Internal Memo Reveals Staffing Crisis at CISA, Blames Trump-Era Cuts
The Cybersecurity and Infrastructure Security Agency (CISA) is grappling with a significant staffing crisis, as revealed in a recent internal memo from acting Director Madhu Gottumukkala. This development follows substantial workforce reductions experienced during the Trump administration, which have left the agency struggling to fulfill its national security duties.
Gottumukkala, who took office as deputy director in May, emphasized in his November memo that “the recent reduction in personnel has limited CISA’s ability to fully support national security imperatives.” The memo calls for urgent hiring of qualified professionals by the end of Fiscal Year 2026, aimed at bolstering the agency’s defensive capabilities.
CISA’s staffing issues are particularly pressing following a turbulent year in which the agency lost nearly one-third of its workforce. This decline was exacerbated by reductions during the longest government shutdown in history. Sources within the agency have suggested that these staffing shortages have significantly hampered CISA’s response capabilities to emerging cyber threats.
Despite a hiring strategy suggested in the memo to leverage the Department of Homeland Security’s Cyber Talent Management System, employees have reported that the administration’s trend toward reducing agency size contradicts these efforts. CISA spokesperson Marci McCarthy stated that while the agency does not typically comment on personnel matters, it remains focused on executing its mission effectively.
The memo contends that CISA is at a “pivotal moment,” currently facing an alarming vacancy rate of about 40% across critical areas. This staffing shortfall has led to broader implications, affecting incident response, risk assessments, and outreach to critical infrastructure sectors, as reported by various officials.
It remains unclear how many personnel are currently available in essential divisions, prompting lawmakers to request updated staffing information from DHS and CISA leadership to evaluate the extent of remaining vacancies. With the agency already operating at a diminished capacity, this is a crucial moment for CISA, as it strives to enhance its cybersecurity posture while navigating operational challenges.
These developments may raise awareness about how inadequate staffing levels can affect organizations’ readiness against cyber threats. From initial access to privilege escalation, tactics commonly seen in cyber incidents could be exacerbated by weakened detection and response frameworks at CISA.
