rohit raj rajana
network security engineer · germany
i secure networks for a living — firewalls, zero trust, cloud infrastructure, and the bits in between. 5+ years working across palo alto ngfw, cisco asa, aws, and enterprise security tooling.
outside of work i'm building homelab infrastructure, automating workflows with n8n, writing about applied ai in security engineering, and learning german.
| Area | What |
|---|---|
| 🔒 Security+ | actively studying toward comptia security+ certification |
| 🏠 Homelab | zimablade 7700 — pi-hole, tailscale, nextcloud, portainer, jellyfin |
| ✍️ Content | applied ai for security engineering series on linkedin |
| 🤖 Automation | n8n pipelines — receipt processing, content scheduling, birthday system |
| 🇩🇪 Language | learning german |
about
age 29.000000000i didn't plan on becoming a network security engineer.
it started with a simple question: how does all of this actually connect? networks. systems. people. invisible threads, quietly carrying everything that matters. that curiosity pulled me in — and 5+ years later, i'm the one mapping the flow, spotting the weak links, and making sure things run the way they're supposed to… not the way attackers hope they will.
along the way, i earned a master's in management information systems from the university of illinois chicago, usa, and before that, a bachelor of technology in computer science from gitam university, visakhapatnam. i'm also ccna (cisco certified network associate) certified — part engineer, part "keeper of the blinking lights," making sure the digital world stays up, running, and a little less chaotic.
but the real story? at my core, i'm driven by faith in god and curiosity. one keeps me grounded. the other keeps pulling me forward.
so i build. i learn. i question things. i automate anything that dares to repeat itself. because if i've done it twice, it's already asking to be scripted.
somewhere between clean network diagrams and late-night troubleshooting, i share what actually works — no fluff, no theory for the sake of sounding smart.
what started as curiosity about how packets move across networks became a full career. 5+ years deploying palo alto ngfw, cisco asa, arista switching, and zero trust architectures. the thing i love most is that the threat landscape never stops evolving — there's always something new to learn, break, and defend against. currently sharpening the offensive side through ethical hacking coursework alongside day-to-day defensive work.
if a task happens more than twice, i automate it. n8n is my primary tool — i've built pipelines for content scheduling, receipt processing, birthday messages, and more. the intersection of ai and security engineering is what genuinely excites me right now. things like using llms to triage alerts, generate incident summaries, or accelerate threat hunting feel like they're going to fundamentally change security ops in the next few years.
shooting with a sony alpha a6700. started with street photography and architecture — both suit the patient, observational mindset that security work also demands. there's something satisfying about finding the right frame in a chaotic scene, which maps surprisingly well to reading logs. germany has been full of incredible subjects — the architecture, autumn light, the people. you can follow the photography work at @pixel.hokage →
training is a non-negotiable part of my week. mostly compound lifts — consistency over intensity. a structured gym routine does more for my focus and energy than almost anything else. i treat it like i treat security: you don't notice it when it's working, and you really notice when it isn't.
learning german since relocating. using anki for vocabulary and structured lessons for grammar. my goal is conversational fluency — enough to operate comfortably at work and in daily life. german is a logical, precise language which honestly fits well with how i think. still very much a beginner, but making steady progress every week.
long-term focused. investing in ucits etfs with german tax optimization in mind — understanding teilfreistellung, withholding tax rules, and broker selection for germany-based investors. heavily influenced by naval ravikant's philosophy on wealth creation: own equity, not time. goal is financial independence through compounding, not shortcuts.
tech & gadgets
software
books
gaming
2026
last update: march 2026
a living record of what i'm building, learning, and doing this year.
| zimablade 7700 homelab build → | self-hosted server with casaos/debian |
| n8n automation stack → | all the workflows i'm running locally |
| security+ study system → | cert prep structured in obsidian |
| docker security stack → | portainer, watchtower, crowdsec, socket proxy |
| tryhackme rooms → | soc 101, linux 101, active rooms |
| hack the box → | machines and ctf challenges |
work
5+ years securing enterprise networks — firewall deployments, cloud architecture, soc operations, cisco networking and products.
