Congressional Scrutiny of CISA Leadership Amid Workforce Reductions and CIO Reassignment Attempt
The acting director of the Cybersecurity and Infrastructure Security Agency (CISA), Madhu Gottumukkala, faced escalating scrutiny over leadership and personnel decisions as the agency manages ongoing threats to federal networks and critical infrastructure. Reporting describes an attempted management-directed reassignment of CISA CIO Robert Costello—a process that can force an employee to transfer within DHS or resign—that triggered immediate objections from career staff and senior political appointees, leading DHS headquarters to pause and then halt the action the same day.
Lawmakers on the House Homeland Security Committee pressed Gottumukkala on broader staffing reductions and whether CISA retains sufficient capacity to execute its mission, including questions about efforts to push out staff and a reported attempt to remove the CIO. A chart entered into the hearing record cited a drop in personnel from 3,387 to 2,389 (a reduction of 998), figures that aligned closely with Gottumukkala’s testimony; he also cited a 7.5% attrition rate last year and asserted the agency has “the required staff,” while members warned that cutbacks could weaken national cyber defenses and increase exposure of critical systems and infrastructure.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
House lawmakers question CISA leader over staffing cuts and personnel decisions
At a House Homeland Security Committee hearing, lawmakers from both parties scrutinized Gottumukkala over CISA staffing reductions, alleged pressure tactics to drive resignations, and the reported effort to remove Costello. Testimony and materials entered into the record indicated CISA staffing had fallen from 3,387 before President Trump's inauguration to 2,389 by mid-December, while Gottumukkala said the agency still had sufficient staff.
DHS halts attempted reassignment of CISA CIO Robert Costello
Madhu Gottumukkala, acting head of CISA, pursued a management-directed reassignment of CIO Robert Costello that would have required him to move elsewhere in DHS or resign. After sharp internal objections from career staff and senior political appointees, DHS headquarters paused and then stopped the action the same day.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
CISA Leadership Shakeup: CIO Departure and New Acting Cyber Chief नियुक्त
The Cybersecurity and Infrastructure Security Agency (**CISA**) is undergoing a leadership transition marked by the departure of its chief information officer, **Robert Costello**, who announced he is leaving after nearly five years in the role. Reporting indicates Costello’s exit follows internal turbulence, including conflicting accounts about whether then-acting director **Madhu Gottumukkala** attempted to push him out and subsequent transfer orders that raised the prospect of reassignment elsewhere in DHS; Costello had public support from some lawmakers and had been a visible advocate for modernization and improved tooling at the agency. Separately, CISA named **Chris Butera** as acting executive assistant director for the agency’s **cybersecurity division** amid broader leadership shakeups: Gottumukkala was moved to another DHS role, and **Nick Andersen** assumed leadership of the agency. The changes come as CISA continues to face workforce attrition tied to broader federal staffing reductions, with additional departures expected within the cyber division, raising concerns about sustained capacity to execute CISA’s mission to address major cyber threats, vulnerability response, and critical infrastructure resilience.
Mar 21, 2026
CISA Capacity Degraded by Personnel Cuts, Program Closures, and Leadership Vacancies
Bipartisan lawmakers and private-sector cybersecurity leaders warned that the U.S. Cybersecurity and Infrastructure Security Agency (**CISA**) has been significantly weakened after roughly a year of personnel cuts and layoffs under the second Trump administration, with reporting indicating the agency has lost about **one-third of its workforce** and shuttered or reduced entire divisions. Sources described diminished ability to execute core missions such as coordinating with industry and protecting federal civilian networks, with some organizations reportedly seeking alternatives (industry alliances, outside consultants, or direct government-to-government partnerships) rather than relying on CISA support. Reporting also tied the degradation to a prolonged **leadership vacuum**—with the administration’s nominee **Sean Plankey** not confirmed and Acting Director **Madhu Gottumukkala** criticized by some sources as struggling to lead—alongside political and operational pressures that deprioritized the agency. Specific capability impacts cited include reduced **counter-ransomware** efforts, work to promote **secure software development**, and losses affecting **election security** functions; additional strain was attributed to reassignment of staff to other DHS priorities and to a partial federal government shutdown that further reduced available staffing levels, raising concerns about CISA’s readiness to respond to a major cyber crisis.
Mar 21, 2026
CISA Workforce Reductions and Pullback From RSAC Amid Leadership and Mission Refocus
The **Cybersecurity and Infrastructure Security Agency (CISA)** said it will **not participate in the RSA Conference (RSAC)** in March, citing routine reviews of stakeholder engagements and “good stewardship of taxpayer dollars,” and framing the decision as part of a broader effort to return to its statutory “core mission” and align with the Trump administration’s priorities. The move followed the announcement that former CISA Director **Jen Easterly** was named **CEO of the RSAC Conference**, after which senior administration cyber officials reportedly discussed canceling their attendance. Separately, Acting CISA Director **Madhu Gottumukkala** told the House Homeland Security Committee that CISA remains capable of protecting government networks and critical infrastructure despite significant workforce reductions, describing the cuts as intended to eliminate duplication and refocus on mission outcomes. Lawmakers raised questions about impacts to **election security**, broader cybersecurity operations, and implementation of the **Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA)**; Gottumukkala said CISA will continue targeted hiring for mission-critical roles and asserted the agency has the staffing it needs, while an internal report cited in the hearing indicated nearly **1,000 personnel** have departed, been laid off, or transferred since President Trump took office (over one-third of the workforce).
Jan 31, 2026