Aaron Cure
Assistant Professor
Principal Security Consultant at Cypress Data Defense
Specialities
Offensive Operations, Cloud Security
Connect with Aaron
About Aaron
Aaron Cure is a SANS Principal Instructor and Director of Cyber Security at Cypress Data Defense, where he specializes in penetration testing, secure software development lifecycle (SDLC), static code analysis, and secure architecture. At SANS, he teaches SEC542: Web App Penetration Testing and Ethical Hacking and SEC588: Cloud Penetration Testing (co-authored), bringing deep, hands-on expertise into the classroom to help students understand how modern applications are attacked and secured in real-world environments.
Aaron’s career spans more than three decades across military, development, and cybersecurity domains. He began his professional journey in the U.S. Army, serving for 10 years as a Russian linguist and satellite repair technician, before transitioning into technical roles including database administration and programming on the Iridium project. He later worked as a telecommunications consultant and senior programmer, building a strong foundation in software development before entering the information security field in 2006. Since then, he has led and contributed to engagements involving secure code reviews, vulnerability assessments, penetration testing, and security research. His progression from developer to offensive security expert helps him connect with students and understand their trials, as he guides them through learning to think like attackers while building stronger defenses.
Press & Media
Recognitions
- GitHub / Open-source projects / Ongoing Security tools and development contributions supporting application security and testing workflows.
- Book / Packt Publishing / 2010 NHibernate 2.x Beginner’s Guide
- Book / Packt Publishing / 2011 NHibernate 3 Beginner’s Guide
- Packt Publishing / Book / 2021 Visual Studio 2019 Tricks and Techniques: A developer's guide to writing better code and maximizing productivity.
- Reversing Labs / Article / 2025 Deadlines vs. Secure Code: How AppSec Can Cope
- The Daily Upside / Article / 2025 Double Whammy: When Insecure Code Meets Burned-Out Cybersecurity Teams
- BMBlog.com / Article / 2025 62% of Companies Admit to Shipping Insecure Code: Cypress Data Defense Unveils 2025 State of Application Security Report Warns
- Third News / Article / 2025 Cypress Data Defense Reports Alarming Trend in Application Security for 2025
- Devops.com / Article / 2025 Survey Surfaces Multiple Persistent DevSecOps Challenges
- Help Net Security / Article / 2025 Inside the application security crisis no one wants to talk about