Security
Identity, access, cryptography, and defense in depth.
Core Competencies
| Domain | Coverage |
|---|---|
Identity & Access Management |
SAML, OIDC, OAuth, Kerberos, Keycloak, Azure AD |
PKI & Certificates |
X.509, CA architecture, Vault PKI, ACME |
Secrets Management |
HashiCorp Vault, pass, SOPS, age |
Hardening & Compliance |
CIS Benchmarks, STIG, compliance scanning |
Threat Detection |
SIEM, log analysis, threat hunting |
Cryptography |
Symmetric, asymmetric, hashing, GPG |
Security Philosophy
-
Defense in depth — multiple layers of protection
-
Principle of least privilege — minimal access required
-
Zero Trust — never trust, always verify
-
Assume breach — design for when, not if
Identity Federation Flow
┌──────────┐ ┌──────────┐ ┌──────────┐
│ User │───── Login ─────►│ IdP │◄─── Trust ──────│ SP │
│ │ │(Keycloak)│ │ (App) │
└──────────┘ └──────────┘ └──────────┘
│ │ │
│ SAML Assertion / OIDC Token │
└──────────────────────────────────────────────────────────►│PKI Hierarchy
┌─────────────────┐
│ Offline Root │
│ CA │
└────────┬────────┘
│
┌──────────────┼──────────────┐
│ │ │
┌────────▼────────┐ ┌──▼───┐ ┌───────▼───────┐
│ Issuing CA │ │ CRL │ │ Issuing CA │
│ (Vault PKI) │ │ CDP │ │ (AD CS) │
└────────┬────────┘ └──────┘ └───────┬───────┘
│ │
┌──────┴──────┐ ┌──────┴──────┐
│ Server Cert │ │ Client Cert │
└─────────────┘ └─────────────┘Related
-
Linux — System hardening
-
Windows — Windows security
-
Networking — Network access control