Multiple top CISA officials behind ‘Secure by Design’ resign
Two top officials at the Cybersecurity and Infrastructure Security Agency who worked with the private sector to manufacture secure products and technology are leaving the agency.
Bob Lord, senior technical adviser and Lauren Zabierek, senior advisor at CISA, were two of the chief architects behind CISA’s Secure by Design initiative, which garnered voluntary commitments from major vendors and manufacturers to build cybersecurity protections into their products at the design stage.
On Monday in dueling posts on LinkedIn, Lord and Zabierek both said they are departing the agency. Neither offered a rationale or motivation for the decision, with Lord simply calling it a “difficult decision” and Zabierek saying it was “not an easy choice.”
Lord said he would continue “contributing” to Secure by Design after a short break. Both specifically praised the program in their announcements, with Zabierek arguing it has impacted the way product manufacturers and policymakers approach cybersecurity.
“Being part of this initiative has been one of the most meaningful experiences of my career, one that truly embodies the spirit of public-private partnership and both interagency and international collaboration,” said Zabierek. “One of government’s most important roles is to catalyze innovation that serves the public, and then find a way for it to scale, adapt, and endure. What started as a government-led call to action has quickly become a global movement and we look forward to continuing the momentum.”
Lord joined CISA in 2022, where he quickly headed up the agency’s Secure by Design initiative, which was part of a larger push by the Biden administration and CISA to change the paradigm in cybersecurity and place more responsibility on manufacturers and vendors to deliver safer software and products to consumers on the front end.
Before that, he was the first chief security officer at the Democratic National Committee, working to improve campaign security in the aftermath of the 2016 hacks of the DNC and Hillary Clinton’s campaign by Russian hackers. Lord implemented basic cybersecurity guidelines for campaigns to follow ahead of the 2020 elections, including encrypting their laptops. Lord was also CISO at Yahoo and has worked security jobs at Twitter, Rapid7, Red Hat and America Online.
Zabierek, who joined CISA in 2023, was director of the Harvard Belfer Center’s cybersecurity project, a visiting fellow at the National Security Institute and has served as an established expert on cyber policy for years.
The departures raise questions about the fate of Secure by Design, which was launched under the Biden administration and at a time when the White House was looking to expand CISA’s budget and portfolio. Under the Trump administration, the agency has suffered severe cuts to personnel and resources, and Secretary of Homeland Security Kristi Noem said earlier this year that she intended to transform CISA into a “more nimble” organization with a less expansive mission.
“CISA remains laser-focused on working across the public and private sectors to improve the nation’s cybersecurity, a critical element of which is ensuring that technology companies do their part,” Bridget Bean, acting CISA Director, told CyberScoop in a statement. “This is why we continue to urge companies to develop products that are secure by design, instead of passing the cost of poorly designed products on to consumers. While CISA’s approaches to Secure by Design evolve, our commitment to the principles remain steadfast. I thank Bob Lord and Lauren Zabierek for helping to lay the foundation on which future work in this space can be built.”
In his message, Lord said he was “deeply grateful” to have helped lead the project, but said he believes it’s now bigger than CISA or the federal government and would endure.
“This was never a solo effort — hundreds of people across CISA, other U.S. agencies, international partners, software companies, open-source projects, and more came together to build a movement,” Lord said. “These amazing people are pushing the software industry toward a future where safety is built in from the start. I can’t wait to see where they take it — especially as the daily headlines remind us how urgent this work is.”
