Rafael Garcia
Network engineer, systems builder, security practitioner.
Operator
Zero Trust
  • Trust is a vulnerability; verify everything, assume breach
  • Redundancy isn’t a feature, it’s the architecture
  • Segment the network like the insider threat is already inside
Discipline
  • Train on live systems, not sanitized labs
  • Standards don’t flex under pressure; that’s the point
  • Production is the test; everything else is rehearsal
Precision
  • Every failure mode is part of the design
  • A system you can’t observe is a system you don’t own
  • Telemetry isn’t optional; it’s how you know the mission is running
// 01Intrusion Detection GitHub →
1.07M+
Flows Analyzed
99.71%
Model Accuracy
<500ms
Avg Latency
74,096
IDS Rules
Architecture
INTERNET WAN / Spectrum UDM DHCP · WiFi · NAT USW-Lite-8-PoE 8-port PoE · SPAN port 7→8 SPAN mirror tap PA-220 Firewall PAN-OS 10.2 · 4 DMZ zones microsegmentation RV2 Edge Sensor Orange Pi RV2 · RISC-V scapy feeder · 78 features pi0 dmz-mgmt OpenLDAP · AdGuard · DNS pi1 dmz-svc GuardQuote · Postgres · Grafana pi2 — K3s + NIDS dmz-security SentinelNet API · Suricata · Wazuh
Live Status
Model...
Attacks...
TrainingCICIDS2017
Samples2.8M flows
AdversarialPGD augmented
ExportONNX + SHA256
HPAK3s autoscale
AlertsPrometheus rules
Signal
Threat Ratio
Benign Threats
Avg Inference Latency
Model Accuracy 99.71%
CICIDS2017 holdout • PGD-augmented
// 02Applications
live
GuardQuote
Full-stack ML platform with secure auth, role-based access, and APM. Built and hosted on my own infrastructure.
guardquote.vandine.us
APM
Datadog
Full-stack observability with distributed traces, metrics, and log aggregation via Vector pipeline.
us5.datadoghq.com 68 spans
access
Grafana
Metrics dashboards for cluster health, SentinelNet predictions, and network device telemetry.
grafana.vandine.us
access
Prometheus
Time-series metrics with 15s scrape intervals across all cluster nodes and services.
prometheus.vandine.us
access
SOC Dashboard
Security operations center. Suricata EVE alerts, Wazuh HIDS events, and SentinelNet detections aggregated in one view.
soc.vandine.us
access
LDAP Admin
Centralized identity management for team accounts, SSH keys, and service authentication.
ldap.vandine.us 4 users
access
AdGuard DNS
HA DNS filtering with automatic config sync across two nodes. Resolves internal service names.
dns.vandine.us 2 nodes
bastion
Nettools
Web terminal bastion for network diagnostics, ping, traceroute, and DNS lookups from inside the lab.
nettools.vandine.us LDAP auth
// 03Compute Fleet
pi0
Monitoring Host
Pi 5 • 8GB RAM • ARM A76
dmz-mgmt
OpenLDAP
AdGuard Home
Nettools terminal
Vector + Datadog
pi1
Services Host
Pi 5 • 8GB RAM • ARM A76
dmz-svc
GuardQuote API
PostgreSQL 15
Grafana + Prometheus
Loki + Alertmanager
pi2
Inference / K3s
Pi 5 • 16GB RAM • ARM A76
dmz-security
SentinelNet API (K3s)
Suricata 7.0.5
Wazuh HIDS 4.14.3
Fleet triage timers
rv2
Edge Sensor
Ky X1 RISC-V • 7.7GB • 458GB NVMe
SPAN mirror
Scapy feeder (promiscuous)
78-feature extraction
Qwen2 1.5B (int4)
Suricata EVE → Loki
xps
GPU Inference
i7-11700 • RTX 4060 Ti 8GB • WSL2
dev + GPU
Gemma 4 e4b (Ollama)
Triage summarizer (tier 2)
Claude Code dev
Tailscale mesh
// 04Network Topology
Edge

PA-220 Firewall

PAN-OS 10.2 • 4 DMZ zones • microsegmentation
active

USW-Lite-8-PoE

SPAN port 7→8 • LAN uplink mirror
active

UDM Router

DHCP • WiFi • pending PA-220 cutover
active
Cloudflare Edge

Tunnel

Secure QUIC ingress • no exposed ports
active

Zero Trust

Email OTP auth • 6 protected apps
6 apps

Workers

Gateway routing • status API • KV cache
active
Tailscale Overlay

ThinkStation / XPS

WSL2 development • GPU inference
mesh

Pi2 + RV2

Cross-firewall inference API access
mesh

MacBook

Mobile development • remote access
mesh
// 05Links
GitHub
SentinelNet
LinkedIn
Contact