Is the 'Shields Up' era of CISA over?

Safe Mode Podcast
Episode: Is the 'Shields Up' era of CISA over?
Date: February 26, 2026

Episode Overview

This episode explores the current state of the Cybersecurity and Infrastructure Security Agency (CISA) one year into the second Trump administration, questioning whether the "Shields Up" era—CISA’s high-alert, proactive cybersecurity approach—is effectively over. Host Greg Otto is joined by senior reporter Tim Starks, whose in-depth reporting draws on interviews with politicians, industry experts, and former CISA staff to assess the agency’s drastic changes and challenges. The episode also features insight from Leslie Burnas and Jeffrey Hunt of the DoD Cybercrime Center, sharing frontline experiences on evolving cyber threats, especially the growing role of cryptocurrencies in cybercrime.

Segment 1: CISA’s Crisis Under Trump—A Deep Dive (00:29–14:39)

Key Topics & Insights

Dramatic Workforce Loss and Operational Decline

A third of CISA's workforce lost: CISA has experienced an exodus, not only losing staff but specifically top, long-tenured experts from both political parties.
- "[CISA has] lost a third of its workforce." — Greg Otto [02:19]
- "It's who they've lost...really senior people who have been at the agency for a very long time." — Tim Starks [02:32]
Operational paralysis: State and local governments and industry contacts report a breakdown in collaboration with CISA due to sheer lack of staff.
- “If you want to get a meeting with CISA, you can't right now, at least not to the extent they used to.” — Tim Starks [03:06]

Decimation of Key Mission Areas

Vital offices gutted: Election security, Secure by Design, stakeholder engagement, critical infrastructure outreach, and the JCDC (Joint Cyber Defense Collaborative) have all been drastically reduced or lost leadership.
- "Election security...was cut to almost nothing...the leadership there is gone." — Tim Starks [04:03]
- "It's lost this, it's lost this, it can't do this anymore." — Tim Starks [04:03]

ISACs and State Reliance

Undermining of centralized cybersecurity: Recent shifts, including executive orders, have pushed responsibilities to the states—something interviewees argue is both unrealistic and dangerous given massive disparities in state-level expertise.
- "We don't have the idea that we're going to have that kind of expertise spread out among 50 states. It just doesn't work. That's why you need a centrally coordinating function." — Tim Starks (paraphrasing Health ISAC leader) [05:42]
- The ongoing Conduent breach highlights the vacuum left by CISA’s diminished role in coordination. [06:55]

Readiness for Crisis

Loss of crisis response capability: CISA’s once vital role in scorekeeping, coordination, and response during incidents like the Change Healthcare breach (2024) may now be impossible to reproduce.
- "[In past breaches] CISA did a great job...I'm not sure that they would be able to do that now." — Tim Starks, relaying Health ISAC feedback [07:35]
- Experts doubt CISA’s ability to manage a large-scale threat, such as potential activation of Volt Typhoon Chinese malware. [07:35]

Universality of Criticism

Bipartisan concern: Both Democratic and Republican policymakers express alarm. Unusually, even members of the party in power offer little to no defense.
- “The balance was completely switched...all of these things that are happening are bad, but also there’s a little bit of good.” — Tim Starks [08:59]

Leadership Vacuum

Sean Planky’s unconfirmed leadership: Senate confirms are stalled, weakening CISA’s influence at the highest administrative levels.
- "The idea of having a Senate confirmed leader is that that person has more standing...maybe then a lot of the animosity that this administration came in with towards CISA...would be different." — Tim Starks [09:53]
- Criticism of the acting director’s lack of effectiveness. [10:53]

Pockets of Remaining Value

Continuing some public warning functions: CISA still issues alerts, binding operational directives, and some threat reports, though with diminished rigor and output.
- "[CISA is] still doing good work on the releasing of reports about what's dangerous." — Tim Starks [11:47]
Regulatory easing: The current administration is more open to revising (loosening) some incident reporting regulations, which some in industry see as positive.
Ongoing reputational damage: Potential hires and defenders express that, despite past skepticism about CISA's necessity, its current state is "a real backslide." [13:47]

