Selected work
Project work delivered by the founder across access governance, OAuth and automation reliability, infrastructure migration, and agency operations. These are real engagements. Clients are named where permission exists; the rest are described without names, with references shared privately. No composite or invented projects appear on this page.
Google Workspace access governance
A support-services organization had grown its Google Workspace organically: personal Drive folders doing the work of shared infrastructure, ad-hoc sharing, and no consistent way to grant or remove access by role.
The engagement built a department-based Shared Drive architecture, role-based access through Google Groups, defined permission tiers, cleaned up file ownership, and set up provisioning workflows so new joiners and leavers get the right access by default instead of by memory.
OAuth and automation reliability
A QuickBooks to Mailchimp integration kept breaking: OAuth tokens expired without refreshing, token state was not persisted reliably, and customer syncs failed silently, which meant marketing lists drifted out of date without anyone noticing.
The engagement fixed OAuth token handling end to end: persistence, refresh logic, failure handling, and customer sync reliability, running across Heroku and Supabase infrastructure. The same failure patterns show up constantly in Zapier, Make, and n8n stacks, which is why VXSec treats automation ownership as a security problem, not just a reliability one.
Infrastructure migration and hardening
A production PHP Laravel application and its SQL data needed to move from Azure to OVH without extended downtime, and the surrounding server estate needed a security review as part of the move.
The engagement migrated the application and database, configured SSL with Certbot, updated DNS, replicated Windows VMs, and reviewed Linux and Windows security policies across the environment. Migration is when access and configuration debt surfaces, and cleaning it up during the move is far cheaper than after.
Agency systems and access operations
Ray in the Dark, an ecommerce media buying agency, needed internal operating structure: who sees what, how new hires get onboarded, how tasks and rebills are tracked, and how the whole thing scales past the founders' heads.
The engagement built internal operating workflows including role-based views, onboarding flows, task tracking, rebill handling, analytics, and training modules. Working inside an agency's operations is exactly why VXSec's agency offer covers workflows and access together: in practice they are the same system.
Want this level of documentation on your systems?
Every VXSec engagement produces the same artifact: a findings report with evidence, owners, and a sequenced fix list. Start with a 15-minute scope check.
Book a 15-minute scope check