Right now I'm shipping FratDoor (event ops used by 42 fraternities), TextCloaker (AI text cloaking, 7,000+ users), and writing daily for The Gray Area.
ScrollI build full-stack systems with a backend focus and a growing front-end practice. I write daily for The Gray Area and serve as Director of Technology for IFC on the Hill at CU Boulder.
I’m rolling out FratDoor across 42 fraternities, processing 300,000+ check-ins across 1,500+ events to replace paper lists with a fast, structured door-check system.
FratDoor is my most promising startup so far, and I’m actively searching for new prospects to adopt it and pioneer deployments at additional schools.
I’m also building TextCloaker , a web app that cloaks AI-generated text to reduce AI-detector flags without ever changing the text.
As Director of Technology, I built CU EventHub from the ground up to standardize event registration and safety workflows, and I also built the Student Living Advocacy Group (SLAG) platform to make housing issues easier to document, aggregate, and act on.
Backend-first, and increasingly hands-on with modern front-end frameworks. Above all I build utility-focused: every project solves a concrete problem, and when an existing tool falls short I build the missing piece myself. For FratDoor’s offline sync, that meant a custom ULID-based idempotency layer I wrote into an NPM library, because Firestore’s own offline and ID handling didn’t behave the same across platforms and I needed guaranteed exactly-once writes everywhere. I also publish SEO and portfolio guides on The Gray Area , and this site itself was a front-end trial run, with its source on GitHub .
Offense and defense. I hunt bug bounties and build my own recon-and-scan tooling to surface vulnerabilities fast. On the build side, I’ve secured 150,000+ real check-ins on FratDoor behind passes that can’t be screenshotted, shared, or replayed, and I pen-test my own products before they ship. Sensitive keys and data never leave the server, every action is logged so it can’t be quietly rewritten, and forged requests are rejected at the backend rather than just hidden in the UI.
Writing is how I think out loud. I founded and run The Gray Area , a tech publication now read by more than 2,000,000 people across 30+ contributors, where I publish security research, vulnerability disclosures, deep-dive tutorials, and essays on the craft of shipping software. My own pieces have reached over half a million readers, and I still publish something new most days, from P1 write-ups to step-by-step build logs.
The door system 42 frats actually run on — ID/QR scanning, ticketing, and live capacity that keeps working even when the venue WiFi dies (I open-sourced that part). 150,000+ swipes across 300+ events.
FratDoor is the check-in operating system I built and deployed as Director of Technology for IFC on the Hill at CU Boulder. What started as a smarter replacement for printed door lists grew into a full event-ops platform: 42 chapters running ID/QR scanning, blacklist enforcement, ticketing, capacity gates, and live attendance analytics. Most of the hard engineering went into reliability — keeping scanners working through venue WiFi blackouts (which became its own open-source library), deduplicating swipes when two doors race, and squeezing Firestore reads down 70–80% via aggressive client-side caching. It's processed 150,000+ swipes across 300+ events and become the de facto door system on the Hill.
Companion product: CU EventHub (party registration + oversight)
Companion library: offline-sync-engine on NPM (try the live demo)
Makes AI-written text undetectable while leaving it word-for-word identical — no rewording, no paraphrasing. Pick a cloak strength and it sails past GPTZero, Turnitin, and Originality.ai. 7,000+ users worldwide.
TextCloaker is the AI text protection tool I started after watching students and writers get falsely flagged by brittle AI detectors. It makes AI-generated text read as human to detectors like GPTZero, Turnitin, and Originality.ai — without changing a single character a person can see. Instead of paraphrasing, a proprietary multi-layer cloaking engine alters only what the detectors parse, so the visible text stays word-for-word identical. Pick a cloak strength (Light, Regular, or Deep), batch-upload whole .docx essays, or run it from the Chrome extension while you write. 7,000+ users worldwide lean on it, with typical detection dropping from ~94% to ~2%.
Builder at heart
CS student at CU Boulder and Director of Technology for IFC on the Hill. My work spans event platforms, AI products, security research, and data-heavy web apps — usually whichever problem is worth solving next.
The check-in operating system I built and deployed as Director of Technology for IFC on the Hill at CU Boulder. 42 chapters use it for ID/QR scanning, blacklist enforcement, ticketing, capacity gates, and live attendance analytics — backed by my own offline-first sync layer that keeps scanners working through venue WiFi blackouts. 150,000+ swipes processed across 300+ events.
AI text protection tool I started after watching students and writers get falsely flagged by brittle AI detectors. Makes AI-generated text undetectable while leaving it word-for-word identical — no rewording, no paraphrasing — so it reads as human to GPTZero, Turnitin, and Originality.ai. Pick a cloak strength, batch-upload essays, or run it from the Chrome extension. 7,000+ users worldwide.
