My Portfolio Looks Like a 7th Grade Notebook...

...But My Code Ships to Production

Full-Stack Developer & ISC2 Certified Security Pro specializing in secure, scalable web applications

ISC2 Certified TryHackMe Mage
Check Out My Work

Which One Are You?

Need a Website or App Built?

I'm a freelance developer who builds secure, scalable web applications for businesses. I handle everything from design to deployment—no tech jargon, just results.

  • Full-stack development (I build the whole thing)
  • Security-first approach (your data stays safe)
  • Post-launch support (I don't disappear)
See My Work

Hiring a Developer?

I'm a Computer Science student & ISC2 Certified Cybersecurity professional looking for internships and full-time roles. I specialize in building production-ready apps with Angular, NestJS, and PostgreSQL.

  • Application Security (OWASP, JWT, secure auth)
  • Full-stack experience (3+ production projects)
  • Cloud deployment (GCP, containerization)
View Technical Skills

About Me

I'm Boitumelo—a Full-Stack Developer and ISC2 Certified Cybersecurity professional from Zimbabwe. I build production-ready web applications with a security-first mindset.

Whether you need someone to build your business a custom web app, or you're hiring for a developer role, here's what I bring to the table:

  • Full-stack development experience (Angular, NestJS, PostgreSQL)
  • Application Security expertise (OWASP, secure auth, threat modeling)
  • Production deployments (GCP, Docker, CI/CD)
  • Community leadership (Tech Lead at YAIL Gweru Hub)

I'm currently completing my Computer Science degree at Midlands State University while working on projects that make a real impact in African contexts. My thesis project (Calma) is an AI mental health chatbot designed specifically for Zimbabwean users.

When I'm not coding, I'm helping bridge the AI gap by teaching local developers, or speaking at events like GDG DevFest 2025 about deploying applications securely to the cloud.

Bottom Line: I write code that works, ships on time, and doesn't create security nightmares for your team.

Boitumelo
Zimbabwe

Skills & Technologies

Frontend Dev

  • Angular (Advanced)
  • HTML5 & CSS3
  • Modern JavaScript
  • Responsive Design
  • Leaflet.js
  • UI/UX Principles

Backend

  • NestJS
  • PostgreSQL & Prisma
  • RESTful APIs
  • JWT Auth
  • Database Design

Cybersecurity

Key Strength!
  • ISC2 CC Certified
  • TryHackMe Mage
  • HackTheBox Active
  • Secure Coding
  • Vulnerability Assessment
  • Penetration Testing

Cloud & Tools

  • Google Cloud Platform
  • Git/GitHub
  • Agile Methods
  • DevSecOps
</>

Languages

  • TypeScript/JavaScript
  • Java
  • Python

CS Fundamentals

  • Data Structures
  • Algorithms
  • OOP
  • Network Architecture
  • Database Design

Certifications & Achievements

ISC2 Certified in Cybersecurity (CC)

Industry-recognized certification demonstrating foundational cybersecurity knowledge and best practices. Validates understanding of security principles, network security, and risk management.

Professional Certification
MAGE

TryHackMe - Mage Rank

Advanced rank demonstrating practical hands-on cybersecurity skills through penetration testing challenges, web security, network analysis, and digital forensics.

Practical Skills
root@htb:~# pwned!

HackTheBox Active User

Continuously developing offensive security skills through ethical hacking challenges and CTF competitions.

Continuous Learning
GCP

Google Cloud Platform

Extensive hands-on experience with GCP services, cloud infrastructure, and deployment strategies. Applied directly in DevFest cloud security talk.

Cloud Expertise

Featured Projects

Building technology for African contexts

01

Selah - Privacy-First Digital Sanctuary

Beta v1.0

BUSINESS RESULT

A Progressive Web App designed as a "digital sanctuary" for journaling with AI-powered scripture-based guidance. Unlike standard journaling apps, Selah integrates a context-aware AI Pastor while enforcing military-grade privacy standards.

Emotionally resonant design meets architecturally paranoid security.

  • AI-powered spiritual guidance (context-aware theological reasoning)
  • Zero-knowledge sharing (encrypted content, server-blind architecture)
  • Works offline (Progressive Web App, installable on any device)
  • Stealth security (API designed to appear "dead" to scanners)

UNDER THE HOOD

Stack: Bun Hono React + Vite Supabase (PostgreSQL) Google Cloud Run Vertex AI (Gemini)

Security Architecture: Zero-knowledge sharing using Web Crypto API, client-side encryption, fail-closed CORS

Infrastructure: Dockerized stateless containers, <10ms cold start times with Bun runtime

Privacy: Encryption keys never touch the server (stored in URL fragments), Row Level Security on database

Engineering Highlights:
  • Zero-Knowledge Sharing: Implemented Firefox Send-style architecture—content encrypted client-side before network transmission, decryption key stored in URL hash (browser never sends to server)
  • Stealth API: Root endpoint returns 404 to hide stack fingerprints, strict CORS hardcoded to production domain only
  • CI/CD Fix: Resolved Google Cloud Build deadlocks by bypassing default storage sinks, streaming logs directly to Cloud Logging
  • AI Token Optimization: Built recursive token-budgeting system for complete theological responses (1024 token context window)
  • Native PWA Feel: Framer Motion for liquid transitions, strict manifest.json to remove browser chrome

This project showcases security-by-design thinking—not just features, but paranoid architecture that assumes breach.

