PHASE 01
Provision your server
✓
STEP 01
Create a VPS (Virtual Private Server)
DigitalOcean, Linode, or AWS free tier
▼
Why this matters for your portfolioEvery real production system lives on a server like this. Knowing how to spin one up and lock it down is table-stakes for any security engineering role. You're starting where every real deployment starts.
Go to DigitalOcean.com (cheapest, easiest for beginners — $5/month Droplet). Create an account, then create a new Droplet with these settings:
- Image: Ubuntu 22.04 LTS x64 (LTS = Long Term Support — production standard)
- Size: Basic, Regular, $5/mo (1 GB RAM, 1 CPU — plenty for this project)
- Authentication: SSH Key (NOT password — you'll add your key next)
- Region: Any — pick closest to you
- Hostname: something like
security-lab-01
If you don't have an SSH key yet, generate one on your local machine first:
bash — run on your LOCAL machine
# Generate an SSH key pair (RSA 4096-bit) ssh-keygen -t ed25519 -C "your-email@example.com" # When prompted for file location, press Enter (use default) # Set a passphrase — this protects your private key # View your PUBLIC key to paste into DigitalOcean cat ~/.ssh/id_ed25519.pub
Security noteYou are generating a key PAIR. The .pub file (public key) goes on the server. The private key (id_ed25519) NEVER leaves your machine. This is asymmetric cryptography in action — your first real crypto concept applied.
Paste the output of cat ~/.ssh/id_ed25519.pub into DigitalOcean's SSH key field when creating the Droplet. Note the server's IP address when it's created.
✓
STEP 02
First login & create a non-root user
Never operate as root in production