20 role-specific resumes with verified KPIs — BlackRoad only, no prior experience

RoadChain-SHA2048: 428ab11c02ce78d6 RoadChain-Identity: alexa@sovereign RoadChain-Full: 428ab11c02ce78d628aa30489d9f0f3251e709352f2deacf05882435ed9f5d114fe2a1c9e75b3c831688f47cd9032c22b388f821b1b29dcac9fc9a3ad4a1b39f1210d1275f9472df606b763bb551961d1eaebfe8f2a4b9c23d3f3da3f001d916e03ff920def04c8304d8544ac916e4c50c16da942dcc830388e298b7c016b991320b30f7d3fe153aaab71ab109aea3f9dca996ac6e14ca1c0969248c8ca2767ab631c17dc86c0c2a8edd1c8965ab3ba6c92ba7cc9aa4d74406058a39d8fdec53a200371b7d1e1214a860a7ff2c53b83b09f516cec69cbe00e3556caee7f813e4a09d3f430a3a3eab5d4763f8975999c31bd77f82972ab8d7c2d7c5aedcce9442
2026-03-18 04:34:12 -05:00 · 2026-03-13 00:01:11 -05:00
parent 58d4e18634
commit d5c8667284
22 changed files with 1584 additions and 215 deletions
--- a/roles/13-network-engineer.md
+++ b/roles/13-network-engineer.md
@@ -0,0 +1,72 @@
+# Alexa Amundson
+
+**Network Engineer**
+
+amundsonalexa@gmail.com | [github.com/blackboxprogramming](https://github.com/blackboxprogramming)
+
+---
+
+## Summary
+
+Network engineer operating a multi-layer network stack: WireGuard mesh VPN, Tailscale overlay (9 peers), RoadNet WiFi mesh (5 APs), 4 Cloudflare tunnels serving 48+ domains, DNS infrastructure (Pi-hole + PowerDNS + dnsmasq), and 48 Nginx reverse proxy sites across a 7-node fleet.
+
+---
+
+## Experience
+
+### BlackRoad OS | Founder & Network Lead | 2024–Present
+
+**VPN & Mesh Networking**
+- WireGuard mesh VPN (10.8.0.x subnet) with DigitalOcean hub routing to all edge nodes
+- Tailscale overlay network: 9 peers for management access across network boundaries
+- RoadNet WiFi mesh: 5 access points on non-overlapping channels (1, 6, 11)
+- Dedicated subnets: 10.10.{1-5}.0/24 per node with NAT through wlan0
+
+**DNS Infrastructure**
+- Pi-hole on Alice: fleet-wide ad blocking and DNS resolution
+- PowerDNS on Lucidia (Docker): authoritative DNS for custom zones
+- dnsmasq on Cecilia: custom DNS zones (.cece, .blackroad, .entity, .soul, .dream)
+- Cloudflare DNS for 48+ public domains
+
+**Reverse Proxy & Load Balancing**
+- 48 Nginx sites routing traffic to fleet services
+- 4 Cloudflare tunnels for zero-trust external access
+- Per-service routing: API, web, git, AI inference endpoints
+- SSL/TLS termination via Cloudflare
+
+**Monitoring & Diagnostics**
+- 106 active network connections monitored across fleet
+- 867 processes tracked for network resource usage
+- SSH-based fleet probing with health checks
+- Daily KPI collection including connection counts and peer status
+
+**Security**
+- Zero-trust architecture via Cloudflare tunnels (no exposed ports)
+- WireGuard encryption for all inter-node traffic
+- UFW firewall on edge nodes (INPUT DROP policy)
+- SSH key management across 50+ authorized keys
+
+---
+
+## Technical Skills
+
+**VPN:** WireGuard, Tailscale
+**DNS:** Pi-hole, PowerDNS, dnsmasq, Cloudflare DNS
+**Proxy:** Nginx, Cloudflare Tunnels
+**WiFi:** hostapd, RoadNet mesh configuration
+**Security:** UFW, nftables, SSH hardening, TLS
+**Monitoring:** Custom probes, ss, connection tracking
+
+---
+
+## Metrics
+
+| Metric | Value |
+|--------|-------|
+| VPN nodes | 7 (WireGuard) |
+| Tailscale peers | 9 |
+| WiFi APs | 5 |
+| Domains | 48+ |
+| Nginx sites | 48 |
+| CF tunnels | 4 |
+| Connections | 106 |