hostwitteshadovv.devsurfacestatic / low-jstelemetrynoneruntimeminimal jsstatusopen to selected roles

security engineer · Linux systems engineer

WitteShadovv

Security engineer and Linux systems engineer building NixOS-first systems, security tools, and repeatable infrastructure.

Based in Stockholm and finishing an MSc in Information Security at Stockholm University. Background in Linux systems engineering, automation, and security work, with current public projects focused on NixOS, privacy-focused system design, and forensic testing.

session.plan current work / study / hands-on experience

$ whoami
security engineer · Linux systems engineer
$ study --current
MSc in Information Security · Stockholm University
$ build --with
NixOS first · Rust for core tooling · Python and Bash for automation
$ work --history
8+ years with Linux systems · 4 years at ETH Zürich

base 8+ years Linux-heavy environments
current Stockholm MSc in Information Security
public 3 projects NixOS and security work
bias deterministic builds, boundaries, and inspectable systems

selected work

project list 3 public repositories

01 active artifact-01

NAILS

Plausibly deniable dual-environment computing for NixOS

Language: Rust
License: GPL-3.0
Updated: Jun 8, 2026
Stars: ★5

Repository Website

02 research artifact-02

NAILS OS

Privacy-focused amnesic NixOS live distribution built for NAILS

Language: Python
License: GPL-3.0
Updated: Apr 25, 2026
Stars: ★1

Repository Website

03 iterating artifact-03

deferred-apps

Download apps on-demand while still showing them as installed to keep the host lighter

Language: Nix
License: GPL-3.0
Updated: Apr 24, 2026
Stars: ★21

Repository

GitHub snapshot cached locally on 2026-06-11.

consulting

consulting services NixOS · Linux · security

NixOS Infrastructure

Design and deploy fully declarative NixOS systems from scratch.

Flakes-based system design
Home Manager integration
Module & overlay development

Dev Environments

Same shell, same tools, same versions — on every machine that runs it.

Per-project Nix devshells
CI & local environment parity
Contributor onboarding guide

Security Hardening

Reduce your Linux system's attack surface against a real threat model.

Threat model scoping
Privilege & boundary review
Prioritised remediation plan

Custom Tooling

Purpose-built CLI tools and automation in Rust, Python, or Bash.

CLI tool development
Linux & NixOS automation scripts
Packaged as Nix derivations

Forensic Evaluation

Structured testing of what traces your systems leave behind.

Storage & memory trace audit
Encrypted volume analysis
Written findings report

Privacy Infrastructure

Audit where your infrastructure retains or leaks data beyond intent.

Data persistence mapping
Telemetry & logging review
Minimisation gap report

Engagements are scoped individually. Reach out at contact@witteshadovv.dev with context on your situation.

tools / approach

tools and approach core / ops / security / bias / site

platform

What I use most right now.

Linux and NixOS as the current default base
Rust for systems code and core tooling
Python and Bash for automation and day-to-day glue

infrastructure

How I build and run systems.

Nix is the current default for reproducible builds and host setup
Puppet and Ansible are part of earlier infrastructure work
Docker and Kubernetes when packaging and orchestration help

security work

Security work tied to real systems and real investigations.

digital forensics and systems that can be examined after the fact
security architecture, hardening, and review of system boundaries
systems kept readable during testing and review

operating bias

The defaults behind my design choices.

repeatable builds over one-off fixes
clear system boundaries over vague promises
tools people can understand and maintain

site

static-first
minimal JS
no analytics
semantic HTML
anchor-based navigation

Static public site. Minimal JavaScript used only for theme choice and small interface polish.

contact / verification

contact and verification one clear place to reach me

General best first route
contact@witteshadovv.dev
Plain email is the best first contact for hiring, consulting, or general questions.
Security reporting route
security@witteshadovv.dev
Use the security address for disclosures, reviews, or anything sensitive.
GitHub code trail
github.com/WitteShadovv
Primary public code and repository trail.
Keyoxide identity graph
Keyoxide proof profile
Cross-link proof and identity graph.
PGP openpgp
OpenPGP key record
Fingerprint: FCEB 73CE 73A7 00A8 8548 F25D CB4B BA75 1B7B 4D4D
signal secondary
Signal contact link
Secondary channel when needed.
policy published
/.well-known/security.txt
Published disclosure policy and encryption reference.