Weak Programmers Need Not Apply, LLMs Welcome! Survey Screening in the AI Era
Rio de Janeiro, Brazil, April 2026, for ICSE.
Presented our research on how to screen for genuine developers when running surveys in this AI era. A great session with an enthusiastic audience.
Towards moving target defense for IoT malware detection
Rio de Janeiro, Brazil, April 2026, for SERP4IoT.
Our workshop paper discusses the potential use of moving target defense (MTD) to protect machine learning malware detectors for IoT devices. MTD could provide a useful counter to adversarial attack. The SERP4IoT workshop provided a great opportunity to discuss the pros and cons of this approach.
A dummies’ guide to planetary science
Waterville, Ireland, March 2026, for the Skellig Coast Dark Sky Festival.
I had a blast sharing my amateur love for planetary science with a fantastic group of Dark Sky Festival enthusiasts. We discussed everything from how to measure the circumference of the Earth without a calculator or spaceship, to Enceladus’s icy water sprays, to why Pluto had it coming (or not).
“ImmediateShortTerm3MthsAfterThatLOL”: Developer Secure-Coding Sentiment, Practice and Culture in Organisations
Ottawa, Canada, May 2025, for ICSE-SEIP.
A presentation based on my research on software developer secure-coding sentiment in organisations. While developers are interested in coding securely, they’re not confident that they have good software-security knowledge. Good security culture helps. Breaches trigger better code security in more than half of organisations, but that reaction can often be short term. As one succinct participant put it: “ImmediateShortTerm3MthsAfterThatLOL”.
Viva Defense Panel
Kilkenny, Ireland, November 2024, for the ADVANCE Second Cohort Graduation Event.
My PhD funders, ADVANCE CRT, hold a Graduation Event each year to allow final-year students from all five ADVANCE institutions to celebrate their achievements together. In 2024 I was a newly-qualified Doctor. I was delighted to join a panel discussion on how to approach the PhD viva, with all its joys and pitfalls.
Training Developers to Code Securely: Theory and Practice
Lisbon, Portugal, April 2024, for EnCyCriS/SVM.
A presentation based on my research on software security training for developers. Over half of software developers in industry are not even offered software security training, and when they are it can be sub-standard or irrelevant.
Unhelpful Assumptions in Software Security Research
Copenhagen, Denmark, November 2023, for CCS.
A presentation based on my review of the academic secure-coding literature. When researching secure coding, researchers sometimes make unwarranted assumptions. I discussed some of these and their implications for the field.
There’s Nothing Funny About Being a PhD Student
Limerick, Ireland, November 2023, for the ADVANCE CRT First Cohort Celebration.
There is nothing humorous in the PhD experience, as I pointed out to my exhausted and traumatised fellow academic travellers at the end of our doctoral journey.
Assessing Secure Coding Practice and Culture
Online, September 2023, for the SEAD and SPARE Research Group.
I presented my research so far on secure coding practice and culture to this welcoming and engaged group of researchers. They gave valuable and thought-provoking feedback.
Centring the Environment in Developer Centred Security
Bolzano, Italy, July 2023, for the International School on Software Engineering.
My first attempt to condense my research journey into a coherent narrative, pending completing my PhD thesis and attempting to defend it. The attendees were very kind.
Measuring Secure Coding Practice and Culture: A Finger Pointing at the Moon is not the Moon
Melbourne, Australia, May 2023, for ICSE.
A presentation based on my research on secure coding and culture, for ICSE. I presented the CA Score, or Ryan metric, to measure software security practice. I also considered questions that could help to identify a poor security culture in organisations.
Studying Secure Coding in the Laboratory: Why, What, Where, How, and Who?
Melbourne, Australia, May 2023 for EnCyCriS.
A presentation on conducting secure-coding laboratory studies, based on my review of the academic literature. I described methods used by researchers to select subjects and assign tasks; what has worked and what seems problematic.
The State of Secure Coding Practice: Small
Organisations and ‘Lone, Rogue Coders’”
Melbourne, Australia, May 2023 for EnCyCriS.
A presentation based on my research on levels of secure coding amongst lone and isolated developers. Levels of security practice are generally low. Tool use is also disappointingly low in these cohorts, who could use tools to access community security knowledge.
Faith, and Trust, and Pixie Dust: The Significance of Software Security
Dublin, Ireland, May 2022, for the ADVANCE Research Colloquium.
A presentation on the important role that software security plays in the contemporary world. I considered software security issues in the light of the UN Sustainable Development Goals.
Insecure Software on a Fragmenting Internet
Galway, Ireland, April 2022, for Cyber-RCI.
A presentation based on my research on the impact of poor software security on the increasingly fragmented Internet. I argued that unless chronically insecure software is addressed, Internet fragmentation will accelerate.
Secure This!
Online, November 2021, for the PASS Data Summit 2021.
A talk to professional database administrators and developers on considerations for securing your database server and web app.
This was banging the security drum at a basic level to a packed – virtual – room… MFA, patching, no defaults, isolation, defense in depth and more. Spreading the security word, one room at a time.
Understanding Developer Security Archetypes
Online, June 2021, for EnCyCriS.
A presentation based on my understanding of how developers’ software security stance is influenced by their level of software security enthusiasm and the environmental support they receive.
The Dos and Don’ts of Consulting
Dublin, Ireland, November 2014, for the Dublin Web Summit.
A look at the delights, perils and pitfalls of software consulting, with some reminiscences from my own career.
Interrogation at Crime Always Pays
An interview about my novel by the inimitable Declan Burke.
