In addition to his role as Senior Director of Programs and Tradecraft, Aaron will serve as associate program director for the Independent Security Inspector program with TikTok USDS. He will lead teams to ensure the effectiveness of security measures for TikTok USDS, while driving innovation and implementing his strategic vision across OnDefend’s services and product offerings.
Learn a little more about Aaron and the expertise he brings in this one-on-one interview:
In my role as Associate Program Director, I’ll be working with the Independent Security Inspector team to ensure that TikTok USDS—formerly Project Texas— successfully separate U.S. data and the behavior of the U.S. application for all U.S. citizens from the ability for ByteDance, the owning company, to be able to manipulate it or have access to it. This is critical work, especially in today’s climate where privacy concerns are front and center.
What excites me is that we’re not just taking things at face value. We’re testing to ensure every control is functioning the way it should, providing confidence that U.S. data is protected.
Outside of that, my goal as Senior Director of Programs and Tradecraft is to help OnDefend focus on real-world cybersecurity testing. We have compliance, but we need to go beyond it. We need to test these systems in-depth and find the flaws before the bad guys do.
It’s not the typical “I grew up coding” story. I actually started in construction, working with concrete grinders, but I realized that wasn’t for me. I invented robotics to automate those machines, and that’s how I fell in love with technology. From there, I joined the National Guard, where I focused on securing air operations systems.
After 9/11, protecting airspace became a top priority, and I helped build secure systems for that mission. The hands-on experience with automation and security sparked my interest in cybersecurity full-time.
One of my proudest projects was creating mission defense teams for the Air Force. We were building secure systems, and I realized no one was testing them—no one was seeing if the protections we put in place were actually working.
I started emulating attackers, and that was when I knew this was where I wanted to focus my career.
More recently, at RSA, I presented research on using command and control that bypasses detection entirely. We figured out how to send data within packets, modulating information in a way that no existing defenses could detect. It was a game-changer and is something I’m still excited to be working on.
First and foremost, the people. I first met co-founder Ben Finke at a local B-Sides conference, and we hit it off because of our shared passion for giving back to the cybersecurity community.
What also drew me in is OnDefend’s mission of testing and validating security controls rather than just relying on compliance checkboxes.
That curiosity only grew when I learned about Blindspot, OnDefend breach and attack simulation solution which is doing exactly what I’ve been advocating for—simulating real-world attacks, identifying vulnerabilities in real time, and giving teams essentially ‘the answers to the test’ to fix these problems before they’re exploited.
We don’t just want to meet compliance standards; we want to ensure real-world defenses are in place and constantly working, a core message in OnDefend’s mission.
There’s one project that stands out: my first RSA presentation. I demonstrated side-channel attacks using mechanical waves—essentially using a computer’s fan to transmit data.
It was like performing a magic trick on stage, and it worked flawlessly.
The audience was blown away by how we could exploit something as simple as a fan’s noise to leak sensitive information.
I took this 20-year-old computer with a graphics card in it and then I brought an Xbox Kinect, like one of the old school ones with the microphone array.
I set them up 30 feet apart from each other and then walked through how you would compromise a device like that and be able to, without having even administrative control, transmit data by changing the speed of the fan.
We had the whole room quiet.
I had them give me a phrase, and then we ran the code live and the fan’s just kind of going on and off and then that transmitted back to information that you could collect.
There’s no feeling quite like taking your own research and presenting it in a way that the whole room was amazed like I was doing this ‘magic trick’ when really it was just cybersecurity.
I’m still serving in the Air National Guard as a cyber warfare officer, contributing to offensive cybersecurity operations. It’s important for me to give back to the military and the country. The skills and experience I’ve gained on the civilian side directly help improve our national defense capabilities. There’s a real sense of duty in being part of something bigger.
I’d love to see a shift where we prioritize real technical skills over just compliance. If we can test security controls every day and fix them in real-time, that’s where we need to be as an industry. Right now, there’s too much focus on checking boxes, and not enough on verifying that the systems are truly secure.
On the ISI side, I want to help build a team that can elevate their knowledge and capabilities above the attackers we’re emulating. It’s about outsmarting the threat actors.
I’m also focused on amplifying OnDefend’s approach at proactively validating security program. If we can inject that mindset of testing and validation into organizations, we’ll not only protect our clients but change the industry’s approach to staying secure.
Explore how OnDefend is reimagining security programs and going beyond compliance with experts like Aaron Rosenmund, bringing advanced threat emulation and real-world testing to protect organizations around the globe.
About OnDefend
OnDefend, established in 2016, stands at the forefront of preventative cybersecurity testing and advisory services, a reputation further enhanced by the introduction of its advanced Breach and Attack Simulation (BAS) Software as a Service (SaaS) platform, BlindSPOT. OnDefend is a trusted partner, empowering organizations globally to proactively combat real-world cyber threats. From ensuring compliance with industry standards to building out mature security programs, our mission is to ensure that the security resources our customers invest in are well-utilized, effective, and provide tangible results. For more information about their services and solutions, please visit http://www.ondefend.com/
OnDefend Media Contact:
Lauren Verno, Media@ondefend.com
904-299-3669
TikTok U.S. Data Security Inc. (USDS) is further enhancing the security of TikTok users' data and protection against cybersecurity threats by appointing HaystackID and OnDefend to serve as Independent Security Inspectors (ISIs) for USDS.
Read
Wayne Loveless is a globally recognized cybersecurity engineer, strategist, and leader with more than 25 years of industry experience across the Government and Public Sector, Defense, Energy, Oil and Gas and Healthcare industries.
Read
BDO Digital incorporates OnDefend's new breach and attack simulation tech
Read