Skip to content
View bastiaan365's full-sized avatar

Achievements

Achievement: YOLOAchievement: Pull Shark

Achievements

Achievement: YOLOAchievement: Pull Shark

Highlights

Block or report bastiaan365

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
bastiaan365/README.md

Bastiaan Rusch

IT & Security Engineer | 8+ years across aviation, healthcare and enterprise IT

bastiaan@365:~$ whoami

I've spent most of my career managing large-scale Windows environments — 15,000+ endpoints and 20,000+ iPads at KLM, followed by healthcare IT at an oncology hospital. Currently looking for my next role in Security Engineering.

GitHub Stats

GitHub stats Top languages

What I work with

Area Tools & tech
Microsoft 365 Intune, Entra ID, Defender, Conditional Access, Exchange Online
Security Suricata IDS/IPS, OPNsense, Zero Trust, GDPR, NEN 7510, NIS2
Monitoring Grafana, InfluxDB, Telegraf, Syslog
Networking VLANs, WireGuard VPN, DNS-over-TLS, DNSSEC, TCP/IP
Infrastructure Windows Server, Active Directory, PowerShell, SCCM/MECM, Linux

Homelab

I run a segmented home network as a hands-on security lab:

  • OPNsense firewall with 7 VLANs
  • Suricata IDS/IPS for threat detection
  • WireGuard VPN (Mullvad, kill switch)
  • TIG stack (Telegraf + InfluxDB + Grafana) on a Raspberry Pi
  • Home Assistant on its own VLAN
  • DNS-over-TLS via Unbound with DNSSEC and blocklists
  • Hardening scripts with rollback support

More details at bastiaan365.com

Projects

Repo What it does
homelab-infrastructure Full network setup: OPNsense, Suricata, VLANs, WireGuard, TIG monitoring
powershell-it-toolkit PowerShell scripts for PC cleanup, AD, Intune and M365
ubuntu-hardening-scripts Ubuntu/Debian hardening based on CIS benchmarks, with rollback
dns-security-setup Unbound config with DNS-over-TLS, DNSSEC and blocklists
grafana-dashboards Dashboards for network traffic, Suricata alerts, DNS stats
iot-threat-detector ML-powered IoT network anomaly detection with Isolation Forest engine
iot-firmware-scanner CLI tool for scanning IoT firmware for vulnerabilities, weak crypto and CVEs
llm-red-team-toolkit Automated security testing of LLM applications: prompt injection, jailbreak, data exfil
ai-agent-sandbox Security sandbox for AI agents with YAML-based policy control
mcp-it-ops MCP server for IT ops: query AD, manage Intune, check M365 health directly from Claude
job-agent Smart job matching system: CV analysis, vacancy scoring, application drafting (coming soon)

Certifications

Done: MD-100, MD-101, AZ-900, SC-900, ITIL v4, Lean Six Sigma Orange Belt
Working on: CompTIA Security+

Background

  • KLM — Managed 15,000+ Windows endpoints and 20,000+ iPads
  • KLM Health Services — 3+ years ICT consulting, NEN 7510 compliance
  • Started in aviation engineering — that mindset stuck
  • 8+ years across aviation, healthcare, legal and childcare

Get in touch

bastiaan365.com | LinkedIn | bastiaan@bastiaan365.nl | Almere, Netherlands

Pinned Loading

  1. bastiaan365 bastiaan365 Public

    IT Engineer | 8+ years in Microsoft 365, Endpoint Management & Security | Homelab enthusiast

  2. dns-security-setup dns-security-setup Public

    Secure DNS configuration with Unbound: DNS-over-TLS, DNSSEC validation, blocklists for ads/malware/trackers. Privacy-first DNS for OPNsense or standalone.

    Shell

  3. grafana-dashboards grafana-dashboards Public

    Custom Grafana dashboards for homelab monitoring. Network traffic, Suricata IDS alerts, DNS queries, system metrics and OPNsense firewall stats.

  4. homelab-infrastructure homelab-infrastructure Public

    Fully segmented home network with OPNsense, Suricata IDS/IPS, VLAN isolation, WireGuard VPN and TIG monitoring stack. Defense-in-depth architecture with 7 isolated zones.

  5. powershell-it-toolkit powershell-it-toolkit Public

    PowerShell scripts for Windows IT administration. PC cleanup, user provisioning, Active Directory management, Intune deployment and Microsoft 365 automation.

    PowerShell

  6. ubuntu-hardening-scripts ubuntu-hardening-scripts Public

    Automated security hardening for Ubuntu/Debian systems with built-in rollback capability. Designed for both homelab and production environments.

    Shell