After years of aggressive growth and regulatory expansion under previous administrations, the workforce and mission of the Cybersecurity and Infrastructure Security Agency are rapidly shrinking.

Why it matters: As nation-state attacks on critical infrastructure intensify, states and private companies lack the capacity to fill the gaps left by CISA's retreat, former officials tell Axios.

Driving the news: Congress is pursuing what will likely be a significant budget decrease for the agency in the upcoming fiscal year, although the exact cuts are under debate.

• House appropriators have proposed a $135 million cut to the agency's $3.01 billion budget from last year — far less than the $495 million cut the Trump White House initially proposed, though still substantial.
• The White House's budget request also called for a 10% cut in overall cybersecurity spending across civilian agencies compared with 2024 levels.

The big picture: Based on the proposed budget cuts and workforce reductions, don't expect as many public events or major public awareness campaigns coming from CISA during the second Trump administration.

• Instead, the agency is likely to revert to a scaled-back role that focuses on protecting federal government networks and tracking digital threats against critical infrastructure, former officials say.
• "They want CISA to be this technocratic, inward-looking, almost shy, part of the federal enterprise," said Andrew Grotto, a research scholar at Stanford University and former White House cyber policy senior director in the Obama and first Trump administrations.

State of play: Before the passage of the "One Big Beautiful Bill," much of CISA's surplus budget — nearly $144 million, according to one senator — was reallocated to U.S. Immigration and Customs Enforcement to help fund the administration's mass deportation plans.

• A third of the workforce has already left the agency through voluntary buyouts, early retirement or layoffs.
• A major information-sharing council shut down earlier this year. Some critical infrastructure operators say they've had radio silence from the agency in recent months, Michael Daniel, CEO of the Cyber Threat Alliance and a former Obama White House official, told Axios.
• Daniel added that many of CISA's regional office employees have departed and it's unlikely they'll be replaced, potentially weakening incident response efforts across sectors.

Zoom in: Reallocating CISA's surplus likely means the agency can't make extra investments to build out major programs like Secure-by-Design or the Joint Cyber Defense Collaborative.

• "They are really putting a lot of energy into the core programs of record at CISA in their budget request," Chris Cummiskey, former Department of Homeland Security acting undersecretary for management during the Obama administration, told Axios.
• The White House's budget proposal called for shutting down CISA's external engagement offices and its work on countering foreign-backed disinformation. The House-passed budget leaves those offices' fates up to Senate appropriators.
• "Threat hunting, incident response — you name it — we're going to have less of it," Daniel said.

Flashback: CISA spent the last few years building up its reputation as the go-to partner for federal agencies, critical infrastructure operators (ranging from smaller regional utilities to Fortune 50 behemoths), and international agencies.

• The agency focused on a sprawling number of tasks, including protecting government IT networks, coordinating threat information between the private and public sectors, and building up its international and private sector engagement programs to fend off threats across borders.

Between the lines: As CISA scales back, states will be expected to provide more resources to their critical infrastructure operators and federal officials will likely lean more on automation to fill the gaps, Grotto noted.

• But it will be years until AI tools are advanced enough to take on everything being cut today, Grotto said, and states need more funding to be able to pick up what's left.
• "Expecting some rural water utility to go head-to-head with China's [Ministry of State Security], that's a fool's errand," he added, criticizing assumptions in the budget that states or automation can fully replace federal cyber support.

Yes, but: While CISA is quickly changing, it's possible some of these changes will be reversed.

• Sean Plankey, the administration's pick to lead CISA, has yet to have a nomination hearing.
• Private sector companies are still in a "wait-and-see" mode, Daniel said.
• Marci McCarthy, director of public affairs at CISA, said in a statement that the agency is "laser-focused on securing America's critical infrastructure and strengthening cyber resilience across the government and industry."
• "We continue to drive greater efficiency, strengthen our partnerships, provide actionable threat intelligence and safeguard the homeland," she added.

If Fortune 100 companies want to fix their cybersecurity hiring woes, they may need to start by rethinking their own job postings, according to a new report from cybersecurity firm Expel.

Why it matters: Many cybersecurity job listings still rely on outdated titles and fail to offer the flexibility or benefits that top talent expects — making it harder for major companies to attract and retain skilled workers.

By the numbers: Only 8% of available cybersecurity jobs at Fortune 100 companies offered remote work, according to the report, released today and shared exclusively with Axios.

• Just 10% of listings mentioned mental health support.
• Employers filled remote and hybrid roles three times faster than in-office-only jobs.
• Expel researchers studied cybersecurity job listings at Fortune 100 companies on LinkedIn and Indeed between March 6 and March 9.

The big picture: The cybersecurity industry has long struggled with recruiting and retention. The U.S. currently has enough cybersecurity professionals to fill only 74% of open roles, according to federal data.

