I'm a Network & Systems Engineer / Teaching Lab Aid focused on cybersecurity, network observability, and AI infrastructure. I build SOC tooling, MCP servers, and agent workflows that run on real production gear, not toy demos. I write about it at solomonneas.dev/blog.

• US based in Tampa, FL, near the beach.
• 📜 M.S. Cybersecurity Intelligence & Information Security at the University of South Florida.
• 🛡️ Building open-source SOC + threat intel tooling on bare-metal Proxmox.
• 🤖 Deep in multi-agent orchestration, MCP servers, and detection engineering.
• 🪢 n8n enthusiast, wiring up self-hosted automation for intel pipelines, monitoring, and SOC ops.
• 🧭 Currently exploring self-hosted AI stacks, network observability, and incident response automation.
• 📝 Writing regularly on my blog, Dev.to, Hashnode, CoderLegion, and X.
• 🗣️ Ask me about Proxmox migrations, network monitoring, MCP servers, OpenClaw, agent orchestration, and open-source SOC.
• ⚙️ Big believer in open source, dogfooding everything, and writing it down so the next person doesn't have to figure it out.
• 👨‍👧 Father, retired chef of 17 years, OSS contributor, and beach lover when I'm not on a screen.
• 🫶 If my work helped you, buy me a coffee or tip on Ko-fi.
• 📫 Reach me at [email protected] · LinkedIn · X

Some of the projects I've built or maintain:

OpenClaw & Dev Tools

• 🔍 code-search-api - Local semantic code search with Ollama embeddings, SQLite, hybrid search, and LLM summaries.
• 🦞 solos-cookbook - Solomon's Guide to Cookin' with Gas: how one engineer runs a 24/7 multi-agent AI stack on bare metal. Opinionated. Dogfooded. Broken-and-fixed in production. Tested in service.
• 📊 usage-tracker - Token usage and cost analytics for OpenClaw sessions across models.
• 📚 prompt-library - Dual-mode prompt management with browse/copy UI and a REST API for sub-agents.
• 🛂 content-guard - Policy-driven content scanning and publish checks.

Security & Threat Intelligence

• 🛡️ cyberbrief - AI threat intel briefings with BLUF reports, ATT&CK mapping, and IOC extraction.
• 🔍 bro-hunter - Threat hunting for Zeek and Suricata logs with beaconing detection and MITRE mapping.
• 🔬 intel-workbench - Threat intel analysis with ACH matrices, evidence weighting, and STIX export.
• 📖 hotwash - SOC playbook parser with mermaid diagram generation and Wazuh alert ingestion.
• 🏗️ soc-stack - Full SOC architecture covering MCP servers, detection pipelines, and deployment playbooks.

MCP Servers

• 🧠 cortex-mcp - Observable analysis for IOCs, reports, and response actions.
• 🛡️ wazuh-mcp - SIEM access for agents, alerts, rules, and decoders.
• 🔬 misp-mcp - Threat intel search, IOC correlation, and STIX/Suricata/CSV export.
• 🐝 thehive-mcp - Incident response workflows for cases, alerts, tasks, and observables.
• ⚔️ mitre-mcp - MITRE ATT&CK technique mapping, threat group profiling, and detection gap analysis.
• 🔎 zeek-mcp - Network monitoring access for connection, DNS, HTTP, and SSL logs.
• 🦔 suricata-mcp - IDS/IPS workflows for managing rules, querying alerts, and analyzing traffic.
• 🕸️ maltego-mcp - Maltego graph authoring and OSINT lookups for whois, DNS, ASN, and crt.sh.
• ⚙️ n8n-ops-mcp - Ops control for n8n workflows, validation, and execution lifecycle.
• 📮 postiz-mcp - Postiz social scheduling control with full public-API coverage, env-gated writes, and a 30/hr rate-limit guard.

Network & Infrastructure

• 🔭 watchtower - NOC dashboard with interactive topology, L2/L3 views, and LibreNMS/Proxmox integration.
• 🔌 portgrid - Switch port visualization for LibreNMS with color-coded views and instant search.
• 🔒 proxguard - Proxmox firewall rule visualization with conflict detection and rule simulation.
• 🐧 samba-ad-migration - Windows AD to Samba file share migration scripts for Proxmox.

Media Automation

• 📺 media-cli - Single-file bash CLI for Sonarr, Radarr, Prowlarr, qBittorrent, Bazarr, Jellyseerr, and Tdarr.
• 🎬 jellyfin-mcp - Control Jellyfin from LLMs with playback sessions, library scans, user admin, and 20 MCP tools.

Currently Contributing To

• 🧃 vincentkoc/tokenjuice - Lean output compaction for terminal-heavy agent workflows.
• 📝 steipete/summarize - Fast summaries from URLs, files, and media. CLI + Chrome Side Panel + Firefox Sidebar with video slides, OCR, and transcript extraction.
• 📬 steipete/gogcli - Google Suite CLI for Gmail, Calendar, Drive, and Contacts.
• 🦞 openclaw/plugin-inspector - Offline compatibility inspector for mocking OpenClaw and testing plugins.
• 💬 steipete/discrawl - CLI for Discord with a SQLite backend.
• 🎭 microsoft/playwright - Cross-browser automation and testing framework, including the Playwright MCP server for agents.

More to come as PRs land.

I'm always open to building, contributing, collaborating, and chatting. Feel free to reach out.

Infrastructure Migrations

• 💰 How I Migrated 6 Servers from VMware to Proxmox and Saved $343K
• 🖥️ I Migrated Our Entire Infrastructure from Hyper-V to Proxmox
• 💿 Replacing SCCM with FOG Project

SOC & Security Operations

• 🛡️ I'm a Lab Assistant. So I Built My Own SOC
• 🧩 I Built 7 MCP Servers for Security Tools. The Protocol Was the Easy Part.

Network Engineering

• 📡 A Fiber Cut at 2 PM Taught Me Why I Needed to Build Watchtower
• 🎓 3 Days, 18 Hours: What I Learned at NDG's Proxmox Workshop

Agents & AI Infrastructure

• 🤖 Anthropic Broke My OpenClaw Stack. GPT 5.4 Put It Back Together