tommy/public/index.json

[{"content":"I’m currently open to new opportunities and eager to join a team in the U.S. or Canada as an employee. I do not take on freelance or contract work. For U.S. opportunities, I don’t require visa sponsorship at this time, though I may need it in the future. For Canadian opportunities, I will need an employer to apply for a work permit on my behalf. If you’re looking for a committed team member, let’s connect!\nWhat I Can Do # As a system administrator with 5 years of experience, I bring extensive expertise working with all three major Linux families—Red Hat, SUSE, and Debian—with a particular preference for Red Hat systems. While I am primarily a Linux administrator, I am also familiar with Windows systems and can handle tasks such as managing Active Directory.\nI prioritize creating secure and reliable systems, implementing measures like systemd hardening, container hardening, timely vulnerability patching for containers, attack surface reduction, and protecting systems from both external and internal threats.\nMost of my work is open source and available on GitHub. You can explore my server configurations on Metropolis Nexus\u0026rsquo;s GitHub to see my approach to system administration. For container security, I specialize in porting containers to Alpine Linux and performing daily rebuilds to ensure the latest patches are applied. Check out my work at Polarix-Containers, where I maintain a collection of OCI containers with enhanced protections.\nQualifications # I hold several professional certifications, including the Red Hat Certified System Administrator and Linux Foundation Certified Sysadmin, demonstrating my expertise in Linux system administration. For a full list of my certifications, please visit my LinkedIn profile. I am committed to continuous learning and plan to pursue additional certifications in the near future to further enhance my skills.\n","date":"23 September 2025","externalUrl":null,"permalink":"/posts/hire-me/","section":"Posts","summary":"","title":"I am open to work!","type":"posts"},{"content":"","date":"23 September 2025","externalUrl":null,"permalink":"/posts/","section":"Posts","summary":"","title":"Posts","type":"posts"},{"content":"","date":"23 September 2025","externalUrl":null,"permalink":"/","section":"Tommy's Space","summary":"","title":"Tommy's Space","type":"page"},{"content":"Hello! 👋\nI\u0026rsquo;m Thien, though you may know me as Tommy. With over five years of experience as a Linux system administrator, I specialize in managing a diverse range of Linux distributions, including Red Hat, Debian, SUSE, and Arch Linux. Recently, I\u0026rsquo;ve been diving into the world of containers and immutable distributions, which I find both innovative and exciting.\nLike most Linux users, I am an open source enthusiast and publish most of the projects made in my free time on GitHub. I also made a couple of small contributions to various projets as well.\nI host several services, such as Matrix and Mastodon, free of charge. If you\u0026rsquo;re curious, feel free to explore Metropolis Nexus, where you might find resources or services that suit your needs.\nTogether with friends I connected with through GrapheneOS, I co-author a blog, PrivSec.dev, where we explore topics related to privacy and security.\n","date":"2 September 2022","externalUrl":null,"permalink":"/posts/about/","section":"Posts","summary":"","title":"About Me","type":"posts"},{"content":" Matrix # The best way to contact me is through Matrix. My account is @tommy:metropolis.nexus. If you do not have a an account, you can sign up for one on my homeserver metropolis.nexus. I do not ask for your email address or any personal information for registration.\nTelegram # My Telegram is TommyTran732. I do not check it as often as I do with Matrix. When contacting me, please use the Secret Chat feature.\nEmail # If you prefer to reach out to me via email, my address is contact@tommytran.io. Aliases:\ntommy@metropolis.nexus tommy@privsec.dev Please use encryption if possible. My PGP key is available here.\nOther Accounts # Discord # TommyTran732 Linkedin # TommyTran732 For employers, please see Hire Me!\nTwitter # @TommyTran732 @PrivSec_Dev Git accounts # GitHub Metropolis GitLab Please by wary of anyone claiming to be me or using the handle \u0026ldquo;TommyTran732\u0026rdquo; reaching out to you. Chances are, they are an impersonator. You can always contact me via Matrix or Email for identity verification.\n","date":"2 September 2022","externalUrl":null,"permalink":"/posts/contact/","section":"Posts","summary":"","title":"Contact Information","type":"posts"},{"content":"These are some of my most notable projects. For a complete list, please visit my GitHub profile.\nPrivSec.dev # PrivSec.dev is a website created by me and a few friends to provide practical privacy and security advice for end users. Think of it as a shared blog focused on this topic.\nWe emphasize in-depth system configuration, security analysis, and software/hardware recommendations, prioritizing technical merits over ideologies or politics.\nPolarix Containers # Polarix Containers is a collection of OCI containers designed to enhance security compared to upstream builds.\nSome containers are daily rebuilds of upstream containers, while others are rebuilt from scratch using Alpine Linux or Red Hat UBI with unprivileged users, maintaining upstream compatibility. Most builds include hardened_malloc for added security.\nPolarix Containers serve as the foundation for my other projects, such as Metropolis.nexus.\nMetropolis.nexus # Metropolis.nexus is a collection of services I offer free of charge, including but not limited to:\nMatrix Mastodon Vaultwarden Redlib Traccar Stirling PDF Signature PDF The Metropolis-nexus GitHub organization contains repositories documenting the system\u0026rsquo;s setup. Key subprojects include:\nLinux Setup Scripts # These setup scripts are used on my Linux systems and include hardening configurations such as:\nRemoval of unnecessary packages Hardened boot parameters Hardened sysctl settings Kernel module blacklist from SecureBlue SSH client and server hardening Systemd hardening Installation of Hardened Malloc on Red Hat systems NTS setup Fedora CoreOS Ignition Files # These Butane/Ignition configuration files enable rapid deployment of Fedora CoreOS servers with the same hardening as the Linux Setup Scripts.\nThey also include systemd services to:\nInstall and update gVisor at boot Update containers in a Docker Compose stack daily NGINX Configs # My reverse proxy setup is available in this repository. It includes:\nTLS configuration with strong cipher suites A robust set of security headers Content security policies for various services ModSecurity configuration Systemd hardening for system services QubesOS scripts # My QubesOS scripts configure Qubes virtual machines with the same hardening as my Linux setup scripts, tailored for Qubes\u0026rsquo; unique environment. I also provide documentation on how I set up my daily driver — a ThinkPad P53 — with Qubes for maximum privacy and security.\nMicrosoft Egde Policies # Microsoft Edge can be one of the best browsers when configured properly, but it is privacy-invasive and has a large attack surface by default. My list of policies configures it for improved privacy and security.\n","date":"2 September 2022","externalUrl":null,"permalink":"/posts/projects/","section":"Posts","summary":"","title":"My Projects","type":"posts"},{"content":"","externalUrl":null,"permalink":"/authors/","section":"Authors","summary":"","title":"Authors","type":"authors"},{"content":"","externalUrl":null,"permalink":"/categories/","section":"Categories","summary":"","title":"Categories","type":"categories"},{"content":"","externalUrl":null,"permalink":"/series/","section":"Series","summary":"","title":"Series","type":"series"},{"content":"","externalUrl":null,"permalink":"/tags/","section":"Tags","summary":"","title":"Tags","type":"tags"}]