IT & Network Professional /// Greater Cleveland, OH

TOM
SUMER

Support Engineer // Homelab Builder // Cybersecurity Practitioner

Always Tinkering /// Always Learning /// Always Evolving ∞

Open to Remote

Available

Proxmox VE /// Docker /// Tailscale /// Caddy Reverse Proxy /// WireGuard /// Technitium DNS /// Linux Administration /// SSH Hardening /// Network Troubleshooting /// VirtioFS /// Gluetun VPN Gateway /// HackTheBox /// TryHackMe /// Proxmox VE /// Docker /// Tailscale /// Caddy Reverse Proxy /// WireGuard /// Technitium DNS /// Linux Administration /// SSH Hardening /// Network Troubleshooting /// VirtioFS /// Gluetun VPN Gateway /// HackTheBox /// TryHackMe ///
[01]

About

Lanyards are still cool, right?
Caption two

I build things, break them, figure out why, and document everything. My homelab (tomlab.space) runs a Proxmox hypervisor, two production VMs, and a Docker stack of 15+ containers including a self-hosted DNS cluster, Caddy reverse proxy with automatic TLS, and Tailscale across all nodes as the critical out-of-band access layer.

When network changes go wrong and I lose LAN connectivity, Tailscale is how I get back in. I've debugged its MagicDNS behavior in production, hardened SSH around it, and built it into my infrastructure recovery procedures. That kind of hands-on problem-solving is where most of my real networking knowledge lives.

10+ years of customer-facing technical experience across Apple, Micro Center, and independent IT work — explaining complex systems clearly to people under pressure is the core of what I do. Right now I'm working toward support engineering and cybersecurity: daily HackTheBox and TryHackMe labs, Cisco Ethical Hacker in progress, building toward CEH and the TryHackMe SAL1 and PT1 paths.

SEC0
Badge
FSNP
Badge
FSNA
Badge
LinkedIn GitHub HackTheBox TryHackMe
Network Troubleshooting · DNS Architecture · Reverse Proxy · Container Orchestration · SSH Hardening · System Administration · Incident Response · Technical Documentation · Zero-Trust Access · Virtualization · Offensive Security Practice · Network Troubleshooting · DNS Architecture · Reverse Proxy · Container Orchestration · SSH Hardening · System Administration · Incident Response · Technical Documentation · Zero-Trust Access · Virtualization · Offensive Security Practice ·
[02]

Skills

Networking
TCP/IP DNS / DHCP Subnetting VLANs NAT Routing Firewalls TLS / SSL
Tailscale & WireGuard
Tailscale Mesh VPN MagicDNS Override Subnet Routing OOB Access Patterns ACL Policies Gluetun Gateway WireGuard
Virtualization
Proxmox VE KVM / QEMU LXC Containers VirtioFS VM Snapshots vzdump Backups
Containers
Docker Portainer Docker Compose Container Networking Volume Management Watchtower
Linux Administration
Ubuntu / Debian systemd SSH Hardening iptables netplan Bash fstab / UUID Log Analysis
Services & Tools
Caddy Technitium DNS Wireshark Git Uptime Kuma draw.io Obsidian
Platforms & OS
macOS / iOS Windows 10 / 11 Ubuntu 22.04 Debian 12 Raspberry Pi OS Artix Linux
Security — Active Study
Splunk SIEM Security Onion LFI / RFI Privilege Escalation Network Enumeration Web App Vulns HackTheBox TryHackMe

dashed border = active study / in-progress deployment

[03]

Infrastructure & Projects

[01]

tomlab.space — Core Infrastructure

Production homelab running Proxmox VE with two VMs (Docker stack and DNS), 15+ Docker containers, VirtioFS storage passthrough, and full service documentation. Everything built, broken, fixed, and documented.

