Get the course
Self-paced course$79 one-time · lifetime access

Network engineering,
taught end-to-end.

A self-paced course on Linux network administration, WireGuard, and the self-hosted infrastructure most tutorials skip. Written modules, video walkthroughs, downloadable configs. Pay once, keep it forever.

Get the course — $79 Browse free articles

STRIPE CHECKOUT · 30-DAY REFUND · MODULE 01 FREE TO READ

Defense Topology
FIG. 01
COREROUTERFWAPVPNEDGEDNSPERIMETEREDGEL1 / L2 / L3
Layered controls across perimeter, edge, and core
Course content aligned with NIST SP 800-53 (aligned) CIS Controls v8 CISA Hardening Guides OWASP IoT Top 10
Curriculum

Seven modules, end-to-end.

Pick the right tool, build the tunnel, harden the egress, watch for leaks, keep it alive past month three. Each module includes a written walkthrough, video demo, and downloadable configs.

01

Threat model and product selection

FREE
02

Evaluating VPS providers for production

INCLUDED
03

WireGuard from first principles

INCLUDED
04

Advanced TLS and DPI-resistant transport

INCLUDED
05

Multi-region egress and IP management

INCLUDED
06

Monitoring, kill switches, leak prevention

INCLUDED
07

Maintenance playbook

INCLUDED
See full curriculum & buy Read Module 01 free
Posture model

Defense isn't one wall.
It's four, stacked.

The course is built on the assumption that any single control will fail. Each layer narrows the attacker's options and widens your detection window.

DATAL4 — PERIMETERL3 — NETWORKL2 — DEVICEL1 — DATA
L4 — Perimeter

Edge firewall, DNS filtering, geo & threat-intel blocks. The first miss is on the public internet, where it's cheapest to fix.

L3 — Network

Segmentation, ACLs, lateral-movement controls. Compromise of a printer should not give access to payroll.

L2 — Device

Hardened router, switch, and AP configuration. Default credentials, unused services, and stale firmware removed.

L1 — Data & people

Backup integrity, access reviews, awareness training. The layer that keeps the others honest.

Free tool · No signup

A baseline most networks fail.

Eight controls every small network should meet, drawn from CIS Controls v8 and NIST SP 800-53. Walk through them yourself against your own router — nothing is scanned, nothing leaves your browser.

Baseline controls

CIS · NIST SP 800-53 (aligned)
01Default admin credentials changedROUTER
02Firmware version current (within 90 days)ROUTER
03WPA3 / WPA2-AES enforced on Wi-FiWIRELESS
04Guest network isolated from LANWIRELESS
05Remote management disabled on WANROUTER
06UPnP disabledROUTER
07DNS-level filtering configuredNETWORK
08Inbound port forwards reviewedNETWORK
Blog · Free to read

Start with the foundations.

Engineering write-ups on the same surface area as the course. If they're useful, the course builds on them with video walkthroughs and downloadable configs.

ARTICLE · 01

AWS Lightsail Data Transfer Quotas: A Postmortem on Cross-Instance Pool Accounting

17 min read·intermediate
ARTICLE · 02

VLESS Reality on macOS: client setup with Shadowrocket or FoxRay

6 min read·intermediate
ARTICLE · 03

VLESS Reality on Windows: client setup with v2rayN

7 min read·intermediate
ARTICLE · 04

Course Module 01: Threat Model and Product Selection

4 min read·intermediate
ARTICLE · 05

Course Module 02: Evaluating VPS Providers for Production

4 min read·intermediate
ARTICLE · 06

Course Module 03: WireGuard from First Principles

4 min read·intermediate
All articles 3 curriculum tracks
Next step

Pay once. Learn the whole stack.

Seven modules, video walkthroughs, downloadable configs, free lifetime updates. 30-day refund — if Module 01 isn't your speed, get your money back, no questions.

Get the course — $79 Read Module 01 free first