Aleh Logo
BOOT_SEQ_V1.0
Loading modules...0%
[SYSTEM] INITIATING SECURE BOOTUP..._
Available for Projects

Hi, I'm Aleh

|

20+ years architecting secure, scalable, and highly available infrastructure. From zero-trust security frameworks to GitOps-driven Kubernetes platforms.

View ProjectsDownload CV
System Access Profile
aleh@infra-sec ~ bash
50+
Clients
100+
Projects
5+
On Working
scroll down
// CAPABILITIES

What I Deliver

Four core pillars of expertise — each engineered for enterprise reliability, security, and scale.

Infrastructure Management

Design and operate enterprise-grade infrastructure with focus on scalability, high availability, and disaster recovery.

  • High-Availability Clustering (99.99% SLA)
  • Load Balancing & Traffic Management
  • Storage Architecture (SAN, NFS, Ceph)
  • Disaster Recovery & BCP Planning
  • Capacity Planning & Cost Optimization
  • Network Architecture & Segmentation

System Administration

End-to-end Linux and Windows server management with hardening, automation, and performance tuning.

  • Linux/Windows Hardening (CIS Benchmark)
  • Configuration Management (Ansible)
  • Performance Tuning & Optimization
  • Patch Management & Compliance
  • Shell Scripting & Automation
  • Active Directory & LDAP Management

DevSecOps Engineering

Security-first CI/CD pipelines, container orchestration, and GitOps workflows for modern cloud-native applications.

  • CI/CD Pipeline Design (GitLab, Jenkins)
  • Kubernetes & Container Orchestration
  • GitOps with ArgoCD / Flux
  • Infrastructure as Code (Terraform)
  • SAST/DAST Security Integration
  • Secret Management (Vault, Sealed Secrets)

Cyber Security

Proactive threat defense, vulnerability management, and security compliance for enterprise environments.

  • WAF Deployment & Custom Rule Tuning
  • Penetration Testing & Red Teaming
  • SIEM / SOC Implementation (Wazuh)
  • Zero-Trust Architecture Design
  • Compliance (ISO 27001, NIST, PCI-DSS)
  • Incident Response & Forensics
// PORTFOLIO

Featured Projects

Real-world infrastructure and security projects — architected, built, and operated at scale.

Zero-Trust Network Architecture

production

Designed and implemented a comprehensive zero-trust security architecture for a 500+ node enterprise network, replacing legacy perimeter-based security.

pfSenseWazuhAnsibleTerraformGrafana
Security Features
mTLSMFARBACNetwork SegmentationSIEM Integration

98% reduction in lateral movement attack surface. Zero breaches in 18 months.

Kubernetes Multi-Cluster GitOps Platform

production

Built a production-grade GitOps platform managing 12 Kubernetes clusters across 3 regions with full GitOps workflow, secret management, and policy enforcement.

KubernetesArgoCDHelmVaultTerraform
Security Features
OPA GatekeeperSealed SecretsNetwork PoliciesPod Security Standards

Deployment frequency increased 400%. MTTR reduced from 4h to 12min.

High-Availability Database Cluster

production

Architected a Percona XtraDB Cluster with Pgpool-II load balancing, automated failover, and point-in-time recovery across 5 nodes.

Percona XtraDBPgpool-IIPrometheusGrafanaAnsible
Security Features
Encryption at RestTLS in TransitAudit LoggingRBAC

99.99% uptime SLA. RTO < 30 seconds, RPO < 5 seconds.

CI/CD Security Pipeline (DevSecOps)

production

Integrated security scanning into a 50+ microservice CI/CD pipeline using SAST, DAST, container scanning, and dependency auditing.

GitLab CIDockerTrivySonarQubeOWASP ZAP
Security Features
SASTDASTContainer ScanningSecret DetectionLicense Compliance

73% reduction in vulnerabilities reaching production. Build time maintained < 8min.

Linux Server Hardening Automation

production

Developed Ansible playbooks implementing CIS Benchmark Level 2 hardening across 200+ Linux servers (RHEL, Ubuntu, Debian) with automated compliance reporting.

AnsibleRHELUbuntuOpenSCAPWazuh
Security Features
CIS Benchmark L2SELinuxAppArmorAuditdFail2ban

CIS compliance score improved from 42% to 97%. Full audit trail established.

WAF & DDoS Mitigation Platform

production

Deployed and tuned ModSecurity WAF with custom OWASP Core Rule Set rules, integrated with Cloudflare for DDoS protection across 30+ web applications.

ModSecurityNginxCloudflareElasticsearchKibana
Security Features
OWASP CRSRate LimitingIP ReputationBot ManagementSSL/TLS

Blocked 2.3M+ malicious requests/month. Zero successful SQL injection or XSS attacks.

// CAREER TRACE-ROUTE

Work Experience

A timeline of roles, achievements, and impact across enterprise infrastructure and security.

