WASHINGTON -- Before new technology reaches the warfighter, a team within the Air Force Office of Special Investigations (AFOSI) evaluates the cyber risks behind new digital systems so they can be trusted to operate securely.
That effort is now led by Aaron Bass, who became director of cybersecurity operations for AFOSI’s Office of Special Projects earlier this month. The promotion elevates his responsibility from supporting the mission to shaping how cybersecurity is executed across the agency.
With emerging technologies moving quickly from development to fielding, the need to protect systems while enabling innovation has become an essential part of maintaining operational advantage, he said.
“At the end of the day, we’re go or no-go,” Bass said, meaning his team helps determine whether systems are safe to operate. “We have a hand in making sure that when technology gets fielded, the right level of care and security has gone into it before it ends up in the hands of our warfighters.”
Based at Joint Base Anacostia-Bolling in Washington, D.C., Bass now advises senior leaders on cybersecurity strategy and helps protect the information technology systems that support Special Access Programs (SAP).
“Aaron brings the experience and judgment this role demands,” said Lee Russ, executive director of AFOSI PJ. “His leadership is critical to how we make informed decisions and protect some of the Department of the Air Force’s most sensitive systems.”
As part of that responsibility, Bass also serves as an authorization official for large portions of the DAF enterprise, balancing mission urgency with risk-informed decisions.
“We’re looking at roughly 1,200 different information systems,” Bass said. “They range from something as simple as a single standalone computer all the way to extremely complex platforms and mission systems.”
Those systems can include everything from secured workplaces to large digital systems that support aircraft operations and mission planning. His team does that work by looking closely at each system, finecombing all risks and helping determine what needs to be in place before it can be safely used.
“They do a top-to-bottom review,” Bass said. “The goal is to understand the real risk of the system, how it will be used and then make a determination that it’s secure to operate and appropriate for the mission.”
As an authorization official, Bass also takes on a key role in approving whether the secure computer systems used by defense contractors can operate, a responsibility that connects government oversight with industry execution.
However, Bass’s career has bridged industry and government.
“My career is almost split down the middle between industry and government,” Bass said. “On the industry side, you sometimes see policies come down and people feel like, ‘They just don’t understand what we’re dealing with.’ I understand those constraints.”
He views that understanding as more than a credential, he said, but as a responsibility.
“Industry partners don’t always get a seat at the table when decisions are being made,” he said. “So, I see it as part of my role to advocate for that perspective when we’re talking about policy, guidance and day-to-day execution.”
As he settles into his new role, Bass said he is focused on strengthening the internal structure of AFOSI’s cybersecurity enterprise, especially consistency across teams and clarity for partners.
Looking forward, Bass said he is also motivated by both near-term improvements and long-term evolution, work that can help teams move faster, operate more consistently and track progress with greater accountability.
Outside of work, Bass is a longtime hockey fan. A Maryland native, he played at the University of Maryland - Baltimore County, and briefly with the University of Maryland, where he earned a degree in criminology in 2009. He is also a loyal Washington Capitals fan.
But it’s the less visible work of cybersecurity where his professional focus remains.
“Cybersecurity underpins everything we do at AFOSI PJ and Aaron understands the operational stakes of this mission,” Russ said. “His leadership strengthens our ability to protect sensitive capability while enabling innovation. We are confident in the direction this mission will continue under his leadership.”
Bass succeeded Jean Michaud, AFOSI PJ’s previous cybersecurity director, who retired last year.
“Jean built a strong foundation for this mission and set a high standard for excellence,” Russ said. “Aaron has stepped into this role with the experience and leadership needed to continue moving our cybersecurity mission forward.”
But according to Bass, success in cybersecurity often looks like nothing at all. It means systems operate as intended, and technologies are fielded without compromise, so missions proceed without disruption.
“If we’re doing this right,” Bass said, “most people will never know the work happened at all.”