I'm a cybersecurity graduate at Iarnród Éireann (Irish Rail), a national transport operator and one of the country's critical-infrastructure providers. I work through the core functions of the cyber team on a rotational graduate programme, so in a given month I might be triaging the security inbox, scribing a European cyber crisis exercise, drafting incident-response playbooks, or standing up a disaster-recovery test.
The work I like most is the open-ended kind: an ambiguous brief with no ready template, the sort of problem that just needs someone to take ownership and carry it through to a documented, finished outcome. Day to day I lean toward detection and response, cryptography, cloud and AI security, and OSINT, and I move between the hands-on and the governance side of security depending on what a task actually needs.
Away from the day job I build things. My projects tend to be small, working tools rather than demos, most of them deployed and open source. A couple started as ways to scratch my own itch, like a loudness meter for the audio habit and a film tracker for the cinema one.
On the Irish Rail graduate programme, currently in the business continuity rotation.
| Project | What it does | Built with |
|---|---|---|
| RailSecure | A cyber readiness workspace for the rail sector: phishing training, incident drills, playbook generation, compliance Q&A, and a live CVE feed in one place. It uses schema-constrained AI workflows with server-side guardrails rather than a free-form chatbot. | Next.js, React, Claude API, NVD CVE API · live |
| Firewall Logging & Automated IR | My MEng thesis. A hybrid intrusion-detection engine (rules plus a CNN for flow anomaly detection) wired to a playbook engine that scores each event and either blocks the source through nftables or diverts it to a honeypot, with a live dashboard and an LLM assistant. Validated in a four-VM lab. | Python, Scapy, TensorFlow, Flask, nftables · demo |
| CrypticComm | A browser RSA workspace for learning public-key cryptography end to end: key generation, OAEP encryption, RSA-PSS signing, an AES-GCM wallet, and WebRTC peer chat. Everything runs local through the Web Crypto API, so keys never leave the page. 34 crypto unit tests. | Next.js, TypeScript, Web Crypto API · live |
| FactGuard | A fake-news classifier that judges an article's writing style rather than its topic. The interesting part was generalisation: an early model hit 0.95 but overfit to one outlet's house style, so a stopword-only vocabulary and a second source produced a final model at 0.97 that held up on unseen articles. | scikit-learn, NLTK, pandas, Streamlit · live |
| Deb8 | A clickbait detector that combines a TF-IDF profile with four hand-built signals and Multinomial Naive Bayes. Built by a team of four, including scraping about 20,000 fresh headlines to merge with a public dataset (around 52,000 total), reaching roughly 0.93 test accuracy. | scikit-learn, NLTK, pandas, Streamlit · live |
| Project | What it does | Built with |
|---|---|---|
| TruePeak | A loudness and true-peak review tool that runs entirely in the browser, following ITU-R BS.1770 and EBU R128. Load audio, read the numbers, compare a batch, export the results. Nothing is uploaded anywhere. It came out of my audiophile habit. | Next.js, TypeScript, Tailwind, WebAssembly (ffmpeg.wasm) · live |
| Celluloid | A private film and TV tracker that turns your taste into what to watch next. You log what you have seen and how you felt about it, and Claude reads the whole picture to suggest a title. It runs on your own database, behind your own login. | Next.js 16, React 19, Prisma, Neon Postgres, Claude, TMDB · live |
Languages
Web and data
Machine learning
Platform
Security tooling Microsoft 365 Defender · Microsoft Entra ID · Microsoft Purview · Active Directory · MITRE ATT&CK · nftables · Scapy · Wireshark
Frameworks and standards ISO/IEC 27001 · ISO 22301 · NIST CSF 2.0 · NIST SP 800-61r2 · CIS Controls · NIS2 · GDPR
Practice areas Incident response · Business continuity · OSINT · Phishing analysis · Vulnerability management · Risk assessment · Security awareness
- CompTIA A+ and INE eJPT. Working toward CompTIA Network+ and Security+.
- MEng Cyber Security, University of Limerick, First Class Honours (2024 to 2025). Cryptography, secure networks, data forensics, and biometrics.
- BTech Computer Science and Engineering, IIIT Sri City (2019 to 2023).