Every case below was built end-to-end — design, code, deploy, and harden — by the studio's one engineer. No outsourced work, no stock templates. Each piece is either on the App Store, serving real users in production, or has a live URL you can hit right now.
All solo-developed under one App Store profile. Every app uses Swift + SwiftUI + SwiftData with central-architecture patterns and on-device privacy by default.
A full SSH client for iOS — terminal emulation, SFTP, SMB browsing, Docker container control, network scanning, home-screen widgets, and an AI command assistant. Built across 135+ Swift files using MVVM + service-layer architecture with versioned SwiftData migrations.
On-device AI journaling for iOS 26+. Apple's Foundation Models draft entries grounded in real photos through Vision, so memories — not generic prompts — become the journal. Central ContentService architecture; no cloud, no API key required.
If the user misses a check-in within their chosen window, pre-written messages auto-deliver to trusted contacts. Configurable from hours to weeks. Local-first — no account, no cloud, no server costs. Background scheduling survives reboot.
Hydration tracking for iPhone and Apple Watch with HealthKit two-way sync, personalised goals, smart reminders, and widgets across both surfaces. In-memory time-series capped to pre-empt OS jetsam.
Native invoice + quote app for iOS with PDFKit export, folder organisation, and proper StoreKit 2 transaction verification. Client and item management on SwiftData with live PDF preview before export.
Strict PHP 8, prepared statements, CSRF on every form, TOTP 2FA where the workflow demands it. Hardened from the first commit, not retrofitted before launch.
The full web platform for an Akron, Ohio compounding pharmacy. Public marketing site plus an NPI-verified prescriber portal with TOTP 2FA, password reset, formulary browsing, and an admin dashboard on an obscured path (defence in depth). Hardened with CSRF tokens, reCAPTCHA v3, peppered + bcrypt-hashed passwords, prepared statements, SPF/DKIM/DMARC plus List-Unsubscribe + Message-ID for deliverability into Gmail/iCloud.
Full PHP-based e-commerce platform serving real customers in Zimbabwe. Normalised MySQL schema, live search, dynamic pricing, checkout, and order tracking — plus an offline-capable POS system built with Electron.js for desktop use.
Zimbabwe's food delivery platform connecting customers, restaurants, and drivers nationwide. Real-time order routing, rider tracking, and 30-minute average delivery times. Payments via EcoCash, OneMoney, or card. Free merchant dashboard with order management + analytics; flexible daily-payout earnings for drivers; 24/7 customer support with delivery insurance.
Administrative security and system architecture for Walsh University — secure data tools with Microsoft Entra ID enterprise authentication, role-based access control across student/faculty/admin tiers, Google Sheets API integration for dynamic datasets, and an audit-log + export-tracking dashboard. Designed for confidentiality, defence in depth, and least-privilege access at the architecture layer.
Real engagements — not lab exercises. Production breaches contained, vulnerabilities patched, and forensic reports written.
End-to-end investigation and containment of a multi-stage live compromise. Malicious PHP shells, encoded payloads, and hidden backdoors identified across the application tree. SQL logs, access logs, and IP trails analysed to reconstruct the full attacker kill chain. Vector patched, credentials rotated, file permissions hardened, clean known-good state restored. Forensic report and prevention write-up published for the developer community.
Custom intrusion detection system monitoring two home-lab servers. Express 5 + TypeScript API with a React 19 dashboard, deployed via Docker Compose. Python agent reports file integrity, process anomalies, network connections, and Docker security — with ClamAV, rkhunter, chkrootkit, and Lynis on a weekly schedule. AbuseIPDB integration scores threats A–F.
Authentik deployed on Raspberry Pi 5 acting as the single identity provider for the lab. LDAP outpost with rfc2307bis enables centralised SSH login across three Linux servers. RADIUS outpost authenticates a Netgear M4100-26G managed switch. Manual PostgreSQL migrations carried through a major version upgrade (2025.2 → 2026.2).
Raspberry Pi 5 configured as a WireGuard VPN gateway routing LAN + Tailscale traffic through Mullvad. iptables mangle rules with policy-based routing, a killswitch that drops non-LAN forwarded traffic on tunnel failure, and a systemd watchdog auto-recovering tunnel state every 60 seconds. Unbound DNS forwards queries inside the tunnel.
Invited as the "Future Workforce Voice" panelist alongside Dean Lambert and Tyler Hudak. Discussed knowledge-sharing, awareness as a frontline defence, and pathways for students into the cybersecurity field — representing a Global South perspective on the next generation of practitioners. Acknowledged by Dr. Dan Passerini and the Walsh University team for the platform.
