I build the software
you need, and secure
the software you have.
I'm a Toronto-based freelance developer. I build new products, clean up the messy ones, and (my specialty) secure the code most teams never audit. Fourteen years of shipping across web, mobile, and hardware. Easy to work with, and I get it done.

The dangerous bugs
are the ones you
never see
coming.
Hardcoded credentials. Passwords in plaintext. Database queries glued together with string concatenation. Auth that trusts whatever the browser sends. This stuff hides inside working software. The UI looks fine, the demo passes, and the hole just sits there.
That's the part I love most: reading a codebase closely, finding what's quietly wrong, and fixing it before it becomes your problem. Whoever wrote it (you, a contractor, or an AI), I don't judge. I clean it up.
Every line above I have found in production this year.
Three things,
done properly.
Pick one. Pick all three. Most clients arrive needing all three.
Build.
Need it built? I'll build it. Properly.
Full-stack development across web, mobile, and embedded. I've shipped iOS apps, self-driving stacks, RAG systems, and games. Give me the goal and the constraints; I'll handle the rest and keep you in the loop the whole way.
- Web & mobile apps, end-to-end
- Features that fit your existing code
- Prototypes & MVPs, fast
- Architecture that won't box you in
Clean Up.
Working code and good code aren't the same thing.
Inherited a mess? I'll make it something you can build on. Decompose the 800-line file, delete the dead branches, redraw the boundaries that got lost, add the tests and the honest README. Your repo stops being a liability and starts being an asset.
- Refactor & untangle
- Type safety end-to-end
- Tests where they actually matter
- A README a human can read
Secure.
My specialty: the security holes most reviews miss.
OWASP-mapped review, secrets sweep, dependency triage, auth hardening, SQL/NoSQL and prompt-injection surface, supply-chain checks. Then I help you fix everything I find. Sixteen years of watching offensive security up close.
- Threat model & risk register
- Secrets, IAM & key rotation
- Pen-test of your highest-value surface
- A prioritized, plain-English fix list
Every project starts with a fixed-scope quote and a plan. You know exactly what you're getting before you commit.
Start a project→A decade of shipped systems.
Receipts attached.
The paper trail.
I prefer to be judged on the work. These are the markers along the way.
- 2012 - Present14+ Years in TechnologyCybersecurity, AI, automotive, hardware: built and shipped across all four.
- 2020Original OpenAI API Beta ProgramOne of ten thousand people invited to OpenAI's original API beta back in the GPT-2 era. I've been hands-on with generative AI since before there was a hype cycle to speak of.
- 2021 - 2023Engineer · WOCSORBuilt RetroPilot: reverse-engineered Toyota CAN bus to retrofit semi-autonomous driving onto older vehicles. Modified the DSU for longitudinal control and adapted openpilot to Android. Grew into an active open-source community.
- 2021 - PresentYNG · Young Presidents' OrganizationMember, next-generation chapter.
- 2023 - 2025Software Engineer · IncleonEngineered an air-gapped 70B Llama3 RAG system for analyzing enterprise codebases on a single GPU. Built ReAct-style reasoning loops and a small-model post-processing layer to cut hallucinations on critical technical questions.
Things I've shipped
myself.
Security is the specialty, but I build, too: mobile, ML, embedded, web, end-to-end.
Kestrel
An autonomous-agent coding environment for iOS: code generation, real-time AI collaboration, and a streamlined editor built for mobile-first developers.
Tapout
Software-level app restrictions on the iOS Screen Time API with zone-based geofencing, a centralized admin portal, and per-student exceptions. No pouches, no daily logistics.
Phantom
Open-source driver-assistance stack for Comma 2 hardware. ARNE (Always Ready Neural Engagement), vision-based stop detection, and Mapbox navigation built in.
Oneiro
Automatic tag generation, AI-generated visuals, and personalized dream analysis that surfaces recurring patterns in the subconscious.
Guided Meditation Generator
Personalized meditation sessions with local Ollama inference, custom F5-TTS speech, and PaulStretch-processed ambient audio.
Vellum
Lay out furniture on a true-to-scale one-foot grid. Drag, snap, and measure an apartment before you move in. A browser-based spatial planner for getting the layout right the first time.
GlassSDR
Turns an affordable USB dongle into a full radio lab. 83 built-in apps spanning aircraft tracking, weather satellites, and protocol decoding, with transparent DSP flowgraphs written in readable Rust.
Icebreaker
A 2D arctic survival RPG. Build, fish, and hunt to outlast the long winter, solo or co-op with friends. Browser-based and installable as a mobile web app.
Each one, a concept learned.
Not a list of buzzwords. Every name below is a concept I've spent real time learning about. That's all.
I've attended DEF CON Las Vegas every year since 2010 and counting: sixteen years of watching offensive security evolve up close, always picking up the next concept, the next technique, the next way of thinking.