Hey, I’m Aaron.

I help teams make sense of application security and AI reliability with clear writing, useful playbooks, and approaches that fit how people actually work. My aim is simple: turn complex into practical and keep a friendly, no-jargon tone.

What I work on

• SSDLC & threat modeling that developers will actually use
• AI resilience: guardrails, evals, fallbacks, and disaster recovery (“When the Robot Breaks”)
• Pen-testing workflows and lightweight automation that speed learning & remediation

What you’ll find here

• Thought pieces that stretch how we think about AI + security
• Sense-making explainers of frameworks like NIST CSF 2.0 and OWASP SAMM
• Playbooks & checklists you can run this week

How I work

• Plain English first; repeatable process second; tools last
• Prefer small, testable steps over big bangs
• Share the why and the how, not just the what

A bit more human

Colorado-based. Big on dogs, hiking, and the occasional whiskey. I like teaching by building small labs and writing as I learn.

Say hi

• LinkedIn: https://www.linkedin.com/in/aaronott/
• GitHub: https://github.com/aaronott