
    _        _             ____                         _    ___ 
   / \   ___| |_ _ __ ___ |  _ \ ___ _ __ ___   __ _   / \  |_ _|
  / _ \ / __| __| '__/ _ \| |_) / _ \ '_ ` _ \ / _` | / _ \  | | 
 / ___ \\__ \ |_| | | (_) |  __/  __/ | | | | | (_| |/ ___ \ | | 
/_/   \_\___/\__|_|  \___/|_|   \___|_| |_| |_|\__,_/_/   \_\___|

Operating in alignment with ISO/IEC 27001 information security management principles.

Custom Host-Level Security Architecture for Self-Managed Linux Infrastructure

AstroPema AI designs deterministic, reviewable defensive systems that operate inside the application trust boundary—where operators require direct control, auditable evidence, and verifiable enforcement without third-party telemetry dependencies.

Our work centers on the development and deployment of a self-hosted Security Operations architecture for Linux environments running web, mail, SSH, SFTP, and related services. The objective is not abstract monitoring, but structured, reproducible evidence generation derived directly from your operational logs.

Each implementation is custom-scoped to the client’s infrastructure. A standardized core architecture is deployed and then tailored to the specific topology, services, compliance posture, and operational requirements of the organization.

The core architecture may include:

Canonical event normalization across web, mail, and authentication services
Deterministic evidence modeling and cross-service timeline correlation
Host-level WAF/IDS components operating within the local control boundary
Optional database-backed event storage for advanced querying and retention
Structured HTML/PDF security reports generated directly from log evidence
ML-assisted behavioral analysis modules (where appropriate to the environment)
Human-directed containment workflows and enforcement review paths

Deployments can operate in multiple modes depending on client requirements:

Log-Parsing Mode — direct parsing and evidence report generation without database dependency
Database-Backed Mode — structured storage enabling deeper correlation, historical analysis, and fleet-level visibility
Analyst Extension Mode — optional Jupyter/Conda environments for in-house data science exploration

All systems are deployed within the client’s own infrastructure. No external telemetry extraction, cloud data brokerage, or remote dependency is required. The client retains operational ownership of the deployed architecture.

Engagements are structured as architecture design + deployment projects. Ongoing support, tuning, or compliance-aligned documentation workflows may be included as separately defined service agreements.

Scope & Boundaries

All systems are designed to preserve operational governance: analytical tooling executes in read-only mode against security logs and telemetry, while enforcement actions remain explicitly human-directed and occur outside analytic notebook execution.

What we do

Design and deploy custom host-level defensive architectures for Linux servers and applications
Implement deterministic policy pipelines (rules, patterns, decision states) with reviewable outputs
Normalize operational telemetry into structured evidence models and audit-ready HTML/PDF reports
Build self-hosted SOC frameworks for web, mail, SSH/SFTP, and related services
Optional database-backed event storage for structured querying and historical correlation
Client-authorized log analysis and data science workflows (locally executed, infrastructure-contained)
Optional ML-assisted behavioral analysis (local inference, operator-controlled)
Containment workflow design: verifiable enforcement and post-event validation

What we do not do

Extract or monetize customer telemetry
Operate managed security services (continuous outsourced SOC operations)
Provide incident response retainer or emergency response staffing
Conduct offensive security or penetration testing engagements
Assume third-party infrastructure control outside defined deployment scope

Public Artifacts (Evidence)

These documents demonstrate the system’s emphasis on reviewability: log → decision → expected action → verifiable enforced state.

AstroPema architecture & production analysis (PDF) SOC operational audit & containment review (HTML) ML-assisted security system & containment review (HTML) ISO/IEC 27001:2022 evidence mapper (PDF)

Important:

These artifacts are published for transparency and technical review. They are not a promise of specific outcomes on different traffic profiles, and they do not constitute an offer of sale.

Engagement Model

Engagements are custom-scoped and architecture-driven. Projects typically begin with a focused threat-model and infrastructure review, followed by a time-boxed design, build, and validation phase within the client’s own environment.

Common deliverables

Self-hosted security architecture blueprint and deployment plan
Deterministic event schema and normalization pipeline (versioned + reviewable)
Host-level SOC framework for web, mail, SSH/SFTP, and related services
Evidence timeline generation and audit-ready HTML/PDF artifacts
Optional database-backed event storage for structured querying
Operator runbook and verification workflows
Containment validation design (provable enforcement state)

Fit criteria

You operate self-managed Linux servers (on-prem or IaaS, not fully outsourced)
You require auditability and visibility beyond vendor-managed dashboards
You need defensible evidence artifacts for governance, compliance, or risk oversight
You prefer local enforcement primitives (iptables/ipset or nftables)
You want architectural ownership rather than subscription-based dependency

Email for Services / Scope

If you want a custom-fit system or review, send a short note with your environment and goals. You’ll get a human reply—no lists, no automation, no follow-ups.

Production Linux Infrastructure Engineering & Security Architecture

AstroPema AI designs, deploys, and operates complete self-hosted Linux infrastructure environments — from bare metal configuration through application delivery, security enforcement, and AI-enabled services. Our work is demonstrated through production systems actively serving real users under real operational load, not lab environments or theoretical architectures.

What We Have Built and Operate in Production

The following capabilities are not aspirational — they represent systems currently running in production across multiple domains including AstroPema.AI, AstroMap.AI, PemaHosting.com, and OrNeiGong.org. Every component listed below has been designed, implemented, documented, and is actively maintained by AstroPema AI.

