I design and build large-scale cloud systems with a focus on simplicity, resilience, and long-term maintainability. My work spans distributed architectures, serverless patterns, and the practical application of AI in engineering workflows.

I’m interested in:

• high-integrity system design
• event-driven cloud architectures
• developer experience and automation
• practical AI tools in real engineering contexts
• security-by-default in distributed systems

I care about clear design, strong interfaces, and systems that behave predictably under load.

I’m not a security engineer by title, but I have a habit of stumbling into meaningful security issues during my own engineering projects. When that happens, I follow strict responsible-disclosure practices.

CVE-2025-13932 — Infrastructure Control System Vulnerability (2025)

• Discovered and reported a high-impact cloud/API access-control vulnerability affecting an energy-adjacent industrial control system.
• Coordinated with CERT/CC and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) ICS team.
• Published as ICSA-25-338-06.

Irish Government — gov.ie PDF Proxy Vulnerability (2024)

• Identified and disclosed an issue that allowed malicious PDFs to be served through a trusted government domain.
• Resolved in coordination with CSIRT-IE.

More details are available in the security-disclosures repository.

• Cloud-native + serverless architectures
• Event-driven and distributed systems
• TypeScript / Python / CDK
• API design & systems integration
• AI-assisted engineering workflows

Open to conversations about system design, cloud architecture, AI tooling, or security disclosure work.