Aaron Hughes '93: Cyber Policy and National Security

by Ted Jou '99

Aaron Hughes, Class of '93, was Deputy Assistant Secretary of Defense for Cyber Policy in the last years of the Obama administration from May 2015 to January 2017. In this role, he worked in the Pentagon as the senior civilian accountable for the Defense Department's cyber capabilities.

Hughes has fond memories of his time at Blair, where he was a multi-sport athlete, playing on the soccer, basketball, and baseball teams. In the magnet, he remembers "being drawn to computer programming," and said, "I enjoyed being surrounded by other motivated students interested in science and math and computers."   After graduating from Blair, Hughes attended the University of Virginia, where he served in the ROTC and earned a Bachelor's degree in mechanical engineering. He later earned a Master's degree in Telecommunications from George Washington University and an MBA from Stanford University. For over twenty years, he has served in the Maryland Air National Guard in the 175th Cyber Operations Group.  

Hughes was involved with computer security issues early in his career when he worked with telecommunications and computer networks in the late 90s. In the early 2000s, his Air National Guard unit began to focus more on cybersecurity, collaborating with the NSA to support a more national security mission.  After attending business school at Stanford, he interviewed with Silicon Valley companies but ultimately returned to the DC area to work in government contracting. In 2008, he joined In-Q-Tel, a strategic investment firm that funds the development of innovative technologies for the U.S. intelligence community. In 2013, he was promoted to Vice President for Intelligence Community Support at In-Q-Tel, and when the Cyber Policy position at the Department of Defense opened up in 2014, Hughes found himself on a short list of candidates being vetted by the White House.

After an intense interview process, Hughes received his appointment to the Department of Defense in May 2015. As Deputy Assistant Secretary for Cyber Policy, he was responsible for the strategic direction and operational oversight of the Defense Department's cyber capabilities and assets. Hughes was one of the senior civilian officials in the Office of the Secretary of Defense (OSD), reporting to the Under Secretary of Defense for Policy.

Hughes's responsibilities included international engagement, where he would "travel the world to represent the Department of Defense" in engagements with foreign military leaders, cyber partnerships, or in negotiations of bilateral or multilateral agreements. He also represented the Department in meetings at the White House regarding foreign cyber threats. Hughes was also tasked with operational oversight of the United States Cyber Command (USCYBERCOM), led by Admiral Michael S. Rogers, who is also Director of the National Security Agency (NSA). During his tenure, there were many questions about how the structure of USCYBERCOM and its relationship to NSA. 

During Hughes's tenure, there were extensive ongoing discussions about how USCYBERCOM should be structured, what its relationship should be to the NSA.  There were also questions about how the National Guard's role in domestic cyber defense, and how they should work with the Department of Homeland Security, the FBI, and other agencies. One major policy directive to come out of these discussions was Presidential Policy Directive 41 on Cyber Incident Coordination, which was issued by the White House in the summer of 2016, at a time when the release of e-mails from the Democratic National Committee was raising questions about the threat of foreign hacking. The Policy Directive defined the responsibilities of different agencies in the event of a cyber incident and it was developed over more than a year with input from the White House and the Departments of Defense, Homeland Security, and Justice.

Hughes called his time at the Defense Department "the best job I ever had." In February 2016, in an interview marking Black History Month at the Pentagon, Hughes said he was "tremendously proud" to serve under President Obama

Hughes is now the Vice President for Information Security and Risk Management at Capital One.