Latest news with #CyberTalentManagementSystem
Forbes
07-04-2025
- Business
- Forbes
CISA's Cyber Workforce Cuts: A Strategic Shift Or Impending Disaster?
The complex intersection of cybersecurity, federal budget policy, and government restructuring ... More efforts is impacting agencies like CISA through workforce reductions. The latest reports of layoffs and budget reductions at the Cybersecurity and Infrastructure Security Agency have sparked concern across segments of the cyber policy and national security communities. While the scope potentially affecting more than 1,300 employees is notable, these developments warrant measured evaluation rather than immediate alarm. Earlier this month, President Donald Trump nominated Sean Plankey to lead CISA, filling one of the last remaining senior cybersecurity roles in his administration. Plankey is a seasoned cybersecurity professional who served in the first Trump administration, including as principal deputy assistant secretary at the Department of Energy's Office of Cybersecurity, Energy Security and Emergency Response and as director of cyber policy at the National Security Council. A U.S. Coast Guard veteran, he also served at U.S. Cyber Command and most recently held a leadership role in the private sector. Plankey's nomination aligns with Homeland Security Secretary Kristi Noem's earlier confirmation testimony, where she emphasized that CISA needed to become smaller, more nimble and more mission-focused. The Department of Government Efficiency, created to identify redundancies across the federal government, has raised concerns about CISA's rapid headcount growth and overlap with other agencies. Others in the Trump Administration have also raised concerns about CISA's involvement in politically sensitive areas such as disinformation monitoring. While these latest reductions are significant, they should not come as a surprise. Since its creation in 2018, CISA has grown rapidly. Under former Director Jen Easterly, the agency added more than 3,000 employees, including a major push through the Cyber Talent Management System — a federal hiring program designed to attract cyber professionals from the private sector. Much of this expansion was driven by urgent needs, including election security, pandemic response and foreign interference threats. As with any major hiring wave, reassessment often follows. Some roles created during periods of heightened activity may no longer align with long-term priorities, especially as the agency narrows its focus back toward core infrastructure protection. CISA's expanded footprint includes responsibilities introduced by the Cybersecurity and Infrastructure Security Agency Act of 2018. Its planned move to a new 620,000-square-foot headquarters housing more than 6,500 employees underscores how far the agency has scaled in just a very few years. CISA is not the sole entity responsible for defending the nation's cyber infrastructure. The Department of Defense, National Security Agency, FBI and U.S. Cyber Command each maintain distinct cyber operations focused on military, intelligence and national defense systems. CISA's mandate is specific to civilian infrastructure and public-private coordination. A clear example of overlapping responsibilities involves CISA's cyber threat hunting and incident response efforts, which sometimes duplicate activities carried out by the FBI and the NSA. CISA's Hunt and Incident Response Team works directly with public and private-sector partners to detect, analyze, and respond to threats. At the same time, the FBI serves as the lead federal agency for investigating and attributing cyberattacks — particularly those involving criminal enterprises or nation-state actors—and regularly engages in its own incident response activities. Similarly, the NSA, through its Cybersecurity Collaboration Center, provides intelligence and mitigation guidance to the defense industrial base and other sensitive sectors. In high-profile events like the SolarWinds breach or the Colonial Pipeline ransomware attack, multiple agencies were simultaneously involved in response and coordination, sometimes creating confusion among private-sector partners about points of contact and leadership roles. In such cases, organizations have reported receiving overlapping threat notifications or redundant briefings from different agencies. These challenges have fueled ongoing discussions about the need to better delineate roles and reduce redundancy across the federal cybersecurity apparatus. Technological evolution is also driving workforce changes, both in private industry and government. Artificial intelligence and automation are transforming cybersecurity operations. Advanced analytics, large language models and autonomous threat detection systems are reducing the need for large analyst teams. The cyber workforce is shifting toward roles in automation, threat modeling and AI system design. Like the private sector, federal agencies are adapting staffing models to reflect this shift. The reassessment of cybersecurity teams across government, including CISA, may be partially driven by this broader transition. CISA has increasingly found itself in politically sensitive territory, particularly around election security and disinformation. Though the agency's actions were intended to support public trust, they have led to some perceptions of partisanship. Whether these concerns influenced the current staffing decisions is unclear. But to remain effective, CISA must maintain public and bipartisan