CISA Workforce Reductions and Pullback From RSAC Amid Leadership and Mission Refocus
The Cybersecurity and Infrastructure Security Agency (CISA) said it will not participate in the RSA Conference (RSAC) in March, citing routine reviews of stakeholder engagements and “good stewardship of taxpayer dollars,” and framing the decision as part of a broader effort to return to its statutory “core mission” and align with the Trump administration’s priorities. The move followed the announcement that former CISA Director Jen Easterly was named CEO of the RSAC Conference, after which senior administration cyber officials reportedly discussed canceling their attendance.
Separately, Acting CISA Director Madhu Gottumukkala told the House Homeland Security Committee that CISA remains capable of protecting government networks and critical infrastructure despite significant workforce reductions, describing the cuts as intended to eliminate duplication and refocus on mission outcomes. Lawmakers raised questions about impacts to election security, broader cybersecurity operations, and implementation of the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA); Gottumukkala said CISA will continue targeted hiring for mission-critical roles and asserted the agency has the staffing it needs, while an internal report cited in the hearing indicated nearly 1,000 personnel have departed, been laid off, or transferred since President Trump took office (over one-third of the workforce).
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
Acting CISA director defends agency after major workforce losses
At a House Homeland Security Committee hearing, acting director Madhu Gottumukkala said CISA remains capable of protecting government networks and critical infrastructure despite significant staffing reductions. Lawmakers pressed him on effects to election security, cyber operations, and CIRCIA-related regulatory work, while an internal report cited nearly 1,000 departures since President Trump took office.
CISA confirms it will not participate in RSAC 2026
CISA said it will skip the RSA Conference in March, citing a review of stakeholder engagements to maximize impact and ensure stewardship of taxpayer dollars. The agency framed the move as part of a refocus on its statutory core mission and alignment with Trump administration priorities.
Trump-era cyber officials discuss boycotting RSAC after Easterly appointment
According to reporting, several senior Trump-era cybersecurity officials discussed canceling their attendance at the RSA Conference within hours of Easterly's appointment. The discussions reflected political tension around her new role and foreshadowed broader federal pullback from the event.
Jen Easterly is appointed CEO of the RSA Conference
Former CISA Director Jen Easterly was named CEO of the RSA Conference, a leadership change repeatedly cited as the trigger for subsequent debate over federal participation in RSAC. Multiple later reports and podcast summaries reference this appointment as a significant industry development.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
50 references tracked. Mallory keeps watching after this page renders.
NDSS 2025 - PropertyGPT - Security Boulevard
securityboulevard.com
Open sourceWe Keep Hearing the Same Question: Morpheus (AI SOC) vs. Traditional SOAR - Security Boulevard
securityboulevard.com
Open sourceFriday Squid Blogging: New Squid Species Discovered - Security Boulevard
securityboulevard.com
Open sourceHow secure are secrets vaults in cloud environments - Security Boulevard
securityboulevard.com
Open source31 More Charged in Massive ATM Jackpotting Scheme Linked to Tren de Aragua Gang - Security Boulevard
securityboulevard.com
Open sourceWhat Are Service Accounts and Why Are They a Security Risk? - Security Boulevard
securityboulevard.com
Open sourceA Nerdy Quest, Puzzle Wednesday! - Security Boulevard
securityboulevard.com
Open sourceWhy Your Dev Team Isn’t Broken, Just Misaligned - Security Boulevard
securityboulevard.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
CISA Capacity Degraded by Personnel Cuts, Program Closures, and Leadership Vacancies
Bipartisan lawmakers and private-sector cybersecurity leaders warned that the U.S. Cybersecurity and Infrastructure Security Agency (**CISA**) has been significantly weakened after roughly a year of personnel cuts and layoffs under the second Trump administration, with reporting indicating the agency has lost about **one-third of its workforce** and shuttered or reduced entire divisions. Sources described diminished ability to execute core missions such as coordinating with industry and protecting federal civilian networks, with some organizations reportedly seeking alternatives (industry alliances, outside consultants, or direct government-to-government partnerships) rather than relying on CISA support. Reporting also tied the degradation to a prolonged **leadership vacuum**—with the administration’s nominee **Sean Plankey** not confirmed and Acting Director **Madhu Gottumukkala** criticized by some sources as struggling to lead—alongside political and operational pressures that deprioritized the agency. Specific capability impacts cited include reduced **counter-ransomware** efforts, work to promote **secure software development**, and losses affecting **election security** functions; additional strain was attributed to reassignment of staff to other DHS priorities and to a partial federal government shutdown that further reduced available staffing levels, raising concerns about CISA’s readiness to respond to a major cyber crisis.
