currently atConservice· Logan, UT

Boston Naviaux

Infrastructure & Security Engineer // Jr Network Administrator

I build and harden infrastructure across cloud, network, endpoint, and identity layers. Three-plus years in production IT — most recently shipping Cloudflare Zero Trust, Proxmox migrations, and internal tooling at Conservice, and previously owning SOC 2 evidence and endpoint security at Onboard.

3+years in production
15+self-hosted services
Get in touch View experience GitHub LinkedIn
boston@pve-cluster:~$ systemctl status portfolio --uptime
● portfolio.service — Infrastructure & Security Engineer
Active: active (running) since Apr 2026 · 4 nodes · 17 LXCs · 0 open firewall ports
01 /

About

I like systems that are secure by default and simple to operate. My path started in helpdesk and customer support, ran through SOC 2 compliance, endpoint security, and cloud IAM at Onboard, and now continues at Conservice — where I’m building and hardening lab and automation infrastructure: Proxmox VE, Cloudflare Zero Trust Access, VMware-to-Proxmox migrations, GPU passthrough, and internal tooling in .NET and PowerShell.

At Onboard I owned vulnerability remediation end-to-end — triaging Wiz findings, routing work through Jira, and pushing evidence into Drata to satisfy SOC 2 controls. I ran endpoint security across Windows, macOS, and Chrome (SentinelOne, Lacework, Wiz) and owned identity and access across Google Workspace, Intune, Hexnode, Kandji, Bitwarden, and Trelica.

Off the clock I run nanobox.gg — a 4-node Proxmox cluster and a menagerie of containers for chat, media, monitoring, AI experiments, and everything in between. I ship code because I like shipping code.

02 /

Experience

Jr Network Administrator

Conservice·Logan, UT · Hybrid
Apr 2026 — Present Active
  • Architected and deployed a Cloudflare Zero Trust Access tier for the lab cluster — stood up a dedicated cloudflared LXC, published 5+ services (Proxmox console, hypervisor SSH, RDP, internal web apps) behind email-gated policies with 24-hour sessions; eliminated daily VPN dependency for admin access.
  • Led a fingerprint-hardening PoC for a ~190-VM production browser-automation fleet across 12 ESXi hosts; proved a software-only spoof delivered equivalent results to dedicated GPU passthrough, eliminating an $8K–$48K hardware-and-licensing line item from the production rollout.
  • Executed and documented an end-to-end VMware-to-Proxmox migration of a Windows Server 2022 VM (vmdk → qcow2, IDE-first boot, virtio driver migration via a “dummy-disk” procedure to avoid INACCESSIBLE_BOOT_DEVICE BSOD, NVIDIA GT 1030 passthrough via VFIO); validated PBS round-trip restore during recovery from an API data-loss incident.
  • Designed, built, and deployed a production internal Network Topology viewer (.NET 9 Blazor Server, vis-network radial layout) that auto-discovers VMs and LXCs from the Proxmox API and runs TCP endpoint probes with per-port latency; shipped to an unprivileged LXC via systemd self-contained publish, fronted by Cloudflare Tunnel with HTTPS.
  • Built a read-only pfSense audit tool that pulls config.xml plus 9 diagnostic pages, runs internal consistency checks (orphan packages, unused aliases, gateway-monitoring drift), and emits an HTML audit site — baseline for pfSense → OPNsense migration planning.
  • Developed a PowerShell + Cloudflare Access one-click RDP tool for internal users (SSO → tunnel → mstsc); adopted by 6 users across teams.
  • Maintain vendor-direct integrations with Graylog (Cisco ACL-hit verification), Netdata Cloud (CapturisDB1 observability), and Cloudflare DNS / Tunnel / Access REST APIs; keep Confluence documentation current for every system stood up.
Proxmox VECloudflare Zero TrustpfSenseOPNsenseVFIOBlazor ServerPowerShellGraylogNetdata

