Back to home
// Vision

Where I'm Headed

I don't just want to ship infrastructure — I want to build it securely, reliably, and with intention. Here's the direction I'm growing toward.

// Learning Roadmap
Completed
DevOps Foundations
On-prem infra, AWS, Docker, CI/CD, Linux — the core toolkit that lets me build and deploy reliably.
VagrantAWS EC2 DockerJenkinsTerraform
In Progress
Security in the Pipeline
Learning to shift security left — integrating image scanning, secret management, and SAST/DAST into CI/CD workflows.
TrivyOWASP VaultGitHub Secret Scanning
Up Next
Cloud Security & Compliance
Diving into AWS security services, IAM hardening, VPC best practices, and infrastructure compliance tooling like tfsec and Checkov.
AWS GuardDutyIAM Checkovtfsec
Planned
Kubernetes & Runtime Security
Moving into container orchestration security — RBAC, network policies, Falco for runtime threat detection, and securing K8s clusters end-to-end.
KubernetesFalco OPA / GatekeeperRBAC
Future
DevSecOps Engineer
Owning security end-to-end — from code commit to production runtime — and helping teams build a culture of "secure by default".
// What Drives Me
🔒
Security as a first-class citizen
Security shouldn't slow teams down — it should be invisible, automated, and built into the workflow from the start.
⚙️
Automate everything repeatable
If a human has to do it twice, it should be a script. If a script runs twice, it should be a pipeline.
📖
Always learning in public
Every project I push to GitHub is a step on the learning path. Growth happens by building, breaking, and rebuilding.
🌏
Bringing it back to Cambodia
I want to help grow the DevOps and security engineering community here in Phnom Penh — sharing what I learn along the way.