Live architecture diagram, asset inventory, recovery runbook, and PGP-signed infrastructure manifest generated from real-time recon of all nodes.
6-node edge infrastructure across 4 data centers. Oracle Cloud serves as proxy edge + database backend.
| Node | Role | IP | Status |
|---|---|---|---|
| VPS1 | Edge Gateway · Bot · Kernel | 82.153.68.56 | HARDENED |
| VPS2 | Landing Pages · Mail Server | 82.153.68.94 | MONITORED |
| VPS3 | Commerce · Stripe · License | 185.190.56.79 | MONITORED |
| VPS4 | WordPress Client Hosting | 82.153.68.89 | MONITORED |
| VPS5 | Database Backend | Oracle A | HARDENED |
| VPS6 | Database Replica | Oracle B | HARDENED |
Restart Bot: ssh root@82.153.68.56 && systemctl restart aegis-bot
Reload Nginx: ssh root@82.153.68.56 && nginx -t && nginx -s reload
Reload VPS2: ssh root@82.153.68.94 && nginx -t && nginx -s reload
DB Backup: sqlite3 /root/bot/data/aegis-universal.db ".backup '/root/backups/aegis-$(date +%F).db'"
Pipeline Status: ssh root@82.153.68.56 && tail -20 /var/log/aegis-nomen/pipeline.log
Production infrastructure currently running across 6 nodes. All services below are operational and available for client work. Live demonstration available on request.
Live demonstration available on request. All services are currently operational and can be shown in real time. Contact jared@aegis-sigma.com
Self-taught engineer with 20+ years of hands-on experience across web development, Android development, cybersecurity, and infrastructure. Everything I know came from building — not from a classroom.
Background: Started tinkering with website building in my 20s. Built custom computers from parts. Studied criminal justice in college — wanted to work cyber crime for the FBI, but didn't get hired. That rejection never stopped the passion. Took technology classes and computer graphics. Completed numerous Udemy courses in WordPress, Python, and Android development. Got familiar with Kali Linux and its security tools — that's what sparked the cybersecurity deep dive. Everything beyond that was self-taught through building real projects. The FBI dream didn't work out, but the work never stopped.
Android Development: 20 years of Android development experience — built and published applications, learned the platform as it evolved from the beginning. Deep understanding of mobile architecture, API integration, and user-facing application design.
Recent Work (Last Year): Started with ProBot — a WordPress security plugin concept. Over the past year, it evolved into Aegis-SIGMA — a full 6-node sovereign security infrastructure with custom AI model, self-hosted mail server, automated scanning engine, and autonomous sales agent. No VC funding, no team, no third-party API dependencies for core functions. Every server is manually hardened with iptables default-DROP policies. From a single plugin idea to a complete security platform in 12 months.
Certifications: None. The infrastructure is the credential — live, running, and demonstrable on demand. 166K training samples, 99.95% accuracy, 38 MCP-exposed tools, production mail server handling real DMARC enforcement. All built by hand.
Learning Method: Read the docs, build it, break it, fix it, ship it. No bootcamp, no degree required, no certification needed to prove I can deliver. This stack speaks for itself.
Philosophy: Sovereign infrastructure over cloud convenience. Every component is self-hosted — no surprise API bills, no vendor lock-in, no client data leaving owned servers. The model runs locally, the mail server is on-node, databases live on dedicated storage nodes. What costs others $2,000-5,000/mo in SaaS subscriptions runs here for ~$150/mo.
Every component in this stack was deliberately self-hosted. Here is why each decision was made.
AI Model (Self-Hosted RandomForest): Trained locally on 160K+ real traffic samples. No OpenAI/Claude API costs, no rate limits, no prompt injection risk, no data leakage to third parties. The model improves every 4 hours from live Shield classifications. API-dependent competitors pay per request and send client data through third-party servers.
Mail Server (Self-Hosted Postfix + Dovecot): Full control over deliverability, DKIM signing, DMARC enforcement. No SendGrid/Mailgun dependency — no per-email costs, no shared IP reputation, no terms-of-service risk. Outbound email goes directly to recipient MX servers.