Notable Quote

"It's been a real backslide for everybody who cares about the Agency."
— Tim Starks [13:47]

Conclusion: Road Ahead

Massive reorganization lies ahead if CISA is to rebuild its capabilities.
- “A lot of work ahead if CISA is going to fundamentally get on track with its operational reorganization.” — Greg Otto [14:13]

Segment 2: Threat Evolution with the DoD Cybercrime Center (DC3) (14:39–32:32)

Presenters

Leslie Burnas & Jeffrey Hunt

Key Topics & Insights

Cryptocurrency: A New Normal in Cybercrime

Criminal preference for crypto: Cybercriminals increasingly use cryptocurrencies to obscure funds, evade law enforcement, and operate at global scale.
- "Our cyber criminals are increasingly leveraging virtual currencies because this provides them fast cross border movement of illicit funds." — DC3 Expert [15:39]
- Automation via crypto and smart contracts massively lowers the bar for laundering and complicates defensive efforts.
Expanded threat landscape: It's no longer just individual actors—cartels and nation-states now exploit these methods for money laundering and sanctions evasion.
- "We are seeing things at the organized crime level, the cartel level, the nation state level." — DC3 Expert [16:58]
Forensic approaches: DC3 traces funds from known context points (e.g., ransomware wallets), analyzes transaction patterns, and partners across agencies to unmask identities and recover proceeds.
- "If we have an address that was given to a ransomware victim...that gives us a context point." — DC3 Expert [17:23]
- Emphasis on disrupting actors’ financial lifelines and seizing resources wherever possible.
Deterrence through disruption: Prosecuting cybercriminals and restricting their ability to travel demonstrates global reach and disincentivizes attacks.
- "Their feeling of anonymity...is what gives them the comfort to...conduct these illegal activities. So you want to expose them to the world." — DC3 Expert [21:26]

Cybercrime: National Security Imperative

Cybercrime as a strategic threat: No longer a question of simple theft—cyber-enabled crime undermines national power, logistics, innovation, and public trust.
- "Cybercrime is no longer just about stolen data or financial loss. Cyber threats are no longer theoretical, episodic or isolated. They are persistent, adaptive, and increasingly strategic." — DC3 Expert [23:49]
AI and escalation: Artificial intelligence accelerates attacks but can also amplify defense.
- "AI is already being weaponized by cybercriminals, automating, phishing, generating malware...But AI can also be a force multiplier for defense." — DC3 Expert [26:27]
Holistic, partnership-driven defense: DC3 stresses interagency and public-private cooperation, emphasizing trust, information sharing, and agility.
- "Defending against cyber crime requires trust. Trust that sharing information will lead to action and not punishment." — DC3 Expert [27:56]

DC3’s Mission and Approach

Proactive defense: Through digital forensics, vulnerability disclosure, and advanced training, DC3 supports law enforcement and industry in prevention, incident response, and intelligence sharing.
- "This is not reactive defense. This is crime prevention at scale. By finding and fixing weaknesses...we protect both Department of War mission systems and private sector partners." — DC3 Expert [24:56]
Ultimate goal: Make cybercrime costly and unsustainable by shrinking attack opportunities, reducing breach dwell times, and making infrastructure disruption routine.
- "Success is fewer opportunities for cybercriminals, shorter dwell times...faster disruption...and stronger resilience." — DC3 Expert [29:45]

Memorable Moment

"In the digital domain, the threats are real, the stakes are high, but so is our collective capability."
— DC3 Expert [31:34]

