Skip to content

Selwyn UyFull Stack Next.js Web Developer

I build web apps that are secure before they're anything else.

Full-stack Next.js engineering with a security background, so the things most teams patch later, I get right from the first commit.

Get in touchView my work →
selwyn@portfolio:~

$ whoami

Full Stack Next.js Web Developer

$ cat stack.txt

Next.js React TypeScript Node.js PostgreSQL Supabase

● Available for work

Status
Open to roles
Shipped
cseexamreview.com

02The story

Why secure by default

  1. The origin

    I came to development from security.

    Before I was shipping features, I was thinking about how systems break, how data leaks, how auth gets bypassed, how an innocent input becomes an exploit. That lens never switched off when I started building products.

  2. The approach

    So I build the opposite way most teams do.

    Security usually gets bolted on at the end, under deadline pressure. I start there: validated inputs, least-privilege access, and secrets that never touch the client, baked in from the first commit, not retrofitted after an audit.

  3. What it means for you

    You get full-stack speed without the security debt.

    I deliver complete Next.js products, database to deployed, that are fast and well-built, and that don't hand your team a backlog of vulnerabilities to clean up later.

Email

selwyn.cybersec@gmail.com

GitHub

@Selwynuy

LinkedIn

selwyn-uy
  • Next.js
  • React
  • TypeScript
  • Node.js
  • PostgreSQL
  • Supabase
  • Tailwind CSS
  • Auth.js
  • Next.js
  • React
  • TypeScript
  • Node.js
  • PostgreSQL
  • Supabase
  • Tailwind CSS
  • Auth.js
  • Zod
  • Vercel
  • Web Security
  • OWASP Top 10
  • Penetration Testing
  • Burp Suite
  • Threat Hunting
  • Zod
  • Vercel
  • Web Security
  • OWASP Top 10
  • Penetration Testing
  • Burp Suite
  • Threat Hunting

03Selected Work

Projects

The proof. Each of these shipped, here's what they did, not just what they used.

01Featured

CSE Exam Review

A platform I founded to help people prepare for the Civil Service Exam. Built and shipped end to end on Next.js, from the database to deployment, with authentication and content delivery handled securely.

  • Next.js
  • TypeScript
  • PostgreSQL
  • Tailwind
  • Auth
Live
02

Penethodix

A tool I built for my own pentest workflow: a state-aware notebook that tracks engagements by phase, logs targets and ports, keeps findings in markdown, and suggests next steps from the services it detects. The security work I do, turned into software.

  • Next.js 16
  • TypeScript
  • Supabase
  • Radix UI
Code ↗
03

SelVis

A build to explore intrusion detection visually: it turns network traffic into a live dashboard of charted signals, alert states, and drill-downs. My security lens applied to data visualization.

  • Next.js
  • TypeScript
  • Recharts
  • Tailwind
LiveCode ↗

04The Handbook

How I actually build

Not just what I shipped, but how. A fact-checked field guide to building production Next.js apps, and you can drop any section straight into your own AI.

38 pages, and growing

From the first commit to deployment: project setup, security by default, the integrations I reach for, SEO, analytics, and shipping. Every page is verified against the current Next.js docs.

  • Foundations
  • Architecture
  • Design
  • Security
  • Integrations
  • Growth
  • Ship
Read the handbookor start a project →

$ copy for AI

Read /d/security.md and apply the security setup to my project.

paste into your assistant

05Background

Experience

The track record, where I've built and what I owned.

  1. Founder and Full Stack Developer

    2026, Present

    cseexamreview.com (Self-employed)

    • Founded and shipped cseexamreview.com end to end on Next.js, a Civil Service Exam prep platform built from database design through production deployment.
    • Owned the auth and data layer with a security-first posture: validated inputs, least-privilege access, and secrets kept off the client.
    • Run the full lifecycle solo, architecture, build, and release, shipping continuously.

  2. Web Developer

    2026, Present

    Forthwith Industry LLC

    • Build and ship production Next.js applications (App Router, Server Components) in TypeScript for a US-based team, remote.
    • Implement authentication, middleware, and server actions with least-privilege access across administrative routes.
    • Apply Security-by-Design defaults, strict input validation, CSP, and secure HTTP headers, to harden against OWASP Top 10 risks.

  3. Cybersecurity Intern (VAPT)

    2026

    Black Bear Securities

    • Ran vulnerability assessments across web applications and APIs using OWASP methodologies, identifying and reporting high-severity findings.
    • Validated exploitability with manual and automated testing and wrote proof-of-concept exploits to help engineering prioritize remediation.
    • Delivered technical reports and executive summaries, then verified that hardening controls (auth hardening, input validation, CSP) were correctly implemented.
Download résumé ↓

06Credentials

Certifications

The receipts behind the security claim. Credentials, not adjectives.

Cloud skill badges

07Contact

Let's build something.

Have a role, project, or idea in mind? Send a message and I'll get back to you. Or reach me directly at selwyn.cybersec@gmail.com.

South Cotabato, PH · Remote