The application side
An “infra” profile that has never written an application reasons in a vacuum. I come from development (fullstack internships, freelance work, mobile), and that is what gives meaning to my infrastructure choices: I know what the code expects from the platform, and what production demands from the code.
How I approach an app
- Modeling first. The data schema is the most expensive part to change: it gets designed before the code.
- Clean boundaries: a contract-based API (REST, OpenAPI), clear front/back separation, business logic testable outside the framework.
- Proven, typed technologies. TypeScript end to end where it makes sense (NestJS, Angular, React), PostgreSQL by default, a typed ORM (Prisma, Sequelize).
- Designed to be operated: useful logs, per-environment configuration, clean shutdown. The Hub is the full illustration.
Application security, from the design stage
The classic vulnerabilities are handled at design time, well before the end-of-project audit:
- Injections (SQLi): parameterized queries and ORMs everywhere, never concatenated SQL.
- XSS: frameworks’ default escaping is respected, no HTML built by hand from user data.
- CSRF: protections matched to each app’s authentication mode.
- Anti-bot: Cloudflare Turnstile on public forms, to handle spam and abuse without degrading the experience.
- Authentication: OAuth when delegated identity makes sense, proper credential hashing, tokens never stored in plaintext (secrets management).
These practices come from real experience. At Koméo, on a PHP app developed solo end to end, SQLi, XSS and upload hardening was part of the delivered work. At Auchan, the rebuilt back end (Node.js, Sequelize) served several hundred employees behind directory authentication.
Sites in production
Client sites designed, developed, put into production and operated ever since: e-commerce, brochure sites, a product application, served by the infrastructure detailed on the Projects page. Each one has its own page, with its stack and a behind-the-scenes look, in the Work section. What matters is seeing them run over time: backed up, monitored, maintained.
Reading
- Maintainable: end-to-end typing, contract-based boundaries, modeling treated as the main investment.
- Secure: the classics (SQLi, XSS, CSRF) handled by construction, anti-bot and OAuth where relevant.