Has CISA Finally Found Its New Leader in Tom Parker?

CYBERSECURITY OPERATIONS THREAT INTELLIGENCE CYBER RISK CYBERSECURITY CAREERS NEWS Has CISA Finally Found Its New Leader in Tom Parker? Dark Reading investigates rumors that Tom Parker, a board room "operator" and longtime cyber exec, could be next in line to take over CISA. Becky Bracken,Senior Editor,Dark Reading May 7, 2026 5 Min Read SOURCE: TIMON SCHNEIDER VIA ALAMY STOCK PHOTO It’s been a brutal 16 months since the Cybersecurity and Infrastructure Security Agency (CISA) has had a Senate-confirmed director. Now, a new name has bubbled up as a possible pick to take over the beleaguered agency: Tom Parker, a low-key, British-born cybersecurity expert known for business savvy, technical expertise, and decades of focus on the delicate economics of cybercrime and cyber defense.  Reports say that although he has not yet been officially nominated, Parker is a contender to get the nod from new Department of Homeland Security Secretary, Markwayne Mullin. A request for comment from Dark Reading to DHS was referred to the White House, which has not yet responded.  Parker however tells Dark Reading that despite recent reporting, he has not had any “direct engagement” with the administration on taking on the role, but would welcome the conversation.  "Having spent the past two decades working across administrations, Congress, and the private sector on national cybersecurity strategy, policy, and large-scale cyber operations, I would welcome a conversation with the administration about how we continue strengthening the security and resilience of the nation's most critical infrastructure and building operationally robust partnerships with American cyber businesses," Parker tells Dark Reading. "This mission of CISA is more important than it ever has been, with increasingly emboldened adversaries that seek to harm US digital assets at home and abroad, using increasingly sophisticated methods of attack, such as the use of AI."  Related:Name That Toon: Mark of (Security) Progress It should be noted, Parker has also been a long-time contributor to Dark Reading.  A Look at Tom Parker's Cyber Bona Fides LOADING... Those who know and have worked with Parker throughout his career say he would be a solid choice to lead CISA with his unique set of skills.  "For 20 years he has been the authority on adversaries," Ryan LaSalle, CEO of Nisos, says about Parker. "He’s a true operator, has absolutely been a force for resiliency in this country, and would bring a new level of expertise to CISA."   LaSalle points out that Parker has never been a polarizing figure, and thinks that this could give him an edge in today's hyper-intense political environment. His longtime collaborator and business partner, cybersecurity expert Matt Devost, says he thinks Parker could in fact help bring down the political temperature at CISA.  And, he adds, the time he and Parker spent red teaming for some of the biggest companies in the world earned Parker invaluable insights into the cybersecurity risks businesses face every day.  Related:20 Years in Cyber: Dark Reading Marks Milestone With Month of Special Coverage “Thirty minutes later [after a red-team exercise] he could go into the board and explain the risk in terms they understood,” Devost says. “He would continue to enable the trust between the private sector and CISA.” Parker certainly has demonstrated that he knows his way around a boardroom. He's currently an executive with IBM, and has launched and sold two start-ups: FusionX, which he sold to Accenture in 2010; and Hubble, founded in 2020 and funded by CrowdStrike and Accel, which he sold to KKR/NetSPI in 2024. He also served as chief information security officer (CISO) for insurer AIG Business between his startup stints.  Navigating Tough Political Waters at CISA Whoever steps in to lead CISA next will have a hard job ahead of them, says Jake Williams, cyber expert and vice president of research at Hunter Strategy: "Trust in CISA to provide timely, actionable, and apolitical data to industry partners is at an all-time low. This is critical, because as much as CISA helps private organizations, it relies on the data those organizations share, too."  Roselle Safran, founder of cybersecurity startup company KeyCaliber and former US Executive Office of the President Branch Chief and DHS cybersecurity analyst under the Obama administration, says she has only met Parker in passing, but thinks navigating government bureaucracy can be tough for someone more accustomed to getting things done at enterprise speed, she adds.  Related:Anthropic's Mythos Has Landed: Here's What Comes Next for Cyber "Tom's experience as a founder will be quite valuable. Founders know how to set a clear vision, attract talent, iterate quickly when processes aren't working, and deliver results, all of which will be needed for the next CISA leader to be effective,” Safran says. “Of course, government work brings its own set of unique and nuanced constraints, particularly due to its bureaucratic nature and the need to address multiple stakeholders simultaneously. However, he likely has the ability to learn quickly.”  And although he’s not exactly a Beltway insider, Parker’s no stranger to Washington DC either. He served as a consultant for US-CERT, later folded into CISA, and was on the Department of Homeland Security cyber advisory committee under the George W. Bush administration director Tom Ridge. Parker also joined the FedRAMP working group that created the first set of federal regulations for software, and worked with cybersecurity legend Dan Kaminsky to help policymakers understand the nuance around net-neutrality regulations.  