cv: firemon: More details for FireMon projects

content/cv/firemon.md

@@ -15,16 +15,10 @@ from a single server to massive multi-node ecosystems.
 
 <!-- more -->
 
-# FMOS Generation II
+# FMOS: FireMon Operating System
+
+## Ansible Configuration Policy
 
-* Based on CentOS 7
-* Full-disk encryption using LUKS
-* Anaconda installer with custom addon for generating machine-specific LUKS
-  master key passphrase
-* Kickstart script for fully-automated installation
-* Used Koji to build RPM packages for first- and third-party software
-* Distribution included Ansible for configuration management
-* systemd units for controlling FireMon application services
 * Configuration policy for deployment of all FireMon software and
   third-party dependencies
 * Support for single-server and distributed deployments
@@ -46,13 +40,41 @@ from a single server to massive multi-node ecosystems.
 * Optionally configures *rsyslog* to send log messages to remote destinations
   over UDP, TCP, or TCP+TLS
 * Configures *tmux* to automatically launch at user login
-* …
 
-# FMOS Generation III
+## Deployment and Maintenance Tools
+
+* Python software for configuring and managing machines running FireMon
+  software (`fmos` command)
+* Critical functionality for application maintenance:
+  * Updating OS and software
+  * Backing up and restoring data
+  * Capturing diagnostic information for technical support
+  * Modifying configuration settings
+  * Managing server certificates and private keys
+* D-Bus daemon to handle privileged operations
+* Unprivileged command-line interface
+* HTTP API developed with FastAPI
+
+
+## Generation II Platform
+
+* Based on CentOS 7
+* Full-disk encryption using LUKS
+* Anaconda installer with custom addon for generating machine-specific LUKS
+  master key passphrase
+* Kickstart script for fully-automated installation
+* Used Koji to build RPM packages for first- and third-party software
+* Distribution included Ansible for configuration management
+* systemd units for controlling FireMon application services
+
+## Generation III Platform
 
 * Based on CentOS 7, later CentOS 8 (Stream)
 * Immutable SquashFS root filesystem image
-* …
+* Full-disk encryption using LUKS
+* Custom Dracut modules to verify image OpenPGP signature, mount as rootfs,
+  initialize LUKS-encrypted persistent data volume with LVM
+* Custom SELinux policy to confine FireMon software
 
 
 # DevOps Team Lead
@@ -112,3 +134,16 @@ from a single server to massive multi-node ecosystems.
 * Accessible via purpose-built, ultra-minimal Linux distribution (Kernel and
   Busybox only) delivered by network boot/PXE
 * Written in Rust
+
+
+# FireMon-as-a-Service
+
+* Cloud-hosted FireMon software deployment
+* Deployed backend infrastructure for federated authentication using OpenLDAP,
+  MIT kerberos
+* Followed Infrastructure-as-Code principles using Ansible
+* Developed custom integrated authentication solution for FireMon Security
+  Manager software to provide full-featured account and credential management
+  using Kerberos protocol (Authgate)
+* Python bindings for *mit-kerberos* using Cython
+