Is Our Nation’s Infrastructure at Risk? CISA Lays Off Nearly One-Third of Workforce
The Cybersecurity and Infrastructure Security Agency (CISA), the federal agency protecting the nation’s critical infrastructure, is facing a major staffing crisis. Since the start of the second Trump administration, nearly one-third of its workforce has left, raising serious concerns about the agency’s ability to defend against growing cyberthreats.
Approximately 1,000 employees have exited CISA in recent months, shrinking its workforce from 3,732 to around 2,649. The sudden departures include buyouts, early retirements, and layoffs. The administration’s proposed 2026 budget called for cutting 1,083 positions, and the agency has already hit that number, well ahead of schedule.
Can CISA Still Protect Us?
The cyberthreat landscape continues to expand, and purging this federal agency’s workforce at this time may prove costly. CISA plays a vital role in securing everything from power grids and water systems to election infrastructure. With fewer staff available and the frequency and complexity of cyberthreats continuing to increase, professionals worry the agency may struggle to keep up with cybercriminals targeting our infrastructure.
Major Leadership Void
The dramatic reduction has hit CISA leadership the hardest. Several high-profile leaders have departed, including Lauren Zabierek and Bob Lord, who were actively involved in the “Secure by Design” initiative, and Matt Hartman, second-in-command in the cybersecurity division. Key members of the international partnerships team have also left, weakening CISA’s global coordination efforts.
Sean Plankey, the nominee for the new CISA director, faces the difficult task of rebuilding an agency that lost a third of its workforce in just a few months. The Senate Homeland Security Committee may question his ability to successfully lead a critical agency with a fractured staff and low morale.
What’s Next?
CISA has entered uncharted waters as it tries to navigate these dramatic changes. President Trump’s pick to head the agency, Sean Plankey, is expected to testify before the Senate Homeland Security Committee and address questions about the workforce cuts. The agency has already started appointing new officials to senior roles, but the impact of these changes on CISA’s effectiveness remains to be seen.
The agency’s Cybersecurity Division, which monitors federal networks for intrusions and provides cybersecurity protection to other agencies, was also hit hard with staff reductions. These and the other staff reductions to CISA may drastically impact our nation’s cybersecurity. As cyberthreats continue to evolve and increase, the need for a robust and well-prepared cybersecurity agency is more important now than ever before.
How Could This Impact Your Organization?
CISA’s staffing crisis could have serious ripple effects for businesses, governments, and critical infrastructure operators:
- Delayed threat alerts. With fewer analysts, critical cyberthreat intel may be slower to reach your team, increasing risk exposure.
- Less support during attacks. CISA often assists with ransomware and major incidents. With fewer resources, smaller organizations may be left without help.
- Reduced industry guidance. Sector-specific playbooks and security assessments may slow down or disappear as CISA loses key professionals.
- Compliance uncertainty. Federal reporting rules tied to CISA may change unexpectedly, impacting how you report cyber incidents.
What You Can Do
Diversify threat intel sources. Don’t rely on CISA alone—tap into ISACs, commercial feeds, and trusted security blogs.
- Plan for independence. Review contracts and incident plans, assuming limited federal support.
- Stay alert to regulatory changes. Track updates to federal and state cybersecurity compliance rules.
- Ask more from your vendors. Ensure they’re committed to Secure-by-Design principles even if federal oversight slows down.
In short, a weakened CISA means more responsibility falls on your organization. Now is the time to double down on your cyber readiness.
© 2025