One former high-ranking CISA official, who asked not to be named directly, says he doesn't know Parker personally, but hopes that the new director, whoever they are, will focus on secure-by-design, “given how quickly AI is changing the economics of breaking and building software.” The former CISA official says he would also like to see the CVE program get funded.  Credentials and skill set aside, confirmation in the Senate likely will be a tough slog for any nominee. The previous choice, Sean Plankey, finally withdrew from consideration last April after lingering in the confirmation process for 13 months. Senator Ron Wyden blocked Plankey’s confirmation in an effort to force the US government to release details on China's Salt Typhoon attacks on US communications networks. His office did not respond to a request for comment on whether he would similarly work to stymie Parker's confirmation.  Don't miss the latest Dark Reading Confidential podcast, How the Story of a USB Penetration Test Went Viral. Two decades ago Dark Reading posted its first blockbuster piece — a column by a pen tester who sprinkled rigged thumb drives around a credit union parking lot and let curious employees do the rest. This episode looks back at the history-making piece with its author, Steve Stasiukonis. Listen now! Read more about: CISO Corner About the Author Becky Bracken Senior Editor, Dark Reading Award-winning journalist and senior editor at Dark Reading reporting across diverse media platforms, including podcasts and video. Becky is passionate about delivering insightful, high-quality information and storytelling that informs and engages the cybersecurity community. Her specific focus is on the intersection of cybersecurity and public policy and its impact on the enterprise.  As the host and producer of the recently Azbee-recognized Dark Reading Confidential podcast, she presents compelling conversations with industry leaders, exploring the latest trends and challenges in cybersecurity. Becky is also the moderator Dark Reading's popular editorial webinars, and oversees Dark Reading's Commentary section, curating expert perspectives intended to drive meaningful dialogue. Additionally, she is the host of Dark Reading's Black Hat News Desk, delivering timely and in-depth coverage right from the heart of one of the industry's most important events. Beyond editorial responsibilities, Becky is a regular writer and reporter for Dark Reading, contributing articles that delve into the evolving cybersecurity landscape.  Prior to joining Dark Reading, Becky honed her expertise as a cybersecurity reporter for Threatpost, where she covered breaking news and emerging threats in the digital security space. She holds a BA in political science from the University of Arizona, and a BA in journalism from the Walter Cronkite School of Journalism at Arizona State University.  Want more Dark Reading stories in your Google search results? ADD US NOW More Insights Industry Reports How Enterprises Are Developing Secure Applications Inside RSAC 2026: security leaders reveal the risks redefining your defense strategy How Enterprises Are Harnessing Emerging Technologies in Cybersecurity Ditch the Data Center: Understanding Flexible Cloud Infrastructure Security Management 2025 State of Malware Access More Research Webinars The New Attack Surface: How Attackers Are Exploiting OAuth to Own Your Cloud Workspace Prompt Injection Is Just the Start: Securing LLMs in AI Systems Anatomy of a Data Breach: What to Do if it Happens to You How Well Can You See What's in Your Cloud? Implementing CTEM: Beyond Vulnerability Management More Webinars You May Also Like CYBERSECURITY OPERATIONS Hand CVE Over to the Private Sector by Brian Martin JAN 27, 2026 CYBERSECURITY OPERATIONS China Imposes One-Hour Reporting Rule for Major Cyber Incidents by Robert Lemos, Contributing Writer OCT 01, 2025 CYBERSECURITY OPERATIONS CISA, FBI, NSA Warn of Chinese 'Global Espionage System' by Alexander Culafi AUG 28, 2025 CYBERSECURITY OPERATIONS Women Who 'Hacked the Status Quo' Aim to Inspire Security Careers by Elizabeth Montalbano, Contributing Writer JUL 16, 2025 Editor's Choice THREAT INTELLIGENCE From Stuxnet to ChatGPT: 20 News Events That Shaped Cyber byDark Reading Editorial Team MAY 6, 2026 31 MIN READ CYBER RISK Physical Cargo Theft Gets a Boost From Cybercriminals byRobert Lemos MAY 4, 2026 5 MIN READ CYBER RISK NSA Chief During Snowden Affair Shares Regrets, Reflections 13 Years Later byDark Reading Editorial Team APR 28, 2026 Want more Dark Reading stories in your Google search results? Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. SUBSCRIBE LOADING... Webinars The New Attack Surface: How Attackers Are Exploiting OAuth to Own Your Cloud Workspace WED, JUNE 24,2026 AT 1PM EST Prompt Injection Is Just the Start: Securing LLMs in AI Systems TUES, MAY 26, 2026, AT 1PM EST Anatomy of a Data Breach: What to Do if it Happens to You JUNE 18TH, 2026 | 11:00AM -5:00PM ET | DOORS OPEN AT 10:30AM ET How Well Can You See What's in Your Cloud? THURS, JUNE 4, 2026 AT 1:00PM EST Implementing CTEM: Beyond Vulnerability Management THURS, MAY 21, 2026 AT 1PM EST More Webinars BLACK HAT USA | MANDALAY BAY, LAS VEGAS The premier cybersecurity event of the year returns to Mandalay Bay with a re‑engineered, six‑day program built to ignite innovation, push boundaries, and bring the global security community together like never before. Use code: DARKREADING to save $200 on a Briefings pass or $100 on a Business pass. GET YOUR PASS