Aaron Revell ’96 has spent his career at the intersection of technology operations and cybersecurity leadership. As Information Security Officer and Director of IT Operations at Cynosure, he oversees enterprise-wide security and IT programs—helping technical and leadership teams embed cybersecurity into every layer of the business. His approach is simple but demanding: balance innovation with protection, and make security a service that empowers people.
Revell joined the Infoversity podcast after returning to campus—“eye-opening and refreshing,” he said—to reflect on how far the iSchool and his field have come. He didn’t plan on information science at first (“I kind of fell into IST”), but the iSchool’s breadth clicked early. “Looking at the whole of information and how it’s used helped me see the tools as just that—tools—to get the right information to the right people at the right time.”
Early in his career, he crisscrossed the country as a certification instructor, discovered he could pivot quickly, and moved into corporate leadership. Health-tech became his home for both mission and rigor. “Everybody needs healthcare,” he said. “Yes, there’s an altruistic part—serving the public good—but there’s also a strict rule set you won’t always find elsewhere.” At Cynosure—a medical device manufacturer—he jokes, “I had to learn how lasers are made to get the job,” but the real draw is what the data enables: improving lives.
For Revell, the heart of cybersecurity is bridging growth and risk. That means fewer blunt “no’s” and more clear guardrails. “Our job isn’t to lock data away—it’s to get it to the right people at the right time. When the business needs to move, security has to move with it. If we’re going in this direction, here are the guardrails we’ll need.”
People are the throughline. “The best roles I’ve had are leadership roles,” he said. “I love the tech, but I’m over the moon when I’m helping people grow.” That philosophy shapes his culture-building: he meets every department leader early, listens for pain points, and treats phishing tests as feedback for IT as much as training for staff. “Phishing tests don’t just teach employees; they teach IT where our guardrails and tools need to improve.”
Training is tailored and timely—no 45-minute boilerplate. He tiers content by role and hosts live webinars tied to real incidents (“There’s a new breach vector hitting Salesforce—here’s what it looks like, here’s how to respond”). And he resists the trope that “people are the last line of defense.” Instead: “They’re part of the castle wall.”
Revell traces his adaptability back to the iSchool. As an undergrad, he piloted early live video over the internet (CU-SeeMe) and joined a distance-learning research project with Professor Ruth Small—skills that proved prescient when video collaboration and online learning surged years later. That habit of learning carried him through major shifts, from on-prem builds to cloud to AI. “When the cloud arrived, all my knowledge dipped—I had to relearn the IT world. But the ability to learn and pivot quickly—that’s what the iSchool gave me.”
His advice for students: adopt a growth mindset and always explain the why. “Leaders without a growth mindset are rigid—lots of ‘can’t.’ In security, you must take criticism and use it to advance. And if you ask the CEO to sign a policy, you’d better explain why it needs to exist. If you can’t justify it, it isn’t going to sell.”
If there’s one takeaway, it’s persistence. “Keep at it,” he said. “This field is exhilarating and exhausting. Some days you can’t wait to get to work; other days you’re staring down an incident before you’ve had coffee. Security needs to be a couple of steps ahead of IT, and leaders a couple of steps ahead of that. It gets tiring—but it’s incredibly rewarding.”
A return to campus, a career of continuous learning, and a culture where security enables the mission—Revell’s story is a reminder that the strongest defenses are built with people, purpose, and well-placed guardrails.