trust. Refocusing on its core mission of nonpartisan infrastructure protection will be key to sustaining that trust going forward. While the reductions are significant for those affected, they are unlikely to result in a net loss of cybersecurity capacity. The private sector continues to face a talent shortage, with nearly 600,000 cybersecurity job openings across the United States. Many former CISA employees, equipped with security clearances and deep technical expertise, are likely to transition quickly into roles across commercial sectors. Several private-sector initiatives are already working to match displaced talent with new opportunities. In this sense, the transition may help bridge federal cybersecurity experience with private-sector demand in areas such as energy, healthcare and financial services. Despite the strategic rationale, there are legitimate concerns about how these reductions may affect CISA's ability to respond to emerging threats. Critics warn that the agency's incident response teams, threat hunters and vulnerability analysts could be thinned at a time when nation-state activity and critical infrastructure targeting remain elevated. If internal knowledge is lost or key operational capabilities are reduced without clear redistribution of responsibilities, response times and national coordination efforts could suffer. Others worry about long-term recruitment damage — sending the message that cyber roles in public service are unstable just as the federal government competes with the private sector for scarce talent. Without a well-communicated transition plan and strong coordination with other agencies, there is a risk that critical gaps may open in defending the very systems CISA was created to protect. Ultimately, while the scale of the workforce reductions is meaningful—and empathy is warranted for those impacted—it does not necessarily indicate a retreat from civilian cyber defense. Rather, it reflects a strategic recalibration driven by evolving mission needs, overlapping responsibilities and disruptive technologies. If managed well, this can be a constructive inflection point: a chance to sharpen CISA's focus, streamline its operations and reinforce coordination with both the private sector and other federal agencies. However, if the transition is poorly executed, the risks are real—operational gaps, loss of institutional knowledge and reduced readiness to detect and respond to cyber threats could emerge at a critical time. The stakes are high. Cybersecurity remains a national priority and the question is how to best align people, resources and capabilities to meet both today's and tomorrow's threats. A 1,300-person reduction from a 6,500-person agency, within a cybersecurity landscape supported by multiple government actors and an engaged private sector, should be viewed with perspective. The road ahead depends on execution. This is not necessarily a crisis — it may be a strategic shift in progress.
Yahoo
26-03-2025
- Politics
- Yahoo
Opinion - Stop gutting America's cyber defense agency
The Trump administration's cuts in cyber programs are putting national security at risk. Secretary of Homeland Security Kristi Noem defended such cuts in her confirmation hearing, saying that the Cybersecurity and Infrastructure Security Agency needed to be 'smaller, more nimble to really fulfill their mission.' She is mistaken. Over the past three weeks, the agency has reduced staff, slashed budgets and terminated programs, with the administration suggesting that these cuts will 'eliminate redundancies' and focus its work on 'mission critical areas.' However, the cuts, imposed by the Department of Homeland Security, are in fact undercutting the agency's core mission areas, weakening U.S. national resilience and casting doubt on America's ability to repel, thwart and deter attacks in cyberspace. The Cybersecurity and Infrastructure Security Agency has attempted to fire 130 probationary workers. Among them are some of its most talented cyber experts. They include career intelligence analysts, experienced vulnerability analysts and world-class threat hunters. An unreported number of terminated employees were hired through the Cyber Talent Management System, an initiative created by Congress to help the federal government entice talent from the private sector to address significant federal cyber workforce shortages. In addition to firing employees, the Cybersecurity and Infrastructure Security Agency also terminated contracts with cybersecurity experts who serve as 'red teams.' These penetration testers hack into systems to help the government identify vulnerabilities so that defenders can bolster security before adversaries corrupt their systems. These red teams are often the most experienced and specialized experts in the cyber field. Without their essential work, vulnerabilities in government networks will go unidentified, further risking infiltration by foreign adversaries. At the same time, the agency terminated $10 million in funding to the Center for Internet Security. This nonprofit houses the Election Infrastructure Information Sharing and Analysis Center, the mechanism through which state and local election officials and federal partners can share information about cyber and physical threats to election infrastructure. Complicating this action, the Center for Internet Security also houses the Multi-State Information Sharing and Analysis Center, which provides cyber threat intelligence, cyber incident response assistance and free services to state and local