_executive_summary
[SBAJO]
[SBAJO]
_core_competencies
Cloud & Infrastructure
• Microsoft Azure (VMs, Networking, Application Gateway)
• Azure WAF & Security Policies
• Infrastructure Monitoring (Azure Monitor, Workbooks, Sentinel)
• Cloud Architecture & Service Integration
• Microsoft Azure (VMs, Networking, Application Gateway)
• Azure WAF & Security Policies
• Infrastructure Monitoring (Azure Monitor, Workbooks, Sentinel)
• Cloud Architecture & Service Integration
Virtualization & Containers
• Proxmox VE
• Hyper-V
• Oracle VirtualBox
• Docker (Containerization & Deployment)
• VM Provisioning & Resource Optimization
• Proxmox VE
• Hyper-V
• Oracle VirtualBox
• Docker (Containerization & Deployment)
• VM Provisioning & Resource Optimization
Security Engineering
• Cloudflare (WAF, Bot Management, DNS, Rate Limiting)
• Azure WAF (Layer 7 Protection)
• Network Security Groups (Layer 4 Filtering)
• NGINX ModSecurity Hardening
• Linux Firewall (nftables, CSF)
• Traffic Filtering, Threat Mitigation & Log Analysis
• Cloudflare (WAF, Bot Management, DNS, Rate Limiting)
• Azure WAF (Layer 7 Protection)
• Network Security Groups (Layer 4 Filtering)
• NGINX ModSecurity Hardening
• Linux Firewall (nftables, CSF)
• Traffic Filtering, Threat Mitigation & Log Analysis
Systems & Server Administration
• Linux Administration (AlmaLinux, Ubuntu, Debian)
• Hyper-V Management
• WHM/cPanel Administration & Fleet Management
• Web Server Management (NGINX, Reverse Proxy, Load Balancing)
• Service Deployment & Configuration
• Linux Administration (AlmaLinux, Ubuntu, Debian)
• Hyper-V Management
• WHM/cPanel Administration & Fleet Management
• Web Server Management (NGINX, Reverse Proxy, Load Balancing)
• Service Deployment & Configuration
Database & Backend Systems
• Microsoft SQL Server (Deployment, Maintenance, Troubleshooting)
• Database Backup, Restore & Performance Monitoring
• Handling Connection Issues & Long-uptime Stability
• Microsoft SQL Server (Deployment, Maintenance, Troubleshooting)
• Database Backup, Restore & Performance Monitoring
• Handling Connection Issues & Long-uptime Stability
Monitoring & Technical Operations
• Grafana (Metrics Visualization & Dashboards)
• Log Analysis & Incident Investigation
• Advanced Support & Escalation Handling
• Application Proxying & Traffic Routing
• Performance Monitoring & Alerting
• Grafana (Metrics Visualization & Dashboards)
• Log Analysis & Incident Investigation
• Advanced Support & Escalation Handling
• Application Proxying & Traffic Routing
• Performance Monitoring & Alerting
Software Engineering & Automation
• C# .NET (WPF / MVVM, Desktop Applications)
• C++ (Native Systems & Memory-Level Tooling)
• Bash Scripting & Automation
• Git / GitHub Version Control
• BackgroundWorker-based Application Logic (Non-async design)
• C# .NET (WPF / MVVM, Desktop Applications)
• C++ (Native Systems & Memory-Level Tooling)
• Bash Scripting & Automation
• Git / GitHub Version Control
• BackgroundWorker-based Application Logic (Non-async design)
IT Support & Operations
• Hardware Setup, Maintenance & Troubleshooting
• System Diagnostics & Repair
• Incident Handling (SOP-driven)
• Cross-team Coordination & Escalation
• Compliance with Security & Quality Standards
• Hardware Setup, Maintenance & Troubleshooting
• System Diagnostics & Repair
• Incident Handling (SOP-driven)
• Cross-team Coordination & Escalation
• Compliance with Security & Quality Standards
_professional_experience
[SBAJO]
June 2023 - PresentRole: [SBAJO]
[SBAJO]
Sector: [SBAJO]
[SBAJO]
- [SBAJO] [SBAJO]
- [SBAJO] [SBAJO]
- [SBAJO] [SBAJO]
- [SBAJO] [SBAJO]
- [SBAJO] [SBAJO]
- [SBAJO] [SBAJO]
- [SBAJO] [SBAJO]
_technical_research_and_labs
[SBAJO]
- [SBAJO] [SBAJO]
- [SBAJO] [SBAJO]
- [SBAJO] [SBAJO]
- [SBAJO] [SBAJO]
[SBAJO]
[SBAJO] [SBAJO]
[ Internet ] --→ [ Cloudflare Edge ] --→ [ Public IP ]
|
Proxmox Host |
| |
+-- VM: AlmaLinux 10 (Gateway) ----------------+
| +-- vNIC x 2 (public/private)
| +-- SELinux (Enforcing)
| +-- Kernel Hardening (sysctl / modules)
| +-- nftables Firewall (L4)
| +-- Proxmox VE Firewall (L3/L4)
| +-- Nginx Reverse Proxy (L7 Routing / Request Rate Limiting)
| +-- ModSecurity + OWASP CRS (L7)
| +-- Docker Container
| +-- wordpress:php8.4-fpm (FPM ONLY)
|
+-- LXC: Linux Container (Private / NAT)
+-- vNIC x 1 (private)
+-- MariaDB Server (Production Database)
[SBAJO]
[SBAJO]
[SBAJO]
[Public Ingress]
|
+------- [VM: Web Production] --------+
| (Node.js App Environment) |
| |
+------- [VM: Backend Services] ------+
(Docker: Game Server)
(Docker: MSSQL DB Node)
- [SBAJO] [SBAJO]
- [SBAJO] [SBAJO]
- [SBAJO] [SBAJO]
- [SBAJO] [SBAJO]
Cloudflare API Security Automation (R&D)
Status: Active Research & Development Phase
Currently engineering a middleware bridge between local Linux system logs (auth.log/syslog) and the Cloudflare API v4 to automate edge-level threat mitigation.
- Objective: Automate the detection of brute-force patterns and push real-time IP challenges/blocks to the Cloudflare WAF.
- Technologies: Bash Scripting,
curl, JSON parsing (jq), and Cloudflare Firewall Rulesets. - Learning Goal: Reducing origin server resource consumption by dropping malicious traffic at the Edge before it reaches the Proxmox/Azure infrastructure.
_system_access
• (IP Metadata Engine)
Custom API endpoint supporting and browser requests. Detects Edge Proxy transparency by comparing Direct vs. Proxied headers via Cloudflare's network layer.
Chrony-backed authoritative time endpoint (UTC+08:00 / Asia-Manila) returning JSON for browser and CLI consumption. Used to synchronize frontend displays with server time while avoiding client-side clock drift.