← Back to site

Patrick M. Kelly Jr.

AI Security & Application Security Leader · Author · Advisor
patrickmkellyjr.com linkedin.com/in/patrickkellyai hello@cyberarmor.ai Greater Chicago Area

Summary

Director-level AI Security & Application Security leader with 15+ years designing and leading enterprise security programs across application security, cloud security, AI security, DevSecOps, cryptography, and data protection. Proven record securing large-scale, highly regulated environments — financial services, insurance, travel, and SaaS. Deep, hands-on expertise in secure SDLC, threat modeling, CI/CD security, and cloud-native architecture across AWS, Azure, and Kubernetes — paired with a specialized focus in emerging AI security: prompt-injection defense, AI governance, model/data protection, and secure AI adoption. Author of AI Secure Future; founder of the CyberArmor.AI advisory practice.

Areas of Expertise

AI Security & GovernancePrompt-Injection Defense Application SecuritySecure SDLC & Threat Modeling Cloud Security (AWS · Azure · GCP)DevSecOps & CI/CD Cryptography & PKIData Protection / DLP API & IAM SecurityVulnerability Management Executive & Board AdvisoryRegulated Compliance (SOX · PCI · HIPAA · NIST)

Experience

Application Security, Data Security & AI Security Principal2025 – Present
Oncourse Home Solutions
  • Designed and built OHS AI Protect — an internal AI security & governance capability covering Shadow-AI discovery and AI governance controls, closing critical gaps in the enterprise AI program.
  • Lead enterprise application, data, and AI security strategy; defined AI governance controls, standards, and secure-adoption frameworks for business use cases.
  • Implemented AI guardrails for enterprise chatbot initiatives with AWS Bedrock-aligned controls; directed tooling across AWS WAF, CrowdStrike, Cyberhaven DLP, LayerX, ReliaQuest, and Aikido.
  • Led PCI compliance certification assessment and broader security-modernization efforts.
Founder · Principal Application Security Engineer · Author2022 – Present
Gratitech
  • Founded an independent application & AI security consultancy; designed and built secure systems and reference architectures for enterprise clients.
  • Led a team of engineers and AI/Data-Science graduate professionals to build chat.AIShields.org, an open-source solution protecting Generative AI against the OWASP Top Ten LLM risks.
  • Pioneered AI-enhanced cloud security solutions; authored AI Secure Future: A Vision for Safe AI.
  • Delivered principal-level engagements to United Airlines, Fannie Mae, and others (below).
Principal Application Security ArchitectOct 2023 – Jun 2024
United Airlines (consulting)
  • Led the MOSAIC system-of-systems program across application security, compliance, and cloud security with cross-functional teams.
  • Established AppSec architecture patterns, threat modeling, and CI/CD security guardrails; drove remediation milestones and leadership reporting.
Application Security Advisor · Cloud Security Architect · IAM Threat Detection & ResponseSep 2022 – Oct 2023
Fannie Mae (consulting)
  • Advised multiple business units protecting $4T+ in assets; led Application Security Posture Management initiatives.
  • Built a Security Champions / Coaches program across Agile squads with SDLC threat modeling and CI/CD integration.
Senior Application Security Solutions ArchitectJan 2020 – Feb 2021
Contrast Security
  • Led POCs and C-suite / AppSec technical briefings and sales engineering supporting $6M+ in ARR.
  • Deployed runtime AppSec across the SDLC; coached remediation across Java, Python, C/C++, .Net, Node, Ruby, Go, and more.
Senior Solution ArchitectFeb 2021 – Nov 2021
ZeroNorth (now part of Harness.io)
  • Built the Rapid Integration Connector, cutting integration delivery from 6–8 weeks to under one day; delivered the Snyk integration.
IT Specialist (InfoSec), Sr. Application Security Engineer2008 – 2019
U.S. Railroad Retirement Board — Federal Government
  • Built and ran the federal agency's software application security assurance program, policy, and standards in compliance with federal law.
  • Ran static/dynamic analysis (Fortify) and penetration testing; built a C#/.NET tool parsing DISA STIGs to automate system hardening.

Additional Enterprise Roles

Senior Application Security Architect — Earnest2025
Senior Cryptography Architect / Programmer — Bank of America2025
Cloud Application Security Architect — Berkshire Hathaway2022
Senior Principal Security Engineer — Blackbaud2022
Senior Solutions Architect — Veracode2022

Selected Clients & Advisory

Allstate · Bank of America · Berkshire Hathaway · BlackRock · Blue Cross Blue Shield · Capital One · Chubb · Cisco · Cognizant · Discover · Fannie Mae · Freddie Mac · JPMorgan Chase · MassMutual · Merrill Lynch · Nationwide · Palo Alto Networks · Procter & Gamble · PNC · Reckitt · Trading Technologies · United Airlines · Zurich.

Publications

  • AI Secure Future: A Vision for Safe AI — Author. Amazon
  • AI Proof Your Life — Author. Forthcoming (in editing)

Podcast Appearances

  • Never Been Promoted — "Quick Tips for Aspiring Cybersecurity Experts"
  • Be Real ShowApple Podcasts

Education

  • Northwestern University — M.S., Artificial Intelligence & Data Science (in progress)
  • Governors State University — B.A., Integrated Studies
  • Loyola University Chicago — Computer Science

Certifications & Languages

  • Certified ScrumMaster (CSM)
  • Constellation Network — Flight Program v1, Certified Graduate
  • Languages: English (native); Spanish, Tagalog, Mandarin (basic)

Technical Skills

Languages: Java, Python, C#/.NET, JavaScript/TypeScript, C/C++, Go, Ruby, HTML/CSS  ·  Cloud: AWS, Azure, GCP, Kubernetes, containers  ·  DevSecOps: CI/CD, Secure IaC (Terraform), GitLab, Harness  ·  Frameworks/Tools: OWASP, NIST, ISO, Snyk, Fortify, Contrast, Veracode, Pixee.ai  ·  Compliance: SOX, PCI-DSS, HIPAA, NIST.