Notable Quotes & Timestamps

"CISA has lost a third of its workforce." — Greg Otto [02:19]
"Not only that, but it's who they've lost...really senior people who have been at the agency for a very long time who have left." — Tim Starks [02:32]
"Election security...that was cut to almost nothing..." — Tim Starks [04:03]
"We don't have the idea that we're going to have that kind of expertise spread out among 50 states. It just doesn't work." — ISAC expert via Tim Starks [05:42]
"Their feeling of anonymity...is what gives them the comfort to go ahead and conduct these illegal activities." — DC3 Expert [21:26]
"Cybercrime today is not merely a law enforcement issue. It is an economic threat, a national security threat, and a resilience challenge." — DC3 Expert [24:29]
"AI is already being weaponized by cybercriminals...But AI can also be a force multiplier for defense..." — DC3 Expert [26:27]

Important Timestamps

00:29–14:39: Greg Otto & Tim Starks deep dive into CISA’s decline in capacity, reasons for workforce loss, and leadership paralysis.
14:39–23:49: Leslie Burnas & Jeffrey Hunt (DC3) on the rise of cryptocurrency in cybercrime and evolving investigative strategies.
23:49–32:32: Broader reflections on cybercrime as a national security issue, the importance of partnership, and leveraging AI in cyber defense.

Summary: Takeaways

CISA's operational crisis is deeply rooted in workforce losses, leadership instability, sharp reductions in engagement, and bipartisan alarm.
DC3 sees cybercrime as a holistic, strategic challenge—one that is growing with technological innovation and requires equally innovative, collaborative, and proactive responses.
The future demands not just technical solutions, but trust, coordination, and the resolve to adapt faster than adversaries.

For the full story and more cyber news, visit cyberscoop.com.

Safe Mode Podcast
Episode: Is the 'Shields Up' era of CISA over?
Date: February 26, 2026

Episode Overview

Segment 1: CISA’s Crisis Under Trump—A Deep Dive (00:29–14:39)

Key Topics & Insights

Dramatic Workforce Loss and Operational Decline

A third of CISA's workforce lost: CISA has experienced an exodus, not only losing staff but specifically top, long-tenured experts from both political parties.
- "[CISA has] lost a third of its workforce." — Greg Otto [02:19]
- "It's who they've lost...really senior people who have been at the agency for a very long time." — Tim Starks [02:32]
Operational paralysis: State and local governments and industry contacts report a breakdown in collaboration with CISA due to sheer lack of staff.
- “If you want to get a meeting with CISA, you can't right now, at least not to the extent they used to.” — Tim Starks [03:06]

Decimation of Key Mission Areas

Vital offices gutted: Election security, Secure by Design, stakeholder engagement, critical infrastructure outreach, and the JCDC (Joint Cyber Defense Collaborative) have all been drastically reduced or lost leadership.
- "Election security...was cut to almost nothing...the leadership there is gone." — Tim Starks [04:03]
- "It's lost this, it's lost this, it can't do this anymore." — Tim Starks [04:03]

ISACs and State Reliance

Undermining of centralized cybersecurity: Recent shifts, including executive orders, have pushed responsibilities to the states—something interviewees argue is both unrealistic and dangerous given massive disparities in state-level expertise.
- "We don't have the idea that we're going to have that kind of expertise spread out among 50 states. It just doesn't work. That's why you need a centrally coordinating function." — Tim Starks (paraphrasing Health ISAC leader) [05:42]
- The ongoing Conduent breach highlights the vacuum left by CISA’s diminished role in coordination. [06:55]

Readiness for Crisis

Loss of crisis response capability: CISA’s once vital role in scorekeeping, coordination, and response during incidents like the Change Healthcare breach (2024) may now be impossible to reproduce.
- "[In past breaches] CISA did a great job...I'm not sure that they would be able to do that now." — Tim Starks, relaying Health ISAC feedback [07:35]
- Experts doubt CISA’s ability to manage a large-scale threat, such as potential activation of Volt Typhoon Chinese malware. [07:35]

Universality of Criticism

Bipartisan concern: Both Democratic and Republican policymakers express alarm. Unusually, even members of the party in power offer little to no defense.
- “The balance was completely switched...all of these things that are happening are bad, but also there’s a little bit of good.” — Tim Starks [08:59]