View Live Demo
02

Crowdfunding Platform

In Development

BUSINESS RESULT

A fully-functional crowdfunding platform that lets organizations launch campaigns, accept donations, and track progress in real-time. Built for the Zimbabwean market with payment gateway integration and geographic campaign mapping.

Think: "Kickstarter for Zimbabwe"—but with transaction security and data privacy baked in from day one.

  • Secure payment processing (encrypted transactions)
  • Real-time donation tracking (live updates)
  • Campaign analytics dashboard (see what's working)
  • Mobile-responsive (works on any device)

UNDER THE HOOD

Stack: Angular NestJS PostgreSQL Prisma ORM Leaflet.js

Security: JWT-based authentication, input validation, SQL injection protection

Architecture: RESTful API, modular backend services, normalized database

Integrations: Payment gateway API, interactive maps with custom markers

Key Technical Challenges Solved:
  • Secure user authentication flow with role-based access control
  • Real-time donation tracking without database bottlenecks
  • Payment gateway integration with transaction rollback logic
  • Geographic data visualization with custom map markers
03

Calma - AI Mental Health Chatbot

Thesis Project

BUSINESS RESULT

An AI-powered mental health chatbot that provides culturally-aware psychological support for Zimbabwean users. Unlike generic chatbots, Calma understands local languages and cultural context (Ubuntu philosophy).

This isn't just a tech demo—it's a deployable solution that respects data privacy (runs locally, no data leaves Zimbabwe).

  • 24/7 mental health support (always available)
  • Culturally appropriate responses (trained on local context)
  • Privacy-first design (data stays on your servers)
  • Evidence-based therapy techniques (not just feel-good quotes)

UNDER THE HOOD

Stack: Mistral 7B (fine-tuned LLM) NestJS Angular Microservices

AI/ML: Fine-tuned open-source language model with custom training data

Architecture: Microservices design pattern, API gateway, containerized deployment

Security: Local deployment (data sovereignty), encrypted conversations

Innovation: Custom prompt engineering for cultural context integration

Key Technical Achievements:
  • Successfully fine-tuned Mistral 7B for Zimbabwean linguistic context
  • Built microservices architecture for scalable AI inference
  • Implemented evidence-based therapy protocols in conversation logic
  • Designed system for offline deployment in low-connectivity areas

This project was my undergraduate thesis—combining AI, full-stack dev, and cultural research.

04

HiveFund — Digital Savings Circle Platform

Hackathon Winner · 3rd Place

BUSINESS RESULT

A Progressive Web App that digitizes mukando — Zimbabwe's traditional rotating savings circles — giving communities a secure, transparent platform to manage group savings, track contributions, and build credit history. Built for the Econet E-novate Expo hackathon.

"Community banking for Zimbabweans who've always done it this way — now with accountability, security, and a credit score at the end."

  • EcoCash integration (payments through Zimbabwe's dominant mobile money platform)
  • Transparent contribution tracking (everyone sees the same ledger)
  • Automated credit scoring (your savings history becomes your financial identity)
  • Works offline (PWA — because connectivity isn't guaranteed)

UNDER THE HOOD

Stack: React Native EcoCash API Firebase PWA

Security: Encrypted transaction records, authenticated group membership

Innovation: Credit scoring algorithm built on savings behaviour — turning informal financial participation into verifiable credit history

Key Technical Challenges Solved:
  • Designed and shipped a full MVP under hackathon time constraints
  • Integrated EcoCash mobile money API for real transaction processing
  • Built a credit scoring model from savings circle participation data
  • Architected for offline-first usage in low-connectivity environments

This project placed 3rd at the Econet E-novate Expo (Dec 2024) — competed against teams from across Zimbabwe.

View Live Demo

Community & Speaking

GDG Harare DevFest 2025

"The Modern Developer's Security Toolkit: How to Deploy Safely in the Cloud"

My first tech talk! I shared practical insights on cloud security best practices, secure deployment strategies, common vulnerabilities, and essential security tools for modern developers.

Topics Covered:
  • Cloud security fundamentals
  • Secure CI/CD pipelines
  • Common cloud misconfigurations
  • Security tools and automation
  • Real-world incident examples

Passionate about sharing knowledge and contributing to Zimbabwe's growing tech community!

GDG on Campus MSU Gweru

Developer Technologies Lead · Core Team Member

Core team member of Google Developer Groups on Campus at Midlands State University. I lead the Developer Technologies track — covering web development, cloud, and security — organising workshops, study sessions, and events that build technical capacity for students at MSU.

Topics Covered:
  • Web development fundamentals and modern frameworks
  • Cloud deployment and infrastructure
  • Security basics for developers
  • AI tools and practical applications

Part of the global GDG network — bringing Google developer culture to Gweru.