Security Engineer · New York City · Available for Work

I build web apps.Then I break them.

Freelance web developer and cybersecurity engineer who ships fast and stays safe. Next.js + TypeScript with a security-first mindset — building hardened frontends, secure APIs, and hunting bugs.

See What I've BuiltLet's TalkResume
0+
Projects Shipped
0+
CTF Challenges
0+
Certifications
~/mayoka.dev — bash
About

Who Is John Mayoka?

I'm a fully self-taught web developer based in New York City, with years of hands-on experience building production apps and breaking things to make them stronger. I didn't learn this in a classroom — I earned it, cert by cert, challenge by challenge.

Instead of a traditional degree, I forged my skills through rigorous self-study, earning certifications and badges on GitHub and AWS, and completing advanced HackTheBox and TryHackMe path labs.

Right now I'm deep in React, Next.js, and TypeScript on the frontend, and sharpening my offensive security skills as an active CTF player and bug bounty hunter. I work at the edge where development meets defense.

I'm looking for full-time roles and contracts where I can build great software and make it secure. If your team ships fast and cares about doing it right — let's talk.

// Current Focus

What I'm Working On

Deep in React, Next.js, and TypeScript. Completing advanced offensive security labs. Active CTF participant and bug bounty hunter on HackerOne and Bugcrowd.

// Philosophy

Security-First Development

I don't just build features. I think about how they fail, how they scale, and how they get attacked. Every line of code is a potential attack surface.

// Availability

Open to Opportunities

Currently available for freelance contracts and full-time roles. Based in NYC, open to remote or hybrid. Quick turnaround, clean code, zero bloat.

Projects

Real Code. Real Impact.

From web applications to security tools — each one built to solve a real problem.

Featured
🌐
Portfolio · Security

Portfolio Website

My personal security engineer portfolio. 3D visuals, security tool demos, and zero bloat. Deep dive into 3D web graphics and performance optimization.

Next.jsTypeScriptTailwindSpline 3D
GitHub Live Demo
📊
Security · Dashboard

Log Analyzer Dashboard

Parse, visualize, and flag anomalies in server logs in real time. Pattern recognition in log data and data visualization at scale.

ReactD3.jsNode.jsSQLite
GitHub
🔐
Security · Client-Side

Password Hygiene Checker

Analyze password strength offline. Nothing leaves your browser. Built with the Web Crypto API for fully private, client-side analysis.

TypeScriptWeb CryptoReact
GitHub
🔗
Security · Detection

URL Parser & Phishing Detector

Spot phishing URLs by dissecting patterns completely offline. Analyzes URL anatomy and detects common social engineering techniques.

TypeScriptRegexReact
GitHub
Full-Stack · SaaS

Task Manager App

Full-stack task app with real-time sync and team collaboration. Deep dive into real-time communication patterns and database optimization.

Next.jsPrismaPostgreSQLSocket.io
GitHub
🚩
Security · Education

CTF Writeups Collection

Solved CTF challenges, explained step-by-step for learners. Problem-solving under pressure and security research methodology.

MarkdownNext.jsMDX
GitHub
Skills

My Tech Stack

A curated set of tools I use to build and secure web applications.

// Frontend
ReactNext.jsTypeScriptTailwind CSSFramer MotionHTML5/CSS3
// Backend
Node.jsExpressPythonREST APIsPostgreSQLMongoDB
// Security
OWASP Top 10Burp SuiteNetwork BasicsCTF ChallengesSecure CodingThreat Modeling
// Tooling
GitVS CodePostmanFigmaChrome DevToolsLinux CLI
// DevOps
DockerVercelGitHub ActionsNginxAWS BasicsCI/CD
Security Tools

Mini Security Utilities

Client-side tools — all processing happens locally in your browser. No data is ever sent anywhere.

🔐 Password Strength100% Offline
// Check if your password meets security criteria
→ Waiting for input...
#️⃣ SHA-256 Generator100% Offline
// Generate a one-way cryptographic hash
→ Hash will appear here...
🔑 JWT Decoder100% Offline
// Decode and inspect JSON Web Token payloads
→ Decoded payload will appear here...
Writeups

Notes From the Trenches

Technical articles, CTF writeups, and things learned the hard way.

Dec 15 2024
XSS Basics: Understanding Cross-Site Scripting
A beginner-friendly deep dive into XSS vulnerabilities, how they work, and how to prevent them.
SecurityWebXSS
6 min → Read
Nov 20 2024
Building Secure APIs: A Practical Guide
Best practices for API security including authentication, rate limiting, and input validation.
SecurityAPIBackend
8 min → Read
Oct 28 2024
CTF Writeup: Web Challenge 'Hidden Admin'
Walkthrough of a web CTF challenge involving forced browsing and privilege escalation.
CTFWriteupWeb
5 min → Read
Sep 15 2024
React Performance: Beyond the Basics
Advanced techniques for optimizing React apps, from memo to virtualization.
ReactPerformanceFrontend
7 min → Read
Aug 10 2024
Introduction to Threat Modeling for Developers
How to think about security during the design phase of your applications.
SecurityArchitectureDesign
6 min → Read
Jul 5 2024
Docker Security Basics for Web Developers
Essential security practices when containerizing your web applications.
DockerDevOpsSecurity
5 min → Read
Contact

Let's Build Something Together

Got a project, a role, or just want to say hi? I'll get back to you within 24 hours.

john@mayoka.dev
New York, USA — Open to Remote