Cybersecurity continues to be a growing priority for organizations of all sizes, sectors, and industries. The threat landscape continues to rapidly evolve producing disastrous cyber attacks that are crippling their targets and debilitating the economy. These attacks continue to increase in frequency, scale, sophistication, and severity of impact. New attack tools and vectors are persistently emerging and new exploit techniques are constantly gaining widespread adoption. Small businesses continue to experience lack of adequate solutions and resources to defend against and repel these attacks. We present a holistic open source software and hardware solution, that implements securing the network architecture by using the “defense-in-depth” approach that ensures the elimination of single or dual point of potential vulnerability within a network. The Protectli FW108120 firewall, referred to as “The Vault” is used as first line of defense. It is a low power, fanless, durable, customizable small form factor PC. It utilizes a Celeron J1900 processor, 8 GB of DDR3 memory, a 120 GB mSATA SSD, and 4 Gigabit Ethernet ports. The community version of pfSense firewall will be utilized to run on the firewall. pfSense is a free and open source firewall and router, based on FreeBSD, that also features unified threat management (UTM), load balancing, and multi zone setup. pfSense implements, maintains, and polices our multi-zone topology, which is formed of a DeMilitarized Zone (DMZ), a trusted zone, and an untrusted zone. The DMZ achieves defense in depth by adding an extra layer of security beyond that of a single perimeter, separating an external network from directly referencing an internal network, and isolating a particular machine within a network. Thought the DMZ concept is not new, implementing it using stacked single-board computers, offers an affordable and flexible, yet secure, network architecture specifically for startups, small businesses, an expansion office, or even home office. The selected single board computers are a combination of third generation Raspberry Pis and Rock64s. These boards provide a remarkable computational power, low energy consumption, light weight, a compact size secure solution, and resourceful community support. These boards will form the DMZ network servers and host services such as a Network Intrusion Detection System (NIDS) using Snort, a selection of honeypots for Secure Shell (SSH), web applications, packet sniffing, private web browsing capabilities via TOR (The Onion Router), LAMP (Linux, Apache, MySQL, PHP or Python or Perl) server, Virtual Private Network (VPN) server, and protected browsing via proxy service. The main goal of this educational project is to leverage the total holistic integration of open source hardware and software to provide an affordable and portable solution that could be promptly deployed in case of an emergency, as a part of an incident response plan (IRP), or in case it is needed for testing purposes. Implementing this project provides valuable hands-on security experience and best practices in network architecture and configuration. Additional security features, both in hardware and software, were added to the single-board computers to add additional hardened security layers.