How Layoffs Affect Cybersecurity Teams

When Cyber Defenders Are Benched, Everyone’s Risk Goes Up Resilience in cybersecurity is about redundancy, depth, and failsafes. A #government #shutdown shows us what happens when even the nation’s lead cyber agency has to fight with one hand tied behind its back. This week, the Cybersecurity and Infrastructure Security Agency (#CISA) furloughed two-thirds of its workforce, leaving only about 35 percent on duty for “excepted” work. That’s fewer than 900 people to defend federal civilian networks, coordinate incident response, and keep information flowing across states and critical infrastructure. Why does this matter? Because it comes at a precarious moment, an elevated threat environment, and creates a two-fold drag on national readiness: 1. Fewer people doing more with less. Only narrowly defined “excepted” functions continue. Everything else slows or stops: advisories, proactive assessments, voluntary support programs, and surge capacity for incidents. Delays compound risk. 2. Legal guardrails for fast sharing just expired. The liability protections under the Cybersecurity Information Sharing Act of 2015 lapsed. Without them, many companies will hesitate to share indicators, slowing the collective defense loop. We’ve effectively narrowed both manpower and legal authority at once. ⸻ What this means for security leaders • Slower coordination: Routine collaboration, case management, and proactive uplift are delayed. • Longer dwell time: With fewer analysts and chilled sharing, attackers get more breathing room. • Knock-on effects: State teams, ISACs, and infrastructure operators lose the usual federal signal. ⸻ How leaders should respond now 1. Tighten your sharing loops: Lean on ISACs, intel partners, and peer circles. Pre-approve legal guidance so sharing isn’t delayed by risk reviews. 2. Go hypothesis-driven: Don’t wait for advisories, task your blue teams to hunt proactively for threats most likely in your environment. 3. Revisit surge plans: If you expect federal support in an incident, line up private retainer capacity and validate activation paths. 4. Check third-party dependencies: Ask vendors if the shutdown affects their detection and response SLAs. 5. Brief your board: This is not politics, it’s operations. Frame the temporary gap and show how you’re compensating. ⸻ Zooming out Shutdowns cost more than dollars. In cyber, the cost is measured in dwell time, missed signals, and slower defense. Most infrastructure sits in private hands, so when the federal center is strained, we must move faster together. Congress needs to restore both funding and the legal scaffolding for safe, rapid sharing. Until then, act as if you’re on your own, because for now, you are. #CyberSecurity #CISO #CISALeadership #GovernmentShutdown #CyberResilience

CrowdStrike just laid off 500 people. While we're told there's a 4 million person cybersecurity talent shortage. Make it make sense. I'm a cybersecurity recruiter. And I'm watching something that doesn't add up. The headlines say → 4.8 million unfilled cybersecurity jobs globally → 700,000 open positions in the US alone → "Desperate need" for security talent → Companies "can't find" qualified candidates But the reality? → CrowdStrike cut 500 workers (5% of workforce) → Sophos laid off 6% after acquiring Secureworks → CISA lost ~1,000 staff to layoffs and departures → 25% of security teams experienced layoffs this year → 38% faced hiring freezes So which is it? A talent shortage? Or a talent contradiction? Here's what I'm actually seeing Companies aren't cutting security. They're cutting security PEOPLE. And replacing them with • AI-driven tools • Managed security providers • Automation platforms • Outsourced SOCs The uncomfortable truth The "talent shortage" was never about bodies. It was about BUDGET. Companies overhired between 2020-2022. Now CFOs want "efficiency." And "efficiency" means fewer people doing more work. What this means for job seekers: The junior analyst role you're applying for? 150 other people are too. Many of them just got laid off from CrowdStrike, Sophos, or federal agencies. They have experience. Certifications. Clearances. The competition just got brutal. What this means for the industry We don't have a talent shortage. We have a HIRING shortage. Companies want senior engineers at junior prices. They want 10 years experience for entry-level roles. They want unicorns they don't have to train. And when they can't find them? They call it a "skills gap." My hot take Stop telling people to "get into cybersecurity" if you're not willing to hire them when they do. Stop claiming there's a shortage while laying off thousands. Stop blaming candidates for not having experience you won't give them. The cybersecurity talent shortage is real. But it's a shortage of OPPORTUNITY, not people. To everyone who just got laid off You're not the problem. The market is broken. Keep building. Keep networking. Keep going. Your skills are needed. Even if the budget spreadsheets say otherwise. What are you seeing in the market right now? #CyberSecurity #Layoffs #TalentShortage #Recruiting #InfoSec #JobMarket #CareerAdvice

