I'm a Network & Systems Engineer / Teaching Lab Aid focused on cybersecurity, network observability, and AI infrastructure. I build SOC tooling, MCP servers, and agent workflows that run on real production gear, not toy demos. I write about it at solomonneas.dev/blog.

• US based in Tampa, FL, near the beach.
• 📜 M.S. Cybersecurity Intelligence & Information Security at the University of South Florida.
• 🛡️ Building open-source SOC + threat intel tooling on bare-metal Proxmox.
• 🤖 Deep in multi-agent orchestration, MCP servers, and detection engineering.
• 🪢 n8n enthusiast, wiring up self-hosted automation for intel pipelines, monitoring, and SOC ops.
• 🧭 Currently exploring self-hosted AI stacks, network observability, and incident response automation.
• 📝 Writing regularly on my blog, Dev.to, Hashnode, CoderLegion, and X.
• 🗣️ Ask me about Proxmox migrations, network monitoring, MCP servers, OpenClaw, agent orchestration, and open-source SOC.
• ⚙️ Big believer in open source, dogfooding everything, and writing it down so the next person doesn't have to figure it out.
• 👨‍👧 Father, retired chef of 17 years, OSS contributor, and beach lover when I'm not on a screen.
• 🫶 If my work helped you, buy me a coffee or tip on Ko-fi.
• 📫 Reach me at me@solomonneas.dev · LinkedIn · X

Some of the projects I've built or maintain:

OpenClaw & Dev Tools

• 🔍 code-search-api - Local semantic code search with Ollama embeddings, SQLite, hybrid search, and LLM summaries.
• 🦞 solos-cookbook - Solomon's Guide to Cookin' with Gas: how one engineer runs a 24/7 multi-agent AI stack on bare metal. Opinionated. Dogfooded. Broken-and-fixed in production. Tested in service.
• 🍳 solo-mise - Mise en place for the cookbook. One pipx install lays down the agent kitchen: 6 profiles (repo, workspace, openclaw, hermes, generic, publisher), content scrubber, handoff scaffolding, and a memory ingester. Everything in its place before you start cooking.
• 📊 usage-tracker - Token usage and cost analytics for OpenClaw sessions across models.
• 📚 prompt-library - Dual-mode prompt management with browse/copy UI and a REST API for sub-agents.
• 🛂 content-guard - Policy-driven content scanning and publish checks.
• 🩺 memory-doctor - Maintenance CLI for the Claude Code / OpenClaw memory system. Status, lint, ingest, and compact verbs with dry-run defaults, atomic writes, and path-safety on every mutation.

Security & Threat Intelligence

• 🛡️ cyberbrief - AI threat intel briefings with BLUF reports, ATT&CK mapping, and IOC extraction.
• 🔍 bro-hunter - Threat hunting for Zeek and Suricata logs with beaconing detection and MITRE mapping.
• 🔬 intel-workbench - Threat intel analysis with ACH matrices, evidence weighting, and STIX export.
• 📖 hotwash - SOC playbook parser with mermaid diagram generation and Wazuh alert ingestion.
• 🏗️ soc-stack - Full SOC architecture covering MCP servers, detection pipelines, and deployment playbooks.

MCP Servers

• 🧠 cortex-mcp - Observable analysis for IOCs, reports, and response actions.
• 🛡️ wazuh-mcp - SIEM access for agents, alerts, rules, and decoders.
• 🔬 misp-mcp - Threat intel search, IOC correlation, and STIX/Suricata/CSV export.
• 🐝 thehive-mcp - Incident response workflows for cases, alerts, tasks, and observables.
• ⚔️ mitre-mcp - MITRE ATT&CK technique mapping, threat group profiling, and detection gap analysis.
• 🔎 zeek-mcp - Network monitoring access for connection, DNS, HTTP, and SSL logs.
• 🦔 suricata-mcp - IDS/IPS workflows for managing rules, querying alerts, and analyzing traffic.
• 🕸️ maltego-mcp - Maltego graph authoring and OSINT lookups for whois, DNS, ASN, and crt.sh.
• ⚙️ n8n-ops-mcp - Ops control for n8n workflows, validation, and execution lifecycle.
• 📮 postiz-mcp - Postiz social scheduling control with full public-API coverage, env-gated writes, and a 30/hr rate-limit guard.
• 🧱 adguard-mcp - AdGuard Home control across one or more instances with 28 tools across read, safe-write, and destructive tiers: status + stats, query log, filter lists, user rules, client CRUD, blocked services, safesearch/safebrowsing toggles, query-log clear, stats reset. Three-tier confirm gates, basic-auth redaction, multi-instance env config.
• 🖥️ proxmox-mcp - Proxmox VE control with 12 tools across read + safe-write tiers: status, container + VM lifecycle, snapshots, backups, recent tasks. Token auth, undici TLS-insecure dispatcher, multi-match ambiguity guard.
• 📡 librenms-mcp - LibreNMS network monitoring control with 10 tools: device + port + alert reads, port health rankings, alert ack, maintenance windows. Token auth, undici TLS-insecure dispatcher, LibreNMS spec format validation.

