CISA officials who led Secure by Design initiative resign

Sydney Phoenix/DHS

Featured eBooks
Workforce Tech
Read Now

Customer Experience

Read Now

Identity in Government

Read Now
Insights & Reports
Build vs. Buy: Choosing the Best Path for Government Technology
Presented By PayIt
Download Now
Federal leaders describe pathways to IT modernization
Presented By SAP
Download Now
David DiMolfetta By David DiMolfetta,
Cybersecurity Reporter, Nextgov/FCW

By David DiMolfetta

|

Bob Lord and Lauren Zabierek are the latest to depart the cyber agency, as DOGE-fueled cuts and broader Trump reduction plans have placed it in the crosshairs.

Cybersecurity and Infrastructure Security Agency senior officials Bob Lord and Lauren Zabierek said Monday they are exiting their roles at the agency, leaving the future of a major security ambition in limbo.

The two senior advisors, who announced their resignations on LinkedIn, helped lead the CISA’s Secure by Design initiative, focused on creating incentives for private-sector software providers to bake baseline security measures into their products by default. Over the past year, some 300 firms have committed to an agency-led pledge to make their offerings more secure.

“What started as a government-led call to action has quickly become a global movement and we look forward to continuing the momentum,” Zabierek said in her LinkedIn post, referring to the initiative.

“There’s a role for everyone in making software safer,” Lord said in his post. “Whether you’re a developer who can propose systemic solutions to recurring classes of coding error, a product leader who can prioritize security investments, or a customer who demands transparency and measurable security improvements from software manufacturers, your actions matter.”

Neither said if they chose to take a slew of offers made available to CISA and DHS staff to exit the agency, which were extended earlier this month.

“While CISA’s approaches to Secure by Design evolve, our commitment to the principles remain steadfast. I thank Bob Lord and Lauren Zabierek for helping to lay the foundation on which future work in this space can be built,” CISA acting director Bridget Bean said in a statement.

Senior administration officials, namely Homeland Security Secretary Kristi Noem, have vowed to downsize CISA amid accusations that the cyber agency’s efforts to call out online disinformation have targeted conservative voices, though the planned moves appear to go beyond those disinformation-focused areas of the agency.

Hundreds of staff at CISA were notified recently that the agency discontinued one cybersecurity threat hunting tool and is preparing to retire another, Nextgov/FCW reported last week.

Earlier last week, the cybersecurity industry was sent into a tailspin after an internal memo from MITRE leaked on social media indicating that CISA would no longer support its flagship CVE Program, used worldwide to track and catalog cybersecurity vulnerabilities. Hours later, CISA reversed course and extended the contract by about 11 months.

Sen. Ron Wyden, D-Ore., put a hold on the nomination of Sean Plankey to lead the CISA earlier this month on grounds that the agency failed to disclose the contents of an unclassified 2022 report that outlined vast security vulnerabilities in the U.S. telecommunications sector. The status of the report’s release is not clear.

NEXT STORY: White House extends federal hiring freeze until July for most