Hello!

I’m Martin Gravestam.

A 37-year-old full-stack web developer from Sweden. By day, I’m a software engineer building advanced web applications. By night, I’m a self-proclaimed penetration tester, bug bounty hunter, and tinkerer.

On this domain, I list my technical and other skill sets.

Browse a growing selection of my work on the Projects page — web apps, tools, music, and games. I’ll keep adding more over time.

This site is a personal project and is not affiliated with my employer. Some items are client work, but those engagements were contracted with me personally. I don’t showcase anything my employer has built or is building. Views and opinions expressed are solely my own and do not necessarily reflect those of any current or past employer.

Questions or collaborations? Reach me via the contact form.

  • StackNode.js • SvelteKit • MongoDB
  • OpsLinux • Docker • Nginx
  • FocusPerformance • Security • Privacy

My skills

I constantly try, learn, and evaluate new skills.

  • JavaScript
    Expert
    Used forApplication logic across browser and server.
    WhyOne language end-to-end. I love this language and I can’t see myself ever abandoning it.
  • Node.js
    Expert
    Used forAPIs, CLIs, workers, automation.
    WhyGreat I/O performance and an ecosystem that ships fast, with JavaScript at the core.
  • SvelteKit
    Advanced
    Used forSSR apps, islands, and fast SPAs.
    WhyTiny runtime, less boilerplate, predictable performance. React, Next, and all the others have to bow down to Svelte.
  • HTML5
    Advanced
    Used forSemantic structure and accessibility.
    WhyThe structure of the web. SvelteKit makes good use of it and expands on it.
  • CSS
    Advanced
    Used forDesign systems, variables, responsive layout.
    WhyWe don’t really have a choice, do we?
  • Lua
    Proficient
    Used forNeovim plugins, config scripting, embedded tooling.
    WhyTiny & fast — great for config-as-code and high-performance plugins.
  • Git
    Proficient
    Used forBranching, code review, releases.
    WhyDisciplined history enables safe refactors and rollbacks. Version control is a must.
  • Linux
    Advanced
    Used forDaily driver and server baseline.
    WhyPredictable tooling and full control of the stack. Control is the keyword.
  • NixOS
    Proficient
    Used forReproducible systems and dev envs.
    WhyDeclarative configs eliminate 'works on my machine'.
  • Docker
    Intermediate
    Used forPackaging and isolated services.
    WhyIdentical runtime from laptop to server.
  • Nginx
    Intermediate
    Used forReverse proxy, TLS, static caching.
    WhyMinimal overhead, maximal control at the edge.
  • SQLite
    Intermediate
    Used forLocal-first DB for small services, CLIs, and quick APIs.
    WhyZero-setup, fast, single file — perfect when a full DB server is overkill.
  • MongoDB
    Advanced
    Used forDocument-oriented DB for web backends.
    WhyMy go-to when handling large amounts of flexible or high-volume data.
  • Mongoose
    Advanced
    Used forSchemas, validations, and hooks.
    WhyGuardrails and consistency when needed.
  • Bash
    Advanced
    Used forAutomation, backups, ops glue.
    WhyThere’s nothing a good Bash script can’t do.

Tools & programs

What I rely on day to day — privacy-first apps and solid engineering tools.

  • Proton
    WhatPrivacy suite — Mail, VPN, Drive, Calendar.
    WhyZero-access encryption, open source.
  • Signal
    WhatEnd-to-end encrypted messaging and calls.
    WhyMinimal metadata, open source.
  • Bitwarden
    WhatOpen-source password manager.
    WhyCross-platform, self-hostable.
  • Cryptomator
    WhatClient-side encryption for cloud files.
    WhyTransparent vaults, per-file encryption, open source.
  • GrapheneOS
    WhatHardened Android for my daily driver.
    WhySecurity hardening, no Google bloat, tight permissions.
  • Kagi
    WhatUser-funded, privacy-first search engine.
    WhyNo ads, excellent relevance, custom ranking.
  • Neovim
    WhatText editor, Vim-based.
    WhyFast, scriptable in Lua, terminal-native.
  • pfSense
    WhatOpen-source firewall/router distro.
    WhyReliable, feature-rich.
  • Pi-hole
    WhatNetwork-wide ad/tracker blocking via DNS sinkhole.
    WhyLAN-wide privacy and speed; easy to observe and tune.
  • WireGuard
    WhatModern VPN protocol and tools.
    WhySimple config, fast, audited modern cryptography.

Interests

  • Penetration testing
  • Network security
  • Privacy & digital rights
  • Bash scripting
  • Custom keyboards
  • Indie games
  • Creative work
  • Home-lab and observability

I avoid social media tracking and treat security and privacy as ongoing disciplines in both projects and hobbies.

Not in my toolkit

  • Microsoft Windows
  • Office 365
  • Adobe Creative Cloud
  • macOS
  • Google Workspace

Nor will it ever be — I prefer open, privacy-respecting tools over closed, vendor-locked ecosystems run by questionable companies.

© 2025

Created by M.Gravestam