๐ From NYPD Sergeant to DevOps Engineer
My Self-Taught Journey into Cloud & Infrastructure Automation
After retiring from the NYPD and serving in the U.S. Army, I set out to build my next chapter โ not in uniform, but in the terminal.
What began as simple curiosity about Linux quickly evolved into a passion for DevOps, infrastructure, and automation. Over the past several months, I transformed my homelab into a production-grade stack โ and now Iโm applying those skills in the professional world.
๐
Timeline of My DevOps Journey
๐น November 2024 โ The Spark
Installed Linux on an Intel N100 mini PC. That simple act opened the door to the command line, services, and system-level thinking.
๐น December โ Media & Virtualization
Deployed a Plex Media Server in Docker, mounted a 16TB Synology NAS, and began exploring VPN access and virtualization.
๐น January โ Dynamic DNS & Security+ Certified
Set up Dynamic DNS using Cloudflareโs API, Bash, and cron โ my first real step into Infrastructure as Code and network automation.
Also earned my CompTIA Security+ certification, marking the start of my deep dive into cybersecurity fundamentals.
๐น February โ Lightweight Observability
Wrote custom Bash scripts to track system health (CPU, memory, disk, SSH attempts) and emailed daily summaries. This became my introduction to observability and alerting.
๐น March โ Cloud Database Training
Completed Google Cloudโs 70+ hour Database Engineer learning path, covering:
- Cloud SQL
- Spanner
- Bigtable
- AlloyDB
- Migration strategies and resiliency patterns
๐น April โ Tooling & Productivity
Sharpened my daily drivers: Git, GitHub, Docker, and tmux. Learned to manage containers, adopt version control workflows, and automate repeatable tasks via CLI.
๐น May โ Full Stack Infrastructure + CI/CD + Security + Cloud Deployment
Everything started to come together into a secure, automated stack:
- Reverse-proxied services via Docker, Traefik, Cloudflare, and Letโs Encrypt TLS
- Deployed a secure, public-facing website on AWS EC2 using NGINX, DNS, UFW firewall, and automated TLS
- Built a CI/CD pipeline with GitHub Actions for Dockerized apps, deployed over SSH
- Hardened SSH with key-only login, Fail2Ban intrusion detection, and daily email reports
๐นJune โ Internship Kickoff, GCP IAM, and SSH Certificate Automation
June marked the start of my DevOps internship at Rakuten Advertising, where I've been focused on securing and scaling cloud infrastructure. Key milestones:
- Took ownership of managing IAM roles and policies in GCP, integrating PAM and enforcing grant durations to reduce risk
- Earned my Google Associate Cloud Engineer (ACE) certification โ a major step in validating my GCP knowledge
- Deployed SSH certificate-based authentication in my homelab using HashiCorp Vault, replacing static keys with short-lived certs for stronger security
This month was all about building real-world skills in cloud security, automation, and modern DevOps workflows.
๐น July โ IAM to PAM Automation, Mentorship & App-Backed Database
This month at Rakuten Advertising, I dove deeper into cloud security and automation during my DevOps internship. I built a script to streamline the conversion of IAM roles into PAM-managed entitlements โ reducing privilege windows and enforcing least privilege across GCP.
I also created my own app-backed database from scratch to support internal tooling โ sharpening my infrastructure skills with MySQL, secure access, and automation.
Most importantly, Iโve been learning from a phenomenal team of seasoned DevOps engineers whose mentorship is accelerating my growth in real-world DevSecOps and infrastructure at scale.
๐งฐ Tooling Overview
- Reverse Proxy: Docker, Traefik, Cloudflare DNS
- Monitoring: Prometheus, Node Exporter, Grafana, Netdata
- Intrusion Detection: Fail2Ban, SSH logs, geoiplookup, custom Bash scripts
- Automation: Ansible, cron, GitHub Actions
- Hosting & VMs: NGINX (Alpine), AWS EC2, Proxmox VE (MinisForum MS-01)
- Security: SSH key auth, UFW, Letโs Encrypt TLS, HashiCorp Vault
โ
Key Highlights
- Fully automated TLS via Traefik + Letโs Encrypt
- AWS-hosted NGINX site with secure DNS, firewall rules, and HTTPS
- Cloudflare-managed subdomain routing
- CI/CD pipeline from GitHub commit to Docker container redeploy
- Real-time dashboards and alerting with Grafana and Netdata
- Daily SSH intrusion reports with geo-IP and brute-force attempt tracking
- GCP IAM policy configuration with just-in-time access and permission boundaries
- Vault-driven SSH certificate access in a production-style homelab
๐ง Final Thoughts
DevOps brings the structure, discipline, and adaptability I thrived on during my public service career โ with the added challenge of continuous learning.
My homelab was the proving ground. Now Iโm building in production.
๐ Letโs Connect
