From Homelab Engineer to AI Infrastructure Architect

๐Ÿงฉ Overview

Starting in Spring 2026, I will begin my journey toward becoming a Cybersecurity Architect specializing in AI infrastructure and enterprise networking.
This roadmap outlines how I will progress from my academic study at UTSAโ€™s BBA in Cybersecurity to advanced Cisco certifications such as CCIE Data Center, leading toward a role in AI-first companies like NVIDIA or Cisco.

๐ŸŽ“ Current Certifications and Skills (as of 2025)

CertificationFocus AreaStatus
CompTIA A+IT hardware, troubleshooting, OS fundamentalsโœ… Completed
RHCSALinux system administration and automationโœ… Completed
Proxmox / pfSense / VLAN LabVirtualization, routing, segmentation๐Ÿง  Active project
TrueNAS Scale / Rocky Linux / Windows Server 2025Domain services, storage, and AD integration๐Ÿง  Active project

๐Ÿ“… Career Roadmap Timeline (2026โ€“2034)

YearPhaseGoals & FocusKey CertificationsCareer Milestones
2026โ€“2028Phase 1: Academic FoundationBegin UTSA Cybersecurity BBA, strengthen networking and Linux fundamentals, develop Proxmox enterprise labCCNA, Security+, AWS Cloud PractitionerEntry-level IT or NOC Technician, Fiber Field Technician
2028โ€“2030Phase 2: Network Engineering GrowthDesign enterprise VLANs, firewalling, automation (Ansible, Terraform), expand homelabCCNP Enterprise, CyberOps Associate, Azure/AWS AssociateNetwork Engineer, Security Operations Engineer
2030โ€“2032Phase 3: Architecture and AutomationStudy Cisco ACI, SDN, VXLAN/EVPN, hybrid cloud networkingCCNP Security, DevNet ProfessionalSenior Network Architect, Cybersecurity Engineer
2032โ€“2034Phase 4: Cybersecurity & AI InfrastructureFocus on AI cluster networking, Zero Trust, and data center automationCCIE Data Center, CISSP, DevNet ExpertCybersecurity Architect, AI Infrastructure Architect

๐Ÿงฑ Phase 1: Academic Foundation (2026โ€“2028)

Goal: Build strong networking and cybersecurity fundamentals while completing UTSAโ€™s BBA in Cybersecurity.

Focus Areas

  • Network architecture, subnetting, and VLANs
  • Virtualization with Proxmox and pfSense
  • Security fundamentals and risk management
  • Scripting with Bash and Python

Short-Term Certifications

  • ๐ŸŽฏ Cisco CCNA
  • โš™๏ธ CompTIA Security+
  • โ˜๏ธ AWS Cloud Practitioner

Experience Targets

  • Part-time IT or NOC position
  • Expand Proxmox enterprise network simulation
  • Document homelab projects using mdBook

๐Ÿš€ Phase 2: Network Engineering Growth (2028โ€“2030)

Goal: Transition into full-time network or cybersecurity engineering roles.

Focus Areas

  • Enterprise Layer 2/3 design and VLAN segmentation
  • Automation via Ansible and Terraform
  • Network monitoring and observability (Prometheus, Grafana)
  • Cloud networking and security integration

Key Certifications

  • ๐Ÿง  CCNP Enterprise
  • ๐Ÿ” Cisco CyberOps Associate
  • โ˜๏ธ Azure Network Engineer Associate

Roles

  • Network Engineer
  • Security Operations Engineer
  • Infrastructure Automation Specialist

๐Ÿงฉ Phase 3: Advanced Architecture (2030โ€“2032)

Goal: Develop advanced data center and security architecture skills.

Focus Areas

  • Cisco ACI (Application Centric Infrastructure)
  • VXLAN, EVPN, and SDN frameworks
  • Cloud-native network automation
  • Identity and Access Management across AD and Kubernetes

Certifications

  • ๐Ÿ“˜ CCNP Security
  • โš™๏ธ Cisco DevNet Professional
  • ๐Ÿงฉ CCIE Data Center (Written)

Career Path

  • Senior Network Architect
  • Cybersecurity Engineer (Automation Focus)

๐Ÿง  Phase 4: AI Infrastructure Leadership (2032โ€“2034)

Goal: Design and secure high-performance AI networks.

Focus Areas

  • AI cluster networking (InfiniBand, NVLink, RoCEv2)
  • Zero Trust architectures and multi-tenant security
  • High-throughput data center automation pipelines
  • AI security compliance and monitoring

Certifications

  • ๐Ÿ… CCIE Data Center (Lab Complete)
  • ๐Ÿ” CISSP or CCSP
  • ๐Ÿ‘จโ€๐Ÿ’ป DevNet Expert (Optional)

Career Path

  • Cybersecurity Architect
  • AI Infrastructure Architect
  • Principal Network Engineer (AI Systems)

๐Ÿงฐ Supporting Technologies in the Homelab

ComponentFunctionSoftware Used
Proxmox VE 9Virtualization and orchestrationVLANs, ZFS/Btrfs, nested VMs
pfSenseFirewall and gatewayVLAN routing, DHCP/DNS services
TrueNAS ScaleNetwork-attached storageiSCSI shares, NFS, SMB
Rocky Linux 10K8s nodes and AD clientsDocker, Kubernetes, Realmd
Windows Server 2025Domain ControllerAD DS, DNS, GPO, DHCP
Terraform / AnsibleAutomation and infrastructure-as-codeIaC deployment of VMs and configs

๐Ÿ“š Continuous Learning Resources

AreaRecommended Resources
Networkingโ€œNetwork Warriorโ€ by Gary Donahue, Jeremyโ€™s IT Lab (YouTube)
Linux / AutomationRHCSA Study Guide, Ansible, Terraform Docs
SecurityTryHackMe, HackTheBox, โ€œBlue Team Field Manualโ€
CiscoINE Labs, Boson ExSim, Cisco Learning Network
FiberFOA Online Certification, ETA Fiber Optics Training

๐Ÿ Final Vision

By combining formal education from UTSA, hands-on homelab architecture, and progressive Cisco certifications, my long-term mission is to design and secure scalable AI-driven network infrastructures.

