Jen Easterly, the current US Cybersecurity and Infrastructure Security Agency (CISA) Director, is expected to leave her position on January 20, 2025, as the new Trump administration takes office.
Nitin Natarajan, CISA’s Deputy Director will also step down.
This was confirmed to Infosecurity by Ron Eckstein, CISA’s Senior Advisor for Public Affairs.
Eckstein also shared a message from a CISA spokesperson which said: “All appointees of the Biden Administration will vacate their positions by the time the new Administration takes office at noon on January 20. CISA is fully committed to a seamless transition.”
Easterly’s CISA Legacy
Easterly, a former cybersecurity leader at US bank Morgan Stanley, previously held several positions in US federal agencies, including the National Security Agency (NSA), the US Cyber Command and the White House.
She was nominated by Joe Biden in April 2021 and is the second CISA director since the agency was established in 2018.
Along with the team at CISA, she is recognized for several key initiatives and achievements during her tenure at the helm of the cybersecurity agency, including:
- Joint Cyber Defense Collaborative (JCDC), a public-private cybersecurity collaborative that leverages new authorities granted by Congress in the 2021 National Defense Authorization Act to unite the global cyber community in the collective defense of cyberspace
- Secure by Design Initiative, which emphasizes building security into products, software, and systems from the outset rather than addressing vulnerabilities after deployment. Founded in 2021, the Secure by Design initiative encourages software developers and technology companies to adopt a proactive approach to designing secure solutions
- Cross-Sector Cybersecurity Performance Goals (CPGs), a subset of cybersecurity practices, selected through a thorough process of industry, government, and expert consultation in 2021 and aimed at meaningfully reducing risks to both critical infrastructure operations and the American people
- Known Exploited Vulnerabilities (KEV) catalog, a regularly updated list of software and hardware vulnerabilities with observed active exploitation maintained by CISA since 2021
- Vulnrichment program, an initiative launched in 2024 and designed to enhance vulnerability management by integrating rich, contextual data into the vulnerability reporting and remediation process
- Cyber support to Ukraine: Under Easterly’s leadership, CISA collaborated with international partners to help bolster Ukraine's cybersecurity defenses against Russian cyber-attacks targeting critical infrastructure, government systems and civilian networks. CISA provided technical expertise, threat intelligence, and assistance in identifying and mitigating cyber threats
- Shields Up Campaign: Easterly's efforts also extended to ensuring US critical infrastructure remained protected against potential spillover cyberattacks through initiatives like the "Shields Up" campaign, which emphasized vigilance and resilience for US organizations
- Collaboration on election security by working with state and local governments to protect election systems from interference. These efforts bolstered public confidence in the integrity of US elections amid increasing cyber threats
CISA’s Eckstein said Easterly’s “specific departure date” and her post-CISA career plans remain unknown.