I work independently to build and secure web products, with security planned from the start, not patched in later.
I handle code reviews, risk-based hardening, and incident response support with practical fixes clients can apply right away.
I started coding at 13 by tinkering with game files and simple scripts. Today I work with startups and small businesses to solve real security and product problems without unnecessary complexity.
My workflow is direct: map the risk, fix the highest-impact issues first, and leave documentation that your team can actually use after handover.
Outside client work, I write short security notes, build small automation tools, and continuously refine terminal-first workflows for faster execution.
Every case below comes from real client engagements. Client identity, incident indicators, and architecture details are masked under NDA.
A retail startup was preparing to launch their custom transaction platform to the public. To avoid financial and reputational risks on launch day, they brought me in to conduct a comprehensive penetration test. I uncovered several business logic and session management flaws that could have allowed attackers to manipulate shopping carts. Rather than just handing over an automated report, I worked directly with their development team to patch the vulnerabilities and redesign the authentication flow for a secure, confident release.
My client, an agency handling sensitive customer data, operated with a fully remote team. Their primary challenge was ensuring data did not leak or get compromised by malware from employees' personal devices. I designed and deployed a secure workspace architecture using hardened virtual machines (VMs), accessed exclusively through tightly configured VPN networks. This solution gave the client full control over their data flow without sacrificing the team's working flexibility.
Internal operational systems are often massive security blind spots. This client relied on a data management system that had been running for years but lacked proper access controls - anyone could view and alter crucial data. My task was to dissect the legacy architecture without halting their daily operations. I redesigned the database architecture, implemented encryption on sensitive columns, and built a strict role-based access control (RBAC) system. The result was a significantly secured legacy system with a transparent audit trail.
A business contacted me in a state of crisis: their transaction platform had been compromised and injected with malware that redirected visitors to malicious sites. My immediate priority was to tactically isolate the server, stopping the attack without completely shutting down their business operations. After analyzing the system logs, I traced the breach back to an improperly validated document upload feature. I scrubbed the hidden backdoors from the system, patched the vulnerability at the application code level, and implemented far stricter firewall rules. My primary focus was getting the system recovered quickly and restoring the client's peace of mind with a much stronger defense posture.
Want to leave a testimonial?
Have a project in mind or want to collaborate? Send me a message and I will get back to you as soon as possible.
Ask about skills, services, or contact