Marios Xenofontos — Systems Administrator & DevOps

01About

From keeping systems running to engineering them.

I'm a Systems Administrator at Greendial Software Solutions in Cyprus, responsible for the IT infrastructure of 220+ users. Over the last year my role has shifted well beyond classic sysadmin work — I now design, build, secure and deploy internal web applications that replace manual processes across the company.

I don't come from a traditional development background — I architect these tools and write them with the help of AI, then own everything around them: the Linux servers, the Docker stack, the Cloudflare layer, the security hardening and the production deployment. It's where Systems Administration meets DevOps, and it's the work I enjoy most.

AI-assisted builder

Architecting internal web apps and shipping them with AI

Security-first

Origin lock, WAF, fail2ban, 2FA, isolated Docker networks

Owns production

Ubuntu servers, Nginx, Cloudflare, automated R2 backups

Cloud & M365

Microsoft 365, Azure AD, multi-account Cloudflare

02Selected Work

Internal platforms I designed, built & shipped.

Production web apps built to solve real problems for the business — architected by me and developed with AI on a Node.js, TypeScript & PostgreSQL stack, then containerized, hardened and deployed. Details are anonymized.

RBACPayroll

Workforce Scheduling & Timesheet Platform

Problem: Shift planning lived in spreadsheets — no role separation, error-prone overtime, and a manual hand-off to payroll.

A role-based scheduling system for every department. Managers draft and publish the timesheets for their own team; everyone sees the shift hours, while private shift codes and manager notes stay restricted. Automatic overtime calculation, payroll-ready exports for HR, and day / shift / month summaries with agent-count analytics for fair shift distribution.

Admin full control & configuration
HR overtime & payroll exports
Manager own-department drafting + private notes
Agent own shifts + team-visible hours

Node.jsTypeScriptPostgreSQLDockerNginxRBAC2FAPayroll export

IT OpsLifecycle

IT Onboarding & Access Lifecycle

Problem: Joiner / mover / leaver was tracked by hand — access rights and hardware scattered across notes and inboxes.

A central app for the IT team to manage the full employee lifecycle: per-person access and permissions, assigned-hardware inventory, structured onboarding checklists, and a controlled termination / offboarding flow that ensures access is revoked and assets are reclaimed every time.

Access per-agent permission mapping
Assets assigned hardware tracking
Onboarding repeatable checklists
Offboarding auditable termination process

Node.jsTypeScriptPostgreSQLDockerAudit loggingSession control

GitHub APICloudflare API

Infrastructure & Domain Control Center

Problem: Dozens of domains, sites and apps across teams — no single source of truth for what's live or who owns it.

A centralized dashboard for IT, Devs, Marketing & SEO. It inventories domains, sites, static pages and APIs, maps ownership (who manages what), and surfaces monitors, alerts and diagrams of the estate. It pulls live data via the GitHub API (repositories) and the Cloudflare API (domains & DNS) so the picture is always current.

Inventory domains, sites, pages & APIs
Ownership who manages what
Monitors alerts & uptime
Integrations GitHub + Cloudflare APIs

Node.jsTypeScriptPostgreSQLGitHub APICloudflare APIDocker

03Production & Security

How I harden & ship to production.

Every app I build runs on infrastructure I configure and secure myself. These are the patterns I apply — described generically, never with a client's live configuration.

Origin lock

Servers accept traffic from Cloudflare only; per-domain WAF and bot-fight rules filter the rest before it ever reaches origin.

Network hardening

UFW deny-by-default firewalls, office-IP and VPN allowlists, closed ports, and fail2ban to ban brute-force sources automatically.

App isolation

Each app is dockerized on its own isolated network, services bound to loopback, and reverse-proxied through Nginx with TLS.

Auth & access

2FA on every login, server-side session revocation, login-attempt cooldowns / lockouts, and role-based access control throughout.

Data & performance

Indexed databases for fast queries, encryption for sensitive data, and automated database backups to Cloudflare R2 storage.

Global delivery

Cloudflare DNS, CDN and TLS in front of every service, with Workers & Pages for static and edge delivery.

04Experience

Professional experience.

G

Systems Administrator

Greendial Software Solutions

May 2024 — Present

Leading IT infrastructure for a software company of 220+ users — managing the Microsoft 365 ecosystem and cloud, and increasingly building, securing and deploying custom internal web applications that automate company operations.

Key achievements

Internal app platform: Architected and shipped multiple production web apps (scheduling, IT lifecycle, infrastructure management) — built with AI, containerized and hardened by me.
Production security: Cloudflare-only origin lock, per-domain WAF & bot-fight rules, UFW + fail2ban, isolated Docker networks, 2FA and automated R2 backups.
Microsoft 365 administration: Full tenant management — Exchange Online, SharePoint, Teams, Azure AD — with zero-downtime migrations.
Cloudflare multi-account: Administer multiple accounts and domains with DDoS protection, DNS and performance tuning.
Zero-trust security: Conditional Access, MFA and automated monitoring across the estate.
Network infrastructure: Ubiquiti UniFi switching, access points and VLAN segmentation.

Technologies

Linux / UbuntuDockerNginx Node.jsTypeScriptPostgreSQL CloudflareMicrosoft 365Azure AD PowerShellBashAIUbiquiti UniFi

S

IT Support Specialist

Simplex Cyprus — Data Center

May 2023 — May 2024

Provided comprehensive IT support and began transitioning into systems administration — handling escalated technical issues and infrastructure projects.

Key responsibilities

Technical support across Microsoft 365, Windows and internal applications.
Office 365 administration — user management, mailboxes and troubleshooting.
Hardware deployment, configuration and maintenance.
PowerShell automation for routine administrative tasks.
Active Directory accounts, groups and security policies.

05Skills

Technical skills.

🤖

AI-Assisted Development

AI: architecting & building full web apps end-to-end
App design: RBAC, data models, REST APIs, exports
Backend: Node.js, TypeScript, PostgreSQL (indexed)
Frontend: HTML5, CSS3, JavaScript, responsive UI

🛠️

DevOps & Containers

Docker: Compose, isolated networks, loopback binding
CI/CD: GitHub, automated deployments
Reverse proxy: Nginx, TLS termination, routing
IaC mindset: repeatable, documented deployments

🔐

Security & Hardening

Edge: Cloudflare WAF, bot-fight, origin IP allowlists
Host: UFW, fail2ban, port hardening, SSH lockdown
App: 2FA, session revocation, login lockouts, RBAC
Identity: Azure AD, SSO, Conditional Access, MFA

☁️

Cloud & SaaS

Microsoft 365: Exchange, SharePoint, Teams, Azure AD
Cloudflare: DNS, CDN, WAF, Workers, R2, APIs
Azure: VMs, networking, AD integration
Backups: automated, offsite to R2, restore-tested

🖥️

Systems & Infrastructure

Linux: Ubuntu Server administration & hardening
Windows Server: Active Directory, Group Policy
Virtualization: VMware ESXi, Proxmox VE
Networking: Ubiquiti UniFi, VLANs, DNS, routing

⚙️

Automation & Monitoring

PowerShell: Microsoft 365 & system automation
Bash: Linux automation & maintenance
Python: API integration & tooling
Monitoring: Grafana, Uptime Kuma, alerting

06Contact

Let's connect.

LinkedIn

linkedin.com/in/marios-xenofontos

GitHub

github.com/mariosxen

Location

Aradippou, Larnaca, Cyprus

Open to conversations

I'm passionate about infrastructure, automation, security and building internal tools that make a real operational difference. Whether you want to talk DevOps, cloud, self-hosting or AI-assisted development, I'm happy to connect.

Message me See my GitHub