Infrastructure Portfolio

Infrastructure Engineer

// Infrastructure · Observability · Security Operations

Four projects built across ten weeks in early 2026 using an AI-assisted development method — one produced findings shared privately with a legal action group pursuing a fraud case, one monitors real-time Ethereum event streams for anomaly detection, one runs distributed node infrastructure with full observability, and one automated the tools that started it all.

View Projects GitHub ↗
DEMO-READY // All projects can be run live on a Linux CLI environment
CLEARANCE ELIGIBLE // Australian Citizen · Stable 17yr Employment History · Melbourne
4
Projects
18+
Technologies
15
Investigation Reports
Apu Saha

Apu Saha

Self-taught infrastructure engineer building infrastructure systems, observability pipelines, and automation tooling.

I didn't come from tech. I built my way into it. And I'm not finished.
Background Self-Taught
Location Melbourne, AU
Email [email protected]
LinkedIn linkedin.com/in/apusaha990
// ORIGIN STORY — HOW I WAS FORGED

I came from restaurant kitchens. Seventeen years of nights, weekends, and double shifts across Melbourne — the kind of work where you learn endurance, precision, and how to perform under pressure before you learn anything else. When COVID hit in 2020, I lost my job overnight. I moved into food manufacturing. Long shifts, heavy work, leading teams in zero-tolerance regulated environments where a process failure had real consequences for real people.

My back, knees, and wrists started breaking down. I was spending money I didn't have on physio just to stay functional enough to show up the next day. I spent time studying Forex — building scripts, backtesting strategies, learning risk management and pattern recognition. The losses taught me something more valuable than the wins: humility, and the real cost of shortcuts.

In late 2024, at 40 years old, I invested in a blockchain project. It turned out to be a scam. I lost money. That period is behind me — my finances are stable and that chapter is closed. But instead of walking away, I wanted to understand exactly how it happened — where the money went, how the fraud was structured, who was behind it. That decision changed everything.

A community member helped me run my first Linux node. I had never touched Linux before. I was 40 years old, working full time in a factory, raising a daughter, and learning infrastructure at midnight after shifts. Something clicked.

I rebuilt nodes from scratch. I debugged failures alone with no mentor and no team. I used Claude (an AI assistant) as my development partner throughout — I described problems, Claude generated starting points, I deployed, found what broke, applied fixes, and iterated until stable. I own the architecture decisions, the debugging, and the judgement about when something is reliable enough to trust. Even after the project collapsed and the scam was exposed — I didn't stop.

I built a forensic investigation tool to trace where the stolen funds went. I shared my findings privately with a small group of people pursuing legal action against the fraudsters — members of that group are in direct contact with US legal counsel. Fifteen investigation reports produced. I chose to do something useful with what happened rather than walk away from it.

Working in kitchens taught me to perform under pressure without losing precision. Factory floors taught me resilience and consistency. Fatherhood taught me to think in decades, not weeks. Loss taught me to question every assumption. Those lessons show up in every system I build.

// P-00 Pre-Forge Operator Toolkit — from real broken nodes, failed syncs, and a community that needed tools that actually worked.
// P-01 MultiSig Treasury — built to understand what a community should have demanded before handing over their money.
// P-02 OmniNode — ran nodes on a failed project. When I rebuilt it, I used real chains and made it actually work.
// P-03 TX Monitor — wanted to see how money moves before it hits a block — what exchanges see that regular users don't.
// P-04 Neural Trace — from a personal loss. Built a forensic tool, shared findings privately with a legal action group pursuing the case.

I didn't come from tech. I built my way into it at 40 — with problems I had to solve, systems I had to fix alone, and a refusal to walk away from things that were hard.

I am not finished.

01

Projects

00
BASH · LINUX · REAL PROBLEMS

Pre-Forge Operator Toolkit

A collection of 23 tools built while running real blockchain node infrastructure for a community of operators who had never touched Linux before. No textbook. No course. Just real problems showing up — broken nodes, corrupted data, failed syncs, permission errors — and tools written to fix them.

Every tool here was deployed back to real community members. Some were rewritten multiple times when they failed in the field. Some were deleted entirely when they weren't good enough. What's here is what actually worked.

When the project turned out to be a scam, the work remained — and so did every lesson that shaped the projects that followed.

