Note
Professional portfolio of IAM, CRM, and security case studies. Most work is proprietary enterprise and client systems; linked repositories are reviewable excerpts for IAM, CRM, security, and implementation depth.
Cyber Security · IAM · CRM Engineering. I ship access-controlled business systems with audit-grade discipline.
Open to contract and full-time roles: CRM Systems Engineer · Business Systems Engineer · Salesforce / Zoho Administrator-Developer · IAM Analyst / IAM Engineer · Security Automation Engineer · Internal Tools Engineer · Solutions / Technical Implementation Engineer · IT Systems Administrator (automation + security)
- IAM & access control: entity/field RBAC, MFA, audit trails, PII field governance; StrikeScope + bank/government-grade integration patterns
- CRM & business systems: production Zoho org (~100 automations), Salesforce certified (Admin + Advanced Admin), multi-tenant CRMs, lender/permitting API integrations
- Security automation & delivery: migration tooling (DNS-Sentinel), hardened client deployments, idempotent SQL migrations, internal tools
| Role focus | Start here |
|---|---|
| IAM / security engineering | StrikeScope IAM · RawGraded assurance · RawInvestor loopback auth · RoofRoofTexas hardening |
| CRM / business systems | Zoho at scale · StrikeScope pipeline · RoofRoofTexas case study |
| Solutions / internal tools / implementation | DNS-Sentinel · OrphanHunter · Portfolio at a glance |
Secure the identity layer. Automate the CRM. Audit everything. Role-scoped data, server-side secrets, idempotent migrations.
Most of my engineering career has been in private, proprietary enterprise and client systems: CRMs, IAM platforms, integrations, and security automation. Public repos here are case studies I can share for recruiter and security review. The rest stays with clients.
Click a bar to expand.
Custom CRM & business platforms: multi-tenant CRMs built from scratch and deep customization of platform CRMs. Role-based access control, field-level PII governance, multi-role assignment (sales agents, project managers, regional managers), customer and agent portals, document/agreement vaults, and audit trails.
Contract/consulting engagement: configured a production Zoho org for a since-wound-down multi-state solar/roofing operator (independent contractor; not an employee of that company or of Zoho) with roughly 100 workflows and automations spanning project scopes, activities, and pipeline stages:
- Zoho Flow automation suites orchestrating cross-app processes end to end
- Custom modules and calculators inside Zoho CRM for advanced payout and commission math
- Custom portals for customers and sales agents with multiple assignment models
- Automatic notifications with processing math baked into the pipeline
- Full-stack adoption across Zoho CRM, Projects, Analytics, WorkDrive, and Flow
(The org served a company that has since wound down, so the live deployment isn't publicly demonstrable. The patterns live on in everything below.)
Integrations, APIs & webhooks: production webhook and API integrations with banks/lenders (financing flows) and permitting jurisdictions, plus Google Workspace sync, marketplace APIs, and document pipelines. Data migration between systems is routine work: CSV/structured imports, idempotent dated SQL migrations, dedupe-on-ingest, export/import tooling.
Security patterns aligned with regulated environments: banking- and government-style RBAC, role-scoped visibility, server-side key handling, audit/activity trails, and duplicate-safe, charset-safe migration practices.
Client systems, described conceptually unless linked below.
StrikeScope portfolio case study: self-hosted multi-tenant CRM with entity + field-level RBAC, TOTP MFA, audit trail, Activepieces orchestration, and Dev Studio AI that observes schema/code structure. Full lead-to-install pipeline (commissions, financing, territory, field PWAs, customer portal). IAM model · Sentinel roadmap (WIP)
Field-operations CRM for multi-region installation crews: four role-scoped experiences (admin console, CRM desk, foreman mobile, restricted crew shell), two-way Google Calendar sync and Drive mirroring, QR crew check-in with geofenced sites, guided photo/video proof-of-work with GPS/timestamp forensics, permit document OCR, SLA dashboards and shift analytics, bilingual EN/ES field UX. React + Express + MySQL with dated idempotent migrations.
