Transmission Copied to Clipboard
Tima Nlemvo Avatar

Tima Nlemvo

Systems Engineer | Infrastructure & Networking | Automation & Cloud Implementation

I don't just build systems; I engineer resilience. With over 7 years of operational experience managing high-stakes infrastructure for industry leaders, I establish excellence through technical implementation.

01. Professional Alignment Matrix

Identity Management (IAM)

Active Directory, Google Workspace, User Access Governance.

Authentik: Centralized OIDC/SAML, MFA Enforcement, and SSO bridging for all cluster services.

Infrastructure Reliability

Backup solutions, Patching schedules, Enterprise Imaging.

Proxmox VE & ZFS: Atomic snapshots, self-healing file systems, and real-time telemetry.

02. Operational Index: Active Fleet Status

Node-A: Falcon

ACTIVE

Strategic Role

AI / Compute / Automation

View Deep-Dive Spec →

Node-B: Corvette

SHIELDED

Strategic Role

Data Vault / Security Hub

View Deep-Dive Spec →

Node-C: Go-zanti

GATEWAY

Strategic Role

Networking / Edge Gateway

View Deep-Dive Spec →

03. The Holocron: Technical Archive

Operational logs from the front lines of infrastructure engineering.

Signal Encryption Active
Archive Status: Encrypted
Coming Soon

Briefing Room // Tactical Tour

Looking for an engineer who treats every project with the rigor of a production data center? I am happy to hop on a screen-share for a "Guided Tour" of the Alliance Fleet.

LinkedIn // Pilot ↗

The Alliance Fleet: Deep-Dive

Technical Specifications // Private Cloud Infrastructure v2.0

Operational Philosophy

"This infrastructure is built on a Measure Twice, Cut Once philosophy. It is not merely a collection of servers; it is a production-grade simulation designed to bridge the gap between IT Operations and Systems Engineering."

I. Physical Architecture

Millennium Falcon (Node A)

  • CPU: Intel Core Ultra 9
  • RAM: 64GB DDR5
  • GPU: RTX 4000 SFF ADA (20GB VRAM)
  • Workloads: Ollama, ComfyUI, n8n.

CR90 Corvette (Node B)

  • CPU: AMD Ryzen 7 PRO (ECC)
  • RAM: 64GB DDR5 ECC
  • DISK: 4TB ZFS Mirror
  • Workloads: Wazuh SIEM, Vaultwarden.

Go-zanti (Node C)

  • CPU: Intel Core i7-7700
  • MOD: Custom 2.5GbE NIC
  • NET: OPNsense Edge Gateway
  • Workloads: AdGuard, DNS filtering.

II. Network Architecture

NetworkVLANIP RangeStrategy
LAN (Mgmt)Native192.168.10.0/24Hypervisors, switch, OPNsense UI.
SERVERS10192.168.1.0/24AI Models, SIEM, Databases.
IOT20192.168.20.0/24Isolated (No lateral access).
GUEST30192.168.30.0/24Isolated WiFi (No lateral access).

III. SIEM & Identity Core

The Watchtower (SIEM)

Security is a process. Utilizing Wazuh for brute force detection and FIM, with Grafana dashboards for resource telemetry.

Identity Core (IAM)

All internal services protected behind Authentik SSO/MFA. Zero Trust gateway enforced via Nginx Proxy Manager.

IV. Automation & AI Ops

The Tactical Droid (n8n)

API orchestrator for fleet maintenance and automated response logic.

View Logic JSON 
{
  "name": "Wazuh to OPNsense Block & Discord Alert",
  "nodes": [
    {
      "parameters": {
        "httpMethod": "POST",
        "path": "wazuh-alert"
      },
      "name": "Wazuh Webhook",
      "type": "n8n-nodes-base.webhook"
    },
    {
      "parameters": {
        "conditions": {
          "string": [
            {
              "value1": "={{ $json.data.srcip }}",
              "operation": "notContains",
              "value2": "192.168."
            }
          ]
        }
      },
      "name": "Safety Filter (Allowlist)",
      "type": "n8n-nodes-base.if"
    },
    {
      "parameters": {
        "method": "POST",
        "url": "https://<OPNSENSE_IP>/api/firewall/alias_util/add/<ALIAS>",
        "bodyParameters": {
          "address": "={{ $json.data.srcip }}"
        }
      },
      "name": "OPNsense API (Block IP)",
      "type": "n8n-nodes-base.httpRequest"
    },
    {
      "parameters": {
        "url": "<DISCORD_WEBHOOK_URL>"
      },
      "name": "Discord Alert",
      "type": "n8n-nodes-base.httpRequest"
    }
  ]
}

Private AI Stack

A local LLM inference stack using Ollama and AnythingLLM running on the Node A GPU. This allows for private RAG (Retrieval-Augmented Generation) operations on sensitive documentation without data leaving the perimeter.

The Holocron Logs

Coming Soon

Technical mission reports under encryption lock.

StatusLocked
Level5
SignalActive
LogPending
Tima Nlemvo Avatar

The Engineer Behind the Fleet

I design infrastructure for how it behaves in reality — under load, under failure, and under operational constraints.

My career spans over seven years operating and stabilizing complex enterprise environments across media, technology, and high-pressure production teams. In roles at Team Liquid, Stagwell, and Creative Artists Agency, I served as a senior escalation point responsible for keeping systems reliable, secure, and predictable while supporting executive users and globally distributed teams.

That experience shaped my core belief: resilience is engineered, not improvised.

Operational Philosophy

I don’t just build systems — I design for longevity, clarity, and failure tolerance.

  • • Designing fault domains before deploying workloads
  • • Treating identity and network boundaries as foundational controls
  • • Favoring explicit trust and default-deny over convenience
  • • Making observability and documentation first-class components
  • • Automating to reduce cognitive load, not just manual effort

These principles were forged in enterprise environments where outages or ambiguity had immediate consequences.

Operational Record

Team Liquid // IT Systems Specialist // 2023 – Present

Operate and support production systems for competitive gaming and corporate environments, serving as a Tier III escalation point across identity, endpoints, and core infrastructure. Administer access governance for 200+ users.

Stagwell // Senior Infrastructure Engineer // 2021 – 2023

Sustained high reliability across enterprise IT systems and cloud applications while managing macOS and Windows fleets using JAMF Pro and Intune. worked closely with security teams to enforce policy.

Creative Artists Agency (CAA) // Service Desk Lead // 2019 – 2021

Primary escalation owner for global asset lifecycle management and Active Directory infrastructure. Led service operations while optimizing identity workflows and escalation paths.

The Alliance Holocron

The Alliance Holocron is a continuation of how I’ve always approached systems — not a hobby lab, but a documented, production-style environment.

Within it, I design and operate a multi-node, high-availability infrastructure where I validate architectural decisions around fault isolation, network segmentation, identity control, and telemetry. Every component is documented with intent, mirroring the standards I followed in enterprise roles.

Command Frequency

LinkedIn // Pilot ↗

Active Stack

  • • Proxmox / ESXi
  • • Terraform / Packer
  • • OPNsense / VLANs
  • • Authentik / MFA
  • • Wazuh SIEM