securebytes.net
OPERATIONAL DC METRO

Gideon Oteng

Network engineer. Platform builder. Things I run don't fall over.

Five years across Tier-1 ISP backbone at Cogent and enterprise managed services at CDW. CCNP Security. Running a two-node Proxmox cluster as production infrastructure — BGP mesh, zero-trust access, full observability, wildcard TLS. The same standards I'd hold at work, operated solo.

7 projects
5 field notes
11 certs
5+ years
View work → Get in touch

// Selected work

Things I've built

All projects →
PROJECT Active

SecureBytes Platform

Self-managed Proxmox cluster running production-style network and security infrastructure — wildcard TLS, public status page, and selective Cloudflare Tunnel exposure.

ProxmoxpfSenseUniFinginx
PROJECT In Progress

AWS Detection Engineering Portfolio

Production-quality Sigma rules for AWS IAM privilege escalation, each validated end-to-end against CloudGoat scenarios using Stratus Red Team and CloudTrail.

AWSSigmaCloudGoatStratus Red Team
PROJECT Active

Network Design Lab

Multi-vendor lab on Cisco Modeling Labs and EVE-NG. Routing, switching, wireless, security, SD-WAN, identity, and observability platforms for design validation, failure testing, and certification work.

Cisco CMLEVE-NGIOS-XRNX-OS

// Field notes

Recent writing

All posts →
May 18, 2026

When the firewall isn't the edge

Half the lab was misbehaving in unrelated ways. The common cause was one NAT I didn't own.

networkingnathomelab
May 13, 2026

Putting the platform under Ansible

A host crash exposed config drift across 8 machines. Ansible closed the gap in an afternoon.

ansiblehomelabiac
May 7, 2026

Dual-repo pattern for self-hosted platforms — public portfolio, private source of truth

Real configs and portfolio screenshots don't belong in the same git history. Here's the pattern I use, why it matters, and the gh commands to set it up.

gitself-hostedgithub

// /now

What I'm working on

Day job

Operations Analyst at CDW — supporting hundreds of enterprise networks across SD-WAN, firewall, and cloud-connected environments.

Just shipped

Upgraded ava-cluster to Proxmox 9.2.2 / kernel 7.0 and stood up a full eBGP mesh using private ASNs across both nodes and the pfSense edge — FRRouting on everything, zero static routes.

Building next

AWS detection engineering portfolio — Sigma rules for IAM privilege escalation, each validated end-to-end against real CloudTrail telemetry from CloudGoat attack scenarios.