Jen Easterly, the President Biden-appointed director of CISA, will step down from her position on Inauguration Day as Donald Trump makes his historic return to the White House.
Both Easterly and deputy director Nitin Natarajan will wave goodbye to the Cybersecurity and Infrastructure Security Agency after serving almost four years.
When she was first nominated in April 2021, Easterly was a popular candidate. After news of her departure broke, the cybersecurity community praised her work and leadership, while also warning of possible trouble ahead when Trump takes power and Elon Musk's DOGE starts making cuts.
“All appointees of the Biden Administration will vacate their positions by the time the new Administration takes office at noon on January 20," CISA said in a statement.
The story of CISA's second director
Under Easterly's leadership, CISA championed the concept of “secure by design”, emphasizing that cybersecurity should be built into products and systems from the outset rather than added later. This initiative urged technology manufacturers to prioritize security during development, making systems inherently resistant to vulnerabilities and attacks.
It also moved forward with rules that required immediate reporting of details on attacks on critical infrastructure and encouraged federal software suppliers to secure their products by signing a secure software development attestation form.
This year, Easterly flew to Ukraine for the Kyiv International Cybersecurity Forum 2024, emphasising U.S. solidarity with Ukraine and committing to cooperation with the nation's cybersecurity agencies. She also steered CISA's efforts to counter cyber threats from state-sponsored actors from China, Russia and other nations.
Easterly tailwinds ahoy?
Many leading voices in the security community now fear for CISA's future.
On LinkedIn, Christopher Dorr, Vice President, Cybersecurity at SOCi, warned: "This doesn’t bode well. Jen Easterly has done an outstanding job as head of CISA. This is an incredibly important role - too important to be a political football. I certainly hope that a competent and qualified information security professional is appointed as her successor."
Kevin Beaumont, a famous and distinguished security researcher, also wrote: "Jen and Nitin... did incredible work with CISA, and it’s really the template for other regional cyber groups to copy now. The current version, not the version it may become."
Ray P., Senior Manager Information Security at Randstad Japan, added: "CISA is important globally, and they have been doing great work. Jen Easterly is widely regarded as a highly competent and effective leader in the cybersecurity field, it’s too bad she is moving on."
Easterly had a distinguished 20-year career in the U.S. Army, serving as an assistant professor at West Point and rising to colonel by 2012. Key roles included executive assistant to the National Security Advisor (2002–2004), operations officer in military intelligence (2004–2006), and chief of the cryptologic services group for the NSA in Baghdad. She also worked in NSA’s Tailored Access Operations and helped establish the United States Cyber Command (2009–2010).
After retiring as a lieutenant colonel, she became deputy director of the NSA for counterterrorism (2011–2013). Following her military service, Easterly was a senior counterterrorism advisor to President Obama (2013–2016) and later transitioned to the private sector, leading Morgan Stanley’s global cybersecurity division.
CISA was founded under President Donald Trump in 2018, but drew the ire of Republicans after it countered claims of election rigging during the 2020 election.
Senator Rand Paul, who will become chair of the Senate Homeland Security and Governmental Affairs Committee, has called for CISA to be shut down after accusing it of infringing free speech - a claim the agency denies.
“I’d like to eliminate it,” Paul told Politico .
Although a replacement has not been named, Ohio Secretary of State Frank LaRose is rumoured to be in the running.