Leadership Vacuum

Sean Planky’s unconfirmed leadership: Senate confirms are stalled, weakening CISA’s influence at the highest administrative levels.
- "The idea of having a Senate confirmed leader is that that person has more standing...maybe then a lot of the animosity that this administration came in with towards CISA...would be different." — Tim Starks [09:53]
- Criticism of the acting director’s lack of effectiveness. [10:53]

Pockets of Remaining Value

Continuing some public warning functions: CISA still issues alerts, binding operational directives, and some threat reports, though with diminished rigor and output.
- "[CISA is] still doing good work on the releasing of reports about what's dangerous." — Tim Starks [11:47]
Regulatory easing: The current administration is more open to revising (loosening) some incident reporting regulations, which some in industry see as positive.
Ongoing reputational damage: Potential hires and defenders express that, despite past skepticism about CISA's necessity, its current state is "a real backslide." [13:47]

Notable Quote

"It's been a real backslide for everybody who cares about the Agency."
— Tim Starks [13:47]

Conclusion: Road Ahead

Massive reorganization lies ahead if CISA is to rebuild its capabilities.
- “A lot of work ahead if CISA is going to fundamentally get on track with its operational reorganization.” — Greg Otto [14:13]

Segment 2: Threat Evolution with the DoD Cybercrime Center (DC3) (14:39–32:32)

Presenters

Leslie Burnas & Jeffrey Hunt

Key Topics & Insights

Cryptocurrency: A New Normal in Cybercrime

Criminal preference for crypto: Cybercriminals increasingly use cryptocurrencies to obscure funds, evade law enforcement, and operate at global scale.
- "Our cyber criminals are increasingly leveraging virtual currencies because this provides them fast cross border movement of illicit funds." — DC3 Expert [15:39]
- Automation via crypto and smart contracts massively lowers the bar for laundering and complicates defensive efforts.
Expanded threat landscape: It's no longer just individual actors—cartels and nation-states now exploit these methods for money laundering and sanctions evasion.
- "We are seeing things at the organized crime level, the cartel level, the nation state level." — DC3 Expert [16:58]
Forensic approaches: DC3 traces funds from known context points (e.g., ransomware wallets), analyzes transaction patterns, and partners across agencies to unmask identities and recover proceeds.
- "If we have an address that was given to a ransomware victim...that gives us a context point." — DC3 Expert [17:23]
- Emphasis on disrupting actors’ financial lifelines and seizing resources wherever possible.
Deterrence through disruption: Prosecuting cybercriminals and restricting their ability to travel demonstrates global reach and disincentivizes attacks.
- "Their feeling of anonymity...is what gives them the comfort to...conduct these illegal activities. So you want to expose them to the world." — DC3 Expert [21:26]

Cybercrime: National Security Imperative

Cybercrime as a strategic threat: No longer a question of simple theft—cyber-enabled crime undermines national power, logistics, innovation, and public trust.
- "Cybercrime is no longer just about stolen data or financial loss. Cyber threats are no longer theoretical, episodic or isolated. They are persistent, adaptive, and increasingly strategic." — DC3 Expert [23:49]
AI and escalation: Artificial intelligence accelerates attacks but can also amplify defense.
- "AI is already being weaponized by cybercriminals, automating, phishing, generating malware...But AI can also be a force multiplier for defense." — DC3 Expert [26:27]
Holistic, partnership-driven defense: DC3 stresses interagency and public-private cooperation, emphasizing trust, information sharing, and agility.
- "Defending against cyber crime requires trust. Trust that sharing information will lead to action and not punishment." — DC3 Expert [27:56]

