My Projects

Below are my best projects that demonstrate my technical skills, problem-solving abilities, and professional expertise. Each project showcases the context, my specific contributions, key learnings, and evidence.

Project 1: CTFd Event - BSides Limburg

🎯 Context & Background

BSides Limburg is a regional cybersecurity conference and Capture The Flag (CTF) competition. Our team was tasked with designing and deploying the complete infrastructure for hosting a real-world CTF event platform. The goal was to create a scalable, secure, and automated system that could support concurrent players and dynamically provision isolated challenge environments.

📝 Project Description

We built the infrastructure for a real-world Capture The Flag competition platform for BSides Limburg on a self-hosted Kubernetes cluster running on Proxmox VMs. The solution deployed CTFd as the main challenge platform, providing a robust foundation for the competition while leveraging containerized infrastructure to ensure reliability and scalability.

A key innovation in our infrastructure was the integration of KubeArd, a custom Kubernetes monitoring dashboard developed by teammate Jorg Maas, which provided real-time visibility into cluster resources and performance metrics. This enabled us to monitor the health and capacity of the platform during the live event. Our team also implemented a per-user instance manager that dynamically provisions isolated challenge environments on demand, with automated conversion from docker-compose definitions to Kubernetes-native deployments. This automation significantly reduced manual intervention during the event.

The infrastructure incorporated several enterprise-grade components to ensure security, persistence, and automation. We implemented NFS persistent storage for maintaining challenge data and user progress, deployed an NGINX ingress controller to manage traffic routing, and configured Let's Encrypt SSL automation for secure HTTPS communications. All dashboard access was protected with multi-factor authentication (MFA) to prevent unauthorized control.

The deployment pipeline was fully automated, enabling rapid iteration and reliable reproducibility across environments. This infrastructure successfully supported the BSides Limburg CTF event, demonstrating the capability to host complex, real-world cybersecurity competitions on self-hosted Kubernetes infrastructure.

One of the features developed during this project has been accepted for inclusion in CTFd version 3.9, representing a direct contribution to the open-source platform that helps organize CTF competitions worldwide.

📸 Event Gallery

🛠️ Technologies & Tools

Kubernetes, Docker, Docker-compose, CTFd, KubeArd, Proxmox, NFS, NGINX, Let's Encrypt, MFA, DevOps, Container Orchestration, Infrastructure as Code

💡 What I Learned

This project deepened my understanding of production Kubernetes infrastructure beyond theoretical knowledge. Working with a team to design systems that needed to perform reliably under real-world conditions taught me the importance of observability—integrating KubeArd demonstrated how visibility into system metrics is essential for troubleshooting and optimization. I also learned that automation at every level (deployment, SSL management, environment provisioning) is critical for reducing human error and enabling rapid response to issues during live events.

📚 Project Evidence

Project 2: SOC Case

🎯 Context & Background

Security Operations Centers (SOCs) are critical infrastructure for detecting and responding to cyber threats in real-time. To develop practical SOC skills, I designed and built a fully functional SOC home lab environment that simulates a realistic corporate network. This lab enables controlled attack simulation and validation of security detection capabilities, combining enterprise-grade security tools in a manageable educational setting.

📝 Project Description

I designed and built a full Security Operations Center (SOC) on a laptop home lab environment using a segmented network architecture. The lab consists of multiple virtual machines: Kali (attacker), OPNsense (firewall), Wazuh (SOC/SIEM), and Target (victim with DVWA and SSH). The network traffic flows through the firewall to the target, with the Wazuh server capturing and analyzing all logs, simulating a realistic corporate network segment behind a firewall with centralized SOC monitoring.

The infrastructure deployed OPNsense as the perimeter firewall managing traffic between attackers and internal systems, with logging capabilities feeding into the SOC. The Wazuh server acts as the central Security Information and Event Management (SIEM) platform, receiving logs from all systems to perform security monitoring, threat detection, and alert generation. I integrated Discord webhook notifications to deliver real-time alerts to a dedicated Discord channel, enabling immediate visibility into detected threats. This architecture mirrors small-to-medium enterprise network design with separated security tiers and modern alert notification workflows.

To generate realistic detectable events, I conducted multiple attack simulations to validate the SOC's detection capabilities. Manual SQL injection attacks against the DVWA web application tested web application attack detection. Automated Hydra brute-force attacks against SSH services generated authentication failure patterns. Burp Suite web scanning simulated adversary reconnaissance and vulnerability scanning behavior, all designed to trigger SOC alerting rules.

The project demonstrated end-to-end SOC functionality: log collection and centralization, threat detection via pattern matching, alert generation, and incident analysis. All attacks were simulated in a controlled environment to validate that the SOC correctly identifies malicious activities without actually compromising systems. This hands-on experience provided practical understanding of how detection rules work, what signals are important, and how to tune a SIEM to reduce false positives while maintaining detection accuracy.

🛠️ Technologies & Tools

Wazuh, OPNsense, Kali Linux, DVWA, SSH, Burp Suite, Hydra, Python, Elasticsearch, Discord Webhooks

💡 What I Learned

This project fundamentally changed my understanding of detection engineering and SOC operations. Building the lab from scratch taught me that detection is only effective when you understand the baseline of normal network traffic—tuning alerts requires balancing between catching real threats and avoiding alert fatigue from false positives. I also learned the importance of architectural decisions: proper network segmentation, log centralization, and tool integration determine whether a SOC can actually scale. Most importantly, simulating realistic attacks and seeing them detected in real-time demystified security monitoring—it's not magic, it's methodical log analysis and pattern matching.

📚 Project Evidence

Project 3: [PROJECT TITLE]

🎯 Context & Background

[Explain the problem you were solving or why this project exists. Help the reader understand the goal and context. Write 2-3 sentences.]

📝 Project Description

[Provide a detailed description of what you built/created. Explain your specific contribution and technical approach. Write 3-5 paragraphs. Focus on your work, not team members' names - use roles instead.]

🛠️ Technologies & Tools

[List technologies]

💡 What I Learned

[Describe specific learnings from this project. Be personal and avoid clichés.]

📚 Project Evidence

✨ Project Summary

These projects represent my best work and demonstrate my ability to [mention key competencies like "design scalable applications," "lead technical implementation," "solve complex problems," etc.]. Each project showcases different aspects of my technical skills and professional growth.