In a troubling development for U.S. cybersecurity, the Cybersecurity and Infrastructure Security Agency (CISA) is experiencing a mass exodus of senior leaders, casting a shadow over the agency’s future just as foreign cyber threats are becoming more aggressive and sophisticated.
An internal email, obtained by Cybersecurity Dive, reveals that nearly all of CISA’s top officials across its operational and regional arms have either already left or are scheduled to leave by the end of May. The sudden loss of leadership is stirring anxiety within the agency and among cybersecurity experts who warn that this could undercut the nation’s digital defenses.
Top Officials Step Down, One After Another
CISA’s deputy director, Madhu Gottumukkala — who has taken over as acting director — laid out the departures in a message to staff. Five out of six operational divisions will lose their leaders, and six of ten regional offices are undergoing leadership transitions.
Among those stepping down:
- Steve Harris, acting head of the Infrastructure Security Division, exited on May 16.
- Trent Frazier, who temporarily led the Stakeholder Engagement Division, left on May 2.
- Vince Delaurentis, deputy in the Emergency Communications Division, will leave by May 30.
- Matt Hartman, the Cybersecurity Division’s second-in-command, and Boyden Rohner, who led Integrated Operations, had previously announced their departures.
Such a deep loss of expertise in a short timeframe is rare and alarming. These individuals weren’t just bureaucrats—they carried institutional knowledge, critical relationships, and years of field experience that don’t easily transfer to new hires.
Regional Leadership Shaken
The disruption reaches far beyond CISA headquarters in Washington, D.C. Six regional directors and one deputy across the country have recently left or are preparing to do so. These officials were the agency’s boots on the ground — building relationships with state governments, utilities, local emergency managers, and private infrastructure operators.
Officials leaving include:
- Region 2’s John Durkin
- Region 4’s Jay Gamble
- Region 5’s Alex Joves and deputy Kathy Young
- Region 6’s Rob Russell
- Region 7’s Phil Kirk
- Region 10’s Patrick Massey
With so many experienced leaders exiting simultaneously, CISA is left scrambling to maintain continuity across states and localities that depend on its cybersecurity support.
Internal Morale in Decline
Inside CISA, the atmosphere has grown tense. Employees are worried not only about operational gaps, but also about what these resignations suggest about the agency’s internal climate.
“Some of these leaders have been here since the early days of US-CERT. Their leaving doesn’t just create a leadership gap — it’s deeply unsettling,” said one employee, who asked not to be named for fear of retaliation.
Another echoed the concern, saying, “It feels like the wrong people are walking out the door. The mission feels more uncertain now than ever.”
And it’s not just frontline leadership leaving. Key administrative figures are also on their way out, including Chief Strategy Officer Val Cofield and Chief Financial Officer Tarek Abboushi, who will both exit at the end of May. Chief Contracting Officer Juan Arratia left on May 16, while Chief Human Capital Officer Blair Duncan departed earlier in the month.
Official Reassurances, But Concerns Persist
Despite the turmoil, CISA leaders are publicly maintaining a confident front. Bridget Bean, the agency’s executive director, emphasized that CISA remains committed to its role.
“We are doubling down on our mission to protect the nation’s critical infrastructure,” Bean said. “We have the right team in place to handle the challenges we face.”
Gottumukkala, who stepped into his role on May 19, described his first week as “inspiring” and said he’s confident in the agency’s resilience. But behind the scenes, concern continues to mount, particularly among those who fear the loss of experienced leadership could leave CISA flat-footed in the face of serious cyber incidents.
Experts Warn of National Security Risk
Suzanne Spaulding, who led CISA’s predecessor within the Department of Homeland Security from 2011 to 2017, didn’t mince words about the potential fallout.
“To see so much talent and institutional memory leaving is both sad and dangerous,” Spaulding said. “These are the people who’ve spent years working with infrastructure operators across the country. Losing them makes us less secure and less prepared.”
Cybersecurity analysts warn that even brief disruptions in strategy or communication at CISA could embolden adversaries. With cyberattacks increasing in frequency and sophistication — from ransomware gangs to state-sponsored campaigns — any internal instability may be seen as an opportunity.
