DevOps and Security Projects | Stanislav Podlešák

🚀 Enterprise Infrastructure Projects

Zero Trust Architecture Implementation with GoodAccess (2024)

#Cybersecurity #Zero_Trust_Architecture #ISO27001

I designed and implemented a comprehensive Zero Trust security framework for Creative Dock, which was a key component in their journey to ISO 27001 certification. This enterprise solution significantly strengthened the organization's security posture through advanced micro-segmentation, identity-based access controls, and continuous verification mechanisms.

Key achievements included implementing granular network traffic segmentation, deploying multi-factor authentication across all access points, seamless integration with Google SSO, and enforcing context-aware security policies at the device level—all without compromising user experience or productivity.

You can read the case study here: GoodAccess.

GoodAccess Logo

Mutumutu Insurance Infrastructure Migration (2021)

#Infrastructure_Migration #Automation #Container_Orchestration

I led the complete infrastructure migration of the Mutumutu insurance platform to a high-performance dedicated hosting environment at VShosting. This comprehensive project involved implementing Puppet for configuration management, containerizing applications with Docker, and creating a robust CI/CD pipeline through GitLab.

The resulting OpenNebula cloud environment delivered substantial improvements in performance, reliability, and cost-effectiveness. The migration enabled automated infrastructure scaling, reduced operational overhead, and enhanced development workflows through container orchestration and infrastructure-as-code practices.

Mutumutu Logo

Enterprise Fintech Infrastructure – Riyad Bank (2022)

#FinTech #Secure_Cloud #Infrastructure_As_Code

I designed and implemented a secure, compliance-focused cloud infrastructure in Oracle Cloud for Riyad Bank's portfolio of venture projects, including the fintech platforms Timal, Qima, and Grooshy. Using Terraform for infrastructure as code, I designed a multi-layered network architecture with stringent security controls, enterprise web application firewalls, Palo-Alto next-generation firewalls, and secured CI/CD environments.

This project created a secure foundation for banking-grade financial services while maintaining the agility needed for rapid innovation in the fintech space—demonstrating how robust security and development speed can coexist in strictly regulated environments.

Riyad Bank Logo

Security-First CI/CD Pipeline with OWASP ZAP Integration (2023)

#DevSecOps #SAST #DAST #Continuous_Security

I developed an advanced security testing pipeline that seamlessly integrates OWASP ZAP vulnerability scanning into GitLab CI/CD workflows. This DevSecOps initiative included creating an optimized custom Docker image for ZAP and developing specialized CI jobs for both automated regression testing and on-demand security assessments.

The solution includes scheduled security scans, comprehensive reporting, and integration with a private Harbor container registry—enabling teams to identify and remediate security vulnerabilities early in the development cycle while maintaining full control over sensitive security tools and findings.

OWASP ZAP Logo

Personal Portfolio Website (2024)

#Web_Development #Cloud_Hosting #DevOps

This website exemplifies modern web development practices and self-hosted infrastructure. Built using Flask and Tailwind CSS, it runs on my personal iMac server behind an Nginx reverse proxy with NAT routing through Mikrotik. The implementation includes automated TLS certificate management via Let's Encrypt, global content delivery through Cloudflare CDN, and Git-based version control.

The architecture supports multilingual content, component-based design for easy maintenance, and demonstrates how enterprise security and performance optimizations can be applied to personal projects—serving as both a portfolio and practical showcase of web infrastructure best practices.

BotFactory – Conversational AI Platform Infrastructure (2024)

#Chatbot_Automation #Infrastructure_As_Code #Content_Management

I developed a comprehensive Puppet module for deploying and managing the BotFactory conversational AI platform integrated with Directus CMS. This enterprise solution features containerized architecture with Docker, environment-specific configuration management, HAProxy for request routing, and automated update workflows.

The infrastructure design accommodates both staging and production environments, providing consistent deployment patterns while maintaining proper isolation between environments. This modular approach enables rapid deployment of new chatbot instances while enforcing security and reliability standards.

P2P Marketplace – Next.js Platform Infrastructure

#FinTech #React_Framework #Configuration_Management

I developed a robust Puppet module for deploying and scaling Next.js-based financial services platforms. The infrastructure leverages containerization with Docker and advanced reverse proxy solutions (HAProxy and Nginx) to optimize routing, caching, and security at the edge.

The solution supports multiple deployment environments with consistent configuration patterns, integrates TLS with Let's Encrypt certificate automation, and includes specialized logging and monitoring for React applications. This infrastructure powers internal financial sandbox applications for testing innovative P2P transaction models.

