After two decades at the Department of Homeland Security (DHS), Brandon Wales, the executive director of the Cybersecurity and Infrastructure Security Agency (CISA), will step down next week. His tenure witnessed the transformation of cybersecurity from a small part of DHS’s mission to a critical focus involving billions of dollars and thousands of personnel. This change reflects the growing importance of cybersecurity in national security and infrastructure protection missions.
Compared to previous reports, Wales’ reflections show a consistent emphasis on evolving cyber threats and the importance of public-private partnerships. His tenure also highlights significant incidents like the Office of Personnel Management breach and the Sony hack under the Obama administration, as well as the establishment of CISA and election security concerns during Trump’s presidency. These events underscore the dynamic nature of cybersecurity challenges that DHS and CISA have navigated over the years.
Public-Private Partnerships
Wales underscored the enduring strength of public-private partnerships in cybersecurity. He highlighted that despite changing operational environments, the collaboration between the public and private sectors has remained a constant and crucial element of CISA’s strategy. “It continues to be a real strength,” he noted, emphasizing the importance of these relationships in achieving mission objectives. This collaboration is vital for addressing complex cyber threats effectively.
Key Accomplishments and Challenges
During his tenure, Wales held various positions, including leading the cybersecurity section of the 2009 Quadriennal Homeland Security Review. He also served as acting director of CISA after Chris Krebs was dismissed by then-President Donald Trump. Wales managed the agency through critical events like the Russian SUNBURST cyberattack on SolarWinds, which compromised multiple federal agencies. “That is probably something that I’m most proud of,” he said, reflecting on CISA’s response to the incident and the systemic changes implemented as a result.
Wales highlighted the evolution of federal cybersecurity, noting significant improvements and the establishment of CISA as a formidable entity. When he began, he worked with a small team, but now, CISA boasts a 3,000-person workforce tackling major cybersecurity challenges. He pointed out two primary future tasks for CISA: addressing cyber threats from the People’s Republic of China and finalizing rules under the 2022 cyber incident reporting legislation.
As he transitions to a private-sector role, Wales expressed a desire to view the mission from a different perspective. “I spent a lot of time over the last 20 years working with the private sector, but never sat in their shoes,” he said. His next move aims to bridge this experience gap. CISA Director Jen Easterly praised Wales’ leadership, stating, “Brandon has guided CISA through some of the most serious threats facing our Nation.”
Brandon Wales’ departure marks the end of an era for CISA. His reflections highlight the agency’s progress and the critical role of public-private collaboration in addressing cyber threats. Future challenges for CISA will include mitigating risks from state actors like China and implementing new cyber incident reporting rules. For those involved in cybersecurity, Wales’ career offers valuable insights into the importance of adaptability and collaboration in this ever-evolving field.
