Open to Summer / Fall Internships · IT · Security · Network

Building real infrastructure,
networks, and secure services.

I'm Hunter Yoo — a Cybersecurity & Network Engineering Technology student at Purdue, operating a real homelab, a 3-node OCI K3s cluster, and a self-hosted documentation platform. I care about architecture, segmentation, and how systems actually run in production.

See the architecture Read the Docs Contact →
Focus
Cloud · Network · Security
Location
Purdue University · West Lafayette, IN
Currently
Operating homelab + OCI K3s
Architecture

A small platform, built like a real one.

The systems I operate day to day — cloud on the left, homelab on the right, and a dedicated management path that never touches the public service plane.

Active path Idle zone Management plane
01 · About

Student by title. Operator by habit.

I'm pursuing a Bachelor's in Cybersecurity and Network Engineering Technology at Purdue University. Coursework is where I started — but most of what I know comes from building things end-to-end: standing up a multi-node Kubernetes cluster in Oracle Cloud, segmenting my home network into isolated VLANs, and designing an owner-only admin path for a public service behind CGNAT.

The projects I care about all share a pattern: real traffic, real constraints, real blast radius. I'd rather ship a small service with clean segmentation and a backup plan than a big demo with no plan for failure. I write everything down at docs.hyuntae.net — my self-hosted documentation platform.

I'm actively looking for IT, Cybersecurity, or Network Engineering internships where I can work on infrastructure, operations, and security alongside people who build real systems.

02 · Featured Projects

Selected work.

Real, running projects — not class assignments. Each one is architected, deployed, and documented.

01
Oracle Cloud Kubernetes Infrastructure

OCI K3s Cluster

A 3-node self-hosting platform on Oracle Cloud.

What it is

A three-node K3s Kubernetes cluster running on Oracle Cloud Infrastructure Always-Free ARM compute. It's the production environment for every public-facing service I operate, including docs.hyuntae.net.

Why I built it

I wanted a cloud environment I could treat like a real platform — not a single VM. Multi-node Kubernetes forces you to think about ingress, DNS, certificate management, storage, and failure modes from day one.

Architecture & decisions

  • 3-node K3s (1 control-plane + 2 workers) on OCI ARM VMs
  • Ingress via NGINX + cert-manager for automated TLS
  • VCN security lists tightened — no public control-plane exposure
  • External DNS pointed at the load balancer for clean hostname routing

Status

Live. Hosts real workloads and gets iterated on as I add services.

02
Self-Hosted Kubernetes Documentation

BookStack — docs.hyuntae.net

My documentation platform, running on my own infra.

What it is

A self-hosted BookStack instance deployed on my OCI K3s cluster. It's where I write up everything I build — architecture notes, runbooks, lab writeups, and decisions I want to remember later.

Why I built it

I treat documentation as a first-class part of every project. Hosting it myself — with my own domain, TLS, and deployment pipeline — means the docs site is itself a project that exercises real deployment skills.

Architecture & decisions

  • Deployed as a Kubernetes workload with persistent storage
  • Ingress + cert-manager handle TLS and routing for docs.hyuntae.net
  • Regular backups of the database and uploaded assets
  • Public read access; authenticated write — clear trust boundary

Status

Live at docs.hyuntae.net.

03
Network Design Segmentation CGNAT

Secure Minecraft Service

A small public service designed like a real production deployment.

What it is

A public-facing Minecraft service treated as a service-design exercise — not just "I hosted a game server." Built around segmentation, owner-only admin access, and a clean trust boundary between the service plane and the management plane.

Why I built it

I'm on a CGNAT connection, so hosting anything public required architecture, not just a port forward. That constraint turned a hobby project into a real design problem.

Architecture & decisions

  • Network segmentation: the service lives in a dedicated DMZ-style VLAN, isolated from LAN clients and management
  • Public ingress: playit tunnel exposes the game port without opening my home network
  • Management plane: Tailscale-only SSH / admin path — no public admin surface
  • Hardening: service runs under systemd with restricted user, auto-restart, and scheduled backups
  • CGNAT-aware: no assumption of a public IPv4 — tunnels and overlays do the work

Status

Operational. Backups verified. Admin path isolated from public ingress.

04
UniFi VLANs Wireless

UniFi Homelab Network

Segmented, wireless-first, actively operated — not consumer Wi-Fi.

