As I prepare to transition from my role at the ORTSOC to the Bay Area security industry, I needed a centralized place to document my projects and share my professional background. Rather than relying on a heavy CMS or a generic platform, I decided to build and host this site myself.

This is a breakdown of how this portfolio is built, deployed, and secured.

Why Hugo? Link to heading

From a security perspective, reducing the attack surface is always the primary goal. Content Management Systems like WordPress require databases, PHP execution, and constant patching of plugins.

By using Hugo (specifically the minimalist hugo-coder theme), I eliminate that dynamic attack surface entirely. The site compiles into pure, static HTML, CSS, and JavaScript. There is no backend database to inject, and no authentication portal to brute-force. It is fast, resilient, and inherently secure by design.

The Development Workflow Link to heading

My daily driver is Arch Linux, and my development environment is built around Neovim (specifically LazyVim).

My workflow is entirely terminal-based:

  1. Version Control: The project is tracked via Git, with the theme managed as a submodule to ensure I can easily pull upstream security patches.
  2. Synchronization: The working directory is synced securely across my devices using my self-hosted private cloud infrastructure.
  3. Local Testing: I utilize Hugo’s built-in server (hugo server -D) for live-reloading during development.

Infrastructure and Deployment Link to heading

In keeping with the rest of my homelab architecture, the deployment is fully containerized.

Once the static assets are generated into the public directory, they are served via Caddy.

I chose Caddy for my edge routing because of its automatic HTTPS provisioning. It handles the SSL/TLS certificate lifecycle automatically via Let’s Encrypt, ensuring the site is served securely without requiring manual certificate rotation.

The general deployment pipeline looks like this:

  • Code is finalized and built via the Hugo CLI.
  • The static assets are mapped to a lightweight web server container.
  • Caddy acts as the reverse proxy, terminating SSL and routing external traffic securely to the container.
  • Host-level protection is managed to drop malformed or malicious traffic at the edge.

Looking Forward Link to heading

Building this site was a great exercise in deploying clean, secure infrastructure. I plan to use this space to share technical write-ups on my homelab deployments, log analysis techniques, and other security engineering projects as I continue to grow in the field.