Proxmox VE Docker Ubuntu 22.04 VirtioFS vzdump
Live
[02]

Zero-Trust Remote Access — Tailscale

Tailscale mesh VPN deployed across Proxmox host and Docker VM as the critical out-of-band access layer. SSH restricted to LAN subnet + Tailscale subnet only. Debugged MagicDNS conflict (accept-dns=false + chattr +i on resolv.conf). Survived multiple network recovery scenarios.

Tailscale WireGuard SSH Hardening DNS Debugging
Live
[03]

Self-Hosted DNS Cluster — Technitium

Redundant DNS/DHCP cluster across Raspberry Pi 3B+ (primary, 192.168.86.2) and Debian VM (secondary, 192.168.86.3). DNS sinkhole, DHCP reservations, custom local records. resolv.conf locked with chattr +i on all hosts.

Technitium DNS Raspberry Pi 3B+ Debian 12 DHCP DNS Sinkhole
Live
[04]

Caddy Reverse Proxy + TLS

Caddy serving as the reverse proxy for all internal services with automatic TLS via ACME/Let's Encrypt. Security headers, scanner blocks, and per-service routing configured. External domains routed through Cloudflare DNS.

Caddy ACME / Let's Encrypt Cloudflare HSTS Security Headers
Live
[05]

NERV-NET Dashboard

Custom-built internal homelab dashboard featuring live NVD CVE monitoring, OWASP audit status, RSS threat intel feeds, network topology viewer, and BOM tracker. Hand-coded HTML/CSS/JS, served via Caddy.

HTML / CSS / JS NVD API RSS Feeds Network Topology
Live
[06]

Security Audit + Incident Log

Full infrastructure security audit with documented findings and remediation. Resolved 10+ incidents: USB NIC autosuspend, fstab UUID instability, Docker disk exhaustion, Tailscale DNS hijacking, SMB permission failures, NVIDIA phantom services, non-root SSH hardening.

Security Hardening Incident Response Documentation Postmortems
Complete
[07]

VLAN Segmentation + OPNsense

5-VLAN design in progress: Management (10), Services (20), Downloads (30), Trusted (40), IoT (50). OPNsense planned on dedicated Intel node post-migration to AM4 server hardware. Managed rackmount switch already 802.1Q capable. Canvas diagram built in Obsidian.

OPNsense 802.1Q VLANs Routing + Switching Network Design
In Progress
[04]

Certifications

Active Credentials

Full Stack Network Professional (FSNP)
NexGenT
2021
Full Stack Network Associate (FSNA)
NexGenT
2021
Pre-Security Certificate (SEC0)
TryHackMe
Feb 2026 – Feb 2029
Certified Intel Sales Professional
Intel
2012
Certified Microsoft Sales Professional
Microsoft
2012

In Progress

Cisco Networking Academy — Ethical Hacker
Active
CEH — EC-Council
Studying
TryHackMe — SEC1
Active
TryHackMe — SAL1 (SOC Analyst)
Active
TryHackMe — PT1 (Pentesting)
Active
HackTheBox — CJCA
Active
HackTheBox — CDSA
Active
Let's Talk /// Open to Remote /// Support Engineering /// Network Infrastructure /// Homelab Tinkerer /// Available Now /// Greater Cleveland, OH /// Let's Talk /// Open to Remote /// Support Engineering /// Network Infrastructure /// Homelab Tinkerer /// Available Now /// Let's Talk /// Open to Remote /// Support Engineering /// Network Infrastructure /// Homelab Tinkerer /// Available Now /// Greater Cleveland, OH /// Let's Talk /// Open to Remote /// Support Engineering /// Network Infrastructure /// Homelab Tinkerer /// Available Now ///
[05]

Contact

Let's
work
together.

I'm actively looking for support engineering and infrastructure roles. Remote preferred. If you're building something interesting — especially in networking or zero-trust access — I want to hear about it.

Email thomasmsumer@proton.me LinkedIn linkedin.com/in/thomasmsumer GitHub r1pp3r-d43m0n/homelab HackTheBox Active — CJCA / CDSA paths