Enterprise Docker Orchestration with Puppet

#Container_Orchestration #Configuration_Management #Infrastructure_Automation

I developed advanced Puppet modules for enterprise-level Docker container management, featuring comprehensive support for docker-compose deployments, Portainer integration for visual management, templated configuration generation, and sophisticated container restart policies.

This modular approach enables infrastructure teams to simultaneously manage multiple container-based components with consistent deployment patterns and provides options for quickly replicating complex sandbox environments for testing and development.

GitLab CI/CD – Custom Enterprise Runner Infrastructure

#CI/CD #Build_Automation #Private_Registries

I designed and implemented a comprehensive Puppet-based configuration system for managing GitLab Runner infrastructure at scale. The solution includes Docker executor integration, automated runner registration capabilities, robust private container registry integration, and support for CI utility scripts for common build tasks.

This infrastructure enables highly scalable build environments with consistent configuration across runners while maintaining proper isolation between projects and accommodating specialized build requirements for different development teams.

Enterprise Monitoring and Logging Infrastructure

#Observability #Realtime_Monitoring #Security_Analytics

I implemented comprehensive infrastructure monitoring and logging through Puppet-managed Zabbix agent installation with service autodiscovery features, integrated with centralized rsyslog, the Elasticsearch/Logstash/Kibana (ELK) stack, and the Wazuh security monitoring platform.

The architecture maintains proper separation between development and production monitoring systems while providing unified dashboards and alerts. This solution delivers real-time visibility into system performance, application health, and security events across the entire infrastructure landscape.

Multi-layered Security Infrastructure and Secrets Management

#ZeroTrust #Secrets_Management #Access_Control

I designed and implemented a layered security architecture featuring Vault for centralized secrets management, WireGuard VPN for secure developer access, comprehensive SSH hardening with certificate-based authentication, granular firewall rules, and intrusion prevention with fail2ban—all deployed and managed through automated Puppet configurations.

This defense-in-depth approach provides robust infrastructure protection while maintaining developer productivity through automated credential rotation and seamless integration with CI/CD systems for secure access to sensitive configuration data.

Puppet Core Refactoring and Infrastructure Modernization

#Infrastructure_Modernization #Technical_Debt #Zero_Downtime_Upgrades

I led a comprehensive refactoring of core Puppet infrastructure, encompassing legacy module removal, complete rewriting of HAProxy configurations using modern Puppet practices, implementation of CI linting and validation, creation of improved documentation, and zero-downtime upgrades of Puppet Server and PuppetDB components.

This technical debt reduction project significantly improved infrastructure maintainability, bolstered system security by removing older components, and provided a more robust foundation for ongoing infrastructure automation efforts.

AI & Conversational Platform Infrastructure

#Artificial_Intelligence #Conversational_AI #DevSecOps

I designed complete development and production infrastructure for conversational platforms leveraging artificial intelligence. The solution includes a robust CI/CD pipeline for NLP model deployment, comprehensive monitoring for conversation analytics, reverse proxy configuration with specialized caching for AI endpoints, containerized deployment, and strict environment isolation.

This infrastructure provided a secure foundation for building and deploying conversational AI experiences while enabling rapid iteration through automated testing and deployment processes specifically designed for natural language processing applications.

Cloud Automation & Terraform Enterprise Bootcamp

#Infrastructure_As_Code #Cloud_Automation #Knowledge_Transfer

I developed a custom project simulating real-world enterprise infrastructure deployment scenarios using Terraform. The comprehensive bootcamp included automating Nginx cluster deployments, setting up Harbor container registry, configuring networking, and managing DNS—all implemented using a GitOps approach with versioned infrastructure changes.

This educational initiative continues to serve primarily as a testing ground for new candidates applying for positions in the DevOps team and as a reference project for internal training. It provides hands-on experience with modern DevOps tools and techniques that are essential for success in the rapidly evolving world of cloud infrastructure.

Utility Projects and Technical Prototypes

#Proof_Of_Concept #Microservice_Architecture #Prototype_Engineering

I developed numerous specialized utility projects and technical prototypes, including calculator services implemented as microservices (in both Node.js and Java), mock servers for testing integration scenarios, HR Advisor web portal, mobile applications using React Native, and custom CI tooling enhancements.

These targeted projects served as experimental platforms for evaluating new technologies and architectural approaches before their adoption in production systems while providing critical supporting infrastructure for larger enterprise initiatives.