Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency (CISA), is set to resign on Inauguration Day, January 20, 2025. President Biden nominated Easterly in April 2021, and the Senate unanimously confirmed her appointment in July 2021. Prior to serving as the CISA Director, Easterly was Morgan Stanley’s Head of Firm Resilience, constructing the Firm’s Cybersecurity Fusion Center, where she served as the first Global Head.

During her time as the CISA Director, Easterly was responsible for rolling out Secure by Design principles to reduce the occurrence exploitable flaws in products before public release. Jason Soroko, Senior Fellow at Sectigo, remarks, “Under Jenn Easterly, CISA’s proactive initiatives such as ‘Secure by Design’ and faster reporting of attacks by companies were positive for both the sell and buy side of the cybersecurity industry. What could be seen as regulatory burden was actually a positive call to arms to do the right thing. CISA should continue its work and look at initiatives to promote more public-private partnerships as well as look at what it can do to promote a strong cybersecurity workforce.”

How could a new administration impact CISA? 

“CISA was established in 2018 during the Trump administration under the Cybersecurity and Infrastructure Security Agency Act, creating a dedicated federal agency to protect the nation’s critical infrastructure from cyber threats,” says Elad Luz, Head of Research at Oasis Security. “Since its inception, CISA has made significant strides in enhancing the nation’s cybersecurity posture, including issuing critical directives to secure federal networks, spearheading initiatives to combat ransomware, and promoting public-private partnerships to strengthen cyber resilience. For example, the agency launched the Secure by Design and Shields Up initiative. The Shields Up initiative provided actionable guidance and resources to organizations in response to heightened cyber threats.”

With the resignation of Director Easterly, the agency is likely to experience some changes. However, Luz anticipates many aspects will remain the same. 

“Looking ahead, I expect that the Trump administration will continue to prioritize cybersecurity, particularly in terms of strengthening the defense of critical infrastructure and securing the national supply chain,” Luz states. “With the transition to the new administration, we anticipate that CISA will continue to play a vital and expanded role in protecting critical infrastructure, securing the national supply chain, and mitigating emerging cyber threats. The agency’s ongoing efforts will remain essential to ensuring the resilience of critical systems and defending against nation-state actors and other sophisticated adversaries.”

Casey Ellis, Founder and Advisor at Bugcrowd, shares his insights on the subject, saying, “I see a lot of the CISA initiatives, like Secure By Design, CIRCIA, and the vulnerability disclosure mandates set out by BOD 20-01, as work that is never done. Cyber defense is a constantly evolving game of cat-and-mouse, and these initiatives have had a material and measurable impact, as well as going a long way to clarify and, perhaps more importantly, mark out the North Star in a range otherwise complicated and ambiguous cybersecurity domains.” 

In regard to notable agency changes, Ellis states, “It’s too early to tell, especially with all of the leadership shifts happening at the moment, but I expect that once the cutover takes place the Trump administration will review the core initiatives, potentially add or make a few cuts, and the department will otherwise be left to get back to work.”

Director Jen Easterly’s legacy

As Easterly's role as the CISA Director comes to a close, cybersecurity experts are reflecting on the impact she made through her work. 

“Director Easterly did an incredible job in the middle of an extremely turbulent period in U.S. cybersecurity history,” remarks Ellis. “Her willingness to get out front-and-center and her instincts for ‘marketing the problem’ have been a core part of driving and improving cybersecurity awareness across a huge variety of domains, ranging from critical infrastructure and the threat posed by nation-states, through to consumer cybersecurity education. She has consistently been a huge champion of the good-faith hacker community as a part of the solution to cyber resilience. Most importantly, her internal and external leadership has been inspiring to many, especially women working to make their mark in a traditionally male-dominated field.”