Type Of Business:
Cyber risk quantification software; information security and compliance professional services
Information security program development; Risk management; Compliance; Audits; Security services; Penetration testing
Cyber risk quantification; information security and GRC program development; compliance; security services such as penetration testing
Stamp collecting; inventing tabletop games; and anything creative that uses hands and/or brain.
Bachelor of Science in Psychology, University of California, Davis (1990)
(ISC)2; ISSA; ISACA; CSA
Place of Birth:
Aaron is a seasoned Information Security, Compliance, and Risk Management professional, with 20 years of accomplishments in a variety of roles including executive management, business development, operations, service delivery, and project management. At USWired he grew the service organization from $0 to over $5M in annual revenue. More recently he has helped organizations establish and optimize their information security programs; manage and meet their compliance objectives; and quantify their cyber risk in dollar terms. Aaron’s expertise encompasses a wide range of information technology, security, and compliance frameworks and technologies including HIPAA, PCI, ITIL, ISO 27001, CSA CCM, NIST, Top 20 CSC, OCEG Principled Performance, and others.
Throughout the duration of your career, what was the one highlight that stood out the most?:
Aaron greatly enjoyed launching and building his own business.
Lucille Packard Foundation for Children's Health
Number Of Years In Profession:
Number Of Years In Current Position:
What Does He/She Attribute Success To:
Working with wonderful, capable people; bringing everyone's best interests to the table; and collaborating to achieve results where everybody wins.
Why did you become involved in your profession or industry?:
Aaron became involved in information technology when he worked for a computer networking trade show company in the mid-1990s.
Position Responsibilities and Duties:
Developing professional consulting services offerings; managing delivery of services; helping companies develop information security and compliance programs; performing information risk assessments; adapting and aligning high-level programs to industry standards frameworks such as ISO 27001 and The NIST Cybersecurity Framework; and providing penetration testing and other security services.
Certified Chief Information Security Officer, EC-Council (CCISO); Certified Information Systems Security Professional, (ISC)² (CISSP); Certified Ethical Hacker, EC-Council (CEH); Healthcare Information Security and Privacy Practitioner, (ISC)² (HCISPP); Certified ISO 27001 Lead Implementer, PECB; Certified Information Systems Auditor, ISACA (CISA); Certified GRC Professional, GRC Certify; Certified GRC Auditor, GRC Certify; Certificate of Cloud Security Knowledge, 3.0 Cloud Security Alliance (CCSK); Payment Card Industry Qualified Integrator and Reseller, PCI SSC (PCI QIR); ITIL Foundation Certificate, 3.0 Axelos; Holistic Information Security Practitioner, HISPI (HISP)
Where Will You Be In 5 Years:
In five years, Mr. Arutunian plans to grow the company and himself through collaboration, partnerships, education, and improving his presentation skills.