Skip to content

Security Projects

Arbaaz Jamadar
Written by
Arbaaz Jamadar
Cloud Security Engineer | OSCP | AWS Security Specialty | CySA+ | Threat Detection & Incident Response
Summary

Eleven end-to-end security projects, each documented with architecture decisions, implementation details, and measurable outcomes. The work spans cloud security architecture, DevSecOps automation, offensive security research, and infrastructure hardening.

Cloud & Infrastructure Security - a multi-tier AWS e-commerce architecture (VPC segmentation, WAF, CloudFront, RDS, Terraform IaC) serving 10,000+ users with PCI-DSS-aligned network segmentation; an EKS microservices deployment with OpenTelemetry, Prometheus, and Grafana end-to-end observability; a cloud-native PKI implementation using AWS Certificate Manager and Private CA; and a Zero Trust remote access platform built on Apache Guacamole, Cloudflare Tunnel, and OPNsense firewall - eliminating VPN dependency.

DevSecOps & Automation - a CI/CD pipeline integrating Jenkins, SonarQube, Trivy, ArgoCD, Prometheus, and Grafana that achieved 98% policy compliance and blocked 100% of critical vulnerabilities from reaching production; a Python-based SIEM automation framework that improved anomaly detection accuracy by 40% and reduced MTTD/MTTR through AWS Lambda and EventBridge-driven response playbooks.

Offensive Security & Forensics - a complete DFIR investigation covering malware reverse engineering, VeraCrypt volume decryption, and network traffic analysis; a 32-bit buffer overflow and format string exploitation walkthrough; a healthcare infrastructure security redesign applying STRIDE threat modeling, Zero Trust controls, and compliance mapping against HIPAA and NIST CSF; and a containerised ELK Stack homelab for log ingestion, parsing, and SIEM dashboarding.

Public Key Infrastructure (PKI) using ACM and AWS Private Certificate Authority
Public Key Infrastructure (PKI) using ACM and AWS Private Certificate Authority
Certificate issuance, renewal, and lifecycle management to reduce operational overhead using AWS Certificate Manager (ACM) with AWS Private Certificate Authority (Private CA) to manage a Public Key Infrastructure (PKI) for internal services.
Portado - Secure Remote Access Without VPN
Portado - Secure Remote Access Without VPN
Securely access your homelab machines via browser-based RDP, SSH, and VNC without relying on a VPN.
ProxHome: Secure Proxmox Homelab for Virtualization & Networking
ProxHome: Secure Proxmox Homelab for Virtualization & Networking
Step-by-step Proxmox Homelab setup with OPNsense, Tailscale VPN, and open-source tools for secure virtualization, networking, and monitoring.
Owl-lit: Secure, Scalable & Cost-Optimized Microservice Deployment on Amazon EKS
Owl-lit: Secure, Scalable & Cost-Optimized Microservice Deployment on Amazon EKS
Step-by-step implementation to deploying microservices on Amazon EKS with observability, DevSecOps automation, CI/CD pipelines, and cost optimization.
E-commerce on AWS: Secure, Scalable, and Cost-Optimized Cloud Architecture
E-commerce on AWS: Secure, Scalable, and Cost-Optimized Cloud Architecture
Learn how to migrate e-commerce apps to AWS with secure, scalable, and cost-optimized architecture using RDS, ALB, WAF, CloudFront, and Terraform.
DockFast: CI/CD Pipeline with Jenkins, ArgoCD, SonarQube, Trivy, Prometheus, and Grafana
DockFast: CI/CD Pipeline with Jenkins, ArgoCD, SonarQube, Trivy, Prometheus, and Grafana
Step-by-step guide to building a secure and automated CI/CD pipeline using Jenkins, Docker, Kubernetes (Minikube), SonarQube, Trivy, ArgoCD, Prometheus, and Grafana
Cuckoo Sandbox Installation Guide
Cuckoo Sandbox Installation Guide
Step-by-step guide to install and configure Cuckoo Sandbox for malware analysis on Ubuntu with VirtualBox and Windows VMs.
Buffer Overflow Exploitation Guide: Reverse Engineering Walkthrough
Buffer Overflow Exploitation Guide: Reverse Engineering Walkthrough
Step-by-step guide to exploiting buffer overflow and format string vulnerabilities in a 32-bit reverse engineering challenge using gdb and assembly analysis.
DockerLab: Containerized ELK Stack for Log Analysis
DockerLab: Containerized ELK Stack for Log Analysis
Step-by-step guide to building a portable ELK Stack (Elasticsearch, Logstash, Kibana) homelab using Docker and Docker Compose.
Healthcare Infrastructure Security Redesign
Healthcare Infrastructure Security Redesign
Designed a defense-in-depth security architecture for a healthcare environment, conducting STRIDE threat modeling and incident root-cause analysis, and mapping mitigations to NIST CSF / HIPAA controls, including network segmentation, IAM hardening, centralized logging/SIEM, endpoint protection, and incident response workflows to reduce attack surface and improve detection and response.
Cracking the Rebel Malware: A Full DFIR Deep-Dive
Cracking the Rebel Malware: A Full DFIR Deep-Dive
Forensically investigated a hard drive image, reverse-engineered two malware executables, decoded a hidden key from network traffic, and decrypted a secret VeraCrypt volume — all in one project.