aaron in infosec
Back to all posts

Welcome to aaron in infosec

2 min read
introduction
security
ai
devsecops

Introduction

Hello and welcome to my blog! I'm Aaron Brown, currently serving as the Head of Security at Vercel. I've created this space to share insights, experiences, and thoughts on information security, development, and the intersection of the two.

As someone who started as a full-stack engineer and transitioned into security leadership, I bring a unique perspective that bridges the gap between development and security. I believe that security should enable innovation, not hinder it. And now, with AI reshaping our workflows, I'm especially focused on how intelligent automation and agent-based systems can free teams to focus on what truly matters—building, shipping, and solving meaningful problems.

My Background

My journey in technology has been diverse and rewarding:

  • Currently leading security initiatives at Vercel, where I've focused on building Secure-by-Default features
  • Previously served as Head of Cloud Security at Vercel, where I drove SOC 2 Type II certification
  • Worked as a Senior Security Engineer at Sisense, where I built an in-house SIEM and founded the Cloud Architecture Forum
  • Started my career as a Software Engineer at LendingClub, where I led an OCR pipeline that reduced loan-processing time by 15%

Throughout these roles, I've maintained my coding skills and continue to write code daily. I believe staying hands-on helps me better understand developer challenges and design security solutions that are practical, scalable, and empathetic.

Lately, I've been diving deep into AI-powered automation—building LLM agents that can interpret security data, validate controls, and assist with complex workflows like compliance readiness and incident analysis. My goal is to use AI not as a bolt-on tool, but as an embedded teammate—augmenting security teams so they can focus on strategy and innovation.

What You'll Find Here

On this blog, I’ll be covering a range of topics including:

  • Security Architecture: Designing systems that are secure by default
  • DevSecOps: Integrating security into the development lifecycle
  • Cloud Security: Best practices for securing cloud environments
  • Coding for Security: How developers can write more secure code
  • Security Leadership: Building and leading effective security teams
  • AI & Security Agents: Using large language models to offload operational tasks, automate detection, and empower security teams

Let's Connect

I'm always interested in connecting with like-minded professionals. Feel free to reach out on LinkedIn or follow me on Bluesky.

Thanks for visiting, and I look forward to sharing and learning together!

More Posts

Previous Post

BSidesSF 2025: Same Community, New Problems

Two days each year to test ideas, swap failure stories, and remember why the hallway track still matters.