US Federal Cyber and IT Leadership Turnover and Confirmation Disputes
US federal cyber and IT leadership saw multiple high-profile personnel moves, including a planned transition at the Cybersecurity and Infrastructure Security Agency (CISA). Acting director Madhu Gottumukkala is expected to leave CISA for a new Department of Homeland Security role as director of strategic implementation, with Nick Andersen (CISA’s executive assistant director for cybersecurity) slated to become acting director. Separately, CISA CIO Bob Costello reportedly received reassignment/transfer orders and is expected to depart the agency, with reporting indicating he may have been offered reassignment to FEMA; the reasons for the move were not publicly clarified.
In parallel, Senate confirmation politics affected senior national cyber leadership: Sen. Ron Wyden said he would block confirmation of Lt. Gen. Joshua Rudd to lead both U.S. Cyber Command and the NSA, citing a lack of cyber and signals intelligence experience and concerns about his understanding of NSA surveillance authorities. Outside the cyber agencies, the Department of Justice elevated Nikki Collier from deputy CIO to permanent CIO, following a prolonged vacancy after the prior CIO’s departure, underscoring broader federal IT leadership churn during a period of workforce reductions and ongoing scrutiny of security governance practices.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
10 events from the most recent confirmed update back to the earliest known activity.
Nick Andersen becomes acting CISA director
Following Gottumukkala's departure, Nick Andersen, CISA's senior cybersecurity executive, was named interim acting director. The change left CISA still awaiting Senate confirmation of a permanent leader.
Madhu Gottumukkala moved from CISA to DHS role
CISA acting director Madhu Gottumukkala was shifted to a new Department of Homeland Security position as director of strategic implementation. The move came amid controversy over his tenure and broader leadership turmoil at the agency.
CISA CIO Bob Costello receives reassignment orders
Bob Costello, CISA's chief information officer, reportedly received transfer orders and is expected to leave the agency, with FEMA mentioned as a possible destination. The reasons for the reassignment were not publicly explained.
Sen. Wyden blocks Joshua Rudd's confirmation
Sen. Ron Wyden said he would block Lt. Gen. Joshua Rudd's confirmation to lead both U.S. Cyber Command and the NSA, citing concerns about his cyber and signals intelligence experience and his answers on surveillance authorities. The move could force a formal Senate vote instead of approval by unanimous consent.
DOJ updates staff profile to show Collier as CIO
The Department of Justice updated Nikki Collier's staff profile on February 23 to identify her as CIO. The update publicly signaled that she had formally moved into the permanent role.
Nikki Collier assumes DOJ CIO role
Collier's LinkedIn indicates she took over as DOJ's chief information officer in February 2026, ending the department's stretch without a permanent CIO. DOJ staff records were updated shortly afterward to reflect the change.
Sean Plankey's CISA director nomination lapses at end of 2025
Sean Plankey's earlier nomination to serve as CISA director expired when the 2025 session closed without confirmation. The administration later renominated him while the agency continued under acting leadership.
DOJ CIO Melinda Rogers departs
Former DOJ CIO Melinda Rogers left the department at the end of May 2025, leaving the agency without a permanent IT leader. Collier was subsequently listed as acting CIO.
Trump fires Gen. Timothy Haugh from NSA and Cyber Command leadership
President Donald Trump fired Gen. Timothy Haugh, after which Lt. Gen. William Hartman led the National Security Agency and U.S. Cyber Command in an acting capacity for nearly a year. This created the vacancy later tied to Joshua Rudd's nomination.
Nikki Collier becomes DOJ deputy CIO
Nikki Collier began serving as the Department of Justice's deputy chief information officer. She later became a key internal candidate for the department's top IT role.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
5 references tracked. Mallory keeps watching after this page renders.
