About

I’m from County Tipperary in Ireland and studied computer science in Galway. I began a PhD in network analysis and left to work in California.

I spent a decade there working in security as companies scaled from early-stage to hundreds of millions of users. Abuse at global scale, authentication and access controls that had to survive growth, architectural decisions that would still be load-bearing years later. Dropbox, Patreon, Truework, among others.

Since then I’ve worked with teams across consumer platforms, regulated fintech, and government-contracted research environments. I’ve joined companies early and built the security programme while everything around it was still moving, the product, the team, the infrastructure, and in some cases international expansion and the regulatory surface that comes with it.

My scope has grown over the years but the best security decisions I’ve made have come from understanding the engineering. The work has always covered a wide range: identity systems, deployment pipelines, product, encryption, policy frameworks, incident response, and the architectural decisions behind it.

This site is where I write about that work, the trade-offs, and the judgment behind it.