How I Spent $300 on a Mini PC to Learn Cybersecurity

What started as a Facebook Marketplace deal turned into a Proxmox box for hands-on detection engineering, automation, and incident response practice.

ProxmoxLinuxSIEMn8nDetectionAutomation

Facebook listing for the mini PC — The $300 Marketplace listing that kicked off the lab build.

Mini PC used for the Proxmox lab — The mini PC after pickup, ready for Proxmox.

Proxmox UI with console access for the lab VM — Proxmox console view with VMs running the lab.

I bought a used mini PC for about $300, loaded it with Proxmox, and started building a lab that mirrors real attack paths. The goal was simple: learn by doing and build a place to test detections without breaking anything in production.

What I built

Multiple VMs to simulate endpoints, services, and an attacker foothold.
Central log collection with tuned rules for common cloud and endpoint tactics.
n8n playbooks that enrich alerts and trigger response actions.
Repeatable scenarios to validate detections and response workflows.

What I learned

Real detections depend on clean telemetry and repeatable test scenarios. The lab let me iterate quickly and see what actually fires versus what just looks good on paper.

Key takeaways

Signal quality beats volume. A few high-fidelity rules go further than noise.
Automation needs guardrails and context to avoid false positives.
Even small hardware can run meaningful, realistic security labs.