Defense

Air Force names Aaron Bishop as CISO

Bishop brings experience working in senior roles at SAIC and Microsoft.

December 16, 2021

Software engineers perform paired programming March 25, 2019, at Hill Air Force Base, Utah. (U.S. Air Force photo by Todd Cromar)

The Air Force has appointed Aaron Bishop as chief information security officer.

He takes over the post from Wanda Jones-Heath, who has moved into a role as principal cybersecurity adviser at the department.

Bishop joined the Air Force in November to lead cybersecurity innovation and to advise CIO Lauren Knausenberger and other senior officials on cyber policy and programs and IT systems risk management.

He comes from a deep cybersecurity background with experience in the defense industrial base. Most recently Bishop served as CEO and founder of the Quantum Security Alliance, a cybersecurity research organization, during which he took on a role on the Presidential National Quantum Initiative Advisory Committee.

Prior to that, he served as CISO of government IT contractor SAIC. Bishop also served a decade-long tenure as general manager of Microsoft‘s National Security Group.

Knausenberger discussed Bishop’s hire briefly during an AFCEA NOVA event Thursday, explaining he will have a large focus on refining the Air Force’s authority to operate processes, which plays into the service’s pursuit of becoming a more digital force.

As the new CISO, Bishop “will be able to really grab that by the horns and push it,” Knausenberger said of streamlining cyber authorizations. “We have some of the best processes available to us in the department. People love to benchmark off of our fast-track process. People love to work with our continuous ATO process. But we still have a little bit too much of a feudal system.”

Knausenberger wants to continue to iterate on the idea of “accreditation by red team” and using penetration testing to accredit a system. “I’m looking now at how do we do even more automation, not just automated pen testing, but how can we literally crawl our network and look at where are we vulnerable, and where is that exploitable?” she said. “And to be able to very, very easily prioritize what we need to do in that area.”

The Air Force is also in the midst of launching a five-year zero-trust roadmap that will kick off in fiscal 2023, Knausenberger said. Essential to that is the Air Force’s work to enhance its identity, credential and access management, “which is such a foundational building block of everything that we need to do,” she said.