Organizations must seek alternative cybersecurity support as CISA downsizes
CISA is one of those government tools that’s been doing a lot of the heavy lifting in U.S. cybersecurity. They’ve handled everything from national threat alerts to on-the-ground support for physical and cyber risk assessments. But here’s the reality: CISA is shrinking. Over 130 roles have already been cut, and all signs point to more reductions. Their workforce stood at around 3,200, based on the FY2025 budget. That number is now trending down. For companies and agencies that have leaned on CISA for hands-on guidance, intelligence, or support, that’s a loss of ground cover during a time when cyber threats aren’t slowing down.
CISA has provided threat briefings, incident response, and training tailored for critical infrastructure, including sectors like energy, finance, and elections. And not everything they offer can be replicated at the state or local level. Al Schmidt, Pennsylvania’s Secretary of the Commonwealth, said outright that he’s concerned about election security now that federal support is fading. It means state and local authorities, and the private sector, are going to have to step up.
Executive leadership needs to see this change not just as a gap, but as a trigger for action. If your organization has relied on federal cybersecurity services, it’s time to rethink your model. Build resilience by identifying where those government services touched your operations, and then run your own risk assessments to find substitutes. Don’t wait around for new federal funding, you need a clear plan today.
We’re moving into a phase where businesses and governments must take more direct ownership of their cybersecurity posture. It’s a transition, but also an opportunity to create something more tailored, more responsive, and ultimately more scalable. Government agencies were never designed to be your full security team, they were support. Now, that support is thinning, and responsibility is shifting. Forward-thinking organizations will adjust faster, with better results.
The private cybersecurity sector is poised to fill the service gaps
The U.S. leads the world in cybersecurity innovation. The private sector here is filled with talent, expertise, and technology that’s light-years ahead of what most governments can offer. As CISA trims its operations, companies don’t need to panic, they need to pivot. There are already commercial security firms delivering real-time threat intel, high-grade incident response, and managed security services at scale. Many of these firms are already working closely with critical infrastructure providers, often offering support at reduced cost or even free for certain sectors.
We’ve heard clearly from people who know this system from the inside. Nitin Natarajan, former Deputy Director at CISA, pointed out that states, universities, and private companies are actively building out capabilities to plug the gaps. Brandon Wales, who previously led operations at CISA and is now VP of Cybersecurity Strategy at SentinelOne, said the private sector’s strength is its flexibility and depth, it’s already stepped in, and it’s prepared to take on more if needed.
For executive decision-makers, the call now is to review which services your business relied on from CISA and engage providers in the private market that can offer equivalent, and in many cases, stronger, support. These players are not new to the field. They understand the needs of scale, compliance, and speed. Whether you’re operating in finance, industrial systems, or public services, there are vendors ready to integrate directly into your workflows.
The upside here is that the market already knows how to move fast. Private firms operate on competition, not appropriations. They fund innovation and move on demand. As public-sector bandwidth shrinks, expect top-tier private providers to expand their offerings and make services even more accessible. The opportunity for enterprises is to take full control of their environment, choose partners carefully, make speed a priority, and ensure your teams are trained to collaborate effectively with outside security experts. We’re not losing capability. It’s just shifting to a different layer. The best move now is to lean in decisively.
State and local governments must improve self-reliance in cybersecurity
The reduction in CISA’s workforce directly impacts state and local governments. Many of these agencies don’t have the scale, staffing, or budget flexibility to absorb the loss. Until now, they’ve relied heavily on federally funded services like cyber assessments, threat briefings, and incident coordination. That era is ending. As these resources are pulled back, state and municipal leaders need to take ownership and move quickly to protect their critical systems.
Riaz Lakhani, Chief Information Security Officer at Barracuda, made a key point: state and local agencies will need to increase their reliance on private Information Sharing and Analysis Organizations (ISAOs). These groups are valuable, but engagement will require funding. Public budgets are thin, so the challenge for local governments now is not just operational, it’s financial. Getting ahead means finding new ways to fund cybersecurity. That includes justifying these investments to policymakers and tying them directly to the resilience of digital infrastructure.
Self-reliance doesn’t mean going it alone. Smart governments are forming collaborative teams internally and reaching out to proven commercial entities. Coordinated action requires building internal response capacity, securing advanced detection tools, and establishing threat intelligence workflows that don’t stop at collecting data, they act on it. This is an area where private-sector expertise can be embedded directly into local efforts, if leaders are willing to shift mindset and budget.
C-suite leaders in the public sector don’t have the luxury of slow planning. Cybersecurity attacks won’t wait for the next funding cycle. Investing now reduces risk later, and gives organizations the ability to respond in real time. It’s not about spending more for the sake of it, but about directing funds where they matter most: staffing, detection capability, and proactive threat intelligence. The cities and counties that put real ownership behind cybersecurity will outperform those that default to waiting for federal rescue. That rescue is no longer guaranteed.