Information Technology Administrator

Onboard·Salt Lake City, UT · Hybrid
Aug 2023 — Apr 2026 Past
  • Owned end-to-end vulnerability remediation for cloud security findings — triaged Wiz detections, routed work through Jira to engineering and infra owners, and uploaded evidence to Drata to satisfy SOC 2 controls and pass compliance audits.
  • Administered user lifecycle across Google Workspace, Intune, Hexnode, Kandji, and Apple Business Manager for a hybrid SaaS workforce.
  • Managed endpoint security on Windows, macOS, and Chrome via SentinelOne, Lacework, and Wiz; enforced device compliance via Intune and Hexnode MDM.
  • Architected and built all employee onboarding / offboarding workflows in Trelica (now 1Password); trained directly by the Trelica founder.
  • Administered IAM across Bitwarden, LastPass, Keycard, and Trelica; enforced least-privilege and access-review policies.
  • Maintained UniFi network infrastructure (UDM-Pro), AWS access, and Vonage Business Cloud VoIP; handled ticketing and documentation in Zendesk and Jira.
  • Managed SaaS and security vendor relationships directly — reported bugs, escalated issues, and drove resolution to vendor engineering without management involvement.
SOC 2WizDrataSentinelOneIntuneHexnodeKandjiGoogle WorkspaceUniFiJira

Call Center Representative

Onboard·Remote
Mar 2023 — Aug 2023 Past
  • Delivered customer-facing technical support; diagnosed and resolved software and connectivity issues.
  • Built remote troubleshooting and communication skills in a fast-paced support environment — directly promoted into the IT Administrator role.

Audio Visual Specialist

Paterna Biosciences·Salt Lake City, UT · Contract
Nov 2024 Past
  • Set up and operated AV systems for corporate events, ensuring reliable audio and video performance.
  • Coordinated on-site technical logistics and resolved real-time equipment issues under tight deadlines.

Maintenance Manager

Lehi City·Lehi, UT
Oct 2021 — Aug 2023 Past
  • Managed and mentored a team of 6–8 employees; owned scheduling, hiring, and performance.
  • Directed multiple capital renovation projects totaling over $500,000; coordinated vendors and timelines.
  • Administered invoice processing and chemical inventory management across two aquatic facilities.
  • Configured networking on a BECSYS 5 automated chemical-feeding controller.
03 /

Stack

Cloud & Infrastructure

AWSProxmox VEProxmox Backup ServerQEMU / KVMVFIO PassthroughVMware → ProxmoxCloudflare TunnelCloudflare Zero TrustDockersystemd

Network & Security

pfSenseOPNsenseUniFi / UDM-ProCisco ACLsTCP/IPDNS / DHCPVLANsOpenVPNSentinelOneWizLaceworkDrata (SOC 2)BitLockerSecurity+ (in progress)

Identity & Access

Google WorkspaceApple Business ManagerMicrosoft IntuneHexnode MDMKandjiBitwardenLastPassKeycardTrelica / 1PasswordCloudflare Access

Observability & Support

GraylogNetdata CloudZendeskJiraConfluenceSlack AdminVonage Business Cloud

Development & Automation

C# / .NET 9Blazor ServerASP.NET CorePythonPowerShellKotlin / ComposeSwift / SwiftUIPostgreSQLEF CoreGit / GitHub ActionsChrome DevTools Protocol

Systems & OS

Windows 10 / 11Windows Server 2022macOSUbuntu / DebianopenSUSE
04 /

Projects

Menos App

menosapp.com →
TestFlight in external review · Wyoming LLC · USPTO trademark

An AI-guided progressive-overload fitness tracker for iOS and Android, built solo from API to app store. ASP.NET Core 8 + Caddy + Kestrel on AWS EC2, PostgreSQL on RDS, AWS SQS for async AI, secrets in SSM Parameter Store. Native iOS in SwiftUI and native Android in Kotlin / Jetpack Compose, both wired to RevenueCat for native billing ($10/mo Pro, 7-day free trial). Claude Haiku powers multiple AI endpoints — session review, next-session programming, NLP Quick Log parsing, and stats-insight coaching — alongside calculated metrics (Wilks, Epley, FFMI, plateau detection, injury risk, strength standards). JWT 60-min access + 30-day rotating refresh tokens, GDPR-compliant account deletion, and the full RevenueCat lifecycle wired to Discord (trial, convert, renewal, cancellation, billing-issue).