Keeps your check-in scanner working when the venue's WiFi dies. A tiny offline-first mutation queue + idempotent server primitives I built for FratDoor and open-sourced — ~900 lines, zero runtime deps, on NPM. ULID idempotency keys + IndexedDB persistence give exactly-once delivery even through ack-loss, browser refreshes, and server restarts. Optional SSE-based realtime + catch-up replay (same pattern as Linear's sync engine) lets multiple scanners coordinate at the door.
A lightweight GitHub Actions cron I built while apartment hunting in Boulder. Every 24 hours it scrapes my target building's listings, scores each 2BR unit by floor plan + Flatirons view, and emails me a diff summary so I can pounce the day a good unit opens. Runs free on Actions minutes — beats refreshing the page 50 times a day.
Photography portfolio I designed and built for Nick Lathrop, a senior-portrait and sideline shooter based in Golden, CO. Astro 5 + Svelte islands + Tailwind v4, with GSAP ScrollTrigger smoothness and a PhotoSwipe lightbox. A Playwright stealth scraper running on a 24-hour GitHub Actions cron pulls fresh Instagram posts (bypassing API restrictions), pushes full-res images to Cloudflare R2, and triggers a Netlify rebuild — so the portfolio updates itself whenever Nick shoots.
Centralized event registration and safety workflow hub I built for IFC on the Hill chapters at CU Boulder. Chapters submit parties, surface emergency contacts, coordinate with risk managers, and standardize event compliance — all from a single dashboard that pairs with FratDoor at the door itself.
Reporting hub I built so off-campus students on the Hill in Boulder can document housing problems — predatory leases, maintenance neglect, neighbor disputes — and feed them into a structured advocacy pipeline for IFC and local stakeholders.
Unity + C# mobile collection bundling Flappy Bird, Stacker, Pong, and Brick Breaker into a single App Store release — my first commercial mobile product, complete with in-app payments and rewarded ads. The project that taught me the full ship-to-store pipeline end to end.
Version 4.0 of my personal site, hand-built in SvelteKit + Tailwind. Doubles as my front-end playground — every iteration ships some new pattern I want to try (parallax scrolls, glassmorphic cards, observer-driven animations) without breaking the SEO and performance gains from prior versions. Source is on GitHub if you want to poke around.
Online arcade I'm building with a friend — a single hub where friends drop in to play classic browser games together or solo. Live preview is up; still iterating on the lobby + matchmaking layer.
Experimental chat room that wires the BB84 quantum-key-distribution protocol up to a live messaging UI. Two browsers negotiate a shared key over a simulated quantum channel, detect eavesdropping via QBER, and symmetric-encrypt every message — basically QKD as a teaching toy you can play with in your browser.
Chrome extension I built in high school that auto-calculates weighted and unweighted GPAs directly inside the PowerSchool gradebook — no scraping, no logins, just a clean overlay on top of the page. Still pulling installs from the Chrome Web Store years later.
Automation that watches @TGAonMedium's Medium feed and posts each new Gray Area article to Twitter the moment it goes live. Runs on Heroku off the Medium RSS feed + the Twitter API — zero manual work between drafting and audience.
Bash-driven recon and vulnerability scanning toolkit that wires together Nikto, Nuclei, SQLMap, gau/gauplus, anew, httpx, and waybackurls behind a single command. My opening move in bug-hunting engagements: pick a target, run one script, walk away with a structured set of leads.
Telegram bot I built as a front-end for my bug-bounty workflow — DM it a target and it kicks off recon, subdomain enumeration, vulnerability scans, and reporting steps that I'd otherwise chain by hand in the terminal.
Hotplug attack payloads I wrote for the Hak5 Bash Bunny — the small USB device that emulates HID, ethernet, and storage to drop into a locked machine in seconds. Covers credential grabs, network reconnaissance, and quick-touch persistence checks during physical pen tests.
Python scripts I wrote during a P1 bug-bounty engagement to enumerate IDOR (Insecure Direct Object Reference) endpoints — base64-encoding then URL-encoding values to bypass weak access controls. The full disclosure write-up lives on my Medium.
Healthcare-accessibility chatbot that won the MetroHacks 2022 healthcare track. Built in 24 hours with Svelte + Tailwind + TypeScript on the front-end and a Python + Cohere-powered intent classifier on the back-end, plus Twilio for emergency SMS escalation. The bot interprets free-text health questions and returns mapped/graphed information — or routes the user to emergency services when intent warrants it.
Reusable starter template I cut from my actual project boilerplate — Svelte + Bulma on the front, Python on the back. Saves me roughly an hour of yak-shaving every time I start a new prototype.
Beginner-friendly template for spinning up your own ERC-20 token in REMIX. Ships three Solidity contracts at escalating complexity, deploy scripts using web3.js + ethers.js, and Solidity unit tests — meant as a learning scaffold (and absolutely not a rug-pull starter kit, despite what the dropdown might suggest).
Working notes, code, and Python explorations from my Discrete Math class at CU Boulder. Set theory, graph algorithms, combinatorics, and a handful of fractal visualizations that ended up being the most fun part of the semester.
