DevOps | CloudOps | GitOps Engineer · Security Enthusiast & Pentester · Infrastructure-as-Code Advocate
I build automated, secure, and reproducible infrastructures from bare-metal to cloud, with a strong background in self-hosting, Linux, and offensive security.
| Domain | Tools / Technologies |
|---|---|
| DevOps & IaC | Terraform · Packer · Ansible · GitHub Actions |
| GitOps | ArgoCD · FluxCD · Helm · Kustomize · Renovate |
| CloudOps | AWS · GCP · Cloudflare · Lambda · IAM · Route 53 · WAF · Transfer Family |
| Kubernetes | EKS · GKE · K3s · Gateway API · Cilium · Istio · Linkerd · Cert‑Manager · MetalLB |
| Networking | DNS (Pi‑hole + Unbound) · WireGuard · Netbird · VPC · Routing & NAT |
| Storage | Rook + Ceph · Longhorn · S3 / MinIO |
| Observability | Grafana · Prometheus · Loki · Alertmanager |
| Security & Pentesting | Pentesting · Bug Bounty · SOPS · IAM Policies · OIDC · Cloudflare Access · Kyverno · OPA |
| Scripting | Bash · Python · PowerShell · YAML |
These certifications validate my skills in DevOps, Cloud, Security, and Languages:
- ☁️ AWS Certified Solutions Architect – Professional (AWS)
- ✅ GitHub Actions Certified – GitHub workflows, CI/CD automation
- ✅ GitHub Administration Certified – GitHub repo/org management, security best practices
- 🛡 eWPT – Web Application Penetration Tester (INE Security, 2023)
- 🛡 eJPT – Junior Penetration Tester (INE Security, 2021)
- 🌐 Fully automated homelab with GitOps stack using K3s, Terraform, ArgoCD, and FluxCD.
- ☁️ Hybrid-cloud architecture with Cloudflare DNS/WAF/Access integrated with AWS and GCP.
- 🔐 Zero-Trust access setup using Cloudflare Access + Netbird for secure remote operations.
- 🧰 Infrastructure modules via Terraform and Packer, with CI/CD pipelines in GitHub Actions.
- 📦 Self-hosted services orchestrated with Docker Swarm within LXC containers on Proxmox.
- 🔍 Security-aware deployments and pentesting writeups, available through my personal blog.
- 🖥️ Hardware: Beelink Intel N100 mini PC · 16 GB RAM · 500 GB SSD · Proxmox VE
- 📦 Environments:
- VM 1: Rocky Linux + K3s (ArgoCD-managed cluster)
- VM 2: Rocky Linux + K3s (FluxCD-managed cluster)
- LXC Containers: swarm-01 & swarm-02 running Docker Swarm workloads
- VM 3: Home Assistant
- 🌐 Domain:
cervant.netmanaged via Cloudflare (DNS + WAF + Access) - 🔐 Internal DNS: Pi-hole + Unbound
- 🔑 Certs: DNS‑01 challenges via Cloudflare DNS and Cert‑Manager
I write and document my learning, research, and homelab experiments in two separate blogs:
-
📓 brsalcedom.github.io – Focused on pentesting, security research, bug bounty writeups, and network assessments.
-
🛠 blog.cervant.net – Dedicated to DevOps, IoT, electronics, and detailed guides about my homelab, infrastructure automation, and self-hosting.
Topics covered:
- GitOps, Kubernetes, Terraform, CI/CD pipelines
- Self-hosted services, observability, remote access (Cloudflare Access, VPNs)
- Electronics projects, microcontrollers, sensors and automation with Home Assistant
- Cloud and hybrid architectures (AWS, GCP)
- Web app and network security
homelab-iac– Modular infrastructure as code for my homelab.rshellz– CLI Tool | Reverse shell generator for pentesting.dotfiles– Dotfiles for my linux desktop configuration.amigo-secreto– Simple CLI tool for organizing Secret Santa gift exchanges.
All projects embrace automation, modularity, reproducibility, and security-first design.
- Policy tools for Kubernetes (OPA, Kyverno, Gatekeeper)
- Self-hosted AI/LLMs & pipelines (Open WebUI, Ollama, n8n)
- Distributed storage (Rook, Longhorn)
- Cloud Security Posture Management (CSPM) tools
- Real-time dashboards and SLO tracking
- 🌐 Pentesting Blog: brsalcedom.github.io
- 🌐 DevOps Blog: blog.cervant.net
- 🌐 Links: links.cervant.net
“Automate what’s repeatable. Audit what’s critical. Document what’s important.”
“Security is not a feature — it’s the foundation.”