What it is

My primary home network, built on UniFi Cloud Gateway Max and U7 Pro Max. It's the testbed for segmentation, wireless design, and service isolation concepts I actually want to understand — not just read about.

Why I built it

Running real services at home meant the network couldn't be flat. Segmentation isn't optional once a public-facing workload lives on the same physical link as my laptop.

Architecture & decisions

  • VLAN separation: trusted LAN, IoT, guest, and service (MC-DMZ) are logically isolated
  • MC-DMZ: the Minecraft service plane lives in its own VLAN with restrictive east-west rules
  • Wireless design: U7 Pro Max with per-SSID VLAN tagging and WPA3 where supported
  • CGNAT-aware: all public exposure is planned around the absence of a public IPv4
  • Admin path: network management stays on a dedicated trusted segment

Status

Actively operated. Iterated on as new services come online.

See all projects
03 · Controls

Change the view two ways.

Same topology, two interfaces. Left panel is a CLI. Right panel is a GUI. Pick a plane — service, management, or security — and the diagram above redraws. Selections persist across reloads.

MODE: default
hunter@net — zsh
hunter-portfolio · shell v1 · help for commands
topology loaded: cloud + homelab (incl. ESXi) · planes: service / management / security
try view service · view management · projects compact · reset
view service · management · security · default   projects compact · case   reset

Topology view

Project density

Persisted in localStorage
04 · Credentials & Training

Selected credentials & technical foundations.

Certified Linux Administrator (LPIC-1)

Linux Professional Institute

IssuedApr 2023 ExpiresApr 2028
Active

AWS Certified Cloud Practitioner

Amazon Web Services

IssuedDec 2022 ExpiresNov 2028
Active

Certifications shown are the ones I currently hold. This section grows as new exams are completed — nothing here is fabricated.

05 · Skills

What I actually use.

Cloud & Infra

  • Oracle Cloud Infrastructure (OCI)
  • Kubernetes / K3s
  • Ingress-NGINX · cert-manager
  • Linux server ops (Debian / Ubuntu)
  • systemd services & hardening

Network

  • UniFi platform (CGM, U7 Pro Max)
  • VLAN design & segmentation
  • Firewall rules · east-west isolation
  • CGNAT-aware architectures
  • Tailscale · overlay networking

Security

  • Network segmentation & DMZ design
  • Service hardening & least privilege
  • Management-plane isolation
  • TLS / cert lifecycle
  • Backup & recovery planning

Tools

  • Git & GitHub
  • Bash · basic Python
  • BookStack (self-hosted)
  • playit · DNS management
  • VS Code · tmux · SSH
06 · Documentation

I document everything I build.

docs.hyuntae.net is my self-hosted BookStack instance. Architecture notes, runbooks, lab writeups, and the decisions behind every project live there. The docs site itself runs on the same OCI K3s cluster it documents — so reading the docs is already proof the infrastructure works.

Open docs.hyuntae.net LinkedIn ↗

Guest access ID guest Password guest

Live · your session

Who's connecting right now.

Client-side lookup via ipwho.is. The last octet of your IP is masked before it renders, and nothing on this page is logged or stored — the data lives only inside this tab's DOM.

Privacy-first · no logs
IP
Type
Region
City
ISP
Secure

Site visits Last 14 days · bars driven by JSON

sample
Total
Avg/day
Peak

Pipeline: scripts/hyuntae_visits.py parses server logs and writes data/visits.json. When that file isn't present, the chart falls back to data/visits.sample.json and the badge reads sample. No fake metrics.

07 · Background

Education & focus.

Present

Purdue University

B.S., Cybersecurity & Network Engineering Technology (CNIT).

West Lafayette, IN · Polytechnic Institute

Ongoing

Self-directed infrastructure work

Operating a homelab network, OCI K3s cluster, and self-hosted documentation platform outside of coursework.

Network · Cloud · Security · Self-hosting

Seeking

Internship — IT / Security / Network

Looking for roles where I can work alongside engineers on real infrastructure, operations, and security problems.

Summer / Fall · Open to relocation

08 · Contact

Let's talk.

Recruiters, engineers, and homelab people — I'd love to hear from you. The best way to reach me is email.

Email vmfl2098@gmail.com LinkedIn linkedin.com/in/hyuntaeyoo Documentation docs.hyuntae.net