I'm a Network & Systems Engineer / Teaching Lab Aid focused on cybersecurity, network observability, and AI infrastructure. I build SOC tooling, MCP servers, and agent workflows that run on real production gear, not toy demos. I write about it at solomonneas.dev/blog.

• US based in Tampa, FL, near the beach.
• 🎓 M.S. Cybersecurity Intelligence & Information Security at the University of South Florida.
• 🛡️ Building open-source SOC + threat intel tooling on bare-metal Proxmox.
• 🔭 Deep in multi-agent orchestration, MCP servers, and detection engineering.
• 🪢 n8n enthusiast, wiring up self-hosted automation for intel pipelines, monitoring, and SOC ops.
• 🌱 Currently exploring self-hosted AI stacks, network observability, and incident response automation.
• ✍️ Writing regularly on my blog, Dev.to, Hashnode, CoderLegion, and X.
• 💬 Ask me about Proxmox migrations, network monitoring, MCP servers, OpenClaw, agent orchestration, and open-source SOC.
• ⚙️ Big believer in open source, dogfooding everything, and writing it down so the next person doesn't have to figure it out.
• 👨‍👧 Father, retired chef of 17 years, OSS contributor, and beach lover when I'm not on a screen.
• ☕ If my work helped you, buy me a coffee or tip on Ko-fi.
• 📫 Reach me at me@solomonneas.dev · LinkedIn · X · Bluesky · Mastodon

Some of the projects I've built or maintain:

OpenClaw & Dev Tools

• 🔍 code-search-api - Local semantic code search with Ollama embeddings, SQLite, hybrid search, and LLM summaries.
• 📘 openclaw-best-practices - Production runbooks for security hardening, multi-model orchestration, and recovery.
• 📊 usage-tracker - Token usage and cost analytics for OpenClaw sessions across models.
• 📚 prompt-library - Dual-mode prompt management with browse/copy UI and a REST API for sub-agents.
• 🛂 content-guard - Policy-driven content scanning and publish checks.

Security & Threat Intelligence

• 🛡️ cyberbrief - AI threat intel briefings with BLUF reports, ATT&CK mapping, and IOC extraction.
• 🔍 bro-hunter - Threat hunting for Zeek and Suricata logs with beaconing detection and MITRE mapping.
• 🔬 intel-workbench - Threat intel analysis with ACH matrices, evidence weighting, and STIX export.
• 📖 hotwash - SOC playbook parser with mermaid diagram generation and Wazuh alert ingestion.
• 🏗️ soc-stack - Full SOC architecture covering MCP servers, detection pipelines, and deployment playbooks.

MCP Servers

• 🧠 cortex-mcp - Observable analysis for IOCs, reports, and response actions.
• 🛡️ wazuh-mcp - SIEM access for agents, alerts, rules, and decoders.
• 🔬 misp-mcp - Threat intel search, IOC correlation, and STIX/Suricata/CSV export.
• 🐝 thehive-mcp - Incident response workflows for cases, alerts, tasks, and observables.
• ⚔️ mitre-mcp - MITRE ATT&CK technique mapping, threat group profiling, and detection gap analysis.
• 🔎 zeek-mcp - Network monitoring access for connection, DNS, HTTP, and SSL logs.
• 🦔 suricata-mcp - IDS/IPS workflows for managing rules, querying alerts, and analyzing traffic.
• 🕸️ maltego-mcp - Maltego graph authoring and OSINT lookups for whois, DNS, ASN, and crt.sh.
• ⚙️ n8n-ops-mcp - Ops control for n8n workflows, validation, and execution lifecycle.

Network & Infrastructure

• 🔭 watchtower - NOC dashboard with interactive topology, L2/L3 views, and LibreNMS/Proxmox integration.
• 🔌 portgrid - Switch port visualization for LibreNMS with color-coded views and instant search.
• 🔒 proxguard - Proxmox firewall rule visualization with conflict detection and rule simulation.
• 🐧 samba-ad-migration - Windows AD to Samba file share migration scripts for Proxmox.

Media Automation

• 📺 media-cli - Single-file bash CLI for Sonarr, Radarr, Prowlarr, qBittorrent, Bazarr, Jellyseerr, and Tdarr.
• 🎬 jellyfin-mcp - Control Jellyfin from LLMs with playback sessions, library scans, user admin, and 20 MCP tools.

Currently Contributing To

• 🧃 vincentkoc/tokenjuice - Lean output compaction for terminal-heavy agent workflows.
• 📝 steipete/summarize - Fast summaries from URLs, files, and media. CLI + Chrome Side Panel + Firefox Sidebar with video slides, OCR, and transcript extraction.
• 📬 steipete/gogcli - Google Suite CLI for Gmail, Calendar, Drive, and Contacts.
• 🦞 openclaw/plugin-inspector - Offline compatibility inspector for mocking OpenClaw and testing plugins.
• 💬 steipete/discrawl - CLI for Discord with a SQLite backend.

More to come as PRs land.

I'm always open to building, contributing, collaborating, and chatting. Feel free to reach out.

Infrastructure Migrations

• 💰 How I Migrated 6 Servers from VMware to Proxmox and Saved $343K
• 🖥️ I Migrated Our Entire Infrastructure from Hyper-V to Proxmox
• 💿 Replacing SCCM with FOG Project

SOC & Security Operations

• 🛡️ I'm a Lab Assistant. So I Built My Own SOC
• 🧩 I Built 7 MCP Servers for Security Tools. The Protocol Was the Easy Part.

Network Engineering

• 📡 A Fiber Cut at 2 PM Taught Me Why I Needed to Build Watchtower
• 🎓 3 Days, 18 Hours: What I Learned at NDG's Proxmox Workshop

Agents & AI Infrastructure

• 🤖 Anthropic Broke My OpenClaw Stack. GPT 5.4 Put It Back Together