Network & Infrastructure

• 🔭 watchtower - NOC dashboard with interactive topology, L2/L3 views, and LibreNMS/Proxmox integration.
• 🔌 portgrid - Switch port visualization for LibreNMS with color-coded views and instant search.
• 🔒 proxguard - Proxmox firewall rule visualization with conflict detection and rule simulation.
• 📶 eero-cli - Tiny CLI for the eero mesh API with non-interactive SMS auth, regex/MAC filtered device listing, and bulk blocking.
• 🐧 samba-ad-migration - Windows AD to Samba file share migration scripts for Proxmox.

Media Automation

• 📺 media-cli - Single-file bash CLI for Sonarr, Radarr, Prowlarr, qBittorrent, Bazarr, Jellyseerr, and Tdarr.
• 🎬 jellyfin-mcp - Control Jellyfin from LLMs with playback sessions, library scans, user admin, and 20 MCP tools.
• 🎞️ reelgrep - Local video search and analysis: ffprobe metadata, frame sampling, contact sheets, Whisper transcription, prose-transcript alignment, FTS5 subtitle search across the whole library, pluggable person-finding, and a local browser UI.
• 🔍 reelgrep-mcp - MCP wrapper for reelgrep so agents can answer "which lecture mentioned X?" with citation-formatted timestamps from your local video library.

Streaming & OBS

• 🎛️ deckctl - Cross-platform declarative driver for the Elgato Stream Deck. One YAML config, hot reload, daemon for Linux + Windows, OBS execution + live state indicators, auto profile switching driven by the focused window. No Elgato app required.
• 🎥 obsctl - kubectl-style multi-host wrapper around grigio/obs-cmd for managing OBS Studio across multiple machines from one CLI. Define hosts once, then obsctl studio recording toggle or obsctl laptop scene switch "Camera".

Currently Contributing To

• 🧃 vincentkoc/tokenjuice - Lean output compaction for terminal-heavy agent workflows.
• 📝 steipete/summarize - Fast summaries from URLs, files, and media. CLI + Chrome Side Panel + Firefox Sidebar with video slides, OCR, and transcript extraction.
• 📬 steipete/gogcli - Google Suite CLI for Gmail, Calendar, Drive, and Contacts.
• 🦞 openclaw/openclaw - Agent harness and CLI that runs my entire multi-agent stack on bare metal.
• 🦞 openclaw/plugin-inspector - Offline compatibility inspector for mocking OpenClaw and testing plugins.
• 🔌 openclaw/acpx - Headless CLI client for stateful Agent Client Protocol (ACP) sessions.
• 💬 steipete/discrawl - CLI for Discord with a SQLite backend.
• 🎭 microsoft/playwright - Cross-browser automation and testing framework, including the Playwright MCP server for agents.

I'm always open to building, contributing, collaborating, and chatting. Feel free to reach out.

Infrastructure Migrations

• 💰 How I Migrated 6 Servers from VMware to Proxmox and Saved $343K
• 🖥️ I Migrated Our Entire Infrastructure from Hyper-V to Proxmox
• 💿 Replacing SCCM with FOG Project

SOC & Security Operations

• 🛡️ I'm a Lab Assistant. So I Built My Own SOC
• 🧩 I Built 7 MCP Servers for Security Tools. The Protocol Was the Easy Part.

Network Engineering

• 📡 A Fiber Cut at 2 PM Taught Me Why I Needed to Build Watchtower
• 🎓 3 Days, 18 Hours: What I Learned at NDG's Proxmox Workshop

Agents & AI Infrastructure

• 🤖 Anthropic Broke My OpenClaw Stack. GPT 5.4 Put It Back Together