About

About Aaron Hunt

BIO

I’m Aaron Hunt — a cybersecurity leader, GRC practitioner, and lifelong Washingtonian with more than 20 years of experience in information security and risk management.

I hold a CISSP certification and a degree from the University of Washington. Over the course of my career, I’ve had the opportunity to build enterprise-level security and GRC programs from the ground up — the kind of work that requires equal parts technical depth, strategic thinking, and the ability to bring people along with you.

WHAT I DO

My core expertise sits at the intersection of governance, risk, and compliance — but I’m not a checkbox person. I care about building programs that actually protect organizations, not just ones that pass audits. That means understanding the business, aligning security to strategy, and making sure the right controls are in the right places for the right reasons.

I’ve worked across frameworks including NIST CSF, NIST SP 800-53, ISO 27001, ISO 27701, SOC 2, PCI DSS, GDPR, CIS Controls, and Zero Trust architecture. On the technical side, I bring experience with IAM technologies — MFA, RBAC, SSO/SAML — and Microsoft Azure and M365 environments.

LEADERSHIP PHILOSOPHY

Good security leadership means being honest about risk, clear about priorities, and decisive when it matters. I believe in building teams that own their domains, communicating up and across the organization with clarity, and never letting perfect be the enemy of good-enough-and-shipped.

I’m also a writer and thinker on security topics — you’ll find my perspective in the Writing & Insights section of this site.

PERSONAL

I’m a native of Washington state, a graduate of South Kitsap High School and the University of Washington in Seattle. Outside of work, I’m a husband, father, and someone who takes the long view on most things.

CERTIFICATIONS & CREDENTIALS

  • CISSP — Certified Information Systems Security Professional
  • B.S., University of Washington
  • 20+ years in cybersecurity, IT operations, and GRC

AREAS OF EXPERTISE

  • GRC Program Design & Implementation
  • Risk Management & Assessment
  • Regulatory Compliance (NIST, ISO, SOC 2, PCI DSS, GDPR)
  • Zero Trust Architecture
  • Identity & Access Management (IAM)
  • Audit Readiness & Management
  • Security Policy & Standards Development
  • Executive & Board-Level Communication
  • Azure / M365 Security
  • Vendor & Third-Party Risk Management