Gottumukkala out, Andersen in as acting CISA director | CyberScoop
cyberscoop.com
Open sourceCISA acting director moved to new DHS role - Nextgov/FCW
nextgov.com
Open sourceCISA CIO expected to leave agency after receiving transfer orders - Nextgov/FCW
nextgov.com
Open sourceWyden blocks Rudd confirmation to lead Cyber Command, NSA | The Record from Recorded Future News
therecord.media
Open sourceDOJ elevates deputy CIO to top IT role - Nextgov/FCW
nextgov.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
CISA Leadership Shakeup: CIO Departure and New Acting Cyber Chief नियुक्त
The Cybersecurity and Infrastructure Security Agency (**CISA**) is undergoing a leadership transition marked by the departure of its chief information officer, **Robert Costello**, who announced he is leaving after nearly five years in the role. Reporting indicates Costello’s exit follows internal turbulence, including conflicting accounts about whether then-acting director **Madhu Gottumukkala** attempted to push him out and subsequent transfer orders that raised the prospect of reassignment elsewhere in DHS; Costello had public support from some lawmakers and had been a visible advocate for modernization and improved tooling at the agency. Separately, CISA named **Chris Butera** as acting executive assistant director for the agency’s **cybersecurity division** amid broader leadership shakeups: Gottumukkala was moved to another DHS role, and **Nick Andersen** assumed leadership of the agency. The changes come as CISA continues to face workforce attrition tied to broader federal staffing reductions, with additional departures expected within the cyber division, raising concerns about sustained capacity to execute CISA’s mission to address major cyber threats, vulnerability response, and critical infrastructure resilience.
Mar 21, 2026
U.S. Federal Cyber Leadership Turmoil and CISA Policy Disruptions
U.S. federal cyber operations faced heightened uncertainty amid **leadership turnover and staffing reductions at CISA**, raising concerns about the agency’s capacity to execute its mission. Reporting indicated acting director **Madhu Gottumukkala** was replaced by **Nick Andersen** following controversies including alleged mishandling of sensitive information, while CISA also lost its CIO and reportedly saw staffing reduced by roughly one-third. Separately, Senate confirmation dynamics continued to affect cyber leadership, with Sen. Ron Wyden opposing the nomination of Lt. Gen. **Joshua Rudd** to lead **U.S. Cyber Command and the NSA**, citing concerns about experience and constitutional-rights familiarity as the agencies remained without a permanent chief. CISA’s policy and guidance output continued but faced headwinds from broader federal disruptions. CISA published new insider-threat program guidance centered on the **POEM framework** (*Plan, Organize, Execute, Maintain*) to help organizations build multi-disciplinary insider threat management teams spanning physical security, cybersecurity, HR/personnel, and reporting/analysis functions. At the same time, a **partial DHS shutdown** was reported to be stalling progress on the **Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA)** rulemaking, complicating compliance planning for critical infrastructure entities awaiting clarity on incident reporting requirements and enforcement expectations.
Apr 3, 2026
DHS Leadership Upheaval and Uncertainty Over CISA’s Direction
The Department of Homeland Security is undergoing a significant IT and cybersecurity leadership realignment, including the reported departures of **DHS CISO Hemant Baidwan** and **Deputy CISO Amanda Day**. The shakeup follows broader turbulence across DHS and **CISA**, including the reassignment of acting CISA Director Madhu Gottumukkala to a DHS headquarters role and the resignation of CISA CIO Bob Costello; Day has since moved to the private sector as VP of cybersecurity and trust at *Workday*. Separately, President Donald Trump nominated Sen. **Markwayne Mullin** to lead DHS after firing Secretary Kristi Noem, a move that DHS and CISA personnel described as adding uncertainty to an agency already strained by workforce reductions, leadership instability, and operational impacts from a recent DHS shutdown. While Mullin has supported some cybersecurity-related legislation, employees cited ongoing concerns about CISA’s ability to stabilize without a permanent, Senate-confirmed leader; an unrelated report noted the IRS has launched a “thorough” cybersecurity review amid congressional scrutiny of taxpayer-data sharing and privacy compliance, but that issue is not part of the DHS/CISA leadership event.
Mar 21, 2026