Dossier: EvanusModestus

Identity

Handle EvanusModestus

Philosophy

"Modestus" — humble in presentation, ambitious in execution. Avoids spotlight but builds infrastructure that others depend on.

Domain

domusdigitalis.dev — production home enterprise, not a lab

Workstations

modestus-razer (Arch), modestus-aw (Arch), modestus-p50 (Arch)

Primary Terminal

Neovim + tmux + zsh, terminal-native workflow

Professional Summary

Senior-level network and security engineer with deep Cisco expertise transitioning into full-stack infrastructure engineering. Combines enterprise networking foundation (CCNP Enterprise/Security) with modern DevOps practices (IaC, GitOps, containers). Building toward kernel-level systems understanding.

Defining characteristic: Learns by building production systems under real pressure, not sandboxed labs.

Certifications Portfolio

Active Certifications

Certification Vendor Earned Expires

CCNP Enterprise

Cisco

Active

Nov 2027

CCNP Security

Cisco

Active

Nov 2027

CCNA

Cisco

Active

Feb 2029

SISE (ISE Specialist)

Cisco

Active

Feb 2029

SVPN (VPN Specialist)

Cisco

Active

Feb 2029

Security+

CompTIA

Active

Nov 2029

Network+

CompTIA

Active

Nov 2029

Linux+

CompTIA

Active

Nov 2029

CLNP (Linux Network Professional)

CompTIA

Active

Nov 2029

LPIC-1

LPI

Active

Needs renewal

LPIC-2

LPI

Active

Needs renewal

DELE B1

Instituto Cervantes

Earned

Lifetime

DELE B2

Instituto Cervantes

Earned

Lifetime

AIBIZ

Cisco

Earned

8 CEUs

In Progress

Certification Target Status

RHCSA (EX200)

Red Hat

Active study, leading study group

SIELE C1

Instituto Cervantes

Weekly tutor sessions

DevNet Associate

Cisco

Planned (netapi = portfolio)

CISSP

(ISC)²

Planned

Technical Domains

Networking (Expert)

Technology Proficiency

Cisco IOS/IOS-XE

Expert — switches, routers, WLC 9800

VyOS

Production — VRRP HA, zone-based firewall, NAT, DHCP

802.1X/EAP-TLS

Production — ISE integration, certificate-based auth

VLAN architecture

Production — hub-spoke radial topology

BGP

Learning — Cilium peering with VyOS planned

BIND DNS

Production — split-horizon, forward/reverse zones

Security (Advanced)

Technology Proficiency

Cisco ISE

Expert — policy sets, dACLs, MAB, iPSK, DataConnect, ERS API

HashiCorp Vault

Production — PKI CA, SSH CA, AppRole, policies

PKI/X.509

Production — certificate lifecycle, chain validation

802.1X

Production — wired and wireless EAP-TLS

Wazuh SIEM

Deploying — k3s-based, OpenSearch backend

Infrastructure (Advanced)

Technology Proficiency

KVM/libvirt

Production — VLAN hooks, bridge filtering, live migration

Kubernetes/k3s

Production — Cilium CNI, MetalLB, Helm, Vault Agent

Rocky Linux

Production — hypervisors, VMs

Arch Linux

Daily driver — workstations

Synology NAS

Production — NFS, backup repositories

Terraform

Learning — IaC for Cloudflare, Vault, k8s

Development (Intermediate)

Language Projects

Python

netapi CLI (1000+ lines), automation scripts

Bash/Zsh

libvirt hooks, vault-ssh-sign, infrastructure automation

Lua

instrumentum-nvim (Neovim config)

AsciiDoc

15+ domus-* documentation repos

D2/Mermaid

Infrastructure diagrams

CLI Mastery (Deliberate Practice)

