost Reduction
30-50% average monthly cloud cost reduction through comprehensive optimization
Time Savings
Eliminates manual cost analysis; automated scanning runs continuously
Visibility
Complete cost visibility with detailed reports and trend analysis
Risk Mitigation
Approval workflows prevent accidental resource termination
Real-World Impact Scenarios
Scenario 1 - Mid-Size SaaS Company ($50K/month AWS spend):
Identifies 20+ oversized EC2 instances, unused RDS replicas, and abandoned S3 buckets. Estimated savings: $15K-18K/month (30-36% reduction)
Scenario 2 - Enterprise Organization ($500K/month AWS spend):
Discovers cross-AZ data transfer inefficiencies, recommends Reserved Instance purchases, and identifies test environment waste. Potential savings: $125K-200K/month (25-40%)
Scenario 3 - Development-Heavy Organization:
Implements automated scheduling for dev/test environments, consolidates resources, and archives old snapshots. Quick savings: $8K-12K/month with minimal effort
Collins Aerospace IT Audit: Post-Incident Security Assessment
Objective: Conduct a comprehensive IT audit engagement of Collins Aerospace's information security controls following a simulated cybersecurity incident. This graduate-level project demonstrates practical application of IT audit frameworks, risk assessment methodologies, CMMC Level 3 gap analysis, and remediation planning for an enterprise aerospace organization.
Frameworks & Methodologies Applied
Critical Audit Findings
| 1. Inadequate MFA | CRITICAL | 60.5% of VPN accounts lack MFA |
| 2. Privileged Access Gaps | HIGH | No reviews in 30 months |
| 3. Incident Response | HIGH | 16-18 hour detection delay |
| 4. Backup & DR | CRITICAL | No air-gapped backups |
| 5. Vendor Security | MEDIUM | 47 vendors unassessed |
Project Deliverables
- Audit Planning Memo: Comprehensive planning documentation and scope definition
- Executive Presentation: Board-level findings and recommendations presentation
- Control Testing Procedures: Detailed testing methodology and evidence collection
- Remediation Roadmap: Prioritized implementation plan with cost estimates
- Incident Timeline Analysis: Attack timeline reconstruction and root cause analysis
- NIST Risk Assessment: 8 complete assessment tables with threat modeling
Business Impact Analysis
Direct Incident Costs: $15M+ in losses
Operational Impact: 217 flights cancelled, 2.8M transactions lost
Compliance Risk: CMMC Level 3 certification required Q2 2026
Academic Context
Completed as part of ITMM 586 - Information Technology Auditing at Illinois Institute of Technology (Fall 2025). The project included 12+ weekly discussions on audit concepts, ethics case studies, and real-world incident analysis including the CrowdStrike global outage (July 2024).
Cyberdyne Systems: Enterprise Security Assessment
Objective: Conduct a comprehensive enterprise security assessment for Cyberdyne Systems Corporation, a fictional AI and robotics manufacturing company with 400 employees across California and Taiwan. The assessment identifies critical vulnerabilities and provides a complete defense-in-depth security program addressing technology, policy, and human factors.
Frameworks & Technologies Evaluated
Key Findings by Category
| End-of-Life Systems | CRITICAL | 800+ devices running EOL OS (Ubuntu 10.04, Windows 10 v1607) |
| Endpoint Protection | CRITICAL | No centralized antivirus deployment |
| Data Protection | CRITICAL | Unencrypted data transport between facilities |
| Access Management | HIGH | No centralized identity management |
| Hardware Security | HIGH | Excessive USB ports, insufficient resources |
Defense-in-Depth Strategy
Human Layer: 8 training programs including role-based specialized training
Policy Layer: 11 security policies (AUP, Data Classification, Incident Response)
Technology Layer: 13 controls (AD, SIEM, VPN/MFA, Encryption, DLP)
Recommended Controls (Phased)
- Phase 1 (Immediate): OS Upgrade Program, Enterprise Endpoint Protection, Full-Disk Encryption, Active Directory
- Phase 2: SIEM Implementation, VPN with MFA, Mobile Device Management, Host Firewalls
- Phase 3: Standardized Imaging, Data Loss Prevention, Asset Management, USB Device Control
Organization Profile
Employees: 400 across 9 job categories
Locations: California (HQ/R&D) and Taiwan (Manufacturing)
Device Mix: 300 Windows laptops, 200 Linux desktops, 150 Android tablets, 100+ servers
Compliance: CCPA, PDPC, NIST 800-171, FAR/DFARS
Academic Context
Completed as part of ITMO-X58 - Operating System Security at Illinois Institute of Technology (Fall 2025). This capstone project integrates concepts from Linux security mechanisms, Windows security technologies, mobile security, and defense-in-depth architecture.