governments. Among its 16,000 members are municipalities that manage local electric and water utilities and K-12 schools. The center is now unfunded, and its future is uncertain. The result is that state and local governments are made increasingly vulnerable to foreign actors. Noem also dismantled several cybersecurity advisory boards, including the Homeland Security Science and Technology Advisory Committee, the Data Privacy and Integrity Advisory Committee and the Secret Service's Cyber Investigations Advisory Board. Each of these boards provides unique perspectives on threats to U.S. cybersecurity and technology development. They serve as vehicles for the government to gain insights and advice from private industry. More concerning was the decision to disband the Cyber Safety Review Board, an investigative body that reviews significant cyber incidents. At the time it was disbanded, the board was specifically looking into how China has compromised U.S. telecommunications infrastructure. The secretary of Transportation would never have dared eliminate this board's aviation equivalent, the National Transportation Safety Board. Finally, Noem suspended the Critical Infrastructure Partnership Advisory Council, which is essential for bridging the divide between the government and private companies. It provides legal protection and serves as the convening body under which the Sector Coordinating Councils — consisting of critical infrastructure owners, operators and their associations — meet with the federal government to share threat information, engage in cyber response simulations and flesh out industry-wide cyber challenges. Not every such council was running perfectly, but some were highly successful anchor points of public-private collaboration. Because of these actions, the Sector Coordinating Councils are not operational. It remains unclear when or whether they will be reactivated, especially without the protection of the Critical Infrastructure Partnership Advisory Council. Their absence leaves industry without a critical lifeline to the government and its intelligence-gathering resources, severely limiting the public and private sectors' collaborative ability to combat threats in cyberspace. Another unintended consequence of disestablishing the Critical Infrastructure Partnership Advisory Council was the removal of protections for the use of the Enduring Security Framework, a favorite tool of the National Security Agency to share information with the private sector. There is nothing wrong with building a more efficient Cybersecurity and Infrastructure Security Agency, and certainly the agency needed some corrective course action. What Noem has done, however, is take a chainsaw to an agency that needed only a scalpel. Congress specifically created some of these now disbanded programs to address gaps in both the government's and the private sector's cybersecurity capabilities. The rationale behind and necessity for these programs remain. The consequences of these cuts will be felt in our schools and hospitals, in our water systems and electric grids and in many other critical areas as America's ability to defend itself in cyberspace erodes. This matters because the Trump administration, like the Biden team, recognizes the rapidly growing threat to our national security from China's malicious cyber activity, as shown by the exploitation of critical U.S. infrastructure by both the Volt and Salt Typhoon operations. The Cybersecurity and Infrastructure Security Agency should rehire its talent, restore funding and reinstate these programs immediately. Elections have consequences and the Trump administration certainly can make changes as it sees fit, but canceling the tools for public-private collaboration in securing America's cyberspace is a mistake. Trump recently nominated a new director, Sean Plankey. A career Coast Guard officer with extensive interagency experience, he has the talent and expertise to make the Cybersecurity and Infrastructure Security Agency more efficient. Congress needs to confirm him fast, and Noem needs to stop gutting the agency in his absence. Rear Adm. (Ret.) Mark Montgomery is a senior director at the Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies, where Johanna 'Jo' Yang is a research and editorial associate. Copyright 2025 Nexstar Media, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
The Hill
26-03-2025
- Politics
- The Hill
Stop gutting America's cyber defense agency
The Trump administration's cuts in cyber programs are putting national security at risk. Secretary of Homeland Security Kristi Noem defended such cuts in her confirmation hearing, saying that the Cybersecurity and Infrastructure Security Agency needed to be 'smaller, more nimble to really fulfill their mission.' She is mistaken. Over the past three weeks, the agency has reduced staff, slashed budgets and terminated programs, with the administration suggesting that these cuts will 'eliminate redundancies' and focus its work on 'mission critical areas.' However, the cuts, imposed by the Department of Homeland Security, are in fact undercutting the agency's core mission areas, weakening U.S. national resilience and casting doubt on America's ability to repel, thwart and deter attacks in cyberspace. The Cybersecurity and Infrastructure Security Agency has attempted to fire 130 probationary workers. Among them are some of its most talented cyber experts. They include career intelligence analysts, experienced vulnerability analysts and world-class threat hunters. An