Home
Posts
Notes on secure web development, infrastructure and building things properly.
Chasing the Lighthouse score (and learning which numbers to ignore)I dragged this portfolio to a perfect 100, and the report still yelled at me. The wins were boring and real; the flags that stuck around were a trap dressed up as a metric.Watching real users test the dashboardI put the dashboard in front of three people who will actually use it: a planner, an operational employee and a team lead. Finding information was a solved problem. Finishing an action was not.Designing dashboards people actually useWhat I learned researching enterprise dashboards before building one: KPIs first, the right chart for the job, instant filters, and never a blank white screen.The anatomy of a security assessmentHow a real-world assessment actually unfolds: OSINT, network mapping, physical security and a phishing test, and why the findings are almost never exotic.The unglamorous security wins (and the crypto-miner I let in)Architecture, least privilege and client-side hashing did more for a system I built than any clever trick, and one default password undid a chunk of it.Macros won't die: red-team lessons from Office exploitationA deep dive from my red-teaming research into why VBA macros are still a live attack vector, and how attackers slip past modern defenses.Security-first web developmentWhy I treat security as a design constraint, not an afterthought, and a few habits that make secure apps the default.Building Cytric: a hosting platform from the ground upWhat I learned building a secure, scalable bot-hosting platform solo, from branding and frontend to infrastructure and payments.