The US Cybersecurity and Infrastructure Security Agency (CISA) is grappling with fresh concerns about internal stability following the departure of two senior officials central to its software security efforts.
Bob Lord, a Senior Technical Advisor with previous high-profile security roles at Yahoo and Twitter, and Lauren Zabierek, formerly head of Harvard Belfer Center’s cyber project, announced their resignations around April 22nd. Both were prominent advocates for CISA’s “Secure by Design” initiative, a program advocating for software manufacturers to embed better security practices early in development rather than leaving the burden on end-users.
Their exits feed worries about a potential talent drain as the agency navigates budget pressures and reports of sweeping personnel cuts under the second Trump administration.
In his departure announcement on LinkedIn, Lord, who joined CISA in April 2022, stated, “I’m deeply grateful for the opportunity to help lead the agency’s work on Secure by Design software.” He characterized the initiative as a collaborative “movement” involving “hundreds of people across CISA, other U.S. agencies, international partners, software companies, open source projects, and more.”
Zabierek, onboard since January 2023, similarly called her work on the initiative “one of the most meaningful experiences of my career” and highlighted its role in promoting “public-private partnership.” The program, launched formally in April 2023, aimed to implement a key part of the previous administration’s cyber strategy through voluntary means, persuading over 250 software makers to pledge improvements like adopting multi-factor authentication and reducing default password usage.
Secure by Design’s Uncertain Path
The emphasis both departing officials placed on Secure by Design has cast a spotlight on the program’s future. Acting CISA Director Bridget Bean acknowledged their work in a statement to The Register, indicating CISA’s commitment to the program’s principles remains “steadfast” even as “approaches to Secure by Design evolve.”
However, this careful phrasing comes amid speculation about the initiative’s trajectory. Some observers are pessimistic, noting a third key advisor, Jack Cable, left previously, and worry that companies might now push back harder against CISA security pressure, potentially leading the agency to limit resources and effectively “shuttering” the program.
The initiative had already navigated tensions, with some tech companies reportedly feeling CISA was overstepping its bounds during the pledge negotiations.
A Climate of Cuts and Controversy
These resignations are not isolated events for CISA. They follow reports of around 130 staffers being fired – including personnel focused on election security and countering foreign influence, according to February 2025 reporting citing Brian Krebs – and news that the agency anticipates potential cuts affecting up to 1,300 positions, nearly 40% of its staff.
Retired US Navy Rear Admiral Mark Montgomery described these earlier actions as the “gutting” of CISA, warning it “harms national security on a daily basis.”
Offers for voluntary exits were reportedly extended to CISA staff earlier in April, according to Nextgov/FCW, though neither Lord nor Zabierek indicated taking such offers.
This turbulence coincides with other administration actions, like dissolving Homeland Security advisory boards focused on cyber threats early in the term, and a $10 million funding reduction in March for the Multi-State Information Sharing and Analysis Center (MS-ISAC).
Willy Leichter, CMO at AppSOC, told SC Media the situation reflects broader concerns: “Dedicated experts at CISA are seeing experience replaced by loyalty and knowledge penalized,” calling the departures a “serious blow to federal leadership in cybersecurity.”
The Shadow of DOGE
Looming in the background as CISA faces these pressures is the Department of Government Efficiency (DOGE), presented as an efficiency initiative but widely seen as a vehicle for political influence involving Elon Musk.
In February 2025, DOGE started absorbing federal cybersecurity responsibilities with diminished oversight. This expansion involved controversial hires, such as 19-year-old Edward “Big Balls” Coristine, previously linked to the online harassment network ‘The Com’, and 33-year-old Christopher Stanley, a former X and SpaceX security engineer who gained brief notoriety in 2015 for leaking the user database of a DDoS-for-hire service.
Edward Coristine was also reported by journalist Jacob Silverman to be the grandson of a KGB double agent. Cybersecurity expert Bruce Schneier warned in February that DOGE’s actions risked becoming “a National cyberattack” through the “systematic dismantling of security measures… by removing the career officials in charge… and replacing them with inexperienced operators,” according to his blog.
Former NSA hacker Jacob Williams posted on LinkedIn around the same time that DOGE posed “a bigger threat to U.S. federal government information systems than China” because “it’s widely reported (and not denied) that DOGE introduced code changes into multiple federal IT systems. These code changes are not following the normal process for vetting and review…”
Government Resistance and Ongoing Scrutiny
Recent reporting by Krebs on Security detailing an NLRB whistleblower’s April allegations of DOGE personnel improperly accessing and transferring sensitive agency data adds fuel to these concerns.
Earlier this year, federal bodies like the IRS moved to restrict DOGE access, stating access to taxpayer info “shall only be provided if it is anonymized.” Congressional committees, including the House Science, Space, and Technology Committee (regarding NASA involvement) and the Senate Select Committee on Intelligence, raised alarms about national security risks from unvetted staff.
The Senate Homeland Security Committee called for a pause on DOGE activities, and the House Oversight Subcommittee held hearings. Policy groups like The Stanford Center for Internet and Society and The Center for Democracy & Technology also urged stricter oversight. Despite this pushback, the long-term balance of power and oversight between DOGE and traditional agencies like CISA remains unsettled as key personnel depart.
