Aaron Shierlaw

My career started in 2006 at a local computer shop, fixing machines and running cables for small businesses. When I was out in the field, at a client's office, standing in front of a problem, it was on me to figure it out, solve it, and implement it. There was no turning back and no safety net. That shaped how I work to this day: I take ownership, I follow through, I follow up, and I make sure that whatever outcomes I commit to, I deliver on.

I moved to Denver in 2008 and continued that hands-on consulting work, managing a portfolio of about ten clients across the city. In 2009, I was recruited as the first in-house IT leader for a high-growth energy company. For the first time, I had to be both player and coach, building a team while still relying heavily on my own technical skills. Working directly for the CFO, I learned how to plan and execute on both capital and operating budgets, led the design and buildout of a greenfield data center, and got what amounted to my own MBA in how technology leadership connects to business outcomes.

In 2013, I made the deliberate decision to pursue cybersecurity full-time. I joined a security consulting firm where I built their first in-house consulting practice, a natural fit that brought me back to the consulting world, driving value for customers and developing the services, offerings, and execution rigor to deliver what they actually needed.

From there, I moved into the energy sector and got my first experience inside a large, well-matured IT environment, building a security program within the context of a disciplined technology organization. When that company was acquired by a Fortune 50 firm, I got to see both the strengths and the gaps in what we'd built, measured against how a much larger enterprise approached the same problems. That was eye-opening, a real-world benchmark that sharpened how I think about security program design.

That experience set the stage for my first CISO role at a public energy company, where I built the security program from the ground up, reporting to the board, working with VP and executive-level peers, and bringing all of those accumulated lessons to bear around team building, operational rigor, and roadmap execution.

I then pivoted out of my comfort zone in oil and gas into a private-equity-backed insurtech firm, a customer-centric environment with large DevOps teams, rapidly deployed cloud infrastructure, and public-facing applications supporting clients at scale. That stretch forced me to quickly deepen my understanding of cloud security, zero trust architecture, and application security in ways that my prior roles hadn't demanded.

Most recently, I served as CISO and Head of IT for a VC-backed technology startup. Both halves of my career under one roof. It was fast-paced, high risk appetite, and engineering-led. I got to stack everything I'd learned on top of each other: building a security team, operating an IT department, and doing it all with a lean team in an environment where flexibility and efficiency weren't optional.

Throughout all of it, one thread has been constant: I take full ownership of the work, I hold myself and my teams to an exceptionally high standard, and I never lose sight of the value the customer receives. My faith and my family are what keep me grounded in that; they're the reason I care about doing this the right way, not just the profitable way. That ethos is what Kiron Cyber is built on.