Home Lab — Zero Trust Infrastructure Engineering Sandbox

BigHomieCed.app is a public engineering lab focused on practical infrastructure design built with segmentation-first architecture, identity-aware policy, and least-privilege enforcement. Every build assumes breach. Every control is intentional.

View featured builds Read latest lab notes

Signal: architecture decisions, validation output, failure notes, and repeatable configurations.

What This Lab Covers

Practical infrastructure engineering with a Zero Trust mindset: architect first, constrain trust boundaries, validate control paths, then document results.

Designing a Segmented Home Network with Default-Deny Rules

Build write-up includes topology diagrams, VLAN plan, route intent, zone boundaries, and validation checks.

Building a Deny-by-Default Firewall Policy

Covers policy strategy, logging model, staged rollout, and break/fix decision trail.

Implementing Admin Tiering in a Home Lab

Documents privileged access boundaries, management plane isolation, and validation outcomes.

Enforcing East-West Traffic Inspection

Covers lateral movement containment strategy, rule intent, and packet-level verification.

Zero Trust DNS Strategy (DoH / Filtering / Logging)

Details resolver architecture, policy control points, and observability tradeoffs.

Engineering Philosophy

Zero Trust is not a product. It is an architectural discipline. Segment first. Enforce least privilege. Log everything. Validate continuously. This lab documents what that looks like in practice.

Series & Tags

Zero Trust Series Secure Architecture Builds Identity & Policy Labs

Lab Notes & Build Logs

Build logs focused on what broke, why it broke, and what the fix taught me. Each major build is being standardized with: assumed threat, control implemented, validation method, what broke, and what improved.

Network Diagrams & Lab Topology

status: online · mode: build / break / rebuild · tls: required (.app)