Founder · Full-Stack Developer · Cybersecurity Researcher
Software engineer running Complex Developers — a studio that ships web platforms, custom tooling, and AI-adjacent products. 34+ open-source projects across cybersecurity, AI/ML, and full-stack, including GhostLM (a 14.5M-parameter transformer trained from scratch on security text), linkdrop (a cross-platform Tauri + Rust iPhone-to-Linux companion app), and an upstream contribution to pytorch/ignite fixing numerical stability in PearsonCorrelation. Computer Science student at Moi University.
- 01Founder & lead developer at Complex Developers — shipped the company's own Next.js + Prisma + Postgres CRM from empty repo to production
- 02Upstream contributor to pytorch/ignite — Welford's algorithm fix for PearsonCorrelation numerical stability (#3741)
- 03Built and trained a 14.5M-parameter transformer from scratch — no `transformers` library, every layer hand-written
- 04Shipped linkdrop v0.7.1 — cross-platform Tauri + Rust desktop app bridging iPhone ↔ Linux with CI-built .deb/.AppImage artefacts
- 05Ship code weekly — portfolio site itself runs a live GitHub API integration and full animation system
Founder & Lead Developer
Complex Developers · Nairobi
- ▸Run the studio end-to-end: engineering, architecture, client engagements, and deployment.
- ▸Built and shipped the company's own platform — a Next.js 15 App Router site with a Prisma + PostgreSQL-backed admin CRM. Admin-flagged projects propagate to the public portfolio via Server Components and ISR, so sales artefacts stay in sync without a separate CMS.
- ▸Standardised the stack: Vercel + Supabase for deploy, JWT-auth API routes, route-group CSS isolation (public marketing / auth / admin each with their own vendor bundle), and a shared design token system so the brand feels consistent from landing page through to dashboard.
Independent Developer & Security Researcher
Self-Employed · Nairobi
- ▸Shipped 34+ open-source projects spanning cybersecurity, AI/ML, and full-stack — 140,000+ lines of code and 280+ commits across active repositories.
- ▸Contributed to pytorch/ignite (#3741) — replaced the naive sum-of-squares variance formula in PearsonCorrelation with Welford's online algorithm and a parallel distributed merge, fixing catastrophic cancellation in float32 (e.g. the metric returning 0.89 instead of 0.99 at mean=1e6).
- ▸Built GhostLM from scratch — a 14.5M-parameter decoder-only transformer in PyTorch. Hand-wrote multi-head causal self-attention, cosine LR schedule with linear warmup, weight-tied embeddings, and a GPT-2 BPE tokenizer extended with security-specific tokens. Phase 1 (10,000 steps, CPU) drove train loss from ~4.5 to ~2.25 and held validation loss around ~2.75.
- ▸Shipped linkdrop v0.7.1 — a cross-platform Tauri + Rust + React desktop app that connects an iPhone to Linux / macOS / Windows for photos, files, notifications, and screen mirror. Daemon-backed pymobiledevice3 bridge, CI-built .deb and .AppImage artifacts, published as a GitHub Release.
- ▸Built an AI-agent security stack: secure-mcp (MCP server with fail-closed policy gates and subprocess sandboxing), ghostguard (4-tier policy pipeline proxy with real-time dashboard and audit trail), and CyberBench (reproducible benchmark for LLMs on cybersecurity reasoning).
- ▸Shipped a defence toolkit: ghostaudit (23 CIS-based Kubernetes security checks with HTML/JSON reports), ghostforensics (memory-forensics automation with YARA scanning and STIX 2.1 IOC export), ghostsiem (SIGMA-rule-driven lightweight SIEM), securecommit (pre-commit secret-and-anti-pattern detector as hook / GitHub Action / CLI).
- ▸Developed an offensive toolkit: concurrent TCP port scanner with banner-grab, packet-level network traffic analyzer for SOC workflows, static vulnerability scanner, hash-cracking framework, MAC-address rotator, and a metadata scrubber — all Python, all production-ready CLIs.
- ▸Deployed SentinelPulse — a real-time threat intelligence dashboard with live feed ingestion and a reactive Next.js frontend on Vercel.
- ▸Built an AI coding assistant that scaffolds full-stack React / Next.js applications end-to-end from a single prompt — deployed live at ai-coding-assistant-9ufv.vercel.app.
Bachelor of Science in Computer Science
Moi University
Coursework: data structures & algorithms, operating systems, computer networks, discrete mathematics. Self-directed focus on offensive security, transformer architectures, and systems programming.
TypeScript, JavaScript, Python, Rust, C, SQL, Shell/Bash, HCL, HTML/CSS
Next.js 15, React 19, Node.js, Tauri, PyTorch, Prisma, PostgreSQL, FastAPI, Express, Jupyter, Vite
Penetration testing, vulnerability assessment, CTF, network analysis, OSINT, memory forensics (YARA/Volatility), SIGMA/SIEM, Kubernetes CIS auditing, AI-agent sandboxing, steganography
Git, Linux, Docker, Terraform, Vercel, Supabase, Nmap, Wireshark, Burp Suite, Metasploit, YARA, Volatility
Transformer architectures, attention mechanisms, from-scratch LLM training, tokenization (BPE), MCP servers, AI-agent policy / sandboxing, LLM integration, Claude API, Groq
- ▸Independent cybersecurity research — CVE reasoning, exploit-chain analysis, and vulnerability triage assisted by LLMs
- ▸Active CTF competitor — pen-testing, reverse engineering, and steganography challenges
- ▸From-scratch LLM engineering — transformer internals, attention mechanics, LR scheduling, BPE tokenization
- ▸Open-source contributor — pytorch/ignite, AutoGPT, OWASP CheatSheetSeries
- ▸Self-directed coursework — deep learning foundations, systems programming, network security