Track record

Selected work

Project work delivered by the founder across access governance, OAuth and automation reliability, infrastructure migration, and agency operations. These are real engagements. Clients are named where permission exists; the rest are described without names, with references shared privately. No composite or invented projects appear on this page.

Access governance

Google Workspace access governance

A support-services organization had grown its Google Workspace organically: personal Drive folders doing the work of shared infrastructure, ad-hoc sharing, and no consistent way to grant or remove access by role.

The engagement built a department-based Shared Drive architecture, role-based access through Google Groups, defined permission tiers, cleaned up file ownership, and set up provisioning workflows so new joiners and leavers get the right access by default instead of by memory.

Stack: Google Workspace, Shared Drives, Google Groups, Admin Console · Relevant offer: Access & Offboarding Audit
OAuth and automation

OAuth and automation reliability

A QuickBooks to Mailchimp integration kept breaking: OAuth tokens expired without refreshing, token state was not persisted reliably, and customer syncs failed silently, which meant marketing lists drifted out of date without anyone noticing.

The engagement fixed OAuth token handling end to end: persistence, refresh logic, failure handling, and customer sync reliability, running across Heroku and Supabase infrastructure. The same failure patterns show up constantly in Zapier, Make, and n8n stacks, which is why VXSec treats automation ownership as a security problem, not just a reliability one.

Stack: QuickBooks API, Mailchimp API, OAuth 2.0, Heroku, Supabase · Relevant offer: Secure Automation Review
Infrastructure

Infrastructure migration and hardening

A production PHP Laravel application and its SQL data needed to move from Azure to OVH without extended downtime, and the surrounding server estate needed a security review as part of the move.

The engagement migrated the application and database, configured SSL with Certbot, updated DNS, replicated Windows VMs, and reviewed Linux and Windows security policies across the environment. Migration is when access and configuration debt surfaces, and cleaning it up during the move is far cheaper than after.

Stack: Laravel, SQL, Azure, OVH, Certbot, Windows Server, Linux · Relevant offer: Cleanup Sprint
Agency operations

Agency systems and access operations

Ray in the Dark, an ecommerce media buying agency, needed internal operating structure: who sees what, how new hires get onboarded, how tasks and rebills are tracked, and how the whole thing scales past the founders' heads.

The engagement built internal operating workflows including role-based views, onboarding flows, task tracking, rebill handling, analytics, and training modules. Working inside an agency's operations is exactly why VXSec's agency offer covers workflows and access together: in practice they are the same system.

Client: Ray in the Dark · Stack: Internal tooling, role-based access, onboarding and training workflows · Relevant offer: Agency Systems & Access Cleanup

Want this level of documentation on your systems?

Every VXSec engagement produces the same artifact: a findings report with evidence, owners, and a sequenced fix list. Start with a 15-minute scope check.

Book a 15-minute scope check