Congressional officials wonder how CISA can carry out core mission in face of workforce cuts

SAN FRANCISCO – In her appearance at the RSAC 2025 Conference, Homeland Security Secretary Kristi Noem spoke about getting CISA back to its “core mission” of protecting federal networks and critical infrastructure from cybersecurity threats. 

Other cyber policy experts wonder how that is going to unfold with such concentration on cutting CISA’s workforce. 

Congressional staffers and cybersecurity policy experts expressed deep concern about CISA during a panel discussion at the conference, with particular attention given to the agency’s ongoing staffing reductions.

The comments came during a bigger discussion about efforts to build and retain a qualified cyber workforce in the face of growing threats, budget constraints and political turbulence that the panel said threatens to further erode government cyber readiness.

Moira Bergin, minority staff director at the House Homeland Security Committee, called the retention of CISA personnel the committee’s “top priority,” expressing concerns that the cuts over the first 100 days of the Trump administration could lead to the loss of institutional knowledge that has helped the cyber agency grow since its inception. 

“We don’t want to lose any more workforce, we don’t want to lose any more authorities, we don’t want to lose any more programs,” Bergin said. 

Bergin also noted that CISA’s expansion has not come from excessive federal spending, but rather from the agency’s ongoing efforts to define and apply its mission since its creation in 2018.

“Our view is that CISA has grown in a constructive way and has grown in a way that meets demand,” she said. “It hasn’t started programs for program’s sake, but rather programs have been initiated either in response to threat actors, in response to vulnerabilities that we’ve seen in software, in response to demand from their stakeholders.”

She further signaled that the committee is conducting oversight into which programs are being affected, what contracts are being cut, and how these moves will impact the nation’s resilience to attacks.

Alexandra Seymour, staff director for the committee’s Cybersecurity and Infrastructure Protection subcommittee, stressed that on the whole, workforce development is a top priority for the 119th Congress. Seymour outlined legislative efforts such as the PIVOTT Act, designed to rapidly train individuals through two-year programs at technical schools and community colleges, incorporating skills-based exercises and internships. 

According to Seymour, the intent is to “train people quickly and at scale,” aiming for hands-on experience and subsequent placements in government service.

Seymour emphasized efforts by committee chairman Rep. Mark Green, R-Tenn., to get the bill to become law, especially given the estimates of over 500,000 open cybersecurity positions nationwide. Seymour described an acute challenge in recruiting talent across federal, state, and local governments — a gap felt most sharply in regions responsible for maintaining critical infrastructure.

“The reason that that is really important to the chairman is that he thinks [regional talent] is the root of a lot of the issues that we see in cyberspace,” Seymour said. “When you don’t have the right people with the right skills in the right places, it’s really hard to be able to address these threats that are evolving really rapidly, that are growing in sophistication and in number.”

Despite these efforts, Seymour acknowledged persistent challenges: “We know that it’s a really big challenge. We’re hopeful that we can really drive something forward. … But there’s still a lot of work to do in that space.”