| Role | Company | Location | Period |
|---|---|---|---|
| SCADA Network Engineer | Chevron | Colorado, USA | Dec 2024 – Feb 2026 |
| Network Security Engineer | Bath & Body Works | Chicago, USA | Sep 2023 – Nov 2024 |
| Security Consultant | Tata Consultancy Services (TCS) | Hyderabad, India | Jun 2018 – Jul 2021 |
| Degree | Field of Study | Institution | Grad Year |
|---|---|---|---|
| Master of Science | Management Information Systems | University of Illinois Chicago, USA | 2023 |
| Bachelor of Technology | Computer Science | GITAM University, Visakhapatnam, India | 2018 |
| Cert | Issuer | Status |
|---|---|---|
| 🏅 CCNA | Cisco | ✅ earned |
| ☁️ AWS Cloud Practitioner | Amazon Web Services | ✅ earned |
| 🔴 PJPT — Practical Junior Penetration Tester | TCM Security | ✅ earned |
| 🔍 OSINT — Open-Source Intelligence Investigator | TCM Security | ✅ earned |
| 🛡️ Google Cybersecurity Certificate | ✅ earned | |
| 🔒 CompTIA Security+ | CompTIA | 📖 in progress |
| Domain | Tools & Skills |
|---|---|
| 🔥 next-gen firewalls | palo alto ngfw, panorama, cisco asa, policy management, nat, ssl inspection |
| 🌐 cisco networking | routing (ospf, eigrp, bgp, rip), switching (vlans, stp, etherchannel, trunking), inter-vlan routing, layer 2/3 troubleshooting, cisco ios, cdp/lldp, dhcp, dns, qos |
| 🖧 network infrastructure | arista, network segmentation, subnetting, acls, wan/lan design, network troubleshooting |
| ☁️ cloud security | aws vpc, transit gateway, iam, security groups, scada/ot network security |
| 🛡️ endpoint & threat | crowdstrike falcon, nessus, splunk, vulnerability assessment |
| 📊 monitoring | solarwinds, splunk siem, log analysis, network performance monitoring |
| 🏗️ architecture | zero trust network access (ztna), network segmentation, dmz design |
| 🤖 automation | n8n, docker, python scripting, network automation |
projects
i build, i break, i fix, i defend — a mix of homelab security research, automation pipelines, and infrastructure work.
penetration testing and ad exploitation in a homelab environment — kerberoasting, pass-the-hash, smb/llmnr spoofing, and ntlm relay to compromise a domain controller. used nmap, netcat, bloodhound, and powerview for recon and enumeration. proposed remediation strategies to harden the dc post-compromise.
homelab pentesting active directoryconducted osint investigations using maltego, theharvester, and shodan. gathered actionable intelligence from social media, breached data, and metadata. built sock puppet accounts, automated data collection, and produced detailed threat intelligence reports. strengthened skills in digital forensics and cyber investigations.
homelab osint threat intelligencezimablade 7700 running casaos/debian. pi-hole for dns-level ad blocking, tailscale for zero-config vpn, portainer for container management, nextcloud for self-hosted cloud storage, jellyfin for media. cloudflare tunnel for remote access without port forwarding.
infrastructure self-hostedproduction-hardened n8n docker environment with portainer (container ui), watchtower (auto-updates), crowdsec (community threat intelligence), and docker socket proxy for least-privilege daemon access.
docker security hardeningend-to-end n8n workflow: google sheets content calendar → gpt-4o generation → approval email gate → auto-publish to linkedin. built for the applied ai for security engineering content series.
n8n gpt-4o linkedin apin8n pipeline that monitors email for receipts, extracts structured data using ai, and auto-generates formatted invoices. eliminates a fully manual workflow.
n8n document ain8n reads google calendar & contacts, generates personalized birthday messages with gpt-4o, then routes through an approval gate before sending. keeps relationships warm without manual effort.
n8n google api gpt-4odeep-dive research into germany-optimized investing — ucits etf selection, teilfreistellung tax treatment, withholding tax strategy, and broker comparison for german residents. structured in notion.
investing germany notionguides
things i've written for security engineers and productivity-minded people.
| Name | About |
|---|---|
| 🔒 zero trust on a budget → | ztna in a small org without enterprise licensing |
| 🏠 self-hosting with zimablade → | homelab build guide — casaos, portainer, tailscale |
| 🤖 n8n for security engineers → | automating repetitive security ops with n8n and ai |
| 🇩🇪 relocating to germany as a tech professional → | chancenkarte process, job market, salary expectations |
| 🔐 pentest lab setup guide → | beginner ethical hacking environment at home |
contact
want to connect? slide into my dms on linkedin or instagram — that's where i'm most responsive.
| linkedin.com/in/rohit7raj → | |
| instagram.com/rooh7t → | |
| ▶️ YouTube | youtube.com/@itsrooh7t → |
| 🎞️ Photography | instagram.com/pixel.hokage → |
| ✍️ Medium | medium.com/@rooh7t → |
| ☕ Buy Me a Coffee | buymeacoffee.com/rooh7t → |