The Department of the Air Force has a new chief information security officer, filling a post that’s been without a full-time occupant for nearly a year.
The appointment of James “Aaron” Bishop was first announced Dec. 16 at the AFCEA of Northern Virginia Air Force IT Day by his boss, Department of the Air Force Chief Information Officer Lauren Knausenberger.
“His experience combines military experience and private-sector experience, and I believe he is the type of leader who can move us forward quickly while also building and developing our workforce to run with him,” Knausenberger wrote in reply to a query.
At the AFCEA event, she said Bishop will have a mandate to drive and highlight cybersecurity innovation across the department, which encompasses both the Air and Space Forces. In particular, she mentioned the novel tools and policies provided over the past two or three years to ease the process of getting authority to operate (ATO) for new IT systems. The Fast Track ATO process laid out in March 2019 allows for ATOs to be issued after penetration testing of a system rather than via extensive paper documentation of security controls. And under a blanket purchase agreement signed last year, any office can hire a certified “red team” to conduct that pen-testing and then use the results as the basis for an ATO.
But the new process hasn’t caught on as quickly as Knausenberger would have liked. “Across the big enterprise, we need to do a better job of governance of the [ATO] boundaries,” she said, adding this would be a priority for Bishop. “I think he’s going to be the right guy to grab that and to move [it] forward. So I think we’ll have some improvement on just the brass tacks side of that over the next year,” she said.
Bishop started Nov. 22, Knausenberger said in reply to the query. He was the top choice of the three-person Senior Executive Service selection panel. The post has been without a full-time occupant since previous incumbent Wanda T. Jones-Heath was dual hatted as acting principal cyber adviser in the Air Force Secretary’s office in December 2020, according to her official biography. Her transfer to an acting position meant a replacement couldn’t be hired until she was given the permanent appointment as PCA, Knausenberger explained.
Bishop’s role, according to his biography, includes “oversight for the Freedom of Information Act, Privacy Act laws, and cryptographic modernization supporting cyber operations for the department.”
Prior to his appointment, Bishop was CEO and founder of the Quantum Security Alliance, a public-private partnership research organization. Before that he held several posts, including CISO with massive federal IT contractor SAIC. He was general manager of Microsoft‘s National Security Group for a decade before that.