SYSTEM • NETWORK • SECURITY • VIRTUALIZATION

Özkan TOPAL – System Administrator & Software Developer

I am a system administrator and software developer working on highly available web services, network and security architectures, and custom systems in multiple programming languages, building automation tools for virtualization and management platforms.

Ongoing Projects Skills

About

I enjoy building fast, secure and scalable systems that keep running under all conditions.

My journey started roughly 25 years ago when I first gained root access, and has continued ever since as a process of learning and improvement. Today, I design infrastructure for web services, corporate networks and special-purpose projects on GNU/Linux, BSD derivatives and many other platforms. The solutions I build for virtualization, automation and management are part of my daily workflow.

On the software development side, I focus on writing high-performance, simple and maintainable code in several different programming languages. I believe that every unnecessary line of code adds overhead and introduces potential security vulnerabilities. For this reason, I stay away from the currently popular “Social Coder” or “Vibe Coder” approach and instead build my own micro-frameworks, admin panels and CLI tools, keeping the infrastructure and application layers in tight alignment.

For every system I design and operate, security, logging and monitoring are always first-class citizens. I prefer to include these components from the very first design phase, together with failover scenarios, backup strategies and recovery plans, instead of adding them later as an afterthought.

Profile Summary

Location: Istanbul, Türkiye
Focus: Systems, Networking, Security, Backend
Engagement: Project-based, Consulting, Long-term
Interests: Linux / BSD

Virtualization & LXC

Kernel & Modules

Userland & Shell

Proxmox & ESXi

IPv4 & IPv6 & BGP

Firewalls & VPN

PKI & TLS

Backend (API)

SQL & NoSQL

Monitoring

Log Analysis

Anti-DDoS

WAF

Cryptology

Mathematics

Skills

The combined strength of years of hands-on experience and accumulated knowledge.

System & Server Administration

Installation and secure configuration of GNU/Linux, BSD and Windows-based servers; managing update and backup processes and ensuring that services run stable, fast and without interruption.

End-to-end management of the server lifecycle: hardware and OS selection, user and permission management, firewall and service-level access control, monitoring and logging, preparing backup and recovery plans for disaster scenarios and keeping everything documented and repeatable.

Virtualization

Designing and operating virtual server infrastructures on platforms such as KVM, VMware and Proxmox, including capacity planning, templates, snapshots and secure day-to-day operation.

Managing the lifecycle of virtual machines, integrating networking and storage, designing high-availability (HA) topologies, planning live migration scenarios and applying virtualization policies that minimize downtime during maintenance windows.

Networking & Security

Designing and maintaining IP addressing, VLAN segmentation, routing, firewall and VPN configurations in corporate networks with a focus on security, performance and manageability.

Building security policies for external and internal services, IPv4/IPv6 planning, inter-segment access rules, VPN solutions (site-to-site and client-to-site), reducing the attack surface, and coordinating network and security components across log analysis and incident response processes.

Software Development

Developing clean, readable and maintainable backend-focused software for web applications, APIs and command-line tools; experienced in version control, code review and documentation workflows.

Turning business needs into technical requirements, designing layered architectures, building backend logic aligned with database design, robust error/exception handling, secure authentication and authorization flows, and applying test-driven practices (unit/integration) where appropriate.

Logging & Monitoring

Collecting metrics and logs from servers, applications and network devices to gain real-time visibility into performance, error rates and resource usage, and to detect issues early.

Designing metric and log infrastructures with tools like Prometheus, Grafana and centralized log servers; building meaningful dashboards, defining alert rules, and analyzing logs systematically for root cause analysis of critical incidents.

Artificial Intelligence

Identifying where AI can add value to workflows, selecting appropriate models and tools, planning integration steps and continuously monitoring and improving the results.

Evaluating different AI services and libraries, selecting models based on use cases (hosted APIs, off-the-shelf models, local deployments), analyzing data requirements and privacy/security impact, running proof-of-concept projects and iterating on the solution using metrics and user feedback.

Project Management

Planning, prioritizing, tracking and delivering projects while balancing scope, time and resources, and keeping stakeholders informed throughout the process.

Requirements analysis and scope definition, building realistic roadmaps, breaking down and prioritizing tasks, managing risks and change requests, preparing status reports and coordinating teams to ensure on-time delivery aligned with budget and quality goals.

Projects

Projects I design for active use and continuously improve.

Monitoring & Traffic Analysis Platform

Monitoring • Network • Analytics

A monitoring platform that aggregates metrics, logs and flow data from different sources to provide live and historical visibility by ASN, VLAN, IP ranges or specific services.

Consolidation of different infrastructure metrics into a single view
Network tracking based on flow or firewall logs
Metric extraction and detailed analysis from HTTP and service access logs
Graphing data by ASN / VLAN / service / customer

Private PKI & Certificate Authority Tool

Software • Security • Service

An automation-focused PKI tool that provides a reliable certificate infrastructure with CRL and OCSP support for internal services, APIs, VPN endpoints and management panels.

Creating and managing root and intermediate CAs
SAN support based on DNS names, IP addresses or email
Repeatable certificate profiles using JSON configuration
Automated scripts for client integration

BGP-Centric Security Firewall

Network • Security • Software

A BGP routing-based security and traffic scrubbing platform for service providers or multi-datacenter environments, designed to mitigate DDoS attacks and filter malicious traffic before it reaches production networks.

Architecture that announces prefixes via BGP and redirects attacked networks to scrubbing centers automatically
Ingress traffic filtering with rate/rule-based policies (rate limiting, ACLs, geo/ASN-based controls and similar fine-grained filtering strategies)
Real-time traffic dashboards (pps, bps, flow counts, attack types and target IPs)
Dynamic BGP announcement/withdraw workflows triggered by automated detection (flow analysis, threshold-based alerts)
Centralized logging of events and traffic metadata to support post-incident analysis, reporting and long-term tuning of the protection strategy

Contact

Feel free to reach out for infrastructure design, optimization or new projects.

Whether you would like to review an existing infrastructure, plan a new project or simply exchange ideas, you can get in touch with me via email.

Email: Show email

Preferred Projects

The areas where I am most productive are usually at the intersection of infrastructure and software. Designing the systems and also building the tools that operate them is particularly satisfying to me.

Topics I especially enjoy working on:
• High-traffic web and service infrastructures
• Secure and automation-ready systems
• Monitoring and log analysis solutions
• Network design and security
• Special-purpose hardware setups
• Embedded systems