  • Six node installers — from a simple single-file setup to a self-healing installer that detects when a download link breaks, asks for a new one, and rewrites itself automatically
  • A Linux performance tuner with full undo capability — every setting it changes is backed up first so it can be reversed completely
  • A sync progress calculator, a connection quality checker, and a port checker — all built to diagnose live node problems fast
  • A database corruption scanner that finds damaged files after a hard crash, removes them from the node, and keeps them isolated so they can't cause further damage
  • Backup, restore, and a shared sync tool so operators who fell behind could skip days of waiting and jump straight to the current state
  • A browser-based fraud tracker that follows money across 15 different networks — became the starting point for Neural Trace
Pre-Forge terminal output
GitHub
// Tools Used
Scripting
Bash
Environment
Ubuntu Linux
Containers
Docker + Compose
Database
RocksDB
Node Comms
JSON-RPC
Alerts
Discord Webhooks
Web
HTML · JavaScript · SheetJS
// What This Proves
Every skill here was learned by fixing something that was broken — with AI as the only teacher and real broken infrastructure as the classroom. Someone reported a problem, I fixed it, I wrote a tool so it wouldn't happen again. This is where everything else started.
01
Multi-Party Authorisation · Smart Contract Security · Live Deployment

MultiSig Treasury Wallet

A shared wallet where no single person can move money alone. Two out of three owners must agree before any transaction goes through. Built from scratch — not using an existing tool — to understand exactly what this type of security is doing at the rules level. Deployed live and publicly verifiable.

  • Two out of three owners must approve any payment — one compromised account can never move money alone
  • Three steps to complete a payment: propose it, approve it, send it. Once sent it cannot be repeated by accident
  • Owners can be added or removed without rebuilding the whole wallet from scratch
  • Deployed live — anyone can look up the rules the wallet runs on and verify they haven't been changed
  • A real critical bug was found and fixed before it could cause permanent damage — an emergency freeze that locked the owner out of their own wallet with no way back in
  • 25 automated checks run before any change can go live — broken code is blocked automatically
MultiSig terminal output
GitHub
// System Layers
Contract
Solidity 0.8.28
Network
Ethereum Sepolia · Alchemy RPC
Interface
React · MetaMask · Ethers.js v6
Monitoring
Node.js · WebSocket event listener
Metrics & Alerts
Prometheus · Discord Webhooks
CI/CD
GitHub Actions · 25-test gate · Etherscan verification
// What This Proves
Built from scratch to understand how shared financial security actually works — not just how to use it. A real critical bug was found, diagnosed, and fixed before it could have caused permanent loss. 25 automated checks enforce that nothing broken can reach a live environment. The wallet is deployed and publicly verifiable by anyone.
02
Node Operations · Automation · Live Monitoring

OmniNode Infrastructure Manager

A system that runs two live blockchain nodes on one machine — Bitcoin and Ethereum — watches them around the clock, sends an alert the moment something goes wrong, and lets you control everything with one simple command. Nine separate parts working together. All automated. No manual checking required.

  • Bitcoin and Ethereum nodes running at the same time on one machine — resource limits set automatically based on what hardware is available
  • One command to start, stop, restart, or check the health of all eight parts of the system at once
  • A live dashboard showing the status of every node, how far through the sync it is, how many connections it has, and alerts when something goes wrong
  • Spins up a cloud server with the correct settings and storage attached — one command, no manual steps
  • Sets up a fresh server from scratch automatically — 22 steps, zero manual work required
  • Setup files included to run the whole system on a shared server cluster — tested and documented
OmniNode terminal output
GitHub
// Tech Stack
Data Source
Bitcoin testnet · Ethereum Sepolia · Lighthouse beacon
Ingestion
Bitcoin RPC · Geth RPC · Lighthouse HTTP API
Processing
Python exporter · Health checks · Normalisation
Core Logic
Multi-node orchestration · Node monitoring engine
Storage / State
Prometheus TSDB · Node state files
Output / Delivery
Grafana dashboards · Alertmanager · Discord Webhooks · GitHub Actions
// What This Proves
Two live blockchain nodes running simultaneously on one machine — managed, monitored, and automated from scratch. A custom alert bridge built from 40 lines of code because the ready-made option had a bug that made messages arrive broken. Cloud server setup and fresh server configuration both automated and dry-run tested without needing a real account. Everything was built by running it and fixing what broke.
03
Live Monitoring · Anomaly Detection · Financial Activity

Real-Time Blockchain(ETH) Txs Monitor

A system that watches every Ethereum transaction the moment it appears — before it's confirmed. Every transaction gets scored automatically. Unusual activity fires an alert. Money moving in circles gets flagged. Runs continuously with no manual checking required. Two display modes: a live scrolling feed or a structured dashboard with panels and totals.

  • Picks up every transaction the moment it appears on the network — before it's confirmed
  • Every transaction gets scored across five levels from ignore to critical — most serious always wins
  • Two separate unusual-activity watchers: one for sudden bursts of transactions, one for fees running high over time
  • Detects money moving in circles — follows the chain up to five steps back within the last hour, reports each unique loop once
  • Spots transactions routed through hidden channels to avoid public visibility — flagged automatically
  • Live dashboard or raw scrolling feed — you choose when you start. Runs with no screen or manual watching needed.
  • 70 real transactions built into a demo mode — no account needed, produces real output every time
TX Monitor terminal output
GitHub
// Tech Stack
Data Source
Ethereum Mainnet · CoinMarketCap price feed
Ingestion
Alchemy WebSocket · Python asyncio
Processing
Filter chain · Anomaly detection
Core Logic
Custom Python pipeline · Rolling window analysis
Storage / State
SQLite
Output / Delivery
Python Rich dashboard · Prometheus · Grafana · GitHub Actions
// What This Proves
A live financial monitoring system built from scratch and tested against real Ethereum network traffic. Two detection systems running in parallel with different logic — because a sudden burst and sustained high fees are different problems. A money loop detector that walks a live map using graph traversal. Demo mode built with real transactions so the system can be shown working without any account or credentials.
04
FORENSIC INTELLIGENCE · FINANCIAL CRIME · AI-ASSISTED DEVELOPMENT