Enterprises must prioritize building internal cybersecurity competence and intelligence
Relying solely on outside cybersecurity help isn’t a long-term strategy. With CISA scaling back and private ISACs under financial pressure, companies, especially mid-sized and large enterprises, need to develop serious in-house capability. That means investing in cybersecurity teams that detect threats and analyze and respond in real time.
Riaz Lakhani, CISO at Barracuda, pointed out that organizations should focus on acquiring advanced threat intelligence platforms, tools that provide clear, actionable insights instead of overwhelming data. But tools without skilled people don’t create value. Training internal staff to understand, interpret, and act on threat intelligence is just as critical as investing in the platforms themselves.
Jake Williams, Vice President of Research and Development at Hunter Strategy, emphasized that enterprises, especially larger ones, should be building and scaling internal cyber threat intelligence (CTI) teams. He also noted that many smaller members of traditional Information Sharing and Analysis Centers (ISACs) were relying on DHS grants to maintain their participation. With that funding now at risk, even established sharing networks may become less useful. That’s a signal to build internal strength where you can control it.
Post-incident reviews are another overlooked area. When a breach or attack happens, inside your company or anywhere else, use it as a learning opportunity. Dissect what happened, how threat intelligence factored in (or didn’t), and what could be done differently. Developing this kind of muscle memory inside the organization makes response faster and smarter over time.
C-level leaders need to drive this. It’s no longer enough to delegate cybersecurity to a team and hope they follow best practices. The position of your company in the market depends heavily on trust and uptime. You strengthen both by building your own capability, not as a backup, but as a standard operating foundation. Threats are getting more complex. Your team needs to be smarter, faster, and more autonomous than ever.
Public-private collaboration models in cybersecurity are facing new challenges
As CISA reduces its footprint, the traditional model of collaboration between the federal government and the private sector in cybersecurity is facing significant strain. For many years, federal agencies played a central role in incident coordination, threat intelligence distribution, and cross-sector partnerships. That level of support is weakening, and organizations need to adjust both their expectations and their operational models.
Austin Berglas, Global Head of Professional Services at BlueVoyant and former head of cyber for the FBI in New York, made this clear: while agencies like CISA and the FBI remain important players, they simply don’t have the scale, time, or budget to meet the growing demand for continuous, hands-on cybersecurity support. This gap means that private companies must move quickly to reassess current partnerships and identify where commercial security providers can fill the operational void.
Security partnerships are not interchangeable. Government involvement often brings strategic context, legal coordination, and national intelligence. Private-sector providers bring agility, specialization, and around-the-clock service. Understanding these differences is key for leadership. You can’t duplicate federal channels, but you can design a security environment that blends rapid response from private firms with strategic awareness from selective public engagement.
Start by auditing current dependencies on federal flows of intelligence or response coordination. Then, match those functions with private vendors or internal capabilities. Ensure contracts are in place, service levels are clear, and your teams know exactly who to call, and when.
This is also the right moment to invest in relationships, not just transactions. The more embedded your security vendors are in your environment, the faster and more effectively they operate when real threats occur. And as national cybersecurity strategy continues to evolve, the companies that stay adaptive, decentralized, and invested in their own partnerships will stay ahead of disruptions. Expectations must shift—but capabilities don’t have to decline. You build that by acting early and allocating with precision.
Key takeaways for leaders
- Prepare for reduced federal cybersecurity support: CISA’s ongoing downsizing has already cut over 130 roles, limiting future availability of its critical services. Leaders should quickly assess dependencies on federal cybersecurity support and identify alternative providers to maintain operational resilience.
- Shift cybersecurity reliance to private sector partners: The U.S. private sector has the technical depth and infrastructure to fill many federal capability gaps. Executives should evaluate and contract with vendors offering threat intel, managed security, and rapid incident response to cover lost support.
- Strengthen state and local resilience through strategic investment: State and local governments must become more self-reliant, tapping into private ISAOs and reallocating public budgets for advanced detection tools and internal response capabilities. Leaders should prioritize funding to build sustainable cybersecurity programs.
- Build internal cyber intelligence that scales: Enterprises should develop in-house cyber threat intelligence (CTI) teams and workflows that can analyze and act on data independently. This builds long-term autonomy and reduces risk exposure from volatile external dependencies.
- Rethink public-private collaboration strategies: Traditional collaboration models are weakening due to reduced federal bandwidth. Business leaders must reinforce relationships with private security firms and embed them strategically into their security operations to preserve response readiness.