Threat Intelligence (Self-Hosted Feeds): Pulls from CINS, FireHOL, Spamhaus, URLhaus, PhishTank, Tor exit lists, Blocklist.de — all free, all self-hosted. No commercial TI subscription needed. Combined with live Shield classification data for real-time threat adaptation.
Databases (Self-Hosted SQLite + PostgreSQL): No cloud DB costs. All data stays on owned infrastructure. Backups are controlled, encrypted, and stored on dedicated storage nodes.
Infrastructure (6 Bare-Metal Nodes): All servers are manually configured with iptables default-DROP policies. No cloud security groups, no managed Kubernetes, no serverless functions. Every rule is intentional.
The Cost Difference: This stack runs on ~$150/mo in server costs. Equivalent commercial services (SentinelOne + Cloudflare + SendGrid + OpenAI + AWS) would cost $2,000-5,000/mo and still send client data through third parties.
Custom-trained RandomForest classifier that lives entirely on-node. No API calls, no cloud dependency, no data leaving the server.
Training Data: 166,388 total samples (83,194 hostile, 83,194 clean). Sources include live Shield classifications, DNS blocklist (172K entries), honeypot traps, 8 external threat feeds, and MITRE ATT&CK-mapped cyber kill chain intelligence.
Performance: Accuracy 99.95%, F1 0.9995, precision 99.9%. Model size: 238KB. Retrains every 4 hours automatically with fresh data.
Pipeline: Shield classifies traffic -> event written to SQLite -> unified ingestion pulls from 21+ sources -> RandomForest trains -> model deployed. No human intervention required.
Why RandomForest over LLM: Deterministic, auditable, no hallucination. Every classification is traceable to specific training features. A blocked request stays blocked — no prompt injection, no jailbreak, no API outage.
A full-featured AI agent platform that runs locally, via SSH on VPS, or from a USB drive. Nomen is the breadwinner — it finds clients, analyzes their security posture, generates reports, and sends outreach autonomously.
The CLI Tool: The nomen chat command launches an interactive AI agent with full tool access. It can browse the web, search Google Maps/BBB/Clutch/Yellow Pages for leads, run DNS recon on any domain, verify email addresses, generate SWOT analysis reports, send email outreach, and track the entire sales pipeline — all from one terminal session. The agent chooses which tools to use based on the goal you give it.
MCP Server: Nomen also runs an MCP server on port 8101 exposing 38 tools via SSE transport. Any MCP-compatible client (Claude Desktop, Cursor, custom apps) can connect and use Nomen's capabilities through the standard initialize -> initialized -> tools/list handshake. Tools include find_emails, generate_swot, dns_recon, web_search, send_email, and 33 more.
Revenue Generation: Nomen is the primary income driver. It generates SWOT intel reports ($499), finds leads for WordPress security audits ($500-3,500), sends outreach emails for DMARC remediation ($150-400), and automates Google Workspace security cleanup ($70-300). Every service Nomen supports has been delivered to real clients and can be demonstrated live.
Capabilities: 38 MCP tools + CLI agent with web search, Google Maps/BBB/Clutch/Yellow Pages prospecting, DNS recon, email finding/verification, SWOT analysis, tech fingerprinting, automated email outreach, lead tracking, DMARC/SPF/DKIM audit, breach checking, SSL/TLS scanning, Shodan IP intelligence, VirusTotal reputation, Wayback Machine checks, and custom audit generation.
Portable: Runs from USB drive — plug into any Linux machine, run python3 nomen/cli.py chat, and the entire sales pipeline is available. All data syncs to VPS5 bridge. No installation, no cloud dependency.
Autonomous Mode: The daemon mode runs 24/7 on VPS1, harvesting leads every 30 minutes, checking goals, adapting strategy based on hit/miss rates. It learns which cities and business types convert best and adjusts its targeting automatically.
Results: 331 leads harvested, 68 outreach emails sent, 43 SWOT reports generated. Running continuously on a 30-minute cycle.
Stack: 38 MCP-exposed tools on port 8101, 3 bridge services on VPS5 (8899/8900/8901), Gemini/DeepSeek/LLama agent models, SQLite persistence. All self-hosted.