I build and modernize software your business depends on.
New web products built right from day one.
Legacy systems rescued, secured, and modernized.
Trusted technologies
What I do
- 01
Fullstack Development
New websites, web apps, and browser-based products built on a modern stack. TypeScript, Next.js, clean architecture — built to last and easy to hand off.
- 02
System Audit
Full-stack assessment of your codebase, infrastructure, and security posture. You get a prioritized remediation roadmap — not a report that gathers dust.
- 03
Refactoring & Migration
Incremental modernization that keeps your system in production throughout. I move the foundation while the building stays open.
- 04
Security Hardening
Vulnerability triage, dependency remediation, secrets management, and threat modelling. Compliance-ready without the consultant theatre.
- 05
UX Modernization
Replace brittle frontends with fast, accessible interfaces. Same domain logic — dramatically better experience for your users and your team.
From discovery to delivery
Every engagement follows a proven, transparent process — so you always know what's happening and what comes next.
- 01
Discovery
I map your system, constraints, and goals.
- 02
Access & Analysis
Read-only codebase access. Static + manual review.
- 03
Architecture
Target state defined. Migration plan with rollback.
- 04
Execution
Iterative delivery. Working software at every checkpoint.
- 05
Handoff
Docs, tests, knowledge transfer. Your team owns it.
How much risk is your system carrying?
Toggle the issues that apply to your codebase. See your risk level in real time.
Risk Score
Your system looks healthy. Proactive audits keep it that way.
Book a free audit call
Engineer. Auditor. Developer.
I'm Niclas — a web engineer based in Germany. I build web products and modernize the systems companies depend on. I've been doing this since 2021, first as a freelancer, now alongside graduate studies in Computer Science at TU Darmstadt and a working student role in cybersecurity at FTI Consulting.
What shapes how I build isn't only engineering experience. Three years inside EY's IT audit practice — reviewing security controls, infrastructure, and financial systems for major aviation and fashion companies across Europe — gave me a perspective most developers don't have. I know what breaks at scale, what gets flagged in a compliance audit, and what 'secure by default' actually requires in practice.
Common Questions
For an initial assessment, no. I can start with architecture diagrams, infrastructure reviews, and a walk-through. For a deep-dive audit or modernization project, read-only access is eventually required. I sign strict NDAs before any code is shared.
Yes. I have successfully migrated systems running on PHP 5, jQuery, and outdated Java stacks. The principles of legacy modernization — strangler fig pattern, parallel runs, and incremental refactoring — apply regardless of the underlying language.
After a free initial discovery call, I provide a fixed-price proposal with clear deliverables and timelines. No open-ended hourly billing. Audits typically range from 2–3 weeks, while modernization projects are scoped in 4–6 week milestones.
Yes. I frequently partner with IT service providers, ERP implementers, and agencies who encounter legacy software issues with their clients but lack the specialized expertise to modernize them in-house.