CISA Leadership Shakeup: CIO Departure and New Acting Cyber Chief नियुक्त
The Cybersecurity and Infrastructure Security Agency (CISA) is undergoing a leadership transition marked by the departure of its chief information officer, Robert Costello, who announced he is leaving after nearly five years in the role. Reporting indicates Costello’s exit follows internal turbulence, including conflicting accounts about whether then-acting director Madhu Gottumukkala attempted to push him out and subsequent transfer orders that raised the prospect of reassignment elsewhere in DHS; Costello had public support from some lawmakers and had been a visible advocate for modernization and improved tooling at the agency.
Separately, CISA named Chris Butera as acting executive assistant director for the agency’s cybersecurity division amid broader leadership shakeups: Gottumukkala was moved to another DHS role, and Nick Andersen assumed leadership of the agency. The changes come as CISA continues to face workforce attrition tied to broader federal staffing reductions, with additional departures expected within the cyber division, raising concerns about sustained capacity to execute CISA’s mission to address major cyber threats, vulnerability response, and critical infrastructure resilience.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
6 events from the most recent confirmed update back to the earliest known activity.
Reports indicate additional CISA leadership departures and transfer orders
Reporting on the same day said acting associate director Shelly Hartsook was expected to leave soon, while acting CHRO Kevin Diana had reportedly received transfer orders, underscoring broader leadership churn at CISA.
CISA CIO Robert Costello announces departure
CISA chief information officer Robert Costello announced he is leaving the agency after nearly five years in the role, saying he plans to depart federal government service after helping modernize CISA systems and strengthen its cybersecurity posture.
Chris Butera named acting head of CISA's cyber division
Following Nick Andersen's move to acting director, CISA appointed Chris Butera as acting executive assistant director for the cybersecurity division, putting him in charge of the agency's core cyber mission area.
Nick Andersen replaces Gottumukkala as acting CISA director
Nick Andersen, previously the executive assistant director of CISA's cyber division, took over as acting CISA director after Madhu Gottumukkala was reassigned to another DHS role amid negative media coverage.
Madhu Gottumukkala becomes acting CISA director
Madhu Gottumukkala served as acting director of CISA before the March 2026 leadership reshuffle. His tenure later became the subject of controversy tied to reports about internal personnel actions.
Chris Butera previously served as acting cyber division chief
Chris Butera previously held the acting executive assistant director role for CISA's cybersecurity division in mid-2025 before later returning to other senior technical leadership duties.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
US Federal Cyber and IT Leadership Turnover and Confirmation Disputes
US federal cyber and IT leadership saw multiple high-profile personnel moves, including a planned transition at the **Cybersecurity and Infrastructure Security Agency (CISA)**. Acting director **Madhu Gottumukkala** is expected to leave CISA for a new Department of Homeland Security role as director of strategic implementation, with **Nick Andersen** (CISA’s executive assistant director for cybersecurity) slated to become acting director. Separately, CISA **CIO Bob Costello** reportedly received reassignment/transfer orders and is expected to depart the agency, with reporting indicating he may have been offered reassignment to **FEMA**; the reasons for the move were not publicly clarified. In parallel, Senate confirmation politics affected senior national cyber leadership: Sen. **Ron Wyden** said he would block confirmation of Lt. Gen. **Joshua Rudd** to lead both **U.S. Cyber Command** and the **NSA**, citing a lack of cyber and signals intelligence experience and concerns about his understanding of NSA surveillance authorities. Outside the cyber agencies, the **Department of Justice** elevated **Nikki Collier** from deputy CIO to permanent CIO, following a prolonged vacancy after the prior CIO’s departure, underscoring broader federal IT leadership churn during a period of workforce reductions and ongoing scrutiny of security governance practices.
Mar 21, 2026
Congressional Scrutiny of CISA Leadership Amid Workforce Reductions and CIO Reassignment Attempt
The acting director of the Cybersecurity and Infrastructure Security Agency (**CISA**), **Madhu Gottumukkala**, faced escalating scrutiny over leadership and personnel decisions as the agency manages ongoing threats to federal networks and critical infrastructure. Reporting describes an attempted management-directed reassignment of CISA CIO **Robert Costello**—a process that can force an employee to transfer within DHS or resign—that triggered immediate objections from career staff and senior political appointees, leading DHS headquarters to pause and then halt the action the same day. Lawmakers on the House Homeland Security Committee pressed Gottumukkala on broader staffing reductions and whether CISA retains sufficient capacity to execute its mission, including questions about efforts to push out staff and a reported attempt to remove the CIO. A chart entered into the hearing record cited a drop in personnel from **3,387 to 2,389** (a reduction of **998**), figures that aligned closely with Gottumukkala’s testimony; he also cited a **7.5%** attrition rate last year and asserted the agency has “the required staff,” while members warned that cutbacks could weaken national cyber defenses and increase exposure of critical systems and infrastructure.
Mar 21, 2026
DHS Leadership Upheaval and Uncertainty Over CISA’s Direction
The Department of Homeland Security is undergoing a significant IT and cybersecurity leadership realignment, including the reported departures of **DHS CISO Hemant Baidwan** and **Deputy CISO Amanda Day**. The shakeup follows broader turbulence across DHS and **CISA**, including the reassignment of acting CISA Director Madhu Gottumukkala to a DHS headquarters role and the resignation of CISA CIO Bob Costello; Day has since moved to the private sector as VP of cybersecurity and trust at *Workday*. Separately, President Donald Trump nominated Sen. **Markwayne Mullin** to lead DHS after firing Secretary Kristi Noem, a move that DHS and CISA personnel described as adding uncertainty to an agency already strained by workforce reductions, leadership instability, and operational impacts from a recent DHS shutdown. While Mullin has supported some cybersecurity-related legislation, employees cited ongoing concerns about CISA’s ability to stabilize without a permanent, Senate-confirmed leader; an unrelated report noted the IRS has launched a “thorough” cybersecurity review amid congressional scrutiny of taxpayer-data sharing and privacy compliance, but that issue is not part of the DHS/CISA leadership event.
Mar 21, 2026