Profile
Aaron is a three-decade veteran of the cybersecurity community, having worked on projects covering every aspect of the industry, from helping build security technologies while at Microsoft to his work on offensive cyber projects for the U.S. government. He has spent the last 15 years on a series of cybersecurity startups, building technologies and developing companies to help teams solve some of the toughest cybersecurity problems.
Expertise
- Identity & Access Management (IAM)
- Applied Machine Learning
- Mobile Device Security
- Embedded System Vulnerabilities
- International Cybersecurity Risk Management
Qualifications
Achievements & Contributions
- Congressional witness to help set policy for US critical infrastructure protection
- Winner of SC Media's 2019 Top Executive Leaders of the Last 30 Years award
- Information security leader for the Government of Luxemborg’s Technoport® business incubation program
- Testified before the US House of Representatives to help shape national critical infrastructure protection strategy in 2007
- Interviewed for NBC Washington News and AP News on cellular network vulnerabilities
- VP of Security Research and Development at Verifone after 2015 Terreo acquisition
- Former Co-Founder and CEO of Terreo, an IoT security company focused on credit card skimming detection
- Former Co-Founder and CEO of RFinity, a mobile payment technology company that was eventually sold to a global mobile network operator in 2010
- Former Security Strategist at the Department of Energy’s Idaho National Laboratory investigating the impact of system vulnerabilities in commodity software on public utilities funded by the DHS, DOE, and DOD. He was on the team which conducted the ‘Aurora’ attack against a simulated power grid.
- Founding Member of many Microsoft information security teams (1999-2006) and coordinated field security testing of Microsoft technologies such as Active Directory, SQL Server, Exchange Server, BitLocker, Windows Update, and Windows Firewall.
- Recognized by Bill Gates for technical excellence and leadership during security incidents involving Microsoft technologies in 2000 and 2003
Certifications & Credentials
- JD Candidate – Dedman School of Law, Southern Methodist University
- BA, Spanish Linguistics – Brigham Young University
Upcoming Events
View More
December 09 2025
2025 Q4 Symposium: Agentic AI: Understanding and Securing the Next Wave of AI Systems
The buzz around Agentic AI – the latest form of AI systems designed to autonomously make decisions and act – is rampant. As security leaders grapple to understand the nuances of this next wave of AI excitement, there are many considerations to take into account to determine if, where and how to experiment and accelerate its use within your environment. In this symposium, IANS Faculty cuts through the noise and shares practical insights and recommendations to aid your understanding of the technology, its risks and guardrails for adoption within your enterprise.
December 10 2025
2025 December Webinar: Infosec Trends to Prepare for in 2026
Looking ahead to 2026, we anticipate a year marked by continued ambiguity and change, where resource-constrained defenders battle well-enabled and resourced adversaries leveraging AI for their attacks. Concurrently, the CISO role continues to evolve, shifting from a technical guardian to a strategic business partner focused on influence, communication and value creation to navigate increasing risk, regulations and economic pressures on security budgets. In this webinar, IANS Faculty Aaron Turner and Steven John call out the areas they believe will be most impactful to CISOs and their teams in 2026. Hear an overview of the trends and recommendations of actionable steps to work into your roadmap.
January 28 2026
2026 Q1 Symposium: Build a Wholistic Insider Threat Program: From Technical Monitoring to Managing Staffing Risks
Whether concerned with the increased risks of data exfiltration via AI or the growing infiltration of imposter North Korean remote workers, organizations are looking for ways to enhance protection of insider threat risks. This symposium provides specific, actionable recommendations whether you’re just standing up a program or looking to mature and modernize it. We’ll share strategies to improve your monitoring within Legacy Applications, M365, Azure, AWS and GCP environments, and recommend processes for cross-functional collaboration to identify key applications and data, establish baselines for day-to-day activity, detect anomalies and respond to risks.