ASP.NET Core 8AWS EC2 / RDS / SQSSwiftUIKotlin / ComposePostgreSQLRevenueCatClaude Haiku

Self-Hosted Homelab

nanobox.gg →
Running · 4 nodes · 17 LXCs · 0 open ports

A 4-node Proxmox VE cluster running 17 LXCs and VMs — Revolt chat (3-node MongoDB replication + HAProxy), LiveKit, Plex, UniFi controller, dashboards, and a full monitoring stack. Every service exposed via Cloudflare Tunnels with zero open firewall ports; VLANs, DNS, and DHCP managed on UniFi UDM-Pro. Custom Discord deploy bot with post-receive git hooks for a gitops push flow: workstation → bot → GitHub → CI. Self-hosted GitHub Actions runner for free Android builds.

Proxmox VELXCCloudflare TunnelHAProxyMongoDBUniFiDiscord Bot

GPU Hunter

github →
Systemd · 8 sources · per-target alerts

A multi-source listing scraper (eBay, Reddit, Craigslist, Mercari, OfferUp, KSL, FB Marketplace, Best Buy) for RTX 5090 and 4090 Founders Edition GPUs. Rule-based signals plus LLM-graded scam-probability scoring via Claude Haiku with prompt caching and tool-use structured output; Utah local-pickup gets an explicit green-flag bump. Per-target Discord webhooks color-coded by risk band; APScheduler + asyncio + curl-cffi (to defeat PerimeterX on KSL); SQLite dedup store.

PythonasyncioPlaywrightClaude HaikuPrompt CachingSQLitesystemd

Network Topology Viewer

internal · Conservice
Production · internal tool

A production internal tool built in .NET 9 Blazor Server that auto-discovers VMs and LXCs from the Proxmox API and visualizes the cluster as a radial vis-network graph with per-port TCP endpoint probes and latency readouts. Shipped to an unprivileged LXC via systemd self-contained publish, fronted by Cloudflare Tunnel with HTTPS and email-gated Zero Trust Access.

.NET 9Blazor ServerProxmox APIvis-networkCloudflare Zero Trust

define-ctx

define.nanobox.gg →
Live · FastAPI · paid API

A context-aware dictionary API for reading apps. Client sends { text, word, offset }; service returns one definition that fits the sentence’s sense, written simply. FastAPI + Pydantic v2 with parallel async adapter fan-out across Merriam-Webster Learner’s / Collegiate, Wordnik, and an offline Wiktionary dump. Claude Haiku selects the correct sense via tool-use with a prompt-cached system prompt; spaCy handles lemma/POS; two-layer SQLite cache (30-day candidates, 180-day selections). Per-key rate limits and usage logging.

FastAPIPython 3.11Claude HaikuTool UsespaCySQLite

Homelab Countdown

countdown.nanobox.gg →
Live · daily AI art pipeline

A Blazor Server countdown that paints a new Bob Ross–style oil painting of a Utah landscape every day. Picks a random Utah place from 50 curated locations, pulls real weather via Open-Meteo, asks Claude Sonnet to write the image prompt, renders it with Replicate Flux 2 Pro, and grades the output with Claude vision (threshold 7.5/10, up to 3 retries). Ships to CT 503 via GitHub Actions on a self-hosted runner, nginx + Cloudflare Tunnel.

.NET 9Blazor ServerMudBlazorClaude SonnetFlux 2 ProOpen-Meteo
05 /

Certifications & Education

AWS Certified Cloud Practitioner Amazon Web Services
Jul 2024 — Jul 2027
CompTIA Security+ (SY0-701) CompTIA
In Progress
CompTIA A+ Mountainland Technical College
Certified
CompTIA Network+ Mountainland Technical College
Coursework
Wiz.io Platform Training Wiz.io · Instructor-led (Virtual)
Completed
CyberPatriot AFA National Youth Cyber Defense · 2 seasons
2018 — 2020
High School Diploma Utah Military Academy · Lehi, UT
Graduated
06 /

Contact

// let’s talk

Open to opportunities in network, infrastructure, cloud, and security ops.

Hiring, collaborating, or just want to compare homelab notes? Email is the fastest way to reach me — I read every one. LinkedIn and GitHub are below too.

boston.carr.naviaux@gmail.com LinkedIn GitHub