I refactor vibe-coded apps
into production-grade
software.
Generative AI handed every founder a shipping button. It did not hand them security, architecture, or the discipline to survive contact with real users. I'm the person you call between "it works on my machine" and "we're live."
Anyone can prompt
an app into existence.
Almost nobody
can ship one safely.
The honest truth: most AI-generated codebases leak credentials in the first commit, store passwords in plaintext, query the database by string-concatenation, and trust the client. Founders ship them anyway — because the UI works, and the deadline doesn't care.
Then the audit happens, the data leaks, the acquisition stalls, or someone's phone bill becomes their problem. I get there first.
Every line above I have found in production this year.
Three things,
done properly.
Pick one. Pick all three. Most clients arrive needing all three.
Refactor.
AI gave you working code. I give you maintainable code.
Decompose the 800-line route file. Drop the dead branches. Re-introduce the boundaries the model didn't know to draw. Your repo stops being a liability and starts being an asset.
- Module boundaries & ownership
- Type safety end-to-end
- Test coverage where it matters
- Honest README a real human can read
Secure.
Find the dangerous code before the public does.
OWASP-mapped review, secrets sweep, dependency triage, authn/authz hardening, SQL/NoSQL injection surface, prompt-injection vectors, supply-chain checks. Then I help you fix what I find.
- Threat model & risk register
- Secrets, IAM, and key rotation
- Pen-test of the highest-value surface
- Pre-deploy hardening checklist
Architect.
Build the system the AI didn't know you needed.
Tenant model, data model, queue model, observability, deployment topology, on-call story. The boring infrastructure that decides whether your launch becomes a press release or an apology.
- System & data architecture diagrams
- Multi-tenant strategy
- Observability & runbooks
- Deploy & rollback playbook
Every engagement begins with a fixed-scope read-only audit. You see the work before you commit to the fix.
Book the Audit→A decade of shipped systems.
Receipts attached.
The paper trail.
I prefer to be judged on the work. These are the markers along the way.
- 2012 — Present14+ Years in TechnologyCybersecurity, AI, automotive, hardware — built and shipped across all four.
- 2020Original OpenAI API Beta ProgramOne of ten thousand people invited to OpenAI's original API beta back in the GPT-2 era. I've been hands-on with generative AI since before there was a hype cycle to speak of.
- 2021 — 2023Engineer · WOCSORBuilt RetroPilot — reverse-engineered Toyota CAN bus to retrofit semi-autonomous driving onto older vehicles. Modified the DSU for longitudinal control and adapted openpilot to Android. Grew into an active open-source community.
- 2021 — PresentYNG · Young Presidents' OrganizationMember, next-generation chapter.
- 2023 — 2025Software Engineer · IncleonEngineered an air-gapped 70B Llama3 RAG system for analyzing enterprise codebases on a single GPU. Built ReAct-style reasoning loops and a small-model post-processing layer to cut hallucinations on critical technical questions.
Things I've shipped
myself.
I don't just audit other people's code. I build products end-to-end — mobile, ML, embedded, web.
Kestrel
An autonomous-agent coding environment for iOS — code generation, real-time AI collaboration, and a streamlined editor built for mobile-first developers.
Tapout
Software-level app restrictions on the iOS Screen Time API with zone-based geofencing, a centralized admin portal, and per-student exceptions — no pouches, no daily logistics.
Phantom
Open-source driver-assistance stack for Comma 2 hardware. ARNE — Always Ready Neural Engagement — vision-based stop detection, and Mapbox navigation built in.
Oneiro
Automatic tag generation, AI-generated visuals, and personalized dream analysis that surfaces recurring patterns in the subconscious.
Guided Meditation Generator
Personalized meditation sessions with local Ollama inference, custom F5-TTS speech, and PaulStretch-processed ambient audio.
Each one, a concept learned.
Not a list of buzzwords — every name below is a concept I've spent real time learning about. That's all.
I've attended DEF CON Las Vegas every year since 2010— sixteen years of watching offensive security evolve up close, always picking up the next concept, the next technique, the next way of thinking.