1 week Ago
The latest reports of layoffs and budget reductions at the Cybersecurity and Infrastructure Security Agency have sparked concern across segments of the cyber policy and national security communities. While the scope potentially affecting more than 1,300 employees is notable, these developments warrant measured evaluation rather than immediate alarm. Earlier this month, President Donald Trump nominated Sean Plankey to lead CISA, filling one of the last remaining senior cybersecurity roles in his administration.
Plankey is a seasoned cybersecurity professional who served in the first Trump administration, including as principal deputy assistant secretary at the Department of Energy’s Office of Cybersecurity, Energy Security and Emergency Response and as director of cyber policy at the National Security Council. A U.S.
Coast Guard veteran, he also served at U.S. Cyber Command and most recently held a leadership role in the private sector.
Plankey’s nomination aligns with Homeland Security Secretary Kristi Noem ’s earlier confirmation testimony, where she emphasized that CISA needed to become smaller, more nimble and more mission-focused. The Department of Government Efficiency , created to identify redundancies across the federal government, has raised concerns about CISA’s rapid headcount growth and overlap with other agencies. Others in the Trump Administration have also raised concerns about CISA’s involvement in politically sensitive areas such as disinformation monitoring.
While these latest reductions are significant, they should not come as a surprise. Since its creation in 2018, CISA has grown rapidly. Under former Director Jen Easterly , the agency added more than 3,000 employees, including a major push through the Cyber Talent Management System — a federal hiring program designed to attract cyber professionals from the private sector.
Much of this expansion was driven by urgent needs, including election security, pandemic response and foreign interference threats. As with any major hiring wave, reassessment often follows. Some roles created during periods of heightened activity may no longer align with long-term priorities, especially as the agency narrows its focus back toward core infrastructure protection.
CISA’s expanded footprint includes responsibilities introduced by the Cybersecurity and Infrastructure Security Agency Act of 2018. Its planned move to a new 620,000-square-foot headquarters housing more than 6,500 employees underscores how far the agency has scaled in just a very few years. CISA is not the sole entity responsible for defending the nation’s cyber infrastructure.
The Department of Defense, National Security Agency, FBI and U.S. Cyber Command each maintain distinct cyber operations focused on military, intelligence and national defense systems.
CISA’s mandate is specific to civilian infrastructure and public-private coordination. A clear example of overlapping responsibilities involves CISA’s cyber threat hunting and incident response efforts, which sometimes duplicate activities carried out by the FBI and the NSA. CISA’s Hunt and Incident Response Team works directly with public and private-sector partners to detect, analyze, and respond to threats.
At the same time, the FBI serves as the lead federal agency for investigating and attributing cyberattacks — particularly those involving criminal enterprises or nation-state actors—and regularly engages in its own incident response activities. Similarly, the NSA, through its Cybersecurity Collaboration Center, provides intelligence and mitigation guidance to the defense industrial base and other sensitive sectors. In high-profile events like the SolarWinds breach or the Colonial Pipeline ransomware attack, multiple agencies were simultaneously involved in response and coordination, sometimes creating confusion among private-sector partners about points of contact and leadership roles.
In such cases, organizations have reported receiving overlapping threat notifications or redundant briefings from different agencies. These challenges have fueled ongoing discussions about the need to better delineate roles and reduce redundancy across the federal cybersecurity apparatus. Technological evolution is also driving workforce changes, both in private industry and government.
Artificial intelligence and automation are transforming cybersecurity operations. Advanced analytics, large language models and autonomous threat detection systems are reducing the need for large analyst teams. The cyber workforce is shifting toward roles in automation, threat modeling and AI system design.
Like the private sector, federal agencies are adapting staffing models to reflect this shift. The reassessment of cybersecurity teams across government, including CISA, may be partially driven by this broader transition. CISA has increasingly found itself in politically sensitive territory, particularly around election security and disinformation.
Though the agency’s actions were intended to support public trust, they have led to some perceptions of partisanship. Whether these concerns influenced the current staffing decisions is unclear. But to remain effective, CISA must maintain public and bipartisan trust.
Refocusing on its core mission of nonpartisan infrastructure protection will be key to sustaining that trust going forward. While the reductions are significant for those affected, they are unlikely to result in a net loss of cybersecurity capacity. The private sector continues to face a talent shortage , with nearly 600,000 cybersecurity job openings across the United States.
Many former CISA employees, equipped with security clearances and deep technical expertise, are likely to transition quickly into roles across commercial sectors. Several private-sector initiatives are already working to match displaced talent with new opportunities. In this sense, the transition may help bridge federal cybersecurity experience with private-sector demand in areas such as energy, healthcare and financial services.
Despite the strategic rationale, there are legitimate concerns about how these reductions may affect CISA’s ability to respond to emerging threats. Critics warn that the agency’s incident response teams, threat hunters and vulnerability analysts could be thinned at a time when nation-state activity and critical infrastructure targeting remain elevated. If internal knowledge is lost or key operational capabilities are reduced without clear redistribution of responsibilities, response times and national coordination efforts could suffer.
Others worry about long-term recruitment damage — sending the message that cyber roles in public service are unstable just as the federal government competes with the private sector for scarce talent. Without a well-communicated transition plan and strong coordination with other agencies, there is a risk that critical gaps may open in defending the very systems CISA was created to protect. Ultimately, while the scale of the workforce reductions is meaningful—and empathy is warranted for those impacted—it does not necessarily indicate a retreat from civilian cyber defense.
Rather, it reflects a strategic recalibration driven by evolving mission needs, overlapping responsibilities and disruptive technologies. If managed well, this can be a constructive inflection point: a chance to sharpen CISA’s focus, streamline its operations and reinforce coordination with both the private sector and other federal agencies. However, if the transition is poorly executed, the risks are real—operational gaps, loss of institutional knowledge and reduced readiness to detect and respond to cyber threats could emerge at a critical time.
The stakes are high. Cybersecurity remains a national priority and the question is how to best align people, resources and capabilities to meet both today’s and tomorrow’s threats. A 1,300-person reduction from a 6,500-person agency, within a cybersecurity landscape supported by multiple government actors and an engaged private sector, should be viewed with perspective.
The road ahead depends on execution. This is not necessarily a crisis — it may be a strategic shift in progress..
