https://ebustamante.dev/Recent content on Eduardo Bustamante | Cybersecurity Student & SOC AnalystHugoen-usWed, 08 Apr 2026 00:00:00 +0000https://ebustamante.dev/writeups/portfolio-site-part-4/Wed, 08 Apr 2026 00:00:00 +0000https://ebustamante.dev/writeups/portfolio-site-part-4/<h2 id="overview">Overview</h2> <p>The site already had one GitHub Actions workflow handling build and deploy with pinned commit hashes and Dependabot monitoring the workflow file weekly. That covered getting the site live but nothing was checking the quality of what went live. This covers five new workflows I added to automate that side of things, broken link detection, spell checking, performance auditing, security header monitoring, and keeping security.txt compliant automatically.</p> <p>The foundation was already there. Pinned commit hashes, branch protection, PR workflow. These five workflows build on top of that rather than replacing anything. The goal was catching different categories of problems automatically so I am not manually checking things that a workflow can handle.</p>https://ebustamante.dev/writeups/portfolio-site-part-3/Tue, 07 Apr 2026 00:00:00 +0000https://ebustamante.dev/writeups/portfolio-site-part-3/<h2 id="overview">Overview</h2> <p>The first two writeups covered building the site and adding features. This one covers tearing most of the visual layer apart and rebuilding it. The functionality was solid but the design felt generic. The terminal widget on the homepage was the most obvious problem since I had seen it on enough other portfolios that it stopped feeling like mine. Everything else had the same issue in smaller ways, pages with narrow content columns leaving half the screen empty, section headers that blended into the background, inner pages that all looked the same regardless of what they were for.</p>https://ebustamante.dev/writeups/portfolio-site-part-2/Sun, 05 Apr 2026 00:00:00 +0000https://ebustamante.dev/writeups/portfolio-site-part-2/<h2 id="overview">Overview</h2> <p>After the first writeup I had a working site with a GitHub Actions workflow, branch protection, and a PR based deployment process. That was a solid foundation but there was a lot left to build out. This covers everything I added after that, the security improvements, new pages, and the smaller details that make the site feel more complete.</p> <hr> <h2 id="gpg-key-and-commit-signing">GPG key and commit signing</h2> <p>The first thing I tackled was setting up a GPG key for commit signing. Every commit I push to GitHub now shows a green Verified badge, which is a small but meaningful signal for a security professional. It means the commits are cryptographically tied to my key and anyone can verify they actually came from me.</p>https://ebustamante.dev/writeups/building-portfolio-site/Fri, 03 Apr 2026 00:00:00 +0000https://ebustamante.dev/writeups/building-portfolio-site/<h2 id="overview">Overview</h2> <p>I wanted a portfolio site that actually looked like something I built rather than something I dragged and dropped together. Most security portfolio sites look identical, a template with a headshot, a skills progress bar, and a contact form. I wanted something cleaner and more intentional, so I built mine from scratch using Hugo and deployed it on GitHub Pages with a custom domain.</p> <p>This writeup covers how I built it, the problems I ran into, and the security decisions I made along the way.</p>