From Air Force to Cloud Security: How Veteran Chris Hughes Built a Company Securing America’s Digital Future
Chris Hughes took his Air Force service and turned it into a cybersecurity career protecting federal systems. His path shows how military experience translates directly into defending national security in the digital age.
The Military Foundation
Hughes served in the United States Air Force without formal software development training. The military gave him something more important: discipline, mission focus, and technical foundations.
After leaving active duty, he moved into civil service. He worked for the U.S. Navy and the General Services Administration’s Federal Risk and Authorization Management Program (FedRAMP). At FedRAMP, he served as a Technical Representative for the Joint Authorization Board. He saw how slow compliance processes blocked fast-moving technology.
Building Aquia
In February 2021, Hughes co-founded Aquia with David Maskeroni, another veteran who served two tours in Operation Iraqi Freedom. Both founders had worked in government and private sector roles. They wanted to bring Silicon Valley speed to federal missions.
They structured Aquia as an employee-owned company from day one. The team shares in success. The Service-Disabled Veteran-Owned Small Business focuses on cloud infrastructure, cybersecurity, and compliance automation for federal agencies.
The CISA Fellowship
In May 2023, Hughes became a CISA Cyber Innovation Fellow. The program brings private sector cybersecurity experts to work alongside federal technical teams. He contributes expertise in DevSecOps, software supply chain security, and Software Bill of Materials.
“I am honored to join the CISA Cyber Innovation Fellows program,” Hughes said. “I look forward to collaborating with the team on this important task.”
His dual role lets him shape national cyber defense strategy while running Aquia.
Teaching and Writing
Hughes teaches cybersecurity as an adjunct professor at Capitol Technology University and the University of Maryland Global Campus. He prepares the next generation of security professionals.
He co-authored two cybersecurity books with Wiley. “Software Transparency: Supply Chain Security in an Era of a Software-Driven Society” came out in 2023. “Effective Vulnerability Management: Managing Risk in the Vulnerable Digital Ecosystem” followed in 2024.
He also co-hosts the “Resilient Cyber” podcast and publishes a newsletter. He interviews cybersecurity leaders and explores topics from AI security to FedRAMP modernization.
Industry Impact
Hughes serves as Membership Chair for the Cloud Security Alliance’s Washington D.C. chapter. He contributes to their Incident Response and SaaS Security Working Groups. He also works with the Cloud Native Computing Foundation on software supply chain security.
His certifications include CISSP/CCSP from ISC2, AWS and Azure security certifications, and the Cloud Security Alliance’s Certificate of Cloud Auditing Knowledge.
Real Results
Aquia helped the Centers for Medicare and Medicaid Services develop its first Software-as-a-Service governance program. The company created zero trust policies, modernized Platform-as-a-Service environments, and implemented continuous authorization approaches. CMS handles information on more than 177 million Americans.
In April 2024, Aquia received the Department of Health and Human Services’ 2024 Service-Disabled Veteran-Owned Small Business of the Year award. The award recognized “superior performance and valuable support in the achievement of the mission requirements of HHS.”
Modernizing FedRAMP
Hughes spent time as a GSA FedRAMP insider. He knows the program needs updates. He has pushed for automation, machine-readable artifacts, continuous monitoring, and streamlined authorization processes.
“I have been building and securing cloud environments in the U.S. Federal and DoD space for roughly 8 years,” Hughes wrote in 2023. “I also served as a Federal employee at GSA where I was a Technical Representative for the Joint Authorization Board.”
The Office of Management and Budget released final FedRAMP modernization guidance in July 2024. The changes reflect many of his recommendations.
A Path for Other Veterans
Hughes shows how military skills transfer to cybersecurity. The discipline, mission focus, and operational mindset from service drive innovation in digital security. His journey from airman to entrepreneur demonstrates what veterans do in the rapidly growing cybersecurity field.
The cybersecurity workforce shortage creates opportunities. More than 514,000 U.S. job postings appeared in the year ending June 2025, up 12 percent year-over-year. Veterans bring technical skills, project management abilities, leadership experience, and security clearances employers want.
Still Serving
Nearly 20 years into his cybersecurity career, Hughes works where technology meets national security. Through Aquia’s federal contracts, his CISA fellowship, his teaching, and his thought leadership, he makes the country “digitally capable and secure.”
This Veterans Day, Hughes’ story reminds us military service builds foundations for continued national service. By building companies, mentoring students, contributing to federal missions, and advancing industry standards, veteran cybersecurity leaders keep defending the nation in the digital domain where battles unfold today.
His career proves military skills, mindset, and commitment to mission translate directly into protecting America’s critical infrastructure, government systems, and digital future. For veterans seeking post-service careers, Hughes offers a model: leverage your military foundation, commit to continuous learning, contribute to your community, and never stop serving.
