CISA Staffing Crisis and Urgent Recruitment Initiatives
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is facing a significant staffing crisis following substantial personnel reductions attributed to Trump-era cuts and a prolonged government shutdown. Acting CISA Director Madhu Gottumukkala acknowledged in an internal memo that these reductions have hampered the agency's ability to fully support national security imperatives, with nearly one-third of the workforce lost in the past year. The memo outlines an urgent need to hire highly qualified professionals by the end of fiscal year 2026 to restore and strengthen CISA's defensive posture, leveraging the Department of Homeland Security's Cyber Talent Management System to attract critical cyber talent at market rates.
In response to mounting cyber threats, particularly from China, CISA is accelerating recruitment, workforce development, and retention initiatives. The agency plans to focus on hiring state cybersecurity coordinators, regional cybersecurity advisors, and making itself more attractive to both industry experts and junior practitioners. Additional measures include expanded collaboration with colleges and universities, reviving internship programs, and considering return-to-office exemptions for certain employees. These efforts are intended to ensure CISA's mission readiness and operational continuity amid increasing cyber risks and resource constraints.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
Reports detail how the staffing crisis is crippling CISA operations
Follow-up coverage examined the depth of CISA's staffing problems and described the crisis as hampering the agency's ability to carry out its mission. The reporting expanded on the earlier disclosure by characterizing the issue as a broader operational strain on the agency.
CISA acknowledges major staffing crisis amid rising China threat
Multiple reports said the U.S. Cybersecurity and Infrastructure Security Agency publicly admitted it was facing a major staffing shortfall while confronting mounting cyber threats linked to China. The disclosure framed the personnel gap as a significant operational problem for the agency.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
4 references tracked. Mallory keeps watching after this page renders.
ISMG Editors: Inside the Staffing Crisis Crippling CISA
govinfosecurity.com
Open sourceMounting Chinese threat prompts CISA to ramp up hiring
scworld.com
Open sourceUS Cyber Defense Agency Admits to Major Staffing Crisis
bankinfosecurity.com
Open sourceUS Cyber Defense Agency Admits to Major Staffing Crisis
govinfosecurity.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
CISA Capacity Degraded by Personnel Cuts, Program Closures, and Leadership Vacancies
Bipartisan lawmakers and private-sector cybersecurity leaders warned that the U.S. Cybersecurity and Infrastructure Security Agency (**CISA**) has been significantly weakened after roughly a year of personnel cuts and layoffs under the second Trump administration, with reporting indicating the agency has lost about **one-third of its workforce** and shuttered or reduced entire divisions. Sources described diminished ability to execute core missions such as coordinating with industry and protecting federal civilian networks, with some organizations reportedly seeking alternatives (industry alliances, outside consultants, or direct government-to-government partnerships) rather than relying on CISA support. Reporting also tied the degradation to a prolonged **leadership vacuum**—with the administration’s nominee **Sean Plankey** not confirmed and Acting Director **Madhu Gottumukkala** criticized by some sources as struggling to lead—alongside political and operational pressures that deprioritized the agency. Specific capability impacts cited include reduced **counter-ransomware** efforts, work to promote **secure software development**, and losses affecting **election security** functions; additional strain was attributed to reassignment of staff to other DHS priorities and to a partial federal government shutdown that further reduced available staffing levels, raising concerns about CISA’s readiness to respond to a major cyber crisis.
Mar 21, 2026
DHS Reassignment of CISA Cybersecurity Staff to Border and Immigration Roles
The Department of Homeland Security (DHS) has initiated a large-scale reassignment of cybersecurity personnel, particularly from the Cybersecurity and Infrastructure Security Agency (CISA), to roles focused on immigration and border enforcement. Hundreds of DHS employees, including those from CISA, have been directed to transfer to agencies such as Immigration and Customs Enforcement (ICE), Customs and Border Protection (CBP), and the Federal Protective Service. This move is part of a broader shift in departmental priorities, emphasizing border security and deportation efforts reminiscent of previous administration policies. Employees affected by these reassignments have reportedly been given a week to respond, with the risk of termination if they do not comply. The CISA Capacity Building team, responsible for drafting emergency directives and overseeing cybersecurity for the government's most critical assets, has been particularly impacted by these changes. Experts warn that the loss of specialized cybersecurity staff could result in slower detection of cyber threats, delayed issuance of security advisories, and increased risks to both federal and enterprise networks. The reassignment comes on the heels of the firing of 130 CISA staff since the change in administration, further depleting the agency's cyber workforce. CISA, as the national coordinator for critical infrastructure security and resilience, relies heavily on the expertise of its analysts to manage risks to both cyber and physical infrastructure. The reduction in cyber personnel is expected to hinder vulnerability scanning, slow down coordination with other agencies, and diminish the agency's institutional knowledge. There is concern that the shift in focus away from cybersecurity could leave U.S. networks more exposed to cyberattacks and reduce the government's ability to respond effectively to emerging threats. The move has sparked criticism from cybersecurity experts, who emphasize the importance of maintaining a robust cyber defense posture amid a rising landscape of cybercrime. The reassignments highlight the tension between competing national security priorities and the potential unintended consequences for the nation's cyber resilience. The situation underscores the need for careful consideration of workforce allocations within critical government agencies. As the DHS continues to implement these changes, the long-term impact on U.S. cybersecurity capabilities remains a significant concern for both public and private sector stakeholders.
Mar 21, 2026
DHS Shutdown and Leadership Vacuum Deepen Concerns Over CISA Staffing and Mission Capacity
Senators and cybersecurity experts warned that **CISA** is operating under growing strain as the **Department of Homeland Security shutdown** and the absence of stable leadership compound earlier cuts to the agency’s workforce and budget. During his confirmation hearing, DHS secretary nominee **Markwayne Mullin** was pressed on whether he would restore staffing and funding after roughly one-third of CISA’s workforce was cut, but he declined to commit to rehiring personnel or reversing budget reductions, saying only that the agency would be staffed to remain mission capable. Security professionals said CISA can still perform its core statutory functions with excepted staff, but the loss of personnel, sidelining of employees during the shutdown, and lack of a permanent director are limiting the agency’s ability to sustain non-essential programs, build new capabilities, and advocate for long-term resources. Even as CISA continues to issue operational guidance, including recent warnings tied to **Microsoft Intune** hardening and patching of vulnerabilities in products such as **Synacor Zimbra Collaboration Suite** and **Microsoft Office**, the broader concern is that reduced staffing and weakened leadership are eroding national cyber defense capacity at a time of elevated threat pressure.
May 27, 2026