Three-Tier Web Architecture on AWS
Project Objective
Design and implement a highly available, fault-tolerant web application architecture on AWS following industry best practices for scalability, security, and cost optimization.
Challenge
Create a scalable architecture that can handle variable traffic loads while maintaining high availability across multiple availability zones, with proper database isolation and security controls.
Solution
Implemented a three-tier architecture with web servers in public subnets, application servers in private subnets, and RDS in database subnets across multiple AZs with automated scaling and monitoring.
Key Implementation Details
- Infrastructure as Code: Used CloudFormation templates for consistent, repeatable deployments
- High Availability: Multi-AZ deployment with health checks and automated failover
- Security: Implemented security groups, NACLs, and IAM roles following least privilege principle
- Monitoring: CloudWatch dashboards and alarms for proactive incident response
- Cost Optimization: Reserved instances and auto-scaling policies to minimize costs
Results & Impact
Successfully deployed a production-ready architecture capable of handling 10,000+ concurrent users with 99.9% uptime, 30% cost reduction through optimization, and automated scaling that responds to traffic within 2 minutes.
Multi-Factor Authentication in Azure
Technologies: Azure Active Directory, Conditional Access, RBAC, PowerShell
Implemented comprehensive identity and access management solutions for a simulated enterprise environment. Configured MFA policies, conditional access rules, and role-based access control to enhance organizational security posture.
Network Traffic Analysis with Wireshark
Technologies: Wireshark, tcpdump, Network Protocols, Security Analysis
Conducted in-depth packet analysis to identify and investigate security threats including reconnaissance attempts, port scanning, and brute force attacks. Developed expertise in reading network protocols and identifying malicious patterns in traffic flows.
Enterprise SIEM Implementation with Wazuh
Project Objective
Deploy and configure a comprehensive Security Information and Event Management (SIEM) solution using Wazuh to monitor, detect, and respond to security threats across a hybrid cloud environment.
Challenge
Organization needed centralized security monitoring across 200+ endpoints with custom detection rules, automated threat response, and compliance reporting for SOC 2 requirements.
Solution
Designed and deployed a scalable Wazuh cluster with custom detection rules, automated incident response playbooks, and real-time dashboards for security analysts.
Key Implementation Details
- Architecture: Multi-node Wazuh cluster with load balancing and high availability
- Detection Rules: Custom rules based on MITRE ATT&CK framework for advanced threat detection
- Integration: Connected with Active Directory, firewalls, and cloud services for comprehensive coverage
- Automation: Python-based response scripts for automatic threat containment
- Dashboards: Executive and analyst dashboards for different stakeholder needs
Results & Impact
Reduced mean time to detection (MTTD) from 4 hours to 15 minutes, automated 80% of Level 1 SOC tasks, and achieved 100% compliance with SOC 2 security monitoring requirements. Blocked 150+ security incidents in the first month.
Secure Static Website with Global CDN
Project Objective
Build and deploy a secure, globally distributed static website with SSL/TLS encryption, custom domain configuration, and CDN optimization for improved performance and security.
Challenge
Create a cost-effective, secure hosting solution for a static website with global reach, automatic SSL renewal, and protection against common web attacks.
Solution
Implemented a serverless architecture using S3 for storage, CloudFront for global distribution, and Lambda@Edge for dynamic security headers and redirects.
Key Implementation Details
- Security: Implemented security headers, HTTPS redirect, and S3 bucket policies for access control
- Performance: Configured CloudFront caching and compression for optimal load times
- Monitoring: CloudWatch metrics and alarms for uptime and performance monitoring
- Automation: CI/CD pipeline for automated deployments and invalidations
Results & Impact
Achieved 99.99% uptime, reduced page load times by 60% globally, and maintained hosting costs under $2/month while serving 10,000+ monthly visitors with enterprise-level security.
Interested in seeing more of my work?
View on GitHub