Cloud-hosted web server deployment
Built independently outside coursework to execute a full cloud deployment from scratch with no managed platform abstractions. The objective was to validate each infrastructure layer manually from DNS to TLS termination.
Deployed a Node.js HTTP service on EC2 with a /count endpoint backed by SQLite, placed Nginx as a reverse proxy from 443 to 3000, issued TLS certificates with Let's Encrypt for aws.simonnetje.be, and used PM2 for process supervision and reboot persistence. SSH was restricted to a single trusted source IP.
This project developed my ability to debug multi-layer cloud paths under production-like constraints. I applied Nginx and DNS skills to isolate why certificate validation failed before application traffic even reached Node.js. This directly strengthened my understanding of how transport, routing, and application runtime dependencies interact in one deployment chain.
My initial TLS flow failed because port 80 challenge routing was incomplete, even though HTTPS proxying appeared correct. I corrected this by splitting HTTP and HTTPS server blocks, validating inbound security rules, and rerunning Certbot only after external reachability checks passed.
I would formalize provisioning with infrastructure-as-code, add centralized logs and secret management from the first iteration, and enforce a patching baseline with repeatable hardening checks.
IoT thermostat system
Year 1 IoT Essentials project designed as a multi-device thermostat system. The objective was to make sensing, control, messaging, and visualization operate as one reliable pipeline instead of separate demos.
Implemented an Orange Pi controller that read BMP280 sensor data, evaluated setpoint logic, and switched the heating circuit through transistor/relay control. A Raspberry Pi Pico handled local LCD output and user input. MQTT connected components with publish/subscribe messaging, and ThingSpeak received telemetry for cloud dashboarding and trend history.
This project developed my ability to reason about distributed systems where hardware and software fail differently. I applied MQTT and Python skills to trace data flow from device to broker to dashboard and confirm message integrity at each hop. This directly strengthened my understanding of end-to-end system behavior across sensor acquisition, edge logic, and cloud telemetry.
The first integration had inconsistent MQTT topic names, which caused intermittent control behavior despite healthy individual modules. I corrected this by enforcing topic contracts, standardizing payload formats, and logging publish/subscribe events on each component to verify delivery order and stale retained messages.
Next iteration would define versioned message schemas, split control and telemetry topics, and add broker-side monitoring plus watchdog logic to handle disconnected nodes safely.
Network & Windows Server lab
Semester 1 SKIL2 infrastructure project to build a Windows domain environment from first principles and validate reliable client onboarding under enterprise-style service dependencies.
Configured Active Directory, DNS, DHCP, account policies, and domain joins across client VMs. Implemented baseline access control with Group Policy and verified service resolution and lease behavior under repeated client reconfiguration.
This project developed my ability to troubleshoot identity and name-resolution dependencies in infrastructure stacks. I applied DNS and DHCP skills to stabilize domain authentication paths and policy distribution. This directly strengthened my understanding of how directory services depend on deterministic network configuration.
Domain joins failed repeatedly because clients resolved through external DNS instead of the domain controller. I corrected DHCP scope options and client NIC DNS order, then retested authentication and policy propagation until joins were stable and reproducible.
Pentesting project
Year 2 Application Security project focused on identifying and exploiting real web vulnerabilities with OWASP-driven methodology. The objective was to move from isolated findings to full attack chains with measurable system impact.
Executed reconnaissance and request interception with Burp Suite, manipulated HTTP traffic to test trust boundaries, and validated exploitable paths for SQL Injection, XSS, CSRF, and Command Injection. Findings were documented with payload evidence, privilege level reached, and affected components.
This project developed my ability to think like an attacker and prioritize exploit paths by impact instead of novelty. I applied Burp Suite and HTTP manipulation skills to chain low-severity weaknesses into account takeover and command execution scenarios. This directly strengthened my understanding of how input validation, session handling, and server-side execution controls fail under adversarial pressure.
Early testing was too vulnerability-by-vulnerability and missed exploit chaining opportunities. I corrected this by mapping trust transitions between endpoints, reusing authenticated context where relevant, and sequencing payloads to escalate from reflected XSS and CSRF weaknesses toward broader compromise.
Web design portfolio
Year 1 Webdesign Essentials and my first real front-end project. The objective was to build a structured multi-section portfolio and make layout behavior stable across desktop and mobile breakpoints.
Implemented semantic HTML structure, CSS layout rules, Flexbox alignment, float-based fallback sections, and Bootstrap utilities where they accelerated responsive spacing and component consistency. The focus was page structure, readable hierarchy, and predictable reflow behavior.
This project developed my ability to translate static page ideas into maintainable layout systems. I applied HTML and CSS skills to build section hierarchy first, then used Flexbox and Bootstrap selectively to control alignment and responsiveness. This directly strengthened my understanding of browser layout calculation, box-model side effects, and why small CSS conflicts create large visual regressions.
Initial versions mixed float and Flexbox rules in ways that produced collapse and overflow at breakpoint edges. I corrected this by isolating layout contexts, reducing utility-class overuse, and debugging computed styles in browser dev tools before changing global rules.