DISCIPLINE: CYBER & IT INFRASTRUCTURE · STATUS: AVAILABLE
I keep production boring. Green across the board, nothing alarming.
I'm Chang Kwak, a senior infrastructure and security engineer. I build, harden, and migrate the systems your business runs on, then leave clear, written procedures and scripts behind so your team stays in control. Always open to contract, full-time, or project work. Find me on LinkedIn.
AVAILABLE FOR WORK · contract · full-time · project
- CERTS5 / 5 ACTIVE
- OPERATES TODoD STIG · NIST 800-53 · SCAP · MITRE ATT&CK
- ENGAGEMENTRemote-first · bounded · deliverables stay with you
- BASEDAvailable now
01 · WHO YOU ARE TALKING TO
A senior operator who treats silence as the goal.
I work across the full infrastructure stack: Linux and Windows fleets, virtualization, networking and firewalls, backup and DR, SIEM, and endpoint security. The common thread is calm under load. I'd rather spend an hour writing a rollback plan than five minutes improvising during an outage.
I hold current certifications and operate to published standards: DoD STIGs, NIST 800-53, SCAP, MITRE ATT&CK. I cite the source, not a vendor's marketing deck. When a change ships, it ships inside a defined window with gates to validate against and an owner for the rollback. That owner is me.
Everything I touch is meant to be handed back. Scripts, written procedures, and dashboards get committed to your repo so the work outlives the engagement and your team can read, run, and review it.
The highest compliment a system can pay is silence.
- FOCUSInfra · Security · Continuity · Automation
- MODERemote-first, onsite for cutovers
- POSTUREStandards-first, rollback-owned
02 · WHAT I RUN
Twelve things I do, grouped the way an operator thinks.
your environment
PLATFORM & COMPUTE
- LNX·01
Linux & Unix Administration
Production RHEL, CentOS, and Debian fleets provisioned, hardened, patched, and monitored with on-call procedures that anyone can follow.
- WIN·02
Windows Server & Active Directory
AD design and cleanup, GPO, file and print, DNS and DHCP, and full server lifecycle from build to decommission.
- VRT·03
Virtualization
VMware vSphere and Nutanix AHV sizing, deployment, and cluster operations, including P2V migrations and storage integration.
NETWORK & ACCESS
- NET·04
Networking & Firewalls
Cisco IOS and Catalyst switching plus Firepower: VLAN design, ACLs, site-to-site VPN, and segmentation reviews.
- PHY·09
Physical Security & Surveillance
Software House C-CURE 9000 administration and Axis IP camera install and lifecycle, where physical and cyber controls meet.
DETECT & DEFEND
- SIEM·05
SIEM Integration (Splunk)
Splunk deployment, index design, source onboarding, CIM normalization, and dashboards and alerts that surface signal instead of noise.
- EDR·07
Endpoint Security & Hardening
Trellix deployment and tuning, baseline hardening, vulnerability triage, and remediation that closes findings rather than logging them.
- STIG·08
DoD STIG Hardening
Apply and validate DISA STIGs across Windows, RHEL, and network systems, with evidence to back every control.
CONTINUITY & BUILD
- DR·06
Backup, DR & Continuity
Rubrik backup architecture with real restore drills, tested recovery procedures, and recovery-time validation so the plan works when you need it.
- MIG·11
Migrations & Cutover Work
On-prem to on-prem, on-prem to cloud, and version upgrades, each run inside a window with a rollback ready.
- AUT·12
Automation & Scripting
Bash, PowerShell, and Python that replace manual toil with monitored, reviewable scripts your team can read and trust.
- WEB·10
Web Design & Development
Modern marketing sites and internal web apps built with Astro, Cloudflare Pages, Tailwind, and TypeScript.
03 · INSTRUMENTATION
The kit, by domain.
Compute & OS
Virtualization & Storage
Network & Security
Data & Continuity
Physical Security
Build & Cloud
Scripting
04 · CERT FLEET
Five credentials, monitored like nodes.
Five active credentials · counters compute live in your browser.
- VALID
CompTIA Security+
CompTIAvalid through 12/2027 - VALID
Cisco CCNA
Ciscovalid through 03/2028 - ACTIVE
Cisco CCNP Collaboration
Cisco · Professionalcollaboration track - ACTIVE
Nutanix NCSA
Nutanix · Associatehybrid cloud - TRAINED
Software House C-CURE 9000
Access control · trainingphysical security
05 · METHOD
How a change gets made.
01 · Scope and fit
A 30-minute scoping call, then a same-day written fit assessment. You get an honest read on whether I'm the right hands for the job before any commitment.
02 · Plan and rollback
Before a single production change, I write the change plan and the rollback. The path forward and the path back are both on paper first.
03 · Cutover and validate
Changes ship inside a defined window, validate against agreed gates, and I own the rollback if a gate fails. No surprises after hours.
06 · ENGAGEMENT
How working together actually works.
I keep engagements concrete and low-risk. Remote-first for the day-to-day, onsite for kickoffs and critical cutovers. Work is bounded and scoped up front, and everything I produce stays with your team.
- Remote-first, with onsite presence for kickoffs and critical cutovers.
- Bounded engagements with scope agreed before work starts.
- Deliverables stay with you: scripts, written procedures, and dashboards committed to your repo.
- Decisions cite authoritative standards, never vendor marketing.
07 · OPEN A LINE
Open a line.
The light is green, which means I'm open to work. Tell me what you're trying to move and where it's stuck. A few sentences is plenty to start. I read every message myself and reply quickly, whether it's contract, full-time, or a one-off project.
[email protected]AVAILABLE · contract · full-time · project