• The field's long hours and high-stakes environments also leave teams particularly vulnerable to burnout.

What they're saying: "We are going to have to evolve and we are going to have to find ways to manage the teams and get access to that broader talent pool," Jason Rebholz, advisory CISO at Expel, told Axios.

Between the lines: Rebholz said HR teams often lack market data on cybersecurity roles, which makes it difficult to offer competitive compensation and benefits.

• Over the last four years, he's had to seek special approval for new pay bands with each role he's been hired for — underscoring just how difficult it is to navigate corporate hiring structures.

The bottom line: As more people enter the cybersecurity field, companies should consider embracing remote work, expanding mental health benefits, and modernizing job titles and pay structures to stay competitive, Rebholz said.

CrowdStrike says it has spent the year since its global outage doubling down on improving the resilience of its security products.

Why it matters: The cybersecurity giant's response to the outage helped it avoid mass customer exits and detrimental financial hits.

What they're saying: "We're a stronger company today than we were a year ago," CEO George Kurtz wrote on LinkedIn. "The work continues. The mission endures. And we're moving forward: stronger, smarter, and even more committed than ever."

Flashback: On July 19 last year, CrowdStrike pushed a defective update to its software that crashed millions of Windows systems around the world and left them with the dreaded "Blue Screen of Death."

• Thousands of flights were canceled. Health care systems canceled outpatient operations. Schools canceled classes, and government agencies couldn't conduct basic services.

Zoom in: In a blog post yesterday, CrowdStrike president Mike Sentonas wrote that the company spent the last year focused on making its platform more resilient to operational issues like the July 19 outage.

• Many of the improvements CrowdStrike made to its products rely on predicting potential problems — rather than responding to incidents once they happen.
• "It's about creating intelligence that responds dynamically to changing conditions, diverse environments, and evolving threats," Sentonas wrote.
• Customers now have increased control over what updates and configurations they deploy and when they run them.

What's next: Sentonas added that the company is planning to hire a new chief resilience officer to oversee future improvements to this work.

• "This work isn't finished and never will be," he said. "Resilience isn't a milestone — it's a discipline that requires continuous commitment and evolution."

Elon Musk's xAI announced yesterday it had secured a Pentagon contract worth up to $200 million.

The big picture: The move is part of the Pentagon's adoption of advanced artificial intelligence capabilities to address national security challenges.

• As part of that goal, the Chief Digital and Artificial Intelligence Office, which sets AI standards for the Defense Department, also announced awards to Anthropic, Google and OpenAI.

Driving the news: xAI unveiled the new Pentagon contract while announcing its new Grok for Government offerings — which are also now available to "every federal government, agency, or office."

• "Under the umbrella of Grok for Government, we will be bringing all of our world-class AI tools to federal, local, state, and national security customers," xAI said.
• The company said federal customers could use Grok to "accelerate America" and make "everyday government services faster and more efficient."
• The announcement came amid the fallout from the blatantly antisemitic responses Grok gave some X users last week.

What they're saying: Douglas Matty, chief digital and AI officer at the Defense Department, said in a statement that the adoption of AI is "transforming the Department's ability to support our warfighters and maintain strategic advantage over our adversaries."

@ D.C.

🌎 The State Department's Bureau of Cyberspace and Digital Policy lost multiple people as part of the broader, department-wide layoffs last week. (Nextgov)

🪖 Trump's "One Big Beautiful Bill" directs $1 billion over the next four years to the Defense Department for undefined offensive cyber operations. (TechCrunch)

🗳️ 80% of local election officials say they want CISA to provide the same or more support in the upcoming elections than it did in 2024. (Axios)

@ Industry

🇨🇳 Microsoft has been relying on engineers based in China to help maintain the Defense Department's computer systems with minimal technical oversight, according to a new investigation. (ProPublica)

💰 Zip Security, a cybersecurity company focused on protecting small and midsize businesses, raised a $13.5 million Series A round led by Ballistic Ventures. (Axios)

💸 Data security company Virtru raised a $50 million Series D round that values the company at $500 million. (Fortune)

@ Hackers and hacks

🚔 U.K. law enforcement have arrested four people tied to a hacking spree against British retailers, including Marks & Spencer. (Bloomberg)

⚠️ Someone hacked Elmo's X account over the weekend and made a series of antisemitic, racist and anti-Trump posts. (Axios)

👀 A DOGE employee accidentally exposed the private API key for xAI, leaving more than four dozen of the company's large language models exposed online. (Krebs on Security)

The look-alike contest phenomenon has arrived at DEF CON:

• 🎉 If you look like security influencer and Huntress threat analyst John Hammond and you'll be in Vegas next month — boy, do I have good news for you!