ESTEBAN SELAYA

About

I’m Esteban Selaya. I started as a mobile engineer, Android specifically, and broadened from there into full-stack product work: web frontends, backends, fintech data integrations, and the security and infrastructure that makes a system safe to trust with real data. DevStrike is the practice I do that work under, on a fractional and project basis, for teams that need senior judgment on a bounded problem.

01

WHAT I ACTUALLY WORK ON

Mobile is where I come from, and Android is still the platform I know deepest. Most of my consulting work today is full-stack: my default web stack is Next.js (App Router), React, TypeScript in strict mode, and Postgres via Drizzle ORM — with background job processing for anything that shouldn’t run in the request/response cycle. I use this stack to run my own production system: a personal-finance platform that pulls transaction, investment, and liability data from Plaid into an encrypted Postgres database, gated behind passkey/MFA authentication, and self-hosted behind a Cloudflare Tunnel with a documented disaster-recovery path.

That system is where most of the specifics on this site come from: envelope encryption with versioned key rotation, blind-index hashing for encrypted-column lookups, webhook signature verification against Plaid’s published JWKs, database-enforced idempotency, zero-trust fingerprint checks on sensitive request paths, append-only audit logging, and a CI/CD pipeline that scans container images and fails the build on critical vulnerabilities. I run it in production, for real usage. The failure modes I design against aren’t hypothetical.

02

ON AI-ASSISTED ENGINEERING

I use Claude Code and multi-agent workflows every day, including on the production system described above, with the automation (hooks that block unsafe operations, project-specific skills, explicit review gates) needed to hold AI-assisted changes to the same bar as anything else that ships. That’s the experience behind the AI-adoption engagements I offer. This isn’t a tool I evaluated once; it’s a workflow I depend on.

03

HOW I WORK WITH CLIENTS

Directly. There’s no bench and no account manager. The person you talk to during scoping is the person who opens the pull requests. Engagements are structured as paid assessments, fixed-scope sprints, or fractional retainers, described on the services page, and every engagement ends with something a teammate can pick up without me in the room.

04

A NOTE ON CREDIBILITY

I don’t publish client names, logos, or testimonials on this site. Most engagements are under NDA, and invented social proof is worse than none. What I can show you is my own system, described accurately above, and my own code in a scoping conversation if that helps your decision. If you want to verify capability before committing to a bigger engagement, that’s exactly what the paid assessment is for.