Aaron started out in the U.S. Army, spending 10 years as a Russian linguist and satellite repair technician. He then worked as a database administrator and programmer on the Iridium project, with subsequent positions as a telecommunications consultant, senior programmer, and security consultant. Aaron began his infosec career in 2006 expanding his expertise to developing security tools and performing secure code reviews, vulnerability assessments, penetration testing, risk assessments, static source code analysis, and security research.
Today, Aaron is a principal security consultant for Cypress Data Defense where he does penetration testing, secure SDLC, static code review, and secure architecture work. Aaron’s favorite part of his career so far is the actual, first-hand experience he’s gotten doing penetration testing and executing XSS and SQL injection attacks, giving him deep insight into how the attacks are executed by attackers and how vulnerabilities are exploited.
A SANS instructor since 2013, Aaron currently teaches SEC542: Web App Penetration Testing and Ethical Hacking and DEV544: Secure Coding in .NET. A certified instructor, Aaron is also a contributing author for the DEV544 course.
Aaron initially became an instructor with the desire to make the web a more secure place, and brings his perspective of “viewing testing and securing (red vs. blue team) as two sides of the same coin” to the classroom. He enjoys seeing students truly “get” concepts. “My favorite moments in the classroom are when my students realize what the attack really looks like and how to execute it,” says Aaron.
Aaron says his most successful students are those who ask questions. “Our experience is better when we have a conversation,” says Aaron, noting that the field is always moving, changing, and evolving. “The one they hit me with tomorrow will be the most challenging.”
Aaron holds CISSP, GPEN, GWAPT, GMOB, and GSSP-.NET certifications and sits on the OWASP Denver Board and the Alpine Valley School Board. He wrote NHibernate 2.x Beginner's Guide, which covers an introduction to NHibernate starting from ground zero and providing readers with a solid foundation for using NHibernate.
During his down time, Aaron enjoys playing hockey, skiing in both water and snow, restoring antique tractors and trucks, blacksmithing, and raising goats and rabbits at his home of Arvada, CO.
Summary of Credentials
- Certified instructor for SEC542: Web App Penetration Testing and Ethical Hacking and DEV544: Secure Coding in .NET
- Contributing author for the DEV544: Secure Coding in .NET
- Principal security consultant for Cypress Data Defense
- Author of NHibernate 2.x Beginner's Guide
- Member of the OWASP Denver board
- GPEN (GIAC Penetration Tester)
- GWAPT (GIAC Web Application Penetration Tester)
- GMOB (GIAC Mobile Device Security Analyst)
- GSSP-.NET (GIAC Secure Software Programmer .NET)
- CISSP (Certified Information Systems Security Professional)