Skip to content

Security Projects

Arbaaz Jamadar
Written by
Arbaaz Jamadar
Cloud Security & Application Security Engineer · OSCP · AWS Security Specialty · Master’s in Cybersecurity, University of Maryland
Summary

Eleven end-to-end security projects, each documented with architecture decisions, implementation details, and measurable outcomes. The work spans cloud security architecture, DevSecOps automation, offensive security research, and infrastructure hardening.

Cloud & Infrastructure Security - a multi-tier AWS e-commerce architecture (VPC segmentation, WAF, CloudFront, RDS, Terraform IaC) serving 10,000+ users with PCI-DSS-aligned network segmentation; an EKS microservices deployment with OpenTelemetry, Prometheus, and Grafana end-to-end observability; a cloud-native PKI implementation using AWS Certificate Manager and Private CA; and a Zero Trust remote access platform built on Apache Guacamole, Cloudflare Tunnel, and OPNsense firewall - eliminating VPN dependency.

DevSecOps & Automation - a CI/CD pipeline integrating Jenkins, SonarQube, Trivy, ArgoCD, Prometheus, and Grafana that achieved 98% policy compliance and blocked 100% of critical vulnerabilities from reaching production; a Python-based SIEM automation framework that improved anomaly detection accuracy by 40% and reduced MTTD/MTTR through AWS Lambda and EventBridge-driven response playbooks.

Offensive Security & Forensics - a complete DFIR investigation covering malware reverse engineering, VeraCrypt volume decryption, and network traffic analysis; a 32-bit buffer overflow and format string exploitation walkthrough; a healthcare infrastructure security redesign applying STRIDE threat modeling, Zero Trust controls, and compliance mapping against HIPAA and NIST CSF; and a containerised ELK Stack homelab for log ingestion, parsing, and SIEM dashboarding.

Cloud-Native Private PKI on AWS with ACM and AWS Private CA
Cloud-Native Private PKI on AWS with ACM and AWS Private CA
Design and implement a managed Public Key Infrastructure on AWS using ACM and AWS Private Certificate Authority - automated certificate issuance, renewal, and lifecycle for internal TLS workloads with CloudTrail-audited governance.
Portado: Zero Trust Browser-Based Remote Access (No VPN, Cloudflare Tunnel + Apache Guacamole)
Portado: Zero Trust Browser-Based Remote Access (No VPN, Cloudflare Tunnel + Apache Guacamole)
Replace VPN-based remote access with a Zero Trust, clientless RDP/SSH/VNC stack: Cloudflare Tunnel + Nginx reverse proxy + Apache Guacamole, fronted by an OPNsense firewall and a DMZ-isolated VM segment.
ProxHome: Secure Proxmox Homelab with OPNsense, Tailscale, ELK and TrueNAS
ProxHome: Secure Proxmox Homelab with OPNsense, Tailscale, ELK and TrueNAS
Build a secure Proxmox VE homelab from scratch: OPNsense firewall and routing, Tailscale zero-trust VPN, TrueNAS storage, and ELK Stack observability for hands-on virtualization, DevOps and cybersecurity practice.
Owl-lit: Secure, Scalable, Cost-Optimized Microservices on Amazon EKS
Owl-lit: Secure, Scalable, Cost-Optimized Microservices on Amazon EKS
End-to-end EKS reference deployment: Terraform IaC, IRSA/Pod Identity, KMS-encrypted secrets, ALB Ingress, OpenTelemetry + Prometheus + Grafana observability, and a GitHub Actions CI/CD pipeline gated by Trivy, FOSSA and OSSF Scorecard.
E-commerce on AWS: Secure, Scalable and Cost-Optimized Cloud Architecture
E-commerce on AWS: Secure, Scalable and Cost-Optimized Cloud Architecture
Three-tier e-commerce reference architecture on AWS with Terraform IaC, ALB, AWS WAF, CloudFront, multi-AZ RDS, ACM/Secrets Manager, autoscaling, and PCI-DSS-aligned VPC segmentation - serving 10,000+ users.
DockFast: Shift-Left CI/CD Pipeline with Jenkins, ArgoCD, SonarQube, Trivy, Prometheus & Grafana
DockFast: Shift-Left CI/CD Pipeline with Jenkins, ArgoCD, SonarQube, Trivy, Prometheus & Grafana
Build a secure GitOps CI/CD pipeline: Jenkins for builds, SonarQube SAST, Trivy image scanning, ArgoCD for declarative Kubernetes deploys, Prometheus + Grafana for runtime observability - blocking 100% of critical vulnerabilities.
Cuckoo Sandbox Installation Guide: Automated Malware Analysis on Ubuntu
Cuckoo Sandbox Installation Guide: Automated Malware Analysis on Ubuntu
Step-by-step Cuckoo Sandbox setup on Ubuntu 18.04 with VirtualBox and a Windows guest VM - install, configure, and run dynamic malware analysis with full network, registry, file system and process telemetry.
Buffer Overflow & Format String Exploitation: 32-bit Reverse Engineering Walkthrough
Buffer Overflow & Format String Exploitation: 32-bit Reverse Engineering Walkthrough
End-to-end 32-bit binary exploitation walkthrough: stack-based buffer overflow, format string vulnerability, GDB debugging, assembly analysis, and shellcode delivery to retrieve a hidden flag.
DockerLab: Containerized ELK Stack for Log Analysis and SOC Training
DockerLab: Containerized ELK Stack for Log Analysis and SOC Training
Build a portable Dockerized ELK Stack (Elasticsearch, Logstash, Kibana) homelab with Docker Compose for log ingestion, parsing, dashboarding, and SIEM-style detection engineering practice.
Healthcare Infrastructure Security Redesign: STRIDE + NIST CSF + HIPAA
Healthcare Infrastructure Security Redesign: STRIDE + NIST CSF + HIPAA
Defense-in-depth security architecture for a healthcare environment: STRIDE threat modeling, incident root-cause analysis, and a Zero Trust redesign mapped to HIPAA, SOC 2 and NIST CSF controls within a $500k budget.
Cracking the Rebel Malware: A Full DFIR Deep-Dive
Cracking the Rebel Malware: A Full DFIR Deep-Dive
End-to-end DFIR project: analyse a forensic hard drive image with Autopsy, reverse engineer two malware executables, recover a Base64 key from network traffic in Wireshark, and decrypt a hidden VeraCrypt volume.