About the Author

Aaron Kraus, CCSP, CISSP, is an information security executive with deep experience in security risk management, auditing, and teaching information security topics. He has worked in security and compliance roles across industries including U.S. federal government civilian agencies, financial services, and technology startups, and he is currently a security director for a property technology startup. His experience includes creating alignment between security teams and the organizations they support, by evaluating the unique threat landscape facing each organization and the unique objectives each organization is pursuing to deliver a balanced, risk-based security control program. As a consultant to a financial services firm, he designed, executed, and matured the third-party vendor audit programs to provide oversight of key compliance initiatives, and he led global audit teams to perform reviews covering physical security, logical security, and regulatory compliance. Aaron is a course author, instructor, and cybersecurity curriculum dean with more than 14 years of experience at Learning Tree International, and he most recently taught the Official (ISC)² CISSP CBK Review Seminar. He has served as a technical editor for numerous Wiley publications, including CISSP and CCSP study guides and practice tests, and is coauthor of The Official (ISC)² CISSP CBK Reference as well as coauthor of the previous edition of The Official (ISC)² CCSP CBK Reference.