Public case study: see RoofRoofTexas EXPAND below.
Self-hosted CRM built to demonstrate enterprise IAM and a credible path toward local AI security operations.
Shipped IAM: JWT + bcrypt + optional TOTP MFA · entity CRUD permissions per role · field-level PII (ssn_last_four, date_of_birth, co-signer fields) · multi-company membership · audit trail · scoped automation service keys · Helmet + rate limits.
Platform: Express + SQLite monorepo · Admin CRM + Server Admin · Field/Installer/Monitor PWAs · Activepieces event orchestration · Dev Studio local AI (RAG over schema, migrations, ship/rollback).
WIP: Sentinel roadmap, local AI SIEM/SOAR with company-maintained playbooks (roadmap documentation only).
Go deeper: Repository · SECURITY-IAM.md · Architecture
Custom tooling for people who need extreme PDF compression without touching a terminal.
Problem: 50 MB scan PDFs blocked email and portal uploads. Existing shrinkers were CLI-only, conservative, or buried in IT tooling.
Shipped: Tkinter desktop app with Ultra (max shrink) Ghostscript profile, full preset ladder, Ghostscript + PyMuPDF raster modes, Check Sizes preview (runs every preset before commit), and only keep if smaller safety. Portable 73 MB exe bundles Ghostscript for double-click use by office staff.
Go deeper: Repository · Portable exe
Custom tooling: turn line-art door designs into a print-ready luxury catalog, with recovery when cloud source data is gone.
Problem: An unnamed manufacturer client needed photorealistic catalog renders from B&W line art at SKU scale. Cloud assets were later deleted; only the finished PDF survived.
Shipped: React + Vite app with Gemini Nano Banana (gemini-2.5-flash-image / gemini-3.1-flash-image-preview) queue processing, teal glass unification, jsPDF catalog export (covers, spreads, index), PDF operator-list reverse engineering to rebuild the IndexedDB queue from output PDF alone, WooCommerce ZIP export, and WP Media Mapper Chrome extension.
Go deeper: Repository · Showcase renders
Built during a ~1 TB GoDaddy M365 → Google Workspace cutover when registrar and vendor support couldn't agree on DNS state.
Problem: Mid-migration email failures with blame shifting across GoDaddy, Microsoft, and Namecheap. No single view of MX, SPF, DMARC, SMTP reachability, or site stack exposure.
Shipped: Full-stack audit tool with domain score (SSL, headers, path exposure), email provider heuristics (Google/M365/GoDaddy legacy), SMTP + MX banner tests, WordPress vs Vite dist detection with optional deep scan, SQLite audit history, and server-proxied Gemini fix guides and migration chat.
Go deeper: Repository
Public case study: full redesign, re-architecture, security hardening, and local SEO for a Houston roofing company, built lean on purpose.
Problem: Thin one-pager with no project gallery, mobile nav hidden below 768px, client-side-only form validation, SEO artifacts referenced but never deployed.
Shipped:
- Design system: brand-aligned navy/red palette, SVG icon sprite, consistent card and section language
- Real proof content: project gallery with responsive photography and aerial drone flyovers
- Live service-area map: interactive coverage across 14 Greater Houston cities, lazy-loaded with integrity-pinned CDN
- Media pipeline: multi-MB source photos and 4K drone video compressed to sub-2 MB WebP/MP4 deliverables
- Conversion form: CSRF, honeypot, minimum-delay check, per-IP rate limiting, origin/referer whitelisting, server-side sanitization (no third-party CAPTCHA)
- Server hardening: CSP, HSTS (1 year),
X-Frame-Options,nosniff, referrer/permissions policies; PHP execution blocked under/assets - SEO infrastructure: full JSON-LD
@graph(RoofingContractor, FAQPage, VideoObject, ItemList), sitemap, robots,llms.txt, geo meta, Open Graph + Twitter Cards - Accessibility: skip links, ARIA landmarks, keyboard-operable accordion, reduced-motion and save-data video gating, WCAG 2.2.2 media pause control
Before / After
| Before | After |
|---|---|
![]() |
![]() |
Go deeper: Case study repo · Live site
Business systems, IAM, and security work first, then shipped desktop products used as assurance publications.