Neural Trace

A blockchain forensic investigation tool built to trace where my stolen funds went. Performs seven-hop forward wallet traversal and five-step origin tracing backwards across the Ethereum network. Findings shared privately with a small legal action group — members in direct contact with US legal counsel. Fifteen investigation reports produced. Operator-driven — run on demand, not unattended.

  • Follows money forward from one wallet — maps every wallet the money touched, up to 7 steps deep, automatically
  • Works backwards too — finds where the money came from, including which exchange it passed through
  • Watches all traced wallets over 48 hours or 7 days for new activity — spikes, structuring patterns, and wallets that were inactive for months before suddenly moving
  • Automatically labels every wallet by what it's doing: collecting, passing through, mixing, bridging, or sitting at an exchange waiting to be cashed out
  • Generates a Word document report — structured tables, wallet records, and a written summary of findings. Shared privately with a legal action group pursuing the fraud case.
  • Login-protected — credentials are handled on the server, never visible in the browser source
  • 38 automated checks run on startup — the system confirms everything is working correctly before any investigation begins
Neural Trace terminal output
Private Repo

// Repository private — architecture walkthrough available on request or during interview.

→ View Redacted Case File
// Tech Stack
Data Source
Etherscan API v2 · CoinGecko price feed
Ingestion
Python 3.11 · Node.js server · SSE streaming
Processing
7-hop graph traversal · Pattern recognition · Dormancy detection
Core Logic
Behavioural wallet classification · 76 known exchange registry · Structuring detection
Storage / State
JSON file system · DOCX report generation
Output / Delivery
Browser dashboard · Word documents · Attorney-ready reports
// What This Proves
Built from personal financial loss. Forensic analysis applied to live Ethereum mainnet data. Findings shared privately with a legal action group whose members are in direct contact with US legal counsel. Fifteen investigation reports produced. Built and iterated using AI-assisted development — problem identification, architecture decisions, and operational testing are my own.
02

Skills Matrix

// Infrastructure
  • Docker + Docker Compose
  • Linux Administration (Ubuntu)
  • Bitcoin Core Node Ops
  • Geth (Ethereum) Node Ops
  • Kubernetes (Minikube — local)
  • Terraform (IaC — local development)
  • Ansible (Config Management)
  • Bash scripting (automation)
  • systemd + cron + SSH
// Observability
  • Prometheus (metrics collection)
  • Grafana (custom dashboards)
  • Alertmanager (alert routing)
  • Discord webhooks
  • Container log export (timestamped, auto on shutdown)
  • Structured logging
  • Health watchdog (independent monitoring)
  • Performance benchmarking
// Development
  • Python (data pipelines, analysis)
  • JavaScript / Node.js
  • GitHub Actions (automated testing)
  • Automated testing (unit + integration)
  • REST API integration
  • WebSocket streaming (asyncio)
  • Environment config management
  • Report generation (JSON + DOCX)
// Security & Analysis
  • Credential management (.env, secrets)
  • Password-protected access (RBAC on roadmap)
  • API key isolation
  • Anomaly detection
  • Behavioural pattern recognition
  • Evidence handling
  • Recirculation detection
03

How I Build Things

// 01
Built to Run Without Anyone Watching
The systems that need to run unattended do. OmniNode and the transaction monitor run around the clock with full monitoring and alerting. Operator-driven tools are built to be simple and reliable when you need them.
// 02
You Should Always Know What's Happening
Dashboards, alerts, and logs go in at the start — not as an afterthought once the system is built. If you can't see what a system is doing, you can't trust it.
// 03
Security Is Designed In, Not Added Later
Login protection, credential handling, and access controls go in when the system is first designed — not patched on afterward. A system where security is an afterthought is a system waiting to fail.
// 04
If You Do It Twice, Automate It
Any step a person has to repeat manually is a step that will eventually be done wrong or forgotten. Everything that can be automated, gets automated. Consistency isn't optional.
// 05
Broken Code Never Reaches a Live System
Automated test suites run against completed projects before anything is considered done. If a test fails, it gets fixed. A system shouldn't be called finished until it can prove it works.
// 06
A System Nobody Else Can Run Is Unfinished
Diagrams, READMEs, and setup guides are written while the system is being built — not after. If someone else can't pick it up and run it, it isn't done.