Profile
Aaron Cure got into the infosec field because he was looking for new challenges and advancement in his career as a developer, and the lure of a nice dinner to kick things off didn’t hurt either. “I had nowhere else to advance as a developer and wanted new challenges,” says Aaron. “My friend called and said that they were having an offsite with steak dinners and limitless drinks, and I thought that sounded like a pretty good gig!”
Aaron started out in the U.S. Army, spending 10 years as a Russian linguist and satellite repair technician. He then worked as a database administrator and programmer on the Iridium project, with subsequent positions as a telecommunications consultant, senior programmer, and security consultant. Aaron began his infosec career in 2006 expanding his expertise to developing security tools and performing secure code reviews, vulnerability assessments, penetration testing, risk assessments, static source code analysis, and security research.
Today, Aaron is a principal security consultant for Cypress Data Defense where he does penetration testing, secure SDLC, static code review, and secure architecture work. Aaron’s favorite part of his career so far is the actual, first-hand experience he’s gotten doing penetration testing and executing XSS and SQL injection attacks, giving him deep insight into how the attacks are executed by attackers and how vulnerabilities are exploited.
Aaron initially became an instructor with the desire to make the web a more secure place, and brings his perspective of “viewing testing and securing (red vs. blue team) as two sides of the same coin” to the classroom. He enjoys seeing students truly “get” concepts. “My favorite moments in the classroom are when my students realize what the attack really looks like and how to execute it." A SANS instructor since 2013 he currently teaches SEC542: Web App Penetration Testing and Ethical Hacking
Aaron says his most successful students are those who ask questions. “Our experience is better when we have a conversation,” says Aaron, noting that the field is always moving, changing, and evolving. “The one they hit me with tomorrow will be the most challenging.”
Aaron holds CISSP, GPEN, GWAPT, GMOB, and GSSP-.NET certifications and sits on the OWASP Denver Board and the Alpine Valley School Board. He wrote NHibernate 2.x Beginner's Guide, which covers an introduction to NHibernate starting from ground zero and providing readers with a solid foundation for using NHibernate.
During his down time, Aaron enjoys playing hockey, skiing in both water and snow, restoring antique tractors and trucks, blacksmithing, and raising goats and rabbits at his home of Arvada, CO.
Qualifications Summary
- Certified instructor for SEC542: Web App Penetration Testing and Ethical Hacking
- Principal security consultant for Cypress Data Defense
- Author of NHibernate 2.x Beginner's Guide and NHibernate 3 Beginner's Guide
- Member of the OWASP Denver board
- Faculty member at the SANS Technology Institute
Certifications
- GPEN (GIAC Penetration Tester)
- GWAPT (GIAC Web Application Penetration Tester)
- GMOB (GIAC Mobile Device Security Analyst)
- GSSP-.NET (GIAC Secure Software Programmer .NET)
- CISSP (Certified Information Systems Security Professional)
Webcasts and Speaking Engagements
- Watch Aaron's SANS Webcast "Injecting a node.js app using NoSQL and Query Selector Injection", September 2016
- Watch Aaron speak at the 2017 CodeMonsters Conference: "Hacking the OWASP Top 10"
- Watch Aaron's other talk at the 2017 CodeMonsters Conference: "Secure DevOps: A Puma's Tail"