Available for co-op, internships & infrastructure roles

Built for the Field

Hardened. Recoverable. Offline-first.

Andrew Castor

Infrastructure & Cloud Security Engineer

Cybersecurity student heading into UCF's NSA-designated cybersecurity program with 2 years of hands-on infrastructure and healthcare IT work experience. Having built hardened Linux deployments, multi-site networks, and offline-first clinical systems for volunteer medical missions; the kind of constrained, high-stakes environments that translate directly to cloud security and cleared work opportunities.

View Projects Resume

andrew@castor:~

$ whoami

infrastructure_engineer

$ cat ./profile.json

{

"focus": "infrastructure security",

"location": "Orlando, FL",

"school": "UCF · Fall 2026",

"stack": ["linux", "tls", "rbac", "azure"],

"clearance": "eligible"

}

$ systemctl enable --now andrew.service

● active (running)

[Flagship Project]

MMDM OpenEMR — Offline-First Clinical Platform

Deployed 2026 · Ongoing

Medical Missionaries of Divine Mercy · Houston → Costa Rica · 2024–Present

Self-hosted EMR built to run a six-station volunteer clinic in a Costa Rican parish hall with no internet, no cloud, and no public DNS. Migrated off a corrupted XAMPP environment to a hardened Ubuntu / Apache / MariaDB / PHP stack with a private certificate authority, daily backups, and bilingual Spanish/English clinical forms. Deployed at the April 18–25, 2026 mission in Grano de Oro, Costa Rica; next field deployment 2027.

Clinical Stations

Patients in 40 hours

Users Trained

Operations Posture

Problem

Corrupted Windows XAMPP stack with Aria storage engine failure. Paper forms across six clinical stations. No backups, no encryption, no recovery path. Mission-critical with zero connectivity guarantee.

Solution

Clean rebuild on Ubuntu 22.04 + Apache + MariaDB 10.6 + PHP 8.1. Private CA for offline TLS. UFW-hardened LAN posture. Daily cron backups with 30-day rotation. VirtualBox snapshot recovery.

Impact

Replaced 20+ years of paper workflow with structured clinical data. HIPAA-aligned posture. Recoverable from hardware failure. Designed for volunteers to redeploy at any mission site without a network engineer present.

Ubuntu 22.04ApacheMariaDB 10.6PHP 8.1OpenEMR 7.0Private CA · OpenSSLUFWBash · CronNetplanRBAC

Read full case study

[Technical Capabilities]

What I Work With

Infrastructure & Linux

Ubuntu ServerApache · NginxMariaDB · MySQLVirtualBoxWi-Fi 6 MeshLAN/WANNetplan · DHCP/DNS

Security

Private CA · OpenSSLTLS · HTTPS hardeningUFW · iptablesRBAC · ACLsEntra IDLeast PrivilegeHIPAA-aligned posture

Cloud & DevOps

Azure · Entra IDSharePoint syncAWS (learning)Bash · CronPowerShellGit · GitHub

Application & Data

PHP 8.1PythonSQL · MariaDBOpenEMR · LBFHL7 (planned)TensorFlow Lite

Certifications

CompTIA Security+CompTIA Network+Google IT Support Azure AZ-500(in study)

[Other Work]

Additional Projects

foreCastor

Private

Finance · Personal

A PIN-locked personal finance tracker with live bank integration, spending analytics, and a long-term savings goal engine — built entirely for personal use.

Connected to the bank via the Plaid API to automatically import, normalize, and categorize transactions without manual entry.
Tracks a long-term savings goal with a compound-growth projection chart and a target date that changes color based on whether you're on pace.
Per-category monthly spending limits with live progress bars that shift from teal to amber to red as you approach and exceed your budget.
Scans transaction history to detect recurring charges and suggests adding them to your fixed expenses list automatically.
31 unlockable achievements tied to real savings milestones, income streaks, and usage habits — with rarity tiers styled after Steam.

Next.js 15TypeScriptTailwind CSSCloudflare PagesSQLitePlaid API

Emergency Evacuation Guidance Device

Prototype

Embedded · IoT

ENGR 1201 · Houston City College · Spring 2026

Handheld emergency evacuation device that computes and displays real-time escape routes from live temperature sensor data. Routes rebuild automatically as heat develops; reroutes around blocked zones, escalating through warning states, and triggering Shelter-In-Place when all exits are blocked.

5 DS18B20 probes on a shared 1-Wire bus monitor 10 building zones (6 rooms, 2 hallways, 2 exits), streaming one CSV line per second to the Pi over USB-serial at 115,200 baud.
Dijkstra's algorithm via NetworkX rebuilds the optimal evacuation route in under 1 ms on every sensor state change; edge weights are dynamically scaled by zone temperature.
D-pad navigation drives a top-down Pygame floor plan; RGB LED and piezo buzzer mirror the active threat state in real time.

Raspberry Pi 4ESP32Python · PygameNetworkXUSB-SerialSystemd

Fall Detection System

Prototype

AI · Edge

Flutter safety monitor app connected over BLE to an ESP32 sensor hub — the BLE link handles the deploy signal with fallback behavior defined for out-of-range or battery-dead scenarios. TensorFlow Lite classifies accelerometer, gyroscope, and barometric altitude readings on-device to detect freefall, abrupt impact, or severe rotation; tuned for low false positives. Triggers an immediate audible alarm and a servo actuator for physical deployment. Live dashboard shows altitude, heading, temperature, GPS lock, detection probability, and raw sensor waveform. Timestamped event logging for post-incident review; crash and sensor-loss events are also logged for reliability improvement. Edge inference, no cloud round-trip.

TensorFlow LiteFlutterESP32BLEPythonRaspberry Pi

air.grid - Live U.S. Air Quality & Emissions

Live 2026

Geospatial / Data

Live U.S. air quality and industrial emissions atlas built in one day using Claude Code's multi-agent system. Parallel ingestion agents pulled from 6 federal data sources; a geo-matcher joined 108,336 schools to their nearest emitters using scipy cKDTree; a QA agent validated before deploy. Stack: Next.js, MapLibre, deck.gl, Python. 268,980 facilities, 15,897 live sensors, real proximity joins — no mock data.

Built in one day, 1, June 2026 · air.andrewcastor.dev

Next.js 14TypeScriptTailwindMapLibre GLdeck.glRechartsPythonscipy cKDTreeVercel

Splunk SOC Home Lab

In Progress

Security Lab

Self-hosted Splunk environment for log ingestion, detection rule writing, and SOC triage exercises. Pairs with TryHackMe SOC L1 path.

SplunkSIEMDetection Eng

More on GitHub

Coursework, lab repos, automation scripts, and works-in-progress.

github.com/osakhra →

[Contact]

Build systems that hold up.

I am open to infrastructure, security, and field deployment roles — internships, co-op, contract, or full-time.

LinkedIn GitHub