Mar 21, 2026
Congressional Scrutiny of CISA Leadership Amid Workforce Reductions and CIO Reassignment Attempt
The acting director of the Cybersecurity and Infrastructure Security Agency (**CISA**), **Madhu Gottumukkala**, faced escalating scrutiny over leadership and personnel decisions as the agency manages ongoing threats to federal networks and critical infrastructure. Reporting describes an attempted management-directed reassignment of CISA CIO **Robert Costello**—a process that can force an employee to transfer within DHS or resign—that triggered immediate objections from career staff and senior political appointees, leading DHS headquarters to pause and then halt the action the same day. Lawmakers on the House Homeland Security Committee pressed Gottumukkala on broader staffing reductions and whether CISA retains sufficient capacity to execute its mission, including questions about efforts to push out staff and a reported attempt to remove the CIO. A chart entered into the hearing record cited a drop in personnel from **3,387 to 2,389** (a reduction of **998**), figures that aligned closely with Gottumukkala’s testimony; he also cited a **7.5%** attrition rate last year and asserted the agency has “the required staff,” while members warned that cutbacks could weaken national cyber defenses and increase exposure of critical systems and infrastructure.
Mar 21, 2026
CISA Divisions Impacted by Workforce Termination Orders During Government Shutdown
Several divisions within the Cybersecurity and Infrastructure Security Agency (CISA) have been affected by reduction-in-force (RIF) notices issued during the ongoing government shutdown, according to multiple industry sources. The Office of Management and Budget, led by Director Russ Vought, announced these workforce cuts as part of broader federal government measures. Staff members from CISA's Stakeholder Engagement Division, Infrastructure Security Division, and Integrated Operations Division are among those impacted by the layoffs. The Department of Homeland Security (DHS) has stated that these layoffs are intended to help CISA refocus on its core mission. Prior budget documents from DHS indicated that the Chemical Security subdivision within CISA was already scheduled to wind down certain programs and initiatives, suggesting that the workforce reductions are part of a longer-term restructuring. A recent court filing revealed that 176 DHS employees were laid off, though the specific number of CISA employees affected remains unclear. The possibility of further reductions across the federal workforce has not been ruled out. The Trump administration has been critical of CISA's involvement in addressing misinformation, particularly regarding its collaborations with social media platforms to counter false information about elections and COVID-19. This criticism has been cited as a factor in the administration's push to "refocus" the agency. The layoffs have created uncertainty within CISA, with staff members expressing concerns about the future of their divisions and the agency's ability to fulfill its cybersecurity mandate. The Stakeholder Engagement Division, which plays a key role in liaising with external partners, is believed to be among the hardest hit. The Infrastructure Security Division and Integrated Operations Division, both critical to national infrastructure protection and operational coordination, are also affected. The reduction in workforce may impact CISA's capacity to respond to cyber threats and support critical infrastructure sectors. DHS has not provided detailed breakdowns of which positions or functions are being eliminated. The ongoing government shutdown has exacerbated the challenges faced by CISA, as resource constraints and political pressures converge. Industry observers are closely monitoring the situation for potential impacts on national cybersecurity readiness. The future direction of CISA remains uncertain as the agency navigates these significant organizational changes. The broader implications for federal cybersecurity efforts are still unfolding as the shutdown and workforce reductions continue.
Mar 21, 2026