Top US cyber officials face divergent paths after Senate confirmation

Since the start of the Trump administration, the US federal government’s two top cybersecurity leadership positions have been vacant, but those roles are finally on the path to being filled.

The first job is the director of the Cybersecurity and Infrastructure Security Agency (CISA), which has been vacant since former director Jen Easterly left on Jan. 20. The second slot is the national cyber director, a role in the Executive Office of the President, last held by Harry Coker, who moved on to become the State of Maryland’s Commerce Secretary.

President Trump nominated cybersecurity newcomer Sean Cairncross on Feb. 11 to succeed Coker and, a month later, named cybersecurity veteran Sean Plankey for the CISA position.

Tech and cybersecurity leaders have sent Senators glowing endorsements of Plankey and Cairncross. Both candidates were slated to testify at a confirmation hearing today, but Plankey’s testimony was inexplicably canceled the day before this hearing. Although Cairncross did testify at this hearing, he will also face another confirmation hearing before the same committee on June 12, when Plankey is again scheduled to testify.

The only lawmaker opposing either candidate is Senator Ron Wyden (D-OR), who is trying to hold up Plankey’s nomination to force CISA to release a report related to the Chinese threat actor Salt Typhoon. A spokesperson told CSO that Sen. Wyden’s original statement on the hold still applies.

“Both of these Seans are good leaders,” Mark Montgomery, senior director of the Center on Cyber and Technology Innovation at the Foundation for the Defense of Democracies, told CSO. “Plankey, in particular, has broad expertise on the issue. Cairncross has leadership experience with the White House team. These two confirmations will set the Trump administration up for cyber success if it chooses to take it.”

However, both candidates will face significant challenges once they assume their positions. The administration will be forced to play catch-up after largely overlooking most critical cyber policy issues due to turmoil caused by chaotic DOGE-induced job reductions and transitional disorientation typical of any new administration.

Workforce and funding challenges

The biggest challenge that Plankey will face at CISA is a dramatically reduced workforce. One report suggests that the agency has already lost 1,000 employees, or around 30% of its workforce, through buyouts, firings, and voluntary departures amid DOGE job slashing and still-lingering partisan scorn of the group’s brief work on misinformation efforts years ago.

The pain of the staff cuts is compounded by the loss of experience and expertise held by staffers who have left. On May 22, CISA’s new No. 2 employee, Madhu Gottumukkala, sent a memo to staff saying that the heads of three of CISA’s six main divisions — cybersecurity, infrastructure security, and integrated operations, which oversees regional offices — were all leaving at the end of May, along with the deputy head of a fourth.

The memo further said the leaders of most regional offices are also leaving, along with the top CISA officers for finance, strategy, human resources, and contracting.

Some observers suggest that the staff reduction CISA has already experienced meets the estimated 1,000 CISA job cuts the administration has planned for the agency in its FY2026 budget proposal, obviating the need for any further job cuts.

Montgomery, however, isn’t so sure, given the loss of leadership and rare talent. “Some of the people who’ve left, they have to replace,” he said. “My gut reaction is that they have to hire 150 people with specific skill sets, which means they may still go find another 150 to get rid of.”

In addition, the administration’s budget expects CISA’s other spending outlays to drop by $535 million, or 20%. On the other hand, according to the budget, the much smaller Cyber Director’s budget should decrease by 10%, while personnel levels will stay level at 85 full-time equivalent employees.

In addition to their own budget cuts, both officials will have to grapple with the fallout from reduced cyber functions across the entire federal government, from the NSA to the FBI. The FBI has recently been forced to divert resources from cybersecurity to handling immigration and border control issues.

“This administration has decided to disinvest in cybersecurity and to do so in a way that is particularly damaging to the workforce,” Michael Daniel, president and CEO of the Cyber Threat Alliance, told CSO. “That’s being mirrored across the government. A lot of other agencies are also facing reductions.”

He added: “Both of these individuals are going to be facing a lot of internal challenges of these cuts that have been made without necessarily a whole lot of analysis. They’re going to have holes in the workforce because it hasn’t been planned out.”

Divergent strategies moving forward

The road ahead appears paved with opportunity for Cairncross, while Plankey faces a narrower path of contraction and clean-up at CISA.

“This is a perfect opportunity for the NCD [national cyber director] position to work,” Center on Cyber and Technology Innovation’s Montgomery said. “You have a National Security Council focused on the offensive side. You have CISA, which is focused on internally reorganizing itself. Cairncross is the first NCD to find himself in the position of having the running room to make the job work.”

Montgomery emphasized, “Now is the time for Cairncross to very pointedly and aggressively go work to establish the NCD’s role as the coordinator of domestic cyber incident response to ensure that federal agencies are executing the president’s policies and budget and appropriations properly, and to work with the Hill to get whatever authority and appropriation changes are needed.”

Plankey, on the other hand, is going to have to look inward to reorganize a reduced and demoralized agency. “He’s not going to be able to change the administration’s mind in the short term about reducing the overall size of CISA,” Cyber Threat Alliance’s Daniel said. “That’s not going to happen. He’s going to have to take that as a given.”

Daniel advised, “He should try to say [to the President], ‘Okay, give me the latitude to get to the targets you want, but let me work with the CISA leadership. Let me work with [Homeland Security Secretary Kristi Noem]. Let me figure out how to get there.’”

One certainty for both agencies is that “neither of them is going to get the opportunity to fix the influence operations problem,” Montgomery said. “We have China, Russia, and Iran running aggressive influence operations against us. For whatever reason, the Trump administration has decided that it’s censorship of Republicans. That is a false analogy, but it’s taken root. Not much we can do about it.”

Despite the sunny prospects for Cairncross and the hope that Plankey can stop CISA’s downward spiral, it’s also clear that the current government’s cybersecurity policy environment is uncharted territory.  

“It’s a very, very different environment than anybody that’s been working in cyber for the last 20 years has faced,” Daniel said. “We haven’t seen a government or private sector company that has said, ‘We’re going to walk away from a lot of the cyber capability and disinvest in it and abandon that capability.’ We just haven’t seen that.”