NIST CSRC quietly posted a banner across website: “Due to a lapse in federal funding, this website is not being updated”. Similar banner appeared on the CISA website. I can't help but seeing this as yet another crack in the foundation of global cyber collaboration. Recent budget changes amplify this. Congress approved a $135 million cut to CISA's budget. Buyouts, early retirements and layoffs drove roughly 1,000 employees out of CISA, leaving its workforce around 2,200; divisions that defend federal networks lost hundreds of specialists. Even the MITRE contract for the CVE program nearly lapsed earlier this year. NIST, which underpins global cybersecurity, faces similar headwinds. The WH budget would cut $325 million from NIST’s $1.2 billion budget and eliminate 556 positions, reducing funding for cyber research. Apparently the division already lost more than 20 % of its federal staff and a number of leaders. Before this shutdown. NIST’s frameworks, cryptographic standards and post‑quantum algorithms are adopted worldwide, and CISA’s advisories are used by governments and companies everywhere. When funding lapses halt updates, the world loses a trusted source of guidance. If this trend continues, the knock‑on effects could include: · (Further) fragmentation of standards: governments and private consortia may develop competing frameworks. Global companies will be forced to comply with multiple, potentially conflicting, local standards. · Increased digital sovereignty: regions will increasingly insist on local cryptographic modules and cyber policies rather than relying on U.S.‑based standards. · Slower certification and vulnerability disclosure: backlogs in FIPS 140 and the National Vulnerability Database delay products and patching, creating windows of opportunity for adversaries. It saddens me deeply to see the decline of what was once the backbone of global cybersecurity cooperation. NIST and CISA weren’t just defending the U.S.; they defended the shared cyber commons. Yet in this moment, my only pragmatic advice is that regions must cultivate their own resilience. EU (and others) should build their own vulnerability databases, cryptographic validation infrastructures, secure information sharing frameworks, and interoperability standards. Start local. Then federate. Fragmentation is painful. It weakens trust. It duplicates effort. It slows progress. But redundancy is necessary, if the U.S. can no longer reliably play its previous role. Some of my colleagues argue that “the U.S. shouldn’t be funding cyber for others.” But the truth is: the U.S. profited immensely from being the world’s cyber facilitator, standards setter, and clearinghouse. As this global role erodes, the U.S. will suffer too. The loss of this leadership doesn’t just weaken "others". It weakens all. #NIST #CISA #Cyber #Cybersecurity

When cybersecurity teams are stretched thin, the first to suffer are the most specialized defenses: threat hunting, vulnerability management, and threat monitoring. As I shared my perspective with Nidhi Singal Jain for CSO Online, this creates a dangerous gap in preparedness. Incident response may be protected as long as possible, but without enough people, surge capacity gets hit quickly during major events. In times like these, organizations cannot afford to wait for federal alerts. They need to keep patch cycles tight, especially for known exploited flaws and double down on identity protection with phishing-resistant MFA and regular privilege reviews. Ensuring that detection, logging, and response playbooks are solid is key. The ultimate goal should be to stay alert, stay agile, and reduce dependency on any single source of defense. Read the full story here: https://lnkd.in/d69db4-U #CyberSecurity #ThreatHunting #IncidentResponse #Resilience #RiskManagement #CISO

The U.S. federal government is struggling to attract and retain cybersecurity talent following recent workforce reductions. The Department of Government Efficiency, which has replaced the U.S. Digital Service, has begun voluntary layoffs and firings, significantly affecting the Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security (DHS). Over 130 CISA employees have been let go, disrupting critical cybersecurity functions and demoralizing current staff. Experts highlight the potential negative effects on the government's cybersecurity capabilities, pointing out that budget constraints and higher-paying opportunities in the private sector further complicate recruitment and retention efforts. Recent legislative proposals seek to strengthen the cyber workforce, but the results remain uncertain. https://lnkd.in/g28tx7Jg