The Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that it did not lay off hundreds of red teamers. Instead, it simply terminated their contracts. While the distinction may seem minor, the impact could be major—potentially disrupting the nation’s cybersecurity preparedness at a critical moment.
Government Cost-Cutting or Cybersecurity Gamble?
Elon Musk’s Department of Government Efficiency (DOGE) initiative has been making deep spending cuts across federal agencies, including CISA. The agency let go of all probationary employees, though a court ruling forced their reinstatement. Additionally, contracts for more than 100 government red teamers were abruptly ended, sparking alarm across the cybersecurity sector.
Christopher Chenoweth, a senior penetration tester at the Department of Homeland Security (DHS), sounded the alarm on LinkedIn, announcing that his contract and those of many others had been terminated. Days later, another CISA red team, also performing “mission-critical” work, was cut. The result? A flood of experienced cyber professionals looking for jobs and a void in critical security assessments for the federal government.
CISA Attempts to Reassure, but Questions Linger
In response to mounting concerns, CISA issued a statement on March 12 emphasizing that its red team operations remain “without interruption.” The agency insisted that it continues to work closely with system administrators, network defenders, and technical staff to assess vulnerabilities and refine cybersecurity strategies.
Yet, internal sources have been notably silent. Those still inside CISA declined to comment, while DOGE itself reported that as of March 19, the agency had already cut over 3,300 positions, translating to a cost savings of $459.1 million. Notably, there was no clarity on whether these figures included the contract-based red teamers whose jobs were eliminated.
Meanwhile, former CISA Director Jen Easterly has set up an online hiring form to connect displaced government cybersecurity professionals with private sector employers—a move that underscores the growing uncertainty about CISA’s future capabilities.
The Role of Red Teamers in National Security
CISA’s red teams play a vital role in identifying and mitigating cyber risks. Their assessments help protect not just the government but also private organizations that depend on their threat intelligence.
Last year, a CISA red team conducted a deep dive into US critical infrastructure security and published a detailed report. The findings included:
- Weaknesses in software supply chains that could be exploited in widespread cyberattacks.
- Post-exploitation techniques that attackers might use to move laterally within networks.
- Actionable recommendations for securing infrastructure against emerging threats.
This kind of work has been instrumental in shaping cybersecurity strategies across multiple industries. If these services are scaled back due to budget cuts, organizations may be forced to find alternative ways to safeguard their networks.
Could the Private Sector Fill the Gap?
Dr. Deepak Kumar, founder and CEO of Adaptiva, acknowledges CISA’s reassurances but questions whether the agency still has the same level of expertise working on these threats.
“It’s good to hear that CISA’s red team is still fully operational, but we have to ask: Do these ‘efficiencies’ mean fewer experts working on critical threats?” Kumar said. “The cybersecurity landscape is evolving too fast for any loss of momentum.”
If federal cybersecurity resources continue to shrink, US organizations may need to take proactive measures, including:
- Strengthening internal vulnerability detection and response capabilities.
- Partnering with private security firms to fill intelligence gaps.
- Diversifying sources of threat intelligence rather than relying on federal agencies.
“If these changes reduce CISA’s ability to support critical infrastructure, organizations need to be ready to fill that gap themselves,” Kumar warned.
For now, CISA insists that its red team operations are continuing as usual. But with mounting budget pressures and staffing cuts, cybersecurity experts are left wondering whether “business as usual” is sustainable—or if US cyber defenses are about to take a serious hit.