Tier 1: Business systems, IAM, security
| Project | One-liner | Status |
|---|---|---|
| StrikeScope | Self-hosted CRM + IAM, entity/field RBAC, MFA, audit, automation orchestration | Portfolio case study |
| RoofRoofTexas rebuild | Client site, CSP/HSTS, hardened forms, SEO infrastructure | Live · case study |
| DNS-Sentinel | M365 → Google Workspace DNS/migration auditing | Portfolio tool |
| OrphanHunter | Web app crawl, SQL/table/reference audit for migrations | Portfolio tool · v1.3 |
| PDF Size Reducer | Desktop PDF shrinker, Ultra preset, size preview, portable exe | Portfolio tool |
| LuxuryCatalog | AI catalog pipeline with PDF disaster-recovery reverse engineering | Portfolio tool |
| Zoho production org | ~100 workflows/automations, Flow, custom modules. See Enterprise section | Private client work |
Tier 2: Shipped desktop apps & assurance publications
| Project | One-liner | Status |
|---|---|---|
| RawGraded | Desktop + vault API, assurance publication (SPII strip, threat model) | Shipping · reviewable source |
| RawInvestor | Local-first desktop, loopback API, token auth, Microsoft Store | Shipping · assurance repo |
| RawMarkets / RawEngine / TheMoun | Internal R&D and hardware program | In progress · secondary |
Published research (non-hiring primary)
| Project | One-liner | Status |
|---|---|---|
| CollectorBuyerPsych | Cited neuro-economic research on collectibles and digital asset markets | Published research |
Collapsible deep dives below.
- Verified CRM scale: archived/downgraded Expert Solar Zoho CRM evidence shows 35K+ visible records across Contacts, Accounts, Calls, Deals, Leads, Emails, and Tasks, with storage at the downgraded 5,000-record cap.
- Certification progress: Salesforce Admin + Advanced Admin; Microsoft SC-300 in progress with 10 Microsoft Learn identity/security badges completed June 13-14, 2026.
CRM platforms, IAM patterns, and integration automation first. TypeScript/Node for internal tools; Zoho Flow/Deluge and Salesforce for business systems; audit-grade migrations and server-side secret handling throughout.
Languages & Runtimes
Frameworks & Tooling
Data & AI
Business Platforms & APIs
Web & CMS
Productivity & OS
Creative
AI Dev Tools
Secondary section: shipped desktop products used as security and architecture case studies. Domain-specific UI; the hiring signal is IAM patterns, loopback APIs, audit discipline, and release integrity.
Click a bar to expand.
| Common pattern | My stack | |
|---|---|---|
| Data sourcing | Manual, multi-tab search across isolated systems | Unified, automated multi-source capture |
| Analysis | Descriptive ("what happened") | Prescriptive, actionable decision signals |
| Privacy & control | Cloud-dependent, vendor-tracked | Local processing, loopback APIs, data stays on-device |
Stack: local-first AI core with loopback inference, evidence cataloging, and a deterministic math layer. Default path requires no cloud upload.
Two stages:
- Vision stage (local LLM inference): phased evidence passes for OCR/text extraction, identity resolution, qualitative notes, and defect cataloging across image and video frames. The model catalogs evidence only.
- Deterministic math stage: rules-based engine computes numeric outputs from cataloged defects, risk factors, and measured geometry. Floors, ceilings, and cross-run consistency live in code.
Architecture: local inference runtime on loopback, with optional bring-your-own-key cloud fallback. Local mode keeps sensitive imagery on-device. Standard and Deep analysis modes trade speed for forensic depth. Output includes auditable traces.
Stack: local-first desktop, PHP vault API, SPII strip on public verify, documented threat model.
Architecture: Windows desktop app (web-tech UI in a native shell) with companion mobile capture, local database for portfolio/provenance, and pluggable AI providers (local-first, optional BYOK cloud). Optional hosted vault at rawgraded.com. Desktop workflow requires no account.
