About

I’m from County Tipperary in Ireland and studied computer science in Galway. I began a PhD in network analysis and left to work in California.

I spent close to a decade in California working in security and infrastructure as companies scaled from early-stage to hundreds of millions of users. That meant dealing with abuse at global scale, designing authentication and access controls that would survive growth, and making architectural decisions that would still be there years later.

Since then I’ve worked across consumer platforms, regulated fintech, and government-contracted research environments. The settings change. The constraints change. The responsibility does not. Some environments move fast and break things. Others move carefully because the consequences are different. In both cases the job is the same: build systems that behave predictably under pressure.

I’ve joined companies early and worked through periods of rapid growth. That means building foundations for both the product and the team while everything is still moving. It means designing infrastructure, identity systems, and policy frameworks that outlast the moment. It also means taking responsibility when something breaks, whether that’s leading an incident or redesigning part of the system so it does not happen again.

I’ve always stayed close to the engineering work. I write code. I design infrastructure. I build and review the parts that matter: identity boundaries, deployment pipelines, isolation controls, encryption, trust assumptions. Over time my scope has widened, but I have never moved away from the mechanics.

Security problems rarely arrive as dramatic events. They accumulate quietly through convenience, drift, and unexamined assumptions. The work is noticing that early and correcting it before it becomes visible.

This site is where I write about that work, the engineering, the trade-offs, and the judgment behind it.