Est. 2002 · Portland, OR

Security Built onDeep Experience

We don't sell fear. We architect resilience. Phenom Security delivers research-driven cybersecurity for enterprises that demand more than compliance checkboxes.

Our Mission

Enterprise security has a credibility problem. Too many firms sell frameworks without implementation, audits without follow-through, and advice disconnected from the reality of production systems.

Phenom Security exists to close that gap. We combine hands-on engineering with strategic security leadership — the same person who designs your governance framework can also write the code that enforces it. That's not a pitch; it's how we've operated since 2002.

20+
Years in Cybersecurity
Fortune 100
Client Engagements

What We Believe

Principles that guide every engagement, every architecture decision, every line of code.

Practitioners First

We build and operate the systems we secure. No ivory tower recommendations — every engagement is grounded in real production experience.

Evidence Over Assertions

We substantiate every claim with data. Threat models are backed by research, recommendations are backed by results, and architectures are backed by testing.

Accountable Systems

Security that degrades safely, maintains audit trails, and keeps humans in the loop where it matters. Especially critical as AI systems enter production.

Our Approach

Security architecture that scales from policy to implementation, with no gaps in between.

01

Assess

Map your attack surface, regulatory landscape, and existing controls. Understand what you have before prescribing what you need.

02

Architect

Design security architecture aligned with your business objectives, risk tolerance, and operational reality — not a template.

03

Implement

Build and deploy with your teams. We write production code, configure infrastructure, and integrate with your CI/CD pipeline.

04

Sustain

Ongoing monitoring, threat intelligence, and architecture evolution as your business and the threat landscape change.

Leadership

Phenom Security is led by practitioners who have been in the trenches across Fortune 100 enterprises.

Aaron Smith headshot

Aaron Smith

Founder & Principal

AI Security Architect | Agentic Systems & GenAI Governance | Enterprise Technical Leadership

View LinkedIn

Background

Most AI security resumes start in 2023. Aaron's starts in 2002 with Bayesian classification, runs through AI/ML security at McDonald's 30,000+ locations, and lands in enterprise GenAI platform architecture for regulated financial services today.

He builds and secures AI systems at enterprise scale as core production systems, not side projects. He operates autonomous agents with guardrails, separation of duties, and behavioral monitoring, and designs governance frameworks so systems degrade safely, remain accountable, and keep humans in the loop where it matters.

Notable Engagements

  • AON — Rationalized global security perimeter and consolidated 12 vendors into one stack, saving $12M+ annually.
  • McDonald's — Led security assessment of pre-LLM AI/ML systems across 30,000+ global locations.
  • Regulated Financial Services — Enterprise GenAI platform architecture and AI risk accountability programs.
  • AppSec Practice — Built an $8.4M application security practice from zero.

Certifications

(ISC)²
CISSPCertified Information Systems Security Professional
ISACA
CISACertified Information Systems Auditor
CRISCCertified in Risk and Information Systems Control
GIAC / SANS
GPENPenetration Tester
GCIHCertified Incident Handler
GCSACloud Security Automation
GCWNCertified Windows Security Administrator
GMONContinuous Monitoring

Ready to Work Together?

Whether you need a security assessment, AI governance framework, or hands-on architecture — let's talk about what your enterprise actually needs.

Schedule a Security Assessment