unreported number of terminated employees were hired through the Cyber Talent Management System, an initiative created by Congress to help the federal government entice talent from the private sector to address significant federal cyber workforce shortages. In addition to firing employees, the Cybersecurity and Infrastructure Security Agency also terminated contracts with cybersecurity experts who serve as 'red teams.' These penetration testers hack into systems to help the government identify vulnerabilities so that defenders can bolster security before adversaries corrupt their systems. These red teams are often the most experienced and specialized experts in the cyber field. Without their essential work, vulnerabilities in government networks will go unidentified, further risking infiltration by foreign adversaries. At the same time, the agency terminated $10 million in funding to the Center for Internet Security. This nonprofit houses the Election Infrastructure Information Sharing and Analysis Center, the mechanism through which state and local election officials and federal partners can share information about cyber and physical threats to election infrastructure. Complicating this action, the Center for Internet Security also houses the Multi-State Information Sharing and Analysis Center, which provides cyber threat intelligence, cyber incident response assistance and free services to state and local governments. Among its 16,000 members are municipalities that manage local electric and water utilities and K-12 schools. The center is now unfunded, and its future is uncertain. The result is that state and local governments are made increasingly vulnerable to foreign actors. Noem also dismantled several cybersecurity advisory boards, including the Homeland Security Science and Technology Advisory Committee, the Data Privacy and Integrity Advisory Committee and the Secret Service's Cyber Investigations Advisory Board. Each of these boards provides unique perspectives on threats to U.S. cybersecurity and technology development. They serve as vehicles for the government to gain insights and advice from private industry. More concerning was the decision to disband the Cyber Safety Review Board, an investigative body that reviews significant cyber incidents. At the time it was disbanded, the board was specifically looking into how China has compromised U.S. telecommunications infrastructure. The secretary of Transportation would never have dared eliminate this board's aviation equivalent, the National Transportation Safety Board. Finally, Noem suspended the Critical Infrastructure Partnership Advisory Council, which is essential for bridging the divide between the government and private companies. It provides legal protection and serves as the convening body under which the Sector Coordinating Councils — consisting of critical infrastructure owners, operators and their associations — meet with the federal government to share threat information, engage in cyber response simulations and flesh out industry-wide cyber challenges. Not every such council was running perfectly, but some were highly successful anchor points of public-private collaboration. Because of these actions, the Sector Coordinating Councils are not operational. It remains unclear when or whether they will be reactivated, especially without the protection of the Critical Infrastructure Partnership Advisory Council. Their absence leaves industry without a critical lifeline to the government and its intelligence-gathering resources, severely limiting the public and private sectors' collaborative ability to combat threats in cyberspace. Another unintended consequence of disestablishing the Critical Infrastructure Partnership Advisory Council was the removal of protections for the use of the Enduring Security Framework, a favorite tool of the National Security Agency to share information with the private sector. There is nothing wrong with building a more efficient Cybersecurity and Infrastructure Security Agency, and certainly the agency needed some corrective course action. What Noem has done, however, is take a chainsaw to an agency that needed only a scalpel. Congress specifically created some of these now disbanded programs to address gaps in both the government's and the private sector's cybersecurity capabilities. The rationale behind and necessity for these programs remain. The consequences of these cuts will be felt in our schools and hospitals, in our water systems and electric grids and in many other critical areas as America's ability to defend itself in cyberspace erodes. This matters because the Trump administration, like the Biden team, recognizes the rapidly growing threat to our national security from China's malicious cyber activity, as shown by the exploitation of critical U.S. infrastructure by both the Volt and Salt Typhoon operations. The Cybersecurity and Infrastructure Security Agency should rehire its talent, restore funding and reinstate these programs immediately. Elections have consequences and the Trump administration certainly can make changes as it sees fit, but canceling the tools for public-private collaboration in securing America's cyberspace is a mistake. Trump recently nominated a new director, Sean Plankey. A career Coast Guard officer with extensive interagency experience, he has the talent and expertise to make the Cybersecurity and Infrastructure Security Agency more efficient. Congress needs to confirm him fast, and Noem needs to stop gutting the agency in his absence.