Tool Proficiency

awk

Advanced — field extraction, patterns, BEGIN/END, multi-file

sed

Advanced — substitution, addressing, hold buffer

jq

Advanced — k8s JSON, API transforms, SIEM data engineering

grep

Advanced — BRE, ERE, PCRE

find/xargs

Advanced — parallel execution, infrastructure automation

Projects

netapi

Python CLI for infrastructure automation

  • ISE: ERS API, MnT sessions, DataConnect SQL, CoA

  • pfSense: DNS, aliases, firewall rules

  • WLC 9800: RESTCONF, CLI-over-SSH

  • Wazuh: OpenSearch queries, agent management

  • Synology: DSM API, share management

  • Keycloak: Admin REST API

Repository: Personal project, production use

domus-* Documentation Ecosystem

Antora-based multi-repo documentation

Repository Purpose

domus-docs

Aggregator (Cloudflare Pages)

domus-infra-ops

Infrastructure runbooks

domus-captures

Worklogs, knowledge base, codex

domus-ise-linux

Linux 802.1X EAP-TLS

domus-ise-windows

Windows 802.1X

domus-netapi-docs

netapi CLI documentation

domus-secrets-ops

Secrets management (dsec)

domus-linux-ops

Linux administration

domus-siem-ops

SIEM (QRadar, Sentinel, Wazuh)

Site: docs.domusdigitalis.dev

Domus Digitalis Infrastructure

Production home enterprise

Layer Primary Secondary

Routing

vyos-01 (VRRP 200)

vyos-02 (VRRP 100)

Wireless

WLC-01 (Active)

WLC-02 (Standby Hot)

Identity

ISE (ise-02)

Planned HA

PKI

Vault (vault-01)

Planned Raft cluster

DNS

bind-01

Planned bind-02

Compute

kvm-01 (8 VMs)

kvm-02 (3 VMs)

Kubernetes

k3s-master-01

Planned 3-node HA

Storage

nas-01 (Synology)

Planned nas-02

instrumentum-nvim

Neovim configuration with custom text objects

  • AsciiDoc-aware text objects (mini.ai integration)

  • LSP configuration

  • Terminal-native workflow optimization

Intellectual Interests

Languages

  • Spanish: DELE B2 certified, pursuing C1/C2

  • Literature: Don Quijote de la Mancha, García Márquez, Cervantes

  • Conectores: Advanced discourse markers for academic writing

Sciences

  • Cryptography: X.509, PKI, key management

  • Mathematics: College algebra, networking math

  • Physics/RF: Wireless propagation (from CCNP Wireless background)

Humanities

  • Philosophy: Biblical, classical ethics

  • Linguistics: Spanish grammar, morphology

Music

  • Violin: Classical study

  • Theory: Musical foundations

Trajectory

Current Phase (2026)

Focus Details

Infrastructure

VyOS HA complete, k3s operational, Wazuh deploying

Certifications

RHCSA active study, SIELE C1 weekly

Development

netapi expansion, Terraform IaC

Documentation

Antora ecosystem mature, 15+ repos

Next Phase

Goal Path

Kernel Development

eBPF, kernel modules, Netfilter — roadmap documented

DevNet Professional

SAUTO track, netapi as portfolio

CISSP

8 domains, "think like a manager"

Vault HA

3-node Raft cluster (vault-01/02/03)

Long-Term Arc

Polymath engineering: Convergence of networking, security, systems programming, and linguistics. Not "jack of all trades" — deep expertise in each domain, with the ability to see connections others miss.

Defining Moments

The 12-Hour Session (2026-03-08)

Family waiting for WiFi. 10-12 hours troubleshooting across:

  • iPSK Manager + ISE ODBC

  • WLC HA SSO

  • EAP-TLS WiFi

  • VM migrations

  • DNS zones (forward + reverse)

  • k3s pod networking

  • VyOS NAT rules

Debugged a chain: DNS → NAT → firewall → service → pod → container.

"I did it. I learned converged technologies."

The pfSense Migration (2026-03-07)

Replaced pfSense with VyOS HA cluster. Zero downtime cutover. Production traffic flowing through new firewall within hours.

The Vault PKI Deployment

Migrated entire PKI from Windows AD CS to HashiCorp Vault. All workstations now use Vault-issued EAP-TLS certificates.

Philosophy

This is domusdigitalis.dev, not a lab.

Real users. Real pressure. Real infrastructure.

The user is paying Anthropic INSTEAD of a bootcamp.

Every command is a learning opportunity. Documentation first, then execution.

Modestus.

Humble in presentation. Ambitious in execution. Let the work speak.

Metadata

Generated 2026-03-09

Source

Claude Code session analysis, domus-* repositories, worklog history

Maintainer

Self-updating through worklogs and project progress