Scroll
CAM X:0.00 Y:0.00 Z:0.00
// root@dev.local ~ systems architect
Hello, world.Abdullah
Al Khafaji

I build software closest to the metal — protocols, compilers, embedded firmware, and the infrastructure that runs it all. A Linux advocate who believes the kernel is humanity's greatest engineering achievement.

Rust C / C++ WebAssembly Linux · Open Source Kubernetes · RKE2 Reverse Engineering Electronics
// skill_matrix.rs
Capabilities
01
⚙️
Protocol Engineering
Zero-copy binary parsers, memory-safe FFI, async I/O with Tokio. Correctness and speed as one.
RustCtokionom
02
🌐
WebAssembly
Compiling Rust to Wasm. Native speed in the browser — no GC pauses, no apologies.
wasm-bindgenWASIwasm-pack
03
🔬
Reverse Engineering
Binary analysis, protocol dissection, firmware unpacking. Nothing stays a black box.
GhidraGDBfrida
04
🔌
Electronics
PCB design, embedded firmware, debugging at the oscilloscope level. SPI/I²C/JTAG.
Embedded CPCBJTAG
05
🖧
Systems & DevOps
Building the platforms others deploy on — from bare-metal RHEL to full Kubernetes clusters with observability.
KubernetesRKE2RancherOpenShiftRHELoVirtHelm
// uname -a && philosophy
Linux & Open Source
    ____
   /  __\
  /  /
 /  /___
/  ____/
\  \
 \  \___
  \  __/
   \____\
OSRHEL 9.4 x86_64
Kernel6.8.9-300.el9.x86_64
Shellbash 5.1.8 + tmux
EditorNeovim 0.10
Uptime847 days, 3 hrs
Packages2,847 (rpm)
PhilosophyFree as in freedom
🎩
RHEL / CentOS
Expert
🟠
Ubuntu Server
Expert
🏗️
Arch Linux
Advanced
🐧
Alpine Linux
Expert
🔵
Fedora CoreOS
Proficient
🟣
Debian Stable
Proficient
rust-proto-core
Zero-copy binary protocol framework with derive macros
Rust · 1.2k ★
rhel-ansible-hardening
CIS Level 2 + STIG hardening collection for RHEL 8/9
Ansible · 634 ★
wasm-serde-bridge
Rust↔JS type marshalling for wasm-bindgen without overhead
Rust · 847 ★
k8s-ebpf-tracer
eBPF-based syscall tracer emitting OpenTelemetry spans
C/eBPF · 411 ★
// red hat enterprise linux · production experience
⬡ RHEL Deep Dive
RHEL 7 · 8 · 9 · FIPS · SELinux · Satellite
hardening.yml
# CIS Level 2 + STIG — Ansible task excerpt
- name: Enforce FIPS 140-2 mode
  command: fips-mode-setup --enable
  when: not fips_enabled.stdout | bool

- name: Author SELinux policy module
  community.general.selinux_permissive:
    name: podman_rootless
    permissive: false

- name: Lock down SSH
  lineinfile: { path: /etc/ssh/sshd_config,
    regexp: '^PermitRootLogin',
    line: 'PermitRootLogin no' }

Sys Admin

  • Kickstart & PXE automated provisioning
  • SELinux custom policy authoring
  • systemd unit & socket activation
  • RPM spec writing & internal repos
  • LUKS + TPM2 auto-unlock at boot

Security

  • FIPS 140-2 compliance configuration
  • firewalld + nftables rule authoring
  • auditd policy & log management
  • Vault CA for SSH certificate auth
  • CIS Benchmark via STIG Ansible

Platform

  • Podman rootless container pods
  • OpenShift 4.x on RHEL CoreOS
  • Image Builder for custom base images
  • Satellite Server patch lifecycle
  • Red Hat Insights CVE & drift
// ssh contact@khafaji.dev
Get In Touch

Open to systems engineering, infrastructure, low-level, and embedded roles.

Email
abdullah@khafaji.dev
GitHub
github.com/alkhafaji
LinkedIn
/in/alkhafaji
Location
Available Remote / On-site
AVAILABLE FOR WORK