CBS News
17-03-2025
- Business
- CBS News
Fired CISA probationary employees to be reinstated after U.S. judge's order last week
More than 130 probationary employees fired last month from the nation's top cyber defense agency will be reinstated Monday, after the Trump administration scrambled to comply with a sweeping court order issued last week. The employees — all of whom were hired or promoted within the past three years — won't immediately return to the office, but instead will be placed on paid administrative leave. Maryland U.S. District Judge James Bredar on Thursday demanded the Trump administration reinstate the probationary employees it initially terminated if they were part of the mass firing , though he did not ban the government from lawfully terminating probationary employees under a reduction in force or for cause. In an email sent Sunday night and obtained by CBS News, the Cybersecurity and Infrastructure Security Agency, known as CISA , informed the workers that their employment has been restored at the pay rate they had before they were terminated. "Upon reinstatement, your pay and benefits will restart, and all requirements of federal employment will be applicable including your ethical obligations," the email read. "If you do not wish to be reinstated, please respond with a written statement declining to be reinstated as quickly as possible. Nothing in this process implicates your ability to voluntarily resign." Judge Bredar ordered probationary employees at 18 federal agencies to be reinstated by March 17, either to their jobs or to be placed on administrative leave. The temporary restraining order directed the departments of Agriculture, Commerce, Education, Energy, Health and Human Services, Homeland Security, Housing and Urban Development, Interior, Labor, Transportation, Treasury and Veterans Affairs, as well as the Consumer Financial Protection Bureau, Environmental Protection Agency, Federal Deposit Insurance Corporation, General Services Administration, Small Business Administration and U.S. Agency for International Development to rejoin fired federal workers to the payroll. On Monday morning, CISA posted a message on its home page noting it is "making every effort to individually contact all impacted individuals," but added that fired employees who believe they fall under the Court's order should contact the agency. Over 4% of CISA's workforce were fired en masse, an event known as the "Valentine's Day Massacre" by employees. A form-letter email previously informed employees they were "not fit for continued employment because your ability, knowledge and skills do not fit the Agency's current needs." Among those impacted were the nation's threat hunters, incident response team members, disabled veterans and employees who'd already signed onto the federal government's deferred resignation program . The cuts also decimated many of the agency's top recruits, enlisted through a program known as the Cyber Talent Management System, plus analysts with top-secret security clearances. It remains unclear if the agency plans to offer backpay to those previously removed. Complicating their reinstatement, several of the previously fired CISA employees told CBS News they had already been instructed to return their laptops and equipment to the agency. Others said they do not expect to be required to physically return to the office. The temporary restraining order is set to expire March 27 at 8 p.m., unless the court acts to extend it. CBS News has reached out to both CISA and DHS for comment.
CBS News
07-03-2025
- Business
- CBS News
Cybersecurity agency's top recruits decimated by DOGE cuts
For Kelly Shaw, unemployment is unfamiliar territory. "I've never been in this situation before. I've never been fired," Shaw said, suddenly quiet, while seated at her kitchen table in Northern Virginia. Nearly three years ago, the longtime senior intelligence analyst left the Navy, after being recruited by the nation's top cyber defense agency and rising up through the ranks. Eventually, Shaw helped establish a congressionally mandated program designed to continuously monitor and detect cyber breaches of the nation's power grid, pipelines and water system – installing sensors across critical infrastructure designed to detect insider threats and foreign adversaries like China, Russia and Iran. "It was all about the information we can get within networks to find the bad guys – any indicators of compromise, evidence of the adversary, moving through a network and attempting to do bad things. That's what we did," Shaw said, pausing. "Well, that's what some will still do." The former manager for the Cybersecurity and Infrastructure Agency's " CyberSentry" program, Shaw was also among the 130 probationary CISA workers mass fired in the "Valentine's Day Massacre" during the holiday weekend last month. That weekend, the form letter termination notices arrived for over 4% of CISA's workforce, telling them they were "not fit for continued employment because your ability, knowledge and skills do not fit the Agency's current needs." Among them were the nation's threat hunters, incident response team members, disabled veterans and employees who'd already signed onto the federal government's deferred resignation program. Others were former private sector workers who left lucrative jobs making seven-figure salaries to join the federal government and officials recruited into DHS' innovative hiring program — dubbed the " Cyber Talent Management System" — and analysts with top secret security clearances. "I waited literally 13 months from the moment I got my offer letter to the moment I started this job," said former cybersecurity specialist Paula Davis, recounting her arduous security clearance process. Before her termination letter arrived in her email inbox, Davis said she was required to send agency leadership an email justifying her position, but she never received a response. Davis spent her days analyzing code for state and local municipalities, identifying risks or abnormalities across the nation's aging critical infrastructure. "We're being targeted daily, hourly and every single minute," Davis