Virtually all of the top officials at the Cybersecurity and Infrastructure Security Agency (CISA) have departed the agency or will do so this month, according to an email obtained by Cybersecurity Dive, further widening a growing void in expertise and leadership at the government’s lead cyber defense force at a time when tensions with foreign adversaries are escalating.
Five of CISA’s six operational divisions and six of its 10 regional offices will have lost top leaders by the end of the month, the agency’s new deputy director, Madhu Gottumukkala, informed employees in an email on Thursday.
Steve Harris, the acting head of the Infrastructure Security Division, left on May 16, and Trent Frazier, the acting head of the Stakeholder Engagement Division, left on May 2, Gottumukkala wrote, while Vince Delaurentis, the No. 2 official in the Emergency Communications Division, is leaving on May 30. Gottumukkala also confirmed the previously reported departures of Matt Hartman, the No. 2 official in the Cybersecurity Division, and Boyden Rohner, the head of the Integrated Operations Division.
The exits of these leaders could undermine the efficiency and strategic clarity of CISA’s partnerships with critical infrastructure operators, private security firms, foreign allies, state governments and local emergency managers, experts say.
The leaders of CISA’s field teams who are leaving soon or have recently left are Region 2 Director John Durkin, Region 4 Director Jay Gamble, Region 5 Director Alex Joves and Deputy Director Kathy Young, Region 6 Director Rob Russell, Region 7 Director Phil Kirk, and Region 10 Director Patrick Massey.
These regional supervisors and the teams who report to them have played an important role in expanding CISA’s nationwide presence, improving its partners’ awareness of the services it offers and boosting its reputation as a reliable source of expertise and support.
“With these significant number of senior departures, several of which are leaders who have been here since the days of US-CERT, there’s a lot of anxiety around when the cuts and departures will finally stop and we can move forward as an agency,” said one CISA employee, who requested anonymity to discuss internal tensions.
Many of CISA’s administrative officials are also leaving. Chief strategy officer Val Cofield and chief financial officer Tarek Abboushi will leave on May 30, while chief contracting officer Juan Arratia left on May 16 and chief human capital officer Blair Duncan left on May 2.
“CISA is doubling down and fulfilling its statutory mission to secure the nation’s critical infrastructure and strengthen our collective cyber defense,” Bridget Bean, the agency’s executive director, said in a statement. “We were created to be the cybersecurity agency for the nation, and we have the right team in place to fulfill that mission and ensure that we are prepared for a range of cyber threats from our adversaries."
The Washington Post first reported some details of the CISA departures.
Anxiety grows over CISA’s future
Gottumukkala, who assumed the duties of acting director from Bean upon his arrival on May 19, told employees that he has been “inspired by the critical work this agency does every day” during his first week on the job. But inside and outside of CISA, the recent exits have fueled already-significant anxieties about the future of the agency.
“It feels like the wrong people are leaving,” said a second CISA employee, who insisted on anonymity to speak freely. “All of these departures make it feel like people are leaving the mission and creating a vacuum.”
Suzanne Spaulding, who led CISA’s predecessor wing inside the Department of Homeland Security from 2011 to 2017, said it was “sad and maddening to see so much expertise and institutional knowledge pushed out the door.”
“The loss of these leaders,” Spaulding said, “including leaders across the country who work every day with the owners and operators of critical infrastructure, will leave the nation less secure and resilient.
