Systems -> Telemetry -> Security

Building from systems fundamentals toward monitoring, detection, and security engineering.

I am stacknil, an early-career builder shaping a public portfolio around one clear motion: systems work creates operational intuition, telemetry work turns that intuition into observable signals, and security engineering applies those signals to detection and response.

GitHub Featured Project What I am building toward

Primary Project

telemetry-lab

A four-demo public repo for deterministic, reviewable, local file-based telemetry and detection workflows. It moves from windowed analytics into constrained case summarization, rule-hit dedup semantics, and bounded config-change investigation.

event normalization windowed rules constrained llm reviewer packs

Why it matters Shows a full path from telemetry to detection semantics.

Structure Four demos, one coherent repo narrative.

LLM role Constrained, explicit, and non-agentic.

Latest milestone v0.6.0

Repository Latest release Reviewer packs

Primary axis

systems -> telemetry -> security

Current emphasis

monitoring, detections, signal clarity

Working style

small, reproducible, portfolio-grade

Home

stacknil.github.io

Narrative

A portfolio arranged as a pipeline, not a pile.

The point of this page is to make the portfolio legible fast. Instead of asking visitors to reverse-engineer the relationship between repositories, it states the sequence directly and keeps the public signal compact.

Systems foundations

Build intuition in programming, Linux, networking, tooling, and reproducible workflows. This is the layer that makes later telemetry and security work grounded instead of decorative.

Telemetry and observability logic

Convert raw events into structured signals: timelines, baselines, windows, rules, and alerts. This is where analysis becomes operational and easier to verify.

Security and detection engineering

Apply telemetry habits to monitoring, detections, safe writeups, and security-oriented tooling. The long-term goal is engineering work that is observable, testable, and useful in real workflows.

What this page is optimizing for

Clear direction, sharper portfolio signal, public artifacts with method behind them, and a narrative that makes monitoring and security intent obvious without overselling maturity.

Coherent sequence

Each repo should reinforce the same movement rather than compete for identity.
Reproducibility over hype

Small demos, deterministic outputs, visible constraints, and testable workflows.
Operational language

Signals, windows, alerts, monitoring surfaces, hardening, and detection logic.

Focus

Current themes and operating areas.

These are adjacent layers in one engineering direction, not unrelated interests grouped together for volume.

Systems substrate

Programming fundamentals, Linux comfort, networking basics, tooling discipline, and the habit of making work reproducible enough to inspect and extend.

Linux C / C++ Python tooling

Telemetry workflows

Event normalization, time windows, rule logic, alert thresholds, timeline rendering, and small experiments that make signal behavior easier to reason about.

events windows alerts observability

Detection mindset

Think in monitored surfaces, suspicious changes, triage context, and explainable outputs rather than isolated scripts with no operational story.

detections triage signal quality security labs

Writing and governance

README structure, sanitized notes, controlled terminology, and method-focused public artifacts that show judgment as well as technical curiosity.

writeups taxonomy sanitization portfolio signal

Direction

What I am building toward.

The medium-term goal is not just "more projects." It is a stronger fit for monitoring, detection, and security engineering work where instrumentation, signal quality, and judgment all matter.

Target shape of the portfolio

A tighter public record that shows I can work from systems understanding into telemetry pipelines, then turn that telemetry into alerts, detections, and safer engineering decisions.

Monitoring engineering

Build comfort with metrics, logs, service behavior, dashboards, and failure signals.
Detection engineering

Design and tune rules, windows, baselines, and timelines that support investigation.
Security engineering

Strengthen tooling, governance, and instrumentation habits that make systems safer to operate.

Selected Projects

Representative repositories with one clear lead project.

The goal here is not breadth. It is to make the strongest repositories easier to scan and easier to place in the larger story.

Featured Repository

telemetry-lab

A four-demo flagship repo built around deterministic, reviewable workflows: windowed telemetry analytics, constrained AI-assisted case drafting, rule-hit dedup and cooldown behavior, and bounded config-change investigation.

This is the strongest public project on the page because each demo stays local, file-based, and inspectable. The only LLM usage is explicit, schema-constrained, and non-autonomous.

four demos local artifacts rules constrained llm reviewer packs

Repository Latest release Reviewer packs

repo-sentinel-lite

A lightweight repository scanner that treats codebases as monitored surfaces rather than static folders. The sharper signal here is engineering hygiene: deterministic checks, packaging discipline, CI release flow, and automation habits that make repository state easier to inspect and trust.

Why it matters: it frames repository state as something to observe and verify, which is exactly the mindset behind monitoring surfaces and security hygiene.

Python CLI CI/CD repo health

Repository

sec-writeups-public

A sanitized public security notebook where the hard part is judgment, not just note-taking. The repo emphasizes taxonomy, redaction boundaries, terminology control, and public-safe reporting so that security learning becomes reusable without becoming reckless.

Why it matters: it shows the ability to turn security learning into publishable artifacts without leaking unnecessary detail, which is a real engineering judgment signal.

security writeups sanitization governance

Repository

Portfolio frame: systems foundations / security labs / scientific computing

These repository axes remain part of the larger architecture even when they are not all equally public yet. Their job is to support the same story: stronger fundamentals, better telemetry intuition, and more credible security-oriented engineering over time.

roadmap portfolio architecture next public layer

Notes

Public writing should explain how the engineering works.

The notes section is here to show reasoning quality, not to pad the page. Surface the strongest published pieces first, and keep any remaining gaps explicit.

telemetry-lab / v0.6.0 release and reviewer packs

The current milestone for the four-demo repo, plus small reviewer-pack artifacts for the constrained AI-assisted detection and config-change investigation paths.

Read release AI-assisted reviewer pack Config-change reviewer pack repo milestone / release artifacts
sec-writeups-public / SOC Fundamentals

A public-safe blue-team note on SOC roles, triage flow, alert meaning, and why context decides whether a detection is actually suspicious.

Read note security / blue-team writeup
Systems / workflow note

A short piece on repo governance, testing, automation, or reproducible tooling as an engineering habit.

TODO: add the first public systems or workflow note URL.

Resume

Keep the resume block simple.

One PDF is enough. Until it exists, say exactly what needs to be added instead of leaving a dead button behind.

Resume / CV

Publish a single PDF in this site when ready. Recommended path: /assets/stacknil-cv.pdf.

TODO: publish the resume PDF, then replace this note with a direct link.

Keep the page lean: link the PDF and stop there.

Contact

Minimal, deliberate, and low-noise.

Public contact should be enough to reach me and enough to verify the work, without filling the page with weak signals.