Linux Systems Administration & Server Infrastructure

Our primary operating environment is Debian/Ubuntu Linux, administered at a demonstrable production level across multiple servers and service domains. Core infrastructure competencies include:

Full server provisioning, hardening, and lifecycle management on Debian/Ubuntu
Multi-domain Apache and NGINX web server configuration, virtual host management, and performance tuning
SSL/TLS certificate provisioning and automated renewal across all hosted domains
DNS administration including zone management, propagation validation, and multi-domain record maintenance
UFW firewall rule design, ipset hash-based blocking, and kernel-level network policy enforcement
System monitoring, health checks, automated alerting, and on-call incident response — infrastructure built in-house
Package management, dependency resolution, kernel updates, and scheduled maintenance windows with zero unplanned downtime
Self-hosted Git version control (Gitea) for infrastructure-as-code and security system source management

Email Infrastructure & Messaging Security

A fully self-hosted email stack is operated in production, providing authenticated, deliverable mail services with active abuse mitigation:

Postfix MTA configuration for outbound and inbound mail handling across multiple domains
Dovecot IMAP/POP3 with mailbox management and quota enforcement
DKIM signing, SPF record management, and DMARC policy enforcement — achieving consistent inbox delivery and spoofing prevention
Real-time SMTP abuse detection integrated into cross-service security correlation pipeline
Mail log ingestion and normalization feeding statistical anomaly detection for coordinated campaign identification

AI Infrastructure & Machine Learning Deployment

AstroPema AI operates a local GPU-accelerated AI inference environment, eliminating API dependency costs while maintaining full data sovereignty:

RTX 5070 Ti GPU provisioned and optimized for parallel AI inference workloads
Ollama inference server deployment with Qwen2.5 and additional models, serving production AI applications with sub-second response times
Complete migration from OpenAI API dependency to self-hosted inference — eliminating recurring API costs while improving response latency
AI inference pipeline integration with PHP web applications for real-time astrological interpretation generation at AstroPema.AI and AstroMap.AI
GPU resource allocation management balancing concurrent AI inference and ML-based security detection workloads
CNN-GRU neural network model training, validation, and production deployment for behavioral threat detection

Security Architecture & Intrusion Detection

Our security work centers on deterministic, reviewable defensive systems operating inside the application trust boundary — where operators require direct control, auditable evidence, and verifiable enforcement without reliance on external telemetry pipelines.

Designed and implemented a production-grade Regex–CNN–GRU hybrid WAF integrating signature-based filtering with sequence-aware ML threat detection
Built cross-service attack correlation system using PostgreSQL to detect coordinated threats across HTTP, SSH, and SMTP services — revealing 73% of web attackers also probe mail and SSH endpoints
Developed multi-layer defense architecture combining UFW firewall, ipset/Fail2Ban (O(1) hash-based blocking), ModSecurity WAF, and ML detection — scaling to 350+ banned IPs with zero false positives in production
Implemented security data science pipeline with real-time log ingestion, normalization, and SQL analytics across Apache, SSH, and Postfix/Dovecot mail systems
Applied statistical anomaly detection using window functions and time-series analysis on enforcement events database, identifying coordinated botnet campaigns with measurable precision
Validated system behavior against real-world attack patterns including DNS-over-HTTPS abuse, credential probing, web shell reconnaissance, and multi-service coordinated campaigns
Achieved $20K/year cost avoidance vs cloud SOC services by building ground-truth threat intelligence from operational data
Actively porting core detection logic to Rust for sub-millisecond response times, supporting future commercially deployable WAF

Scripting, Automation & Documentation

Bash scripting is central to daily operations across all managed systems. Automation is not incidental — it is how the infrastructure runs reliably without a large team:

Bash scripts for system automation, log rotation, health monitoring, backup execution, and security response pipelines — all documented with inline comments and operational runbooks
Python scripting for ML pipeline management, data ingestion, log parsing, and statistical analysis
Jupyter notebook-based Linux log forensics — applying data science methods to raw system logs to produce actionable security intelligence
PHP scripting for web application logic, API integration, and backend service coordination
SQL query development for operational analytics, cross-service correlation, and compliance reporting
System flow documentation, architecture diagrams, and process documentation maintained as living operational records

Compliance, Governance & Reporting

Infrastructure operations are managed with enterprise-grade documentation discipline, supporting formal compliance objectives:

ISMS documentation framework developed in support of ISO 27001 certification for AstroPema AI LLC
Structured HTML and PDF security reports generated directly from log-derived evidence, suitable for audit and executive review
Statement of Applicability, risk register, and control mapping maintained as auditable operational records
Public LinkedIn development trail providing third-party timestamped evidence of security system design, implementation intent, and iterative improvement
Change management via Git commit history providing reproducible, auditable infrastructure evolution records

Deployment Models

Engagements can be structured to match client requirements and operational context:

Advisory & Architecture Review — assessment of existing Linux infrastructure with documented recommendations and remediation roadmap
Managed Implementation — full deployment of security architecture, web infrastructure, or AI inference environment on client systems
Ongoing Operational Support — retained administration, monitoring, incident response, and continuous improvement of deployed systems
Documentation & Compliance Preparation — ISMS development, security reporting, and audit evidence preparation for ISO 27001 or similar frameworks

Web Application Deployment & Full Stack Support

We design and maintain web-based applications from front-end presentation through backend logic and database persistence. Production deployments include:

PHP application development and deployment across multiple production domains
Responsive HTML/CSS front-end implementation
PostgreSQL database administration and backup/recovery procedures
Multi-domain hosting with isolated configurations
Application delivery pipeline management including staged deployments and rollback procedures
Web application performance monitoring and proactive issue resolution

Academic & Professional Credentials

MIT IDSS Machine Learning & Deep Learning | CMU Deep Learning — top 2% both cohorts.
BS Mathematics & Computer Science, University of Puerto Rico.
40+ years spanning electronics, telecommunications, Silicon Valley network infrastructure, and enterprise Linux administration.
Operating production systems where downtime has real consequences — that discipline informs every engagement.