DC3’s Mission and Approach

Proactive defense: Through digital forensics, vulnerability disclosure, and advanced training, DC3 supports law enforcement and industry in prevention, incident response, and intelligence sharing.
- "This is not reactive defense. This is crime prevention at scale. By finding and fixing weaknesses...we protect both Department of War mission systems and private sector partners." — DC3 Expert [24:56]
Ultimate goal: Make cybercrime costly and unsustainable by shrinking attack opportunities, reducing breach dwell times, and making infrastructure disruption routine.
- "Success is fewer opportunities for cybercriminals, shorter dwell times...faster disruption...and stronger resilience." — DC3 Expert [29:45]

Memorable Moment

"In the digital domain, the threats are real, the stakes are high, but so is our collective capability."
— DC3 Expert [31:34]

Notable Quotes & Timestamps

"CISA has lost a third of its workforce." — Greg Otto [02:19]
"Not only that, but it's who they've lost...really senior people who have been at the agency for a very long time who have left." — Tim Starks [02:32]
"Election security...that was cut to almost nothing..." — Tim Starks [04:03]
"We don't have the idea that we're going to have that kind of expertise spread out among 50 states. It just doesn't work." — ISAC expert via Tim Starks [05:42]
"Their feeling of anonymity...is what gives them the comfort to go ahead and conduct these illegal activities." — DC3 Expert [21:26]
"Cybercrime today is not merely a law enforcement issue. It is an economic threat, a national security threat, and a resilience challenge." — DC3 Expert [24:29]
"AI is already being weaponized by cybercriminals...But AI can also be a force multiplier for defense..." — DC3 Expert [26:27]

Important Timestamps

00:29–14:39: Greg Otto & Tim Starks deep dive into CISA’s decline in capacity, reasons for workforce loss, and leadership paralysis.
14:39–23:49: Leslie Burnas & Jeffrey Hunt (DC3) on the rise of cryptocurrency in cybercrime and evolving investigative strategies.
23:49–32:32: Broader reflections on cybercrime as a national security issue, the importance of partnership, and leveraging AI in cyber defense.

Summary: Takeaways

CISA's operational crisis is deeply rooted in workforce losses, leadership instability, sharp reductions in engagement, and bipartisan alarm.
DC3 sees cybercrime as a holistic, strategic challenge—one that is growing with technological innovation and requires equally innovative, collaborative, and proactive responses.
The future demands not just technical solutions, but trust, coordination, and the resolve to adapt faster than adversaries.

For the full story and more cyber news, visit cyberscoop.com.

Get Free Podcast Summaries in Your Inbox

Pick Your Shows

Subscribe Free

Get Instant Summaries

Summary

Episode Overview

Segment 1: CISA’s Crisis Under Trump—A Deep Dive (00:29–14:39)

Key Topics & Insights

Dramatic Workforce Loss and Operational Decline

Decimation of Key Mission Areas

ISACs and State Reliance

Readiness for Crisis

Universality of Criticism

Leadership Vacuum

Pockets of Remaining Value

Notable Quote

Conclusion: Road Ahead

Segment 2: Threat Evolution with the DoD Cybercrime Center (DC3) (14:39–32:32)

Presenters

Key Topics & Insights

Cryptocurrency: A New Normal in Cybercrime

Cybercrime: National Security Imperative

DC3’s Mission and Approach

Memorable Moment

Notable Quotes & Timestamps

Important Timestamps

Summary: Takeaways

Summary

Episode Overview

Segment 1: CISA’s Crisis Under Trump—A Deep Dive (00:29–14:39)

Key Topics & Insights

Dramatic Workforce Loss and Operational Decline

Decimation of Key Mission Areas

ISACs and State Reliance

Readiness for Crisis

Universality of Criticism

Leadership Vacuum

Pockets of Remaining Value

Notable Quote

Conclusion: Road Ahead

Segment 2: Threat Evolution with the DoD Cybercrime Center (DC3) (14:39–32:32)

Presenters

Key Topics & Insights

Cryptocurrency: A New Normal in Cybercrime

Cybercrime: National Security Imperative

DC3’s Mission and Approach

Memorable Moment

Notable Quotes & Timestamps

Important Timestamps

Summary: Takeaways