The US Cybersecurity and Infrastructure Security Agency (CISA) has a new No. 2: Madhu Gottumukkala, stepping in as the nation’s lead civilian cyber agency faces budget cuts, a brain drain, and the never-ending task of defending critical infrastructure.
CISA formally announced Gottumukkala’s appointment as deputy director today, after his former employer, the state of South Dakota, spilled the beans last month.
Gottumukkala’s new boss, US Homeland Security Secretary Kristi Noem, served as South Dakota’s governor before President Trump tapped her for the federal position earlier this year.
Prior to his CISA appointment, Gottumukkala oversaw South Dakota’s technology and cybersecurity efforts as commissioner and chief information officer for the state’s Bureau of Information and Technology.
And before that, he served as South Dakota’s second-ever chief technology officer.
“As I step into this new role at the Department of Homeland Security, I carry with me the values of innovation, resilience, and service that define our state,” Gottumukkala said in April. “I look forward to continuing to protect and strengthen the nation’s digital and physical infrastructure at a time when it matters most.”
Although it now has a No. 2 and Bridget Bean is performing the duties of the director, CISA still lacks a Senate-confirmed leader. US Senator Ron Wyden (D-OR) has blocked the nomination of Sean Plankey to lead the agency in an attempt to force the release of an unclassified report on American telecommunications networks’ weak security.
Gottumukkala steps into the deputy spot as CISA faces a barrage of threats from foreign governments, financially motivated criminals, and the Trump administration on a daily basis.
When asked about Gottumukkala’s appointment, House Rep Eric Swalwell (D-CA), who has expressed concerns about the CISA workforce and program cuts, told The Register: “I look forward to working with the deputy director in the weeks and months ahead. I also urge the Senate to act quickly to consider Sean Plankey’s nomination.”
Ultimate inside threat
The Trump administration has proposed slashing CISA’s budget by $491 million – about 17 percent – as Noem vows to “put CISA back on mission” and prevent any overreach, return money to taxpayers, and realign the workforce “to focus on the mission that Congress has laid out.”
In practice, that appears to mean defending against threats from China, but not necessarily Russia, and without the agency’s red team, while also ignoring any election security interference and disinformation.
The proposed cuts would exacerbate the exodus already underway. Last month, two top CISA officials who led the Secure by Design program, which pressed software makers to build better security into their products from the start, resigned.
Others have since jumped ship, including two who typed out goodbye letters on LinkedIn.
“I never thought I would be placed in a position where I would be given a choice to leave federal service on my own accord, but all my federal colleagues know how challenging these past few months have been,” wrote CISA infosec specialist Lauren Pentrack, who said she took the government’s voluntary Deferred Resignation Program (DRP), which let eligible employees voluntarily resign but still get paid and keep their benefits through September 30.
“It was a decision I struggled with for a long time, but ultimately could not risk the looming possibility of a RIF,” Pentrack added.
Another CISA employee who took the buyout lists his name on LinkedIn as Mihai P, and worked as a financial manager at the agency. “The DRP seemed like a good deal,” He told The Register. “And it just wasn’t a good fit for me.”
It’s unclear how many CISA employees have been fired or pushed out of the agency, and Homeland Security won’t say.
At last week’s House Homeland Security Committee hearing, Rep. Bennie Thompson (D-MS) told Congress that he can’t get an answer to this question. When The Register asked DHS for a specific headcount, Assistant Secretary Tricia McLaughlin refused to answer and instead sent the following statement via email:
“As Secretary Noem stated, CISA needs to refocus on its mission, and we are starting with election security. The agency is undertaking an evaluation of how it has executed its election security mission with a particular focus on any work related to mis-, dis-, and malinformation. While the agency conducts the assessment, personnel who worked on mis-, dis-, and malinformation, as well as foreign influence operations and disinformation, have been placed on administrative leave.” ®
