Leadership Changes at U.S. Cyber Command and NSA
U.S. Cyber Command’s Cyber National Mission Force (CNMF) removed Air Force Lt. Col. Jason Gargan, a joint task force commander focused on operations against Russia, after he was “relieved for cause” following disagreements over operations with CNMF leadership, according to people familiar with the matter. Gargan was reassigned elsewhere within CNMF and is expected to retire by the end of 2026; the move was described as unusual for CNMF, where underperforming leaders are typically rotated rather than dismissed. The personnel action occurred amid broader senior-level churn at Cyber Command, which has reportedly been without a Senate-confirmed leader for an extended period, and as CNMF chief Maj. Gen. Lorna Mahlock was nominated to become Cyber Command’s next deputy chief.
Separately, the National Security Agency (NSA) appointed intelligence community veteran Timothy Kosiba as deputy director with presidential approval. Reporting highlighted Kosiba’s background in network warfare and offensive cyber roles (including Tailored Access Operations-linked positions) and senior leadership posts supporting foreign signals intelligence and cybersecurity missions; Acting NSA and Cyber Command head William Hartman publicly endorsed the appointment as supporting NSA’s mission execution.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
CNMF commander removes Russia task force leader for cause
Marine Corps Maj. Gen. Lorna Mahlock relieved Lt. Col. Jason Gargan from command of a Cyber National Mission Force joint task force focused on Russia after operational disagreements. Gargan was reassigned within the CNMF, and the move was described as an unusual dismissal in the force’s roughly 12-year history.
Timothy Kosiba appointed NSA deputy director
President Donald Trump approved the appointment of intelligence community veteran Timothy Kosiba as the National Security Agency’s new deputy director. Acting NSA and U.S. Cyber Command head William Hartman publicly endorsed the selection, citing Kosiba’s leadership and experience.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
NSA Leadership Changes Amid Ongoing Cyber Directorate Turmoil
The National Security Agency (NSA) has undergone significant leadership changes following months of instability at its highest levels. Tim Kosiba, a veteran with over three decades of federal service, has been appointed as the new deputy director of the NSA after the Trump administration removed his predecessor and other top officials, reportedly due to political pressure. Kosiba previously held key roles within the NSA, FBI, and Naval Criminal Investigative Service, and his appointment was confirmed by Defense Secretary Pete Hegseth and Director of National Intelligence Tulsi Gabbard with President Trump's approval. The agency has faced a prolonged period without a Senate-confirmed leader, contributing to uncertainty within both the NSA and U.S. Cyber Command. Simultaneously, the NSA's cybersecurity directorate is also experiencing a transition in leadership. David Imbordino, currently the directorate’s deputy chief, will serve as acting head following the retirement of Greg Smithberger, who had been leading in an interim capacity. Holly Baroody is set to return from the United Kingdom to serve as acting deputy chief. The directorate, established in 2019 to enhance intelligence sharing and collaboration with critical infrastructure, has lacked a permanent chief since early last year. These leadership changes come as the NSA continues to address evolving cyber threats, including recent advisories on malware such as BRICKSTORM, and underscores the agency’s ongoing efforts to stabilize its executive ranks and maintain operational continuity.
Mar 21, 2026
Leadership Uncertainty at U.S. Cyber Command and NSA Amidst Policy Disarray
U.S. Cyber Command and the National Security Agency have been without a permanent leader for over seven months following the dismissal of Air Force Gen. Timothy Haugh and his deputy, a move that has unsettled both organizations. Army Lt. Gen. Joshua Rudd, currently serving as the No. 2 at U.S. Indo-Pacific Command and lacking direct cyber or signals intelligence experience, has emerged as a leading candidate for the dual-hat leadership role, though the selection process remains fluid and contentious. Key leadership positions at both agencies remain unfilled, with Marine Corps Maj. Gen. Lorna Mahlock and Brig. Gen. Matthew Lennox identified as likely appointees to senior roles once the top post is settled. This leadership vacuum comes as the Trump administration’s official cyber policy calls for stronger deterrence against foreign cyber threats, particularly from China, but President Trump himself has publicly downplayed the significance of such threats. Senior administration officials have highlighted the need to respond to campaigns like those attributed to Salt Typhoon and Volt Typhoon, which target U.S. telecommunications and critical infrastructure, yet the president’s dismissive stance has created a disconnect between policy rhetoric and executive action. The ongoing instability at the helm of the nation’s top cyber agencies raises concerns about the United States’ ability to effectively coordinate and respond to escalating foreign cyber operations.
Mar 21, 2026
US Federal Cyber and IT Leadership Turnover and Confirmation Disputes
US federal cyber and IT leadership saw multiple high-profile personnel moves, including a planned transition at the **Cybersecurity and Infrastructure Security Agency (CISA)**. Acting director **Madhu Gottumukkala** is expected to leave CISA for a new Department of Homeland Security role as director of strategic implementation, with **Nick Andersen** (CISA’s executive assistant director for cybersecurity) slated to become acting director. Separately, CISA **CIO Bob Costello** reportedly received reassignment/transfer orders and is expected to depart the agency, with reporting indicating he may have been offered reassignment to **FEMA**; the reasons for the move were not publicly clarified. In parallel, Senate confirmation politics affected senior national cyber leadership: Sen. **Ron Wyden** said he would block confirmation of Lt. Gen. **Joshua Rudd** to lead both **U.S. Cyber Command** and the **NSA**, citing a lack of cyber and signals intelligence experience and concerns about his understanding of NSA surveillance authorities. Outside the cyber agencies, the **Department of Justice** elevated **Nikki Collier** from deputy CIO to permanent CIO, following a prolonged vacancy after the prior CIO’s departure, underscoring broader federal IT leadership churn during a period of workforce reductions and ongoing scrutiny of security governance practices.
Mar 21, 2026