Who I am
I approach software as rigorous architecture. My METU Mathematics foundation — algorithms, number theory, graph theory, optimization — left me with the habit of treating systems as architectures with provable boundaries rather than collections of files. That habit drives the platforms I build today: from leading the backend architecture at RevolArch to designing the deliberate, layer-driven lab hosted on this site.
End-to-end ownership is the default. I don't just write application code — I secure and maintain the infrastructure it runs on. As a freelance web developer and Linux sysadmin, I deliver full-stack production environments: modern web applications (Next.js, TypeScript, Tailwind) shipped concurrently with the deployment lifecycle — VPS provisioning, Nginx/SSL orchestration, Cloudflare network defense, and proactive host hardening with UFW and Fail2Ban.
Incoming: currently applying for the METU Cyber Security MSc (non-thesis track, starting September 2026). I treat security as a standard woven directly into the development loop—DevSecOps as the default, never a reactive patch. My focus is on integrating network traffic analysis, host hardening, and defense mechanisms natively into the codebase, backed by a solid mathematical foundation.
What's shipped
Each module I build is an isolated engineering slice, deployed with the intent of demonstrating scalable and auditable logic.
The Lab : a self-hosted multi-module web lab built into this site. Per-request CSP nonces, CSRF protection, consent-gated browser fingerprinting, SSE-streamed server telemetry, and a privacy-first weather pipeline. Built with strict pure-logic split + Zod-validated content, all running behind a hardened Caddy reverse proxy.
Infrastructure: a resilient containerised deployment topology managed via Infrastructure-as-Code principles, served behind Caddy + Let's Encrypt auto-TLS, deployed end-to-end through GitHub Actions.
Engineering principles
Privacy by Default
Browser-side data collection is gated behind explicit consent. Progressive disclosure for invasive probes — Canvas / audio fingerprinting, WebRTC IP leak detection. The default state is zero collection.
Strict Validation & Layering
Zod schemas guard every API boundary, environment file, and external response. Invalid data shapes fail loudly at build time, preventing state corruption from silent type drift.
Documented Engineering
Every shipped lab module is paired with a documentation article explaining the architecture and the trade-offs that produced it. Decisions are auditable, not asserted as obvious.
Deterministic Testing
Core logic — including the global terminal engine — is UI-agnostic and pure. This allows rigorous verification through Vitest unit testing and Playwright e2e suites running against production builds.
Stack
- Backend & Architecture
- Node.js · TypeScript · Python · Clean Architecture · DDD
- Frontend
- Next.js (App Router) · React · Tailwind · MDX
- Infrastructure
- Docker · Caddy · GitHub Actions · VPS · Cloudflare
- Security
- Per-request CSP nonces · CSRF double-submit · Rate limiting · PII redaction · STRIDE modeling
- Tooling & Quality
- Vitest · Playwright · Biome · Pino structured logs · Zod
Reach me
Email is the best route — see the contact page for direct details. Source and design specs live on GitHub.