IT teams are familiar with tight budgets, but the federal government should be different—right?
Not so much. The new 2026 budget from the White House aims to cut 968 jobs from CISA, a potentially crushing blow to an agency that’s already seen reductions to its workforce.
CEO of the Forum of Incident Response and Security Teams (FIRST) Chris Gibson told IT Brew that the churn of the agency’s personnel in recent months is concerning, though the agency’s mission may be able to withstand the ups and downs.
“While I am concerned, I guess that there’s a lot of churn, and people are moving around and so on—I don’t see it as an absolute crisis,” he said, adding that while it wasn’t “Armageddon,” he would prefer to see more stability.
CISA churn is likely to break down trust in the agency, Gibson warned, and that will take time to rebuild. On the other hand, Gibson doesn’t believe that the federal government needs to expand its remit; CISA works to establish frameworks and parameters for how the industry works.
“The government is not there to bail you out, but the leadership that they show by demonstrating that it’s important, I think that will remain,” Gibson said.
Sunny side up. A former CISA branch chief of cyber defense coordination, Mark Bristow is now the director of Mitre’s Cyber Infrastructure Protection Innovation Center. He told IT Brew that he has trust in Sean Plankey, the CISA head nominee who went before the Senate Homeland Security and Governmental Affairs Committee on June 5.
“Change is inevitable, especially with the political appointees—they always change, even if the administration, the party, doesn’t change, and even if the president doesn’t change,” Bristow said.
Mitre’s work on critical infrastructure cyber defense is aligned with federal aims, Bristow said, and CISA has a role to play. The agency supported a Mitre exercise that emulated a critical infrastructure cyber incident, an example of how CISA is a “good partner.” As IT Brew reported in April, the agency is also providing funding for Mitre’s CVE Program.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
“I think CISA has a really important role in the broader ecosystem of cybersecurity in this country, and I think that we are at a particularly important time for defending not only our government systems, but also our critical infrastructure systems from adversaries that are continuing to try to hold us at risk,” Bristow said.
Cover me. Even if things take a turn for the worse, Gibson has faith in the private sector to pick up the slack if cuts at CISA lead to problems.
“I still believe that the community will pull together and help fix some of those problems,” Gibson said. “There are many people around the world who know what they’re doing, who are clearly very smart and can help in that space.”
But the public–private partnership that CISA traditionally supported has taken a hit. In April, CISA Secure by Design initiative leaders Bob Lord and Lauren Zabierek left the agency, another blow to the beleaguered workforce. Gibson told IT Brew that he’s not privy to the master plan at work at the agency, but he said he’d like to think it’s not heading toward disbandment. On the other hand, there does need to be a change.
“There is a bit of me that says we’ve tried this government leadership thing a lot, and yet we still have breach after breach after breach,” Gibson said. “There has to be more pushback, on the private sector or the outside world to do this properly, not to be reliant on a government organization to come and do it.”