Infrastructure Manager

PT. Mediatama Kreasi Informatika

Mar 2023 – Present Bandung, Indonesia full-time

Leading infrastructure strategy and security operations for enterprise systems, specializing in cloud-native transitions and high-availability architecture.

Orchestrating mission-critical workloads on Kubernetes and Google Cloud Platform (GCP).
Implementing Infrastructure as Code (IaC) with Terraform for automated resource scaling.
Managing enterprise VMware virtualization environments and cluster migrations.
Conducting complex security audits and hardening infrastructure against emerging threats.
Maintaining 99.9% system uptime through proactive monitoring and disaster recovery planning.
KubernetesGCPTerraformVMwareSecurity AuditsIT Operations

Senior Web Apps Developer & Infrastructure Engineer

PT. Mediatama Kreasi Informatika

Jan 2014 – Nov 2025 Bandung, West Java, Indonesia full-time

Managed full-spectrum IT infrastructure while developing enterprise-grade web applications across multiple technology stacks.

Built and maintained complex web applications using PHP, Java, and C# ASP.NET.
Administered cross-platform server environments (Linux & Windows Server).
Engineered secure network architectures and managed enterprise-wide systems.
Introduced DevOps practices and automated CI/CD workflows for legacy projects.
Collaborated on large-scale software integration and hardware troubleshooting.
PHPJavaC# ASP.NETLinuxWindows ServerNetworkServer Management

Web Application Developer

PT. Vertical Digital Indonesia

Apr 2013 – Jan 2014 Bandung, West Java, Indonesia full-time

Developed high-performance portal applications and improved business processes through technical excellence.

Built Web Application for product portal using PHP.
Optimized database performance and ensured application scalability.
Collaborated with the product team to enhance user experience.
Web DevelopmentPHPDatabases

IT Support Technician

SMA Negeri 3 Bandung

Oct 2012 – Feb 2013 Bandung Area, West Java, Indonesia full-time

Provided full IT operational support and network management for a leading educational institution.

Support Troubleshooting Computer Hardware & Software.
Support Troubleshooting Computer Network.
Maintained institutional computer networks reliably.
IT SupportHardwareSoftwareNetworks

Junior Network Administrator

PT. SIMS (JABAR-BANTEN MEDIANET)

May 2010 – Sep 2011 Bandung Area, West Java, Indonesia full-time

Managed and maintained regional network systems for a service provider.

Build Network System.
Monitor Network System.
Troubleshoot Network System.
NetworkingMonitoringTroubleshooting

Network Engineer

SMK Negeri 4 Bandung

Jun 2006 – May 2010 Bandung Area, West Java, Indonesia full-time

Managed school-wide networking infrastructure and provided technical support.

Support Troubleshooting Computer Network.
Support Troubleshooting Hardware & Software.
NetworkingHardwareSoftware

Tool Man

Dept. Informatika ITB

Jul 2005 – Dec 2005 Bandung Area, West Java, Indonesia full-time

Technical maintenance and troubleshooting in the informatics department.

Support Troubleshooting Computer Hardware & Software.
Support Troubleshooting Computer Network.
HardwareSoftwareNetworking
// TECH PROFICIENCY

Skills & Certifications

Core technical competencies built through 20+ years of hands-on infrastructure and security engineering.

PROFICIENCY MATRIX

Infrastructure Management (VMware/Cloud)96%
Security Audits & IT Operations91%
Kubernetes & Container Orchestration93%
Terraform / Infrastructure as Code90%
Web Dev (PHP / Java / C# ASP.NET)95%
Network Engineering (Mikrotik/TCP-IP)92%
Linux & Windows Server Admin94%
CI/CD Pipelines (DevOps)89%
Google Cloud Platform (GCP)85%
Shell Scripting (Bash/Python)88%

CERTIFICATIONS

CCSC

Cybersecurity Career Starter

Hack & Fix

Sec+

Info Security Intro

Cyber Academy

GCP

GCP Reliable Infra

Google Cloud

DOP

Learn DevOps: K8s/TF

Udemy

AZ-DO

Azure DevOps Fundamentals

Udemy

CCNA

Cisco CCNA

Cisco Systems

20+
Years Experience
100+
Projects Delivered
27
Certs Earned
// KNOWLEDGE BASE

Latest Articles

Insights and technical write-ups on infrastructure, security, and DevSecOps.

View All Posts
// OPEN CHANNEL

Get In Touch

Open to consulting, fractional CTO roles, and senior infrastructure partnerships. Let's build something secure.

20+ years architecting secure, scalable, and highly available infrastructure. From zero-trust security frameworks to GitOps-driven Kubernetes platforms.

Email
its@abdialeh.me
GitHub
github.com/abdialehnew
LinkedIn
linkedin.com/in/aleh-6503869b
Phone
+62 813-9445-4041
send_message.sh