As CISA Downsizes, Where Can Enterprises Get Support? - Dark Reading

CYBERSECURITY OPERATIONS THREAT INTELLIGENCE NEWS As CISA Downsizes, Where Can Enterprises Get Support? In this roundtable, cybersecurity experts — including two former CISA executives — weigh in on alternate sources for threat intel, incident response, and other essential cybersecurity services. Alexander Culafi,Senior News Writer,Dark Reading April 1, 2025 6 Min Read SOURCE: 2020 IMAGES VIA ALAMY STOCK PHOTO The US Cybersecurity and Infrastructure Security Agency (CISA) is a bit of a multitool. In addition to its public-facing threat intelligence reports, CISA offers organizations a wide range of other services, such as physical and cybersecurity assessments, trainings, tabletop exercises, threat briefings, incident response, and much more. Al Schmidt, secretary of the commonwealth for Pennsylvania, said in an election security roundtable last week that he was worried about these services being compromised in CISA cuts because the state, and its counties, have relied on the agency's support for their elections. Moreover, some of what CISA offers cannot be replicated at the state or county level. CISA, like many federal agencies, has seen substantial downsizing in recent months as part of the Trump administration's cost-cutting measures. It is unknown exactly how many jobs have been lost to date; the agency's personnel count was approximately 3,200, according to its FY 2025 budget overview. Related:Why Stryker's Outage Is a Disaster Recovery Wake-Up Call On Feb. 20, the Department of Homeland Security (DHS) told Dark Reading that "north of 130" positions from CISA had been cut as part of a mass firing. Dark Reading reached out to the DHS for updated figures, though it has not yet responded. In any case, hundreds of personnel apparently have been impacted. Though it is unclear how CISA downsizing ultimately will impact the services it offers, the cuts we do know about mean it may be wise to consider secondary avenues to get certain services in the future. Dark Reading asked multiple security experts — including two former CISA executives — where enterprises can look for support as CISA downsizes. The comments below were gathered from Nitin Natarajan, security adviser, and former CISA deputy director; Brandon Wales, SentinelOne vice president of cybersecurity strategy and former CISA executive director; Austin Berglas, global head of professional services at BlueVoyant and former head of cyber, FBI, New York; Riaz Lakhani, chief information security office (CISO) at Barracuda; and Jake Williams, vice president of research and development at Hunter Strategy. In the wake of CISA downsizing, where should enterprises look for support? Would it present opportunities for the private sector? Nitin Natarajan: Over the last several years, we have seen an increase in efforts across the nation to build capability and in strengthening our resilience against cyberattacks. Private sector companies have offered tools and services at reduced or no cost to some critical infrastructure partners. Academic institutions have utilized undergraduate and graduate students to help support their communities in implementing stronger cybersecurity practices. Some state governments have developed teams of individuals to help critical infrastructure owners and operators, especially small and medium-sized businesses, and enhance their cybersecurity posture. I suspect we will see more of these types of programs standing up in the months and years to come. Related:White House Cyber Strategy Prioritizes Offense Additionally, while there are many commercial resources available to help organizations, some critical infrastructure owners and operators, especially small and medium-sized public and private sector entities, are not able to invest in these services, making it harder to build resilience against a growing threat landscape. Brandon Wales: One of America's strengths is its vibrant private sector cybersecurity ecosystem, which has deep talent and expertise to help both governments and private industry to protect themselves against the wide array of malicious actors out there. I expect that ecosystem to fill critical gaps, should they emerge. Austin Berglas: The downsizing of CISA and other government agencies has the potential to weaken the security posture of the United States and our allies, and expose them to increasing threats of devastating cyber attacks. Although collaboration and information sharing with private sector organizations will suffer, enterprises should look to strengthen existing and establish new relationships with security vendors and professionals. Companies need to understand the differences in support they will receive from a government agency versus a private security company. Related:Software Development Practices Help Enterprises Tackle Real-Life Risks While agencies such as CISA and the FBI play a crucial role in helping protect private companies from cyber threats, they neither have the bandwidth nor the resources to provide the broad variety of ongoing support these organizations require to remain secure. Many private security companies exist to serve as force multipliers or extensions of the enterprise's internal security function, often serving as a fully outsourced security team for organizations who do not have the budget to hire, train, and maintain an internal capability, or just choose to outsource certain roles and functions. Now is the time to review third-party relationships. Security companies are available for every size organization and every budget, large and small — with products and services ranging from managed security and IT services to third-party risk, threat intelligence, consulting, and offensive security. Riaz Lakhani: For state and local governments, relying on private Information Sharing and Analysis Organizations (ISAOs) will become more crucial. The challenge will be securing new budgets to engage these private entities, especially with public funding already stretched thin. This downsizing means both state and local governments and the private sector will need to be more proactive and self-reliant in their cybersecurity efforts. By investing in advanced threat detection, leveraging private ISAOs, and building internal capabilities, organizations can navigate the challenges posed by reduced federal support and continue to protect their critical assets. In the private sector, companies will need to prioritize spending on advanced threat intelligence products and services that provide actionable insights. This includes leveraging vendors that offer comprehensive threat intelligence solutions to help distinguish between noise, vendor-agnostic pushes, and real threats. Additionally, enterprises should focus on building internal capabilities to analyze and act on threat intelligence. This involves training staff to effectively use threat intelligence tools and fostering a culture of continuous learning and adaptation to evolving cyber threats. It will be crucial to not let anyone else's incident go to waste. Use it as an opportunity to learn and train from other incidents by conducting post-mortems and focusing on how you would have sourced that threat intelligence if it had been your organization. This approach helps build the muscle needed to effectively respond to future threats. Jake Williams: I think there are definitely opportunities for those in the private sector to start enhancing their native CTI [cyber threat intelligence] teams for both collection and analysis. That said, ISACs [Information Sharing and Analysis Centers] are not where I'd turn. ISACs are suffering because many smaller members relied on DHS grants to fund their ISAC dues. With this grant money also disappearing, ISACs will have fewer members. Given the current political landscape, I fully expect to see pressure exerted even on private sector cyber threat intelligence (CTI) firms, leading them to suppress sharing some intelligence with customers. There's never been a better time for larger orgs to build their own native CTI capabilities. Would you like to weigh in on the above questions? If so, please send a note to darkreadingsubmissions@informa.com to be included in a follow-up story with reader reactions. Read more about: CISO Corner About the Author Alexander Culafi Senior News Writer, Dark Reading Alex is an award-winning writer, journalist, and podcast host based in Boston. After cutting his teeth writing for independent gaming publications as a teenager, he graduated from Emerson College in 2016 with a Bachelor of Science in journalism. He has previously been published on VentureFizz, Search Security, Nintendo World Report, and elsewhere. In his spare time, Alex hosts the weekly Nintendo podcast Talk Nintendo Podcast and works on personal writing projects, including two previously self-published science fiction novels. More Insights Industry Reports Frost Radar™: Non-human Identity Solutions 2026 CISO AI Risk Report Cybersecurity Forecast 2026 The ROI of AI in Security ThreatLabz 2025 Ransomware Report Access More Research Webinars Building a Robust SOC in a Post-AI World Retail Security: Protecting Customer Data and Payment Systems Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need Securing Remote and Hybrid Work Forecast: Beyond the VPN AI-Powered Threat Detection: Beyond Traditional Security Models More Webinars Editor's Choice CYBERSECURITY OPERATIONS Why Stryker's Outage Is a Disaster Recovery Wake-Up Call byJai Vijayan MAR 12, 2026 5 MIN READ Want more Dark Reading stories in your Google search results? 2026 Security Trends & Outlooks THREAT INTELLIGENCE Cybersecurity Predictions for 2026: Navigating the Future of Digital Threats JAN 2, 2026 CYBER RISK Navigating Privacy and Cybersecurity Laws in 2026 Will Prove Difficult JAN 12, 2026 ENDPOINT SECURITY CISOs Face a Tighter Insurance Market in 2026 JAN 5, 2026 THREAT INTELLIGENCE 2026: The Year Agentic AI Becomes the Attack-Surface Poster Child JAN 30, 2026 Download the Collection Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. SUBSCRIBE Webinars Building a Robust SOC in a Post-AI World THURS, MARCH 19, 2026 AT 1PM EST Retail Security: Protecting Customer Data and Payment Systems THURS, APRIL 2, 2026 AT 1PM EST Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need WED, APRIL 1, 2026 AT 1PM EST Securing Remote and Hybrid Work Forecast: Beyond the VPN TUES, MARCH 10, 2026 AT 1PM EST AI-Powered Threat Detection: Beyond Traditional Security Models WED, MARCH 25, 2026 AT 1PM EST More Webinars White Papers Autonomous Pentesting at Machine Speed, Without False Positives Fixing Organizations' Identity Security Posture Best practices for incident response planning Industry Report: AI, SOC, and Modernizing Cybersecurity The Threat Prevention Buyer's Guide: Find the best AI-driven threat protection solution to stop file-based attacks. Explore More White Papers GISEC GLOBAL 2026 GISEC GLOBAL is the most influential and the largest cybersecurity gathering in the Middle East & Africa, uniting global CISOs, government leaders, technology buyers, and ethical hackers for three power-packed days of innovation, strategy, and live cyber drills. 📌 BOOK YOUR SPACE