Through this roadmap, I aim to evolve from a homelab engineer to an AI Infrastructure Cybersecurity Architect โ€” capable of building and defending intelligent, data-driven networks for the next generation of computing.

๐Ÿ—๏ธ Homelab Topology Overview

My homelab environment is designed to simulate an enterprise-grade network and cybersecurity infrastructure, fully virtualized on Proxmox VE 9 with pfSense, TrueNAS Scale, and multiple Linux and Windows VMs.
This environment is used for hands-on practice in Active Directory, network segmentation, Kubernetes, and infrastructure automation using Terraform and Ansible.

๐ŸŒ Network Architecture

VLAN IDSubnetPurposeGateway (pfSense)Example Systems
1010.0.1.0/24Management / Infrastructure10.0.1.1Proxmox, TrueNAS, pfSense LAN
2010.0.2.0/24Server / AD Network10.0.2.1Windows Server 2025 (DC), Rocky Linux AD Nodes
3010.0.3.0/24Kubernetes / DevOps10.0.3.1Rocky Linux K8s Master & Workers
4010.0.4.0/24Security / SIEM10.0.4.1Security Onion, Wazuh
5010.0.5.0/24Storage / Backup10.0.5.1TrueNAS Scale iSCSI, Backup nodes
9910.0.99.0/24Out-of-Band / Admin Access10.0.99.1Management terminals, monitoring tools

All VLANs are trunked through pfSense, which acts as the default gateway, DHCP/DNS provider, and inter-VLAN router.
Firewall rules and NAT policies are defined in pfSense to isolate or allow traffic between VLANs as needed for testing.

๐Ÿงฑ Virtual Machine Layout

VM NameOSvCPUsMemoryStorageVLANPurpose
pfsense-vmpfSense44 GB20 GBVLAN 10Core firewall, DHCP/DNS, routing
proxmox-veProxmox VE 95095 GB680 GB (Btrfs RAID0)VLAN 10Hypervisor hosting entire lab
truenas-scaleTrueNAS Scale416 GB100 GBVLAN 50Centralized storage, NFS/iSCSI
dc01-win2025Windows Server 2025 (Core)816 GB80 GBVLAN 20Active Directory Domain Controller
ad-node01Rocky Linux 1048 GB40 GBVLAN 20AD-joined Linux node
ad-node02Rocky Linux 1048 GB40 GBVLAN 20Secondary AD Linux node
k8s-masterRocky Linux 10816 GB60 GBVLAN 30Kubernetes control plane
k8s-worker01Rocky Linux 10816 GB60 GBVLAN 30K8s worker node
siem-nodeRocky Linux 10616 GB80 GBVLAN 40Wazuh or Security Onion SIEM server

๐Ÿงฉ Network Services Overview

ServiceProvided ByVLANDescription
DHCP / DNSpfSense10, 20, 30, 40, 50Dynamic addressing and domain resolution
Active Directory (AD DS)Windows Server 202520Domain Controller and central auth
LDAP / Kerberos IntegrationAD DS + Rocky Linux20SSO for Linux nodes and K8s
NFS / SMB / iSCSITrueNAS Scale50Centralized storage and VM backups
Kubernetes ClusterRocky Linux nodes30Container orchestration for apps
SIEM StackRocky Linux (Wazuh / Security Onion)40Security event monitoring and log analysis
Automation / IaCTerraform, Ansible10 / 30Automates provisioning and configuration

๐Ÿ”’ Security and Segmentation

  • pfSense enforces inter-VLAN policies โ€” for example, K8s nodes can reach AD for authentication but not directly access SIEM.
  • VLAN 99 is isolated for admin-only access to pfSense, TrueNAS, and Proxmox GUIs.
  • All traffic to the internet routes through pfSenseโ€™s WAN (bridged or passthrough NIC).
  • Firewall rules simulate Zero Trust segmentation, testing lateral movement prevention and network hardening.

โš™๏ธ Automation and Integration

  • Terraform provisions VMs, network bridges, and VLANs inside Proxmox.
  • Ansible configures systems post-deployment (networking, packages, K8s init).
  • LDAP / RealmD connects Linux systems to AD for central authentication.
  • TrueNAS shares storage via iSCSI/NFS for VM disks and backup volumes.
  • Kubernetes runs lab microservices and containerized testing tools.

๐Ÿง  Lab Use Cases

  • Practicing Active Directory and LDAP integration with Linux-based services
  • Simulating enterprise segmentation and security policy enforcement
  • Deploying Kubernetes and Terraform in realistic networked environments
  • Hosting SIEM and log correlation tools for threat monitoring practice
  • Running TrueNAS-based storage networks with VLAN-isolated traffic

๐Ÿงฉ Summary

This homelab provides a self-contained enterprise network ecosystem designed for hands-on learning in:

  • Network security architecture
  • Virtualization and infrastructure-as-code
  • Active Directory and domain management
  • Kubernetes and DevOps automation
  • Cybersecurity monitoring and analysis

Together, these systems form the foundation for my path toward becoming an AI Infrastructure Cybersecurity Architect โ€” blending networking, security, and automation into one cohesive platform for experimentation and professional growth.