Mark Beekhuizen

I’m a Technical Security Specialist focused on building secure and reliable infrastructure. I enjoy hardening Linux systems, improving mail security and deliverability, deploying VPN connectivity, and creating reproducible documentation that helps teams operate safely and efficiently.

Below are example project areas and outcomes. This page is intentionally practical: it highlights real-world implementation and operational thinking rather than theoretical lists.

• Linux hardening: secure-by-default configurations, auditing, and least-privilege changes.
• Firewalling: controlled inbound exposure, safe egress, logging, and rule clarity.
• Mail security: SPF/DKIM/DMARC alignment, anti-spam tuning, and operational monitoring.
• VPN and segmentation: WireGuard, secure routing, and minimal attack surface design.
• Automation: scripted backups, health checks, reporting, and predictable maintenance flows.
• TLS and crypto hygiene: configuration validation, certificate workflows, and troubleshooting.

• Secure mail infrastructure (Postfix + Dovecot + DKIM/DMARC)

  Designed and maintained a self-hosted mail platform with strict authentication and deliverability goals: aligned SPF/DKIM/DMARC policies, TLS hardening, structured logging, and spam filtering tuning.

  • Strong authentication and alignment to reduce spoofing risk.
  • Deliverability troubleshooting using logs and controlled testing.
  • Privacy-aware configuration decisions.
• Firewall hardening and exposure reduction

  Built a clear inbound policy: only expose required services, with explicit rules and logging. Implemented safe defaults for remote administration and service access.

  • Minimal inbound attack surface and explicit allow rules.
  • Port and service audits to remove unintended exposure.
  • Practical rule layout that is easy to maintain and review.
• WireGuard VPN deployment

  Implemented WireGuard tunnels for secure remote access and internal segmentation, including safe key handling, routing/forwarding configuration, and optional NAT patterns where required.

  • Peer-specific addressing and restricted AllowedIPs.
  • Operational checks and clear documentation for onboarding peers.
  • Least-privilege firewall rules for VPN access.
• Operational automation and backup routines

  Created backup scripts and reporting flows for configuration-driven services. Focused on deterministic outputs, integrity validation, and safe file permissions.

  • Archive + SHA-256 validation for integrity.
  • Secure defaults (umask, ownership, minimal exposure).
  • Reusable patterns that scale as services grow.
• Troubleshooting playbooks and documentation

  Wrote “copy/paste ready” documentation for recurring operational tasks: Linux commands, TLS inspection, network inspection, and baseline hardening steps.

  • Practical command references and safe examples.
  • Reproducible checks to confirm changes and prevent regression.
  • Focus on clarity and maintainability.

• Least privilege: expose only what is needed and restrict everything else.
• Evidence-based: verify with logs, tests, and controlled change management.
• Operational safety: backups, rollback thinking, and predictable deployment steps.
• Privacy-aware: avoid unnecessary data leakage (especially in tooling and logging).
• Documentation-first: configurations should be understandable months later.

• Documentation
• Linux Commands
• WireGuard
• Scripts
• Security
• OSINT

• LinkedIn
• Twitter