Continuing to grow its team, building talent, perspective, Aquia recently added AJ Yawn to the team. Having led cybersecurity compliance for some of the world’s biggest tech companies, taking a leap to launch his own cybersecurity software startup, and now focused on focused on revolutionizing GRC through engineering and AI, OS AI caught up with AJ to find out more about his move to this successful SDVOSB focused on securing digital transformation for government mission owners.
Prioritizing Culture as Much as Technology
I’ve spent nearly 15 years in cybersecurity, starting out as an Army Captain in the Signal Corps, then moving into compliance work as a SOC 2, ISO 27001, and HIPAA principal consultant before launching my own cybersecurity software startup during the pandemic. That experience taught me to prioritize culture as much as technology. I also served as a partner at a top 20 CPA firm, working with some of the biggest names in tech on their compliance programs. Along the way, I’ve become a LinkedIn Learning instructor and collaborated with the SANS Institute, sharing insights on cloud security and compliance with thousands of learners worldwide.
Aligned Dedication to Building Real Solutions
My move to Aquia is something I’d been discussing with Aquia’s CEO Chris Hughes for a while, and it just felt like the right time to jump on board. Aquia’s mission-oriented approach and dedication to building real solutions for the government really resonates with me. I’ve spent my career pushing boundaries in compliance and automating the GRC process, so I’m thrilled to bring that engineering-focused mindset to Aquia. I believe that combining a deep understanding of GRC with forward-thinking technology — especially around cloud and AI — will help our clients streamline their compliance programs and achieve faster, more robust security outcomes.
A Modern Way to View Compliance
As Director of GRC Engineering, I’m championing a modern way to look at compliance: integrating it into the engineering process from the ground up. It’s about building GRC into product lifecycles, leveraging AI, automation, and cloud-native tools to reduce friction and create meaningful, long-term security benefits. By positioning GRC as a strategic function rather than an afterthought, Aquia can offer a more scalable, innovative, and future-proof approach to compliance. That, in turn, sets Aquia apart in a rapidly evolving market and opens doors for growth.
Moving Beyond Static Approvals
One trend I’m particularly focused on is continuous authority to operate (cATO) — essentially moving beyond static, one-off approvals and instead creating a continuous, cloud-native, and automated approach to security authorization. Many agencies still struggle with slow, manual processes, and that’s where GRC engineering and AI can truly revolutionize the space. Another big challenge is aligning these processes with evolving regulations and frameworks, ensuring compliance doesn’t become a barrier but rather a catalyst for innovation.
An Open Door to Collaboration
I’m always open to connecting with partners who share the same vision: automating and optimizing GRC for federal agencies and private sector clients. Specifically, if you’re a small business specializing in AI-driven solutions, cloud-native security, or have unique compliance or audit automation tools, I’d love to collaborate. My door is also open to those who are passionate about mental health advocacy in the cybersecurity field, as I believe combining innovation with a strong people-first culture is what truly drives success.
Opening Dialogues on Mental Health
I’m a huge advocate for mental health and well-being, especially in high-stress fields like cybersecurity. I believe leaders need to be open about it and prioritize mental health within their teams. I talk often about these topics on LinkedIn and elsewhere.
Not Yet a Premium Partner/Sponsor? Learn more about the OS AI Premium Corporate and Individual Plans here. Plans start at $295 annually.