The Cybersecurity and Infrastructure Security Agency (CISA) has clarified it didn’t lay off hundreds of red teamers but ended their contracts — a move now raising serious concerns about weakening US cyber defenses.
The decision came as part of the Department of Government Efficiency (DOGE), led by Elon Musk, which aims to slash federal spending. However, cybersecurity experts fear this cost-cutting push could disrupt vital threat intelligence operations that many US organizations — public and private — rely on to protect their networks from cyberattacks.
The alarm was first raised by Christopher Chenoweth, a senior penetration tester at the Department of Homeland Security (DHS). In a LinkedIn post on Feb. 28, he revealed that the government abruptly canceled the contract supporting him and more than 100 other red team specialists. “DOGE cut a second CISA red team doing mission-critical work the following week,” Chenoweth added. “Now, many of us are looking for new opportunities.” His post quickly attracted attention from top cybersecurity firms eager to hire laid-off talent.
CISA responded on March 12 with a public statement, insisting its red team operations remain fully functional. “Our team continues to work directly with network defenders and system administrators to strengthen critical infrastructure security,” the agency said. “They help refine detection, response, and threat-hunting capabilities across key sectors.”
However, DOGE’s latest figures paint a concerning picture. By mid-March, the agency had cut more than 3,300 personnel, most of whom had been with CISA for nearly a decade. The report didn’t clarify whether those numbers included contract workers like red teamers, leaving many questions unanswered.
Recognizing the talent loss, former CISA director Jen Easterly launched an alumni hiring form to connect affected cyber professionals with private sector employers.
CISA’s red teams play a critical role in defending the nation’s most sensitive networks. These experts simulate real-world cyberattacks, exposing vulnerabilities in government systems and critical infrastructure like energy grids, financial networks, and healthcare.
Unlike most private red teams, CISA shares its findings across industries to strengthen defenses nationwide. Late last year, the red team released a detailed report outlining vulnerabilities discovered during their assessments. They didn’t stop at listing threats — they also recommended fixes to help software providers and infrastructure operators prevent supply chain attacks, improve detection, and close security gaps.
The report went beyond basic indicators of compromise, detailing how attackers gained initial access, what they did next, and how to block those tactics. This kind of intelligence is invaluable for US cyber defenders — and why losing red team resources is so worrying.
Dr. Deepak Kumar, founder and CEO of Adaptiva, says the cuts raise tough questions. “It’s good CISA says the red team is still operational, but are fewer experts now working on these critical threats?” he asks. “Cyber risks evolve fast, and losing momentum is dangerous.”
Kumar warns that if these cuts continue, organizations must brace for gaps in government-provided threat intelligence. “Companies should treat this as a wake-up call,” he adds. “It’s time to strengthen your own vulnerability detection and response because federal support might shrink even more.”
For now, CISA’s red team cuts have sparked a broader debate about how much the country can afford to scale back its cybersecurity efforts — especially when the threat landscape is growing more complex by the day.
