Security Stack for Engineers

Enterprise vendors sell security as a line item. This book shows how to assemble a credible stack from open-source components—SIEM, IDS, SSO, VPN, and reverse-proxy hardening—on infrastructure you already operate.

Each chapter installs one layer and explains how it connects to the next, including what to do when alerts fire at 2 a.m. No audit theater: every control is something a builder can ship this weekend.

Complements Hexalian's NonaGuard for Odoo-specific monitoring and our free Ansible hardening tool on hexalian.com/tools.

What you'll learn

• Threat-model self-hosted infrastructure without a SOC team
• Deploy Wazuh SIEM for centralized log visibility
• Use CrowdSec for community-powered threat intelligence
• Consolidate identity with Authentik SSO
• Lock admin interfaces behind WireGuard VPN
• Achieve A+ security headers with Caddy in an afternoon
• Build and troubleshoot the complete stack in a weekend

Who this is for

• Self-hosters and small teams running production on VPS or bare metal
• DevOps engineers who need defense-in-depth without enterprise licensing
• Founders who want observable security before hiring a dedicated team

What's inside

1. Introduction: Enterprise-Grade Security Without the Enterprise Budget
2. Chapter 1: Threat Modeling Your Self-Hosted Infrastructure
3. Chapter 2: Wazuh SIEM: Your Eyes on Every Log
4. Chapter 3: CrowdSec: Community-Powered Threat Intelligence
5. Chapter 4: Authentik: One Login to Rule Them All
6. Chapter 5: WireGuard VPN: Every Admin Interface Behind the Wall
7. Chapter 6: Caddy Security Headers: A+ Security Score in an Afternoon
8. Chapter 7: The Complete $0 Security Stack: Building It in a Weekend
9. Chapter 8: Troubleshooting the Stack When Alerts Fire

Before you buy

• Review the table of contents above to confirm this book matches your stack and experience level.
• All sales are final once the download link is delivered.
• Questions? Email [email protected].

Frequently asked questions