Dive Brief:
- Eric Goldstein, executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency, is leaving the organization next month, CISA confirmed on Thursday.
- “I could not be prouder of the work that Eric Goldstein has done to move CISA forward as an agency,” CISA Director Jen Easterly said in a statement. “He has helped catalyze a shift across the agency to data-driven risk reduction and built an inclusive team that has enabled CISA and our partners to confront the serious cyber threats facing our country.”
- Goldstein joined CISA in February 2021 after serving as the global head of cybersecurity policy, strategy and regulation at Goldman Sachs. He also held various roles at the National Protection and Programs Directorate, CISA’s precursor agency, from 2013 to 2017.
Dive Insight:
Goldstein is arguably, and most often, the leading operational voice of CISA. He consistently fields media requests, holds briefings with reporters and is widely quoted as a senior official speaking about new threats, major attacks and guidance the agency wants to share broadly.
“This is a big loss for CISA,” said Allan Liska, threat intelligence analyst at Recorded Future.
Liska described Goldstein as a real asset for CISA and the security community, who helped champion programs and build a strong partnership between the agency and the private sector.
Goldstein’s efforts helped move CISA forward “from a focus on patching to solve a very real vulnerability crisis,” Liska said.
CISA’s secure-by-design initiative, which kicked off in April 2023, is one of many programs Goldstein helped shepherd during his time at the agency.
“The outcome statement for secure by design is every single intrusion requires a previously unknown vulnerability of a previously unknown class using a previously unknown exploit,” Goldstein said last week during a media briefing at the RSA Conference in San Francisco.
“If the only thing that we have to worry about detecting is that, and we eliminate every single other category of vulnerability, category of weakness, category of misconfiguration, you’ll still need to worry about security. But it will be a heck of a lot easier, it will be a heck of a lot safer,” Goldstein said.
Easterly lauded Goldstein’s leadership. “We pioneered new models of operational collaboration, reshaped our ability to detect and address cyber risks, and shifted the balance toward building technology that is secure by design,” Easterly said.
“I consider myself fortunate to be Eric’s teammate and know that he will carry his dedication to a secure and resilient nation forward in his next adventure,” Easterly said.