said, citing suspected cybercriminals' attempts to infiltrate water systems and the power grid. She called her role fighting those intrusions her "dream job." "I didn't take an oath to the Constitution just to start getting a paycheck," Davis said, "Or else I would have just gone back into the private sector. I would have stayed at a big corporation." Since last month, the rapid-fire firings have shaken lawmakers and high-ranking officials, leaving many current and former employees dumbfounded. CBS News has spoken with over a dozen current and former CISA employees, including several who were granted anonymity in interviews, due to fear of reprisal. "These are the people that are the first line of defense in responding to incidents like Volt Typhoon and Salt Typhoon, and if we go even further back, SolarWinds," said one former CISA employee, referencing a string of foreign cyber espionage campaigns dating back to President Trump's first administration. "These are elite hunters that look across critical infrastructure and government networks to figure out if these bad actors are active in these networks," the former employee continued. "The people who find how deeply they've penetrated and 'how do we get them out of there?'" Democratic Rep. Bennie Thompson of Mississippi, the ranking member of the House Homeland Security Committee, warned at a hearing Wednesday that lawmakers are hearing that "significant cuts are coming for the remaining workforce" at CISA. "That kind of talent, you just don't find it every day," Thompson told CBS News. "You have to convince many of those individuals to leave lucrative private sector employment and come and accept the public mission of securing our cyber security systems and protecting our country." In a post on LinkedIn, last month, Former CISA Director Jen Easterly wrote that the agency had hired over 2,000 new employees during her more than three-year tenure. Since 2021, CISA's "strategic recruitment" program – congressionally mandated and more than seven years in the making – has competed with the private sector to attract and retain world-class talent to execute a core mission of the Department of Homeland Security, which oversees CISA. Cyber Talent Management System or "CTMS" hires were by law employees with " measurable or observable" attributes including "knowledge, skills, abilities and behaviors." A former human resources employee for CISA who was among those fired told CBS News that before his termination, he was tasked with compiling a list of probationary employees, and among them were over 100 CTMS staff members. "Everybody in CTMS is automatically in a three-year probation, so it's easier to get rid of them," the former HR employee told CBS News. "Close to 99% of our CTMS employees were probationary." "You are extinguishing the best and brightest in one fell swoop," a current CISA employee said. A CISA spokesperson told CBS News in a statement that the agency had 142 employees as part of its talent recruitment program, but did not disclose the number of employees fired. Shaw was among the first recruits to the "CTMS" program, entering with 12 years of government service, two master degrees in electrical engineering and cybersecurity, plus at least nine different specialized cyber certifications. "I had such confidence," Shaw said. "With all my prior experience. I just completed my doctorate in May of last year. So I thought I was well positioned to stay at CISA….But when I saw that executive order come through about probationary employees, I kind of panicked." In a statement to CBS News, DHS spokesperson Tricia McLaughlin said the Trump administration is "making sweeping cuts and reform across the federal government to eliminate egregious waste and incompetence that has been happening for decades at the expense of the American taxpayer." "To me, knowing how sleek and how well organized of an engine we had at CISA, that's a lie," Shaw said of the effort to slash federal spending by eliminating federal workers. "I don't know who else is going to be cut loose from our nation's cyber defense organizations. But I'm worried about that. I'm worried about that. This should be the last place that we should be cutting this expertise." Along with firing scores of probationary workers, over the last month, CISA has put on leave at least a dozen employees who are tasked with stopping foreign interference in U.S. elections, part of a wider trend of dismantling U.S. efforts to fight foreign meddling in elections. But concerns stemming from cybersecurity workforce cuts extend beyond the CISA workforce. Former NSA cybersecurity director Rob Joyce raised "grave concerns" that aggressive threats to cuts of U.S. government probationary employees will have a "devastating impact on the cybersecurity and our national security." "At my former agency, remarkable technical talent was recruited into developmental programs that provided intensive unique training and hands-on experience to cultivate vital skills," Joyce said. "Eliminating probationary employees will destroy a pipeline of top talent responsible for hunting and eradicating [Chinese] threats." To help assist fired employers at her former agency, Easterly has created a matching website to connect former CISA alumni and prospective employers. For his part, Thompson has started a hotline to encourage fired employees at the Department of Homeland Security and its components to share their stories. After the Trump administration tapped the Office of Personnel Management to fire federal employees en masse, a federal judge temporarily blocked it, citing OPM's lack of authority to fire employees at other agencies. This week, OPM updated its guidance to reflect that firing decisions are made by individual departments and agencies, spurring the rehiring or reinstatement of batches of fired workers in the weeks since. CISA has yet to follow suit. Asked if she'd return to the agency, Shaw paused. "I would have to go back," she finally said, citing CISA's essential mission and a regular paycheck. "I mean, they'd have to earn my trust back. But I don't know how you do that." Colby Hochmuth contributed to this report.
