Top CISA division chiefs depart amid broader agency reduction plans

A swath of division and regional leaders across the Cybersecurity and Infrastructure Security Agency have departed or are set to depart in the coming weeks, according to an internal memo obtained by Nextgov/FCW.

Regional chiefs including John Durkin, Jay Gamble, Phil Kirk and Patrick Massey will depart on May 30, according to the email sent Thursday by CISA deputy director Madhu Gottumukkala. Kathy Young, a deputy regional director, will retire from service on May 30, and other regional leads — Alex Joves and Rob Russell — already departed May 16, it said.

The departures of various administrative heads are also listed in the memo, including Juan Arratia, the agency’s chief contracting officer, who left on May 16. The memo also confirmed the upcoming May 30 departure of Matt Hartman, the agency’s deputy executive assistant director for cybersecurity. It adds that Infrastructure Security Division acting director Steve Harris also left May 16. The memo did not specify the reasons for each of the departures.

The staff losses will leave nearly all of the agency’s operational divisions and at least half its regional bureaus without a permanent leader. The workforce changes come as former officials say that the last thing needed in the current cyber threat environment is a significant downsizing at the government’s core cybersecurity agency.

“CISA is doubling down and fulfilling its statutory mission to secure the nation’s critical infrastructure and strengthen our collective cyber defense,” CISA Executive Director Bridget Bean said in a statement when asked about the email. “We were created to be the cybersecurity agency for the nation, and we have the right team in place to fulfill that mission and ensure that we are prepared for a range of cyber threats from our adversaries.”

The Washington Post on Friday first reported the Gottumukkala email.

“To these departing leaders, I want to express my sincere and heartfelt gratitude for your exceptional leadership and service to this agency,” Gottumukkala wrote. “Your leadership and support have been integral to the agency’s success, especially during this time of transition. We wish you fulfillment as you move on to your future endeavors.”

The Trump administration has moved to broadly reduce CISA’s workforce and called for scaling down the agency as part of its fiscal year 2026 budget proposal. Senior administration officials — namely DHS Secretary Kristi Noem — have vowed to rescope the office and get it back “on mission” amid GOP accusations that CISA censored American’s free speech in its work calling out mis- and disinformation.

CISA’s $3 billion budget would see a $491 million cut from fiscal 2025, a move that’s turned heads of congressional appropriators who will ultimately decide whether to validate the funds by the end of September, when the federal calendar restarts.

In February, one former senior cybersecurity official called the moves, part of vast Trump-era downsizing goals, “one of the more foolish places” to invoke staff cuts. 

“Is there anyone who thinks ransomware attacks and computer hacks are going down?” they said.