Jul 2025 – Present · 10 mos

Jan 2024 – Present · 2 yrs 4 mos · Remote

Dec 2016 – Nov 2021 · 4 yrs 11 mos

• As a Technologist I primarily worked with the development arm of Liberty Mutual’s “Global Cybersecurity” department. Initially I worked with the Identity Lifecycle Management team, who worked on the processes that set up access for new employees. I had been the Security SME in my previous department I found myself the Agile Engineering SME in my new one. With this I was responsible for introducing techniques like test-driven development to the team as well as building a culture of engineering excellence.
• In 2017 I became the technical lead for the Risk and Security Unit (which had 35 developers organised into seven teams across Belfast and Dublin). In addition to my technical responsibilities, this involved coaching junior employees for promotion and helping to chart a strategy for the unit.
• In addition, I served as the Capability Lead for Secure Development at Liberty IT. This involved
• establishing a structure where each unit had a Security Representative who acted as the point-person for security within the unit and working together with TCMs across the company to create unit-level security objectives (that allowed individuals to meet their own security objectives within them.)
• For the year of 2018 I was the technical owner of CIS Control 18 (Application Software Security) for the global Liberty Mutual organisation. This involved consolidating the use of secured development practices and tools across the company, followed by leading workshops where we defined the long term ownership of the CIS 18 sub-controls as well as the strategies for security tool management and secure development across Liberty Mutual.
• In my final year at LIT I led a team in redesigning the user self-service password recovery process. This was a key part of a major organisational initiative to update our password policies.
• I also completed a nine-month consultancy skills training program while in this role.

Jun 2014 – Dec 2016 · 2 yrs 6 mos

• Over this period I was the lead for several initiatives (each involving a team of 4 to 5 developers). Two specific examples worth calling out are:
• Designing and engineering a single-on process for moving from our customer website to partner websites. This project allowed me to leverage my growing security knowledge (specifically around SAML integration) as well as allowing me a chance to work with external developers and learn new practices from them.
• Liberty Mutual & Nest integration. This was a venture into the IoT world with a cross-promotion where Liberty Mutual customers who had “smart” Nest smoke alarms could get a discount on their insurance if the data from those alarms showed that they had been in active use. This involved designing a process for users to register their devices and link their Nest accounts to their Liberty Mutual policies, including using OAuth to give us the permissions to retrieve their data.
• In addition to these to initiatives, I also took on the challenge of setting up a software development team at LIT’s brand new Dublin base with a hands-on responsibility for building this team. This involved working with the Dublin-based manager to interview and approve all the applicants, followed by a three-month secondment to Dublin to work with them.
• It was also during this role that I took a leading role in “Secure Development” at Liberty IT. This involved educating teams in the use of that process as well as generally raising the levels of security awareness among our developers. This included:
• Organising several events (including a Capture the Flag competition and attendance at several security conference).
• Auditing the security training available for developers at the time and when I decided that none of it met our needs (it didn’t contain enough details on how to mitigate security issues once they were found) working together with an external trainer to create a security course that did meet our needs.

Aug 2009 – May 2014 · 4 yrs 9 mos

• My first lead role came as the technical owner of Liberty Mutual’s online self-service site for personal insurance customers (“eService”).
• As lead, I was responsible for implementing online eSignature capabilities into the application as well as updates driven by the changes in products we offered and in the laws across the 40 US jurisdictions we had to support.
• With the growing importance of the internet channel during the 2000s, a decision was made to rewrite and expand the eService application. I led the technical side of the design and discovery phase of this project, before handing it off to an architect (once we had completed the initial requirements capturing phase).
• My core areas of responsibility for the first release of this rewrite focused on the online billing portion of the application, involving:
• Application architecture: it was a Javascript client that called into webservices which exposed an API. A public facing API created a range of security threats that had to be resolved.
• PCI Compliance: The “online billing” portion meant that PCI Compliance was required.
• It was to meet the business needs in this area that I first became interested in and started using threat modelling.

Jun 2004 – Aug 2009 · 5 yrs 2 mos

Feb 2001 – Jun 2004 · 3 yrs 4 mos

Jul 1999 – Feb 2001 · 1 yr 7 mos

Jul 2014 – Aug 2023 · 9 yrs 1 mo · Greater Dublin

Aug 1997 – Aug 1998 · 1 yr · Galway, Ireland