Assurance publication: GatoGodMode/RawGraded, reviewable excerpt (Electron desktop, PHP vault API, landing). Secrets load from runtime settings at deploy time; operator config and schema migration stay out of band. Release integrity gate: node scripts/publish-preflight.cjs.
Security highlights: server-side SPII strip on public cert verify; GO PRIVATE archive control; deterministic grade math with auditable mathTrace. Vault records & SPII controls →
Built for production
| Scale | Security | Polish |
|---|---|---|
![]() |
![]() |
![]() |
| Chunked insurance ledger PDF with progress over 250+ assets | Server-side SPII strip on public cert verify; GO PRIVATE archive control | Three.js viewer with pattern inference |
- Portfolio-grade PDF export with sectioned rendering and live progress UI
- Full vault provenance capture, envelope OCR, and insurance ledger
- Platform showcase (screenshots) →
Stack: loopback-only Express API, token auth, local SQLite authority, MV3 extension posting only to localhost.
Architecture: desktop app with embedded browser workspace, loopback-only local API, and local SQLite as the authoritative store. Optional MV3 extension captures live marketplace context from user sessions and posts it to localhost only.
Shipped on Microsoft Store
Assurance publication: GatoGodMode/RawInvestor, reviewable excerpt (Electron, loopback Express API, MV3 extension). Release integrity gate: node scripts/publish-preflight.cjs.
Go deeper: Security architecture · Security posture · How it works · Microsoft Store listing
Problem: Self-directed investors juggle quote sites, news feeds, spreadsheets, and paid API keys just to see their own positions in context.
How it works: A phased bootstrap (hydrate → news → market → portfolio) pulls live quotes, metals spot prices, and RSS news into a local database, then layers analysis on top:
- Portfolio discipline signals: barbell drift detection, fractional Kelly caps, disposition checks, FOMO cooldowns, quarterly rebalance nudges, fragility alerts
- News Bay: watchlist-aware feed lanes with sentiment scoring and an in-app reader
- Statements Analyzer: import broker CSVs, classify transactions, reconcile into the portfolio
- Local AI Copilot: a locally-run model with retrieval context from your holdings, quotes, news, and research
Architecture: desktop terminal (web-tech UI + local API server + local database), with browser-automation-powered price feeds as the default so live data works without paid market APIs. Cloud AI is optional; local AI and all portfolio data stay on-device. Full database export/import for backup and migration.
Hardware R&D · TheMoun (secondary)
Integrated physical capture workstation. Hardware R&D, secondary to IAM/CRM portfolio. themoun.com · Whitepaper · Market Research · Schematics
RAW product pipeline (continuity reference)
flowchart LR
Moun["TheMoun<br/>(physical capture station)"] --> RawGraded["RawGraded Studio<br/>(local desktop + vault)"]
RawGraded --> Engine["RawEngine Local AI<br/>(on-device inference + math)"]
Engine --> Investor["RawInvestor<br/>(loopback API)"]
Investor --> Markets["RawMarkets<br/>(multi-asset terminal)"]
Third-party names, logos, and certifications (Zoho, Salesforce, Microsoft, Google, PSA, Pokémon, etc.) are used descriptively only. No endorsement, partnership, employment, or agency relationship is implied. Past client work describes independent engineering engagements unless explicitly labeled as a public case study repository. Linked repositories are portfolio and assurance publications for recruiter and security review.
- Target roles: CRM Systems Engineer · Business Systems Engineer · Salesforce / Zoho Administrator-Developer · IAM Analyst / IAM Engineer · Security Automation Engineer · Internal Tools Engineer · Solutions / Technical Implementation Engineer · IT Systems Administrator (automation + security)
- Availability: Contract or full-time · LinkedIn (primary contact)
- LinkedIn: linkedin.com/in/josephedwardscto
- X: @GatoGodMode
- Shipped products: rawgraded.com · Microsoft Store: RawInvestor · themoun.com









