For Kelly Shaw, unemployment is unfamiliar territory. “I’ve never been in this situation before. I’ve never been fired,” Shaw said, suddenly quiet, while seated at her kitchen table in Northern Virginia.
Nearly three years ago, the longtime senior intelligence analyst left the Navy, after being recruited by the nation’s top cyber defense agency and rising up through the ranks. Eventually, Shaw helped establish a congressionally mandated program designed to continuously monitor and detect cyber breaches of the nation’s power grid, pipelines and water system – installing sensors across critical infrastructure designed to detect insider threats and foreign adversaries like China, Russia and Iran.
“It was all about the information we can get within networks to find the bad guys – any indicators of compromise, evidence of the adversary, moving through a network and attempting to do bad things. That’s what we did,” Shaw said, pausing. “Well, that’s what some will still do.”
The former manager for the Cybersecurity and Infrastructure Agency’s “CyberSentry” program, Shaw was also among the 130 probationary CISA workers mass fired in the “Valentine’s Day Massacre” during the holiday weekend last month.
That weekend, the form letter termination notices arrived for over 4% of CISA’s workforce, telling them they were “not fit for continued employment because your ability, knowledge and skills do not fit the Agency’s current needs.” Among them were the nation’s threat hunters, incident response team members, disabled veterans and employees who’d already signed onto the federal government’s deferred resignation program.
Others were former private sector workers who left lucrative jobs making seven-figure salaries to join the federal government and officials recruited into DHS’ innovative hiring program — dubbed the “Cyber Talent Management System” — and analysts with top secret security clearances.
“I waited literally 13 months from the moment I got my offer letter to the moment I started this job,” said former cybersecurity specialist Paula Davis, recounting her arduous security clearance process. Before her termination letter arrived in her email inbox, Davis said she was required to send agency leadership an email justifying her position, but she never received a response.
Davis spent her days analyzing code for state and local municipalities, identifying risks or abnormalities across the nation’s aging critical infrastructure.
“We’re being targeted daily, hourly and every single minute,” Davis said, citing suspected cybercriminals’ attempts to infiltrate water systems and the power grid. She called her role fighting those intrusions her “dream job.”
“I didn’t take an oath to the Constitution just to start getting a paycheck,” Davis said, “Or else I would have just gone back into the private sector. I would have stayed at a big corporation.”
Since last month, the rapid-fire firings have shaken lawmakers and high-ranking officials, leaving many current and former employees dumbfounded. CBS News has spoken with over a dozen current and former CISA employees, including several who were granted anonymity in interviews, due to fear of reprisal.
“These are the people that are the first line of defense in responding to incidents like Volt Typhoon and Salt Typhoon, and if we go even further back, SolarWinds,” said one former CISA employee, referencing a string of foreign cyber espionage campaigns dating back to President Trump’s first administration.
“These are elite hunters that look across critical infrastructure and government networks to figure out if these bad actors are active in these networks,” the former employee continued. “The people who find how deeply they’ve penetrated and ‘how do we get them out of there?'”
Democratic Rep. Bennie Thompson of Mississippi, the ranking member of the House Homeland Security Committee, warned at a hearing Wednesday that lawmakers are hearing that “significant cuts are coming for the remaining workforce” at CISA.
“That kind of talent, you just don’t find it every day,” Thompson told CBS News. “You have to convince many of those individuals to leave lucrative private sector employment and come and accept the public mission of securing our cyber security systems and protecting our country.”
In a post on LinkedIn, last month, Former CISA Director Jen Easterly wrote that the agency had hired over 2,000 new employees during her more than three-year tenure.
Since 2021, CISA’s “strategic recruitment” program – congressionally mandated and more than seven years in the making – has competed with the private sector to attract and retain world-class talent to execute a core mission of the Department of Homeland Security, which oversees CISA. Cyber Talent Management System or “CTMS” hires were by law employees with “measurable or observable” attributes including “knowledge, skills, abilities and behaviors.“
A former human resources employee for CISA who was among those fired told CBS News that before his termination, he was tasked with compiling a list of probationary employees, and among them were over 100 CTMS staff members.
“Everybody in CTMS is automatically in a three-year probation, so it’s easier to get rid of them,” the former HR employee told CBS News. “Close to 99% of our CTMS employees were probationary.”
“You are extinguishing the best and brightest in one fell swoop,” a current CISA employee said.
A CISA spokesperson told CBS News in a statement that the agency had 142 employees as part of its talent recruitment program, but did not disclose the number of employees fired.
Shaw was among the first recruits to the “CTMS” program, entering with 12 years of government service, two master degrees in electrical engineering and cybersecurity, plus at least nine different specialized cyber certifications.
“I had such confidence,” Shaw said. “With all my prior experience. I just completed my doctorate in May of last year. So I thought I was well positioned to stay at CISA….But when I saw that executive order come through about probationary employees, I kind of panicked.”
In a statement to CBS News, DHS spokesperson Tricia McLaughlin said the Trump administration is “making sweeping cuts and reform across the federal government to eliminate egregious waste and incompetence that has been happening for decades at the expense of the American taxpayer.”
“To me, knowing how sleek and how well organized of an engine we had at CISA, that’s a lie,” Shaw said of the effort to slash federal spending by eliminating federal workers. “I don’t know who else is going to be cut loose from our nation’s cyber defense organizations. But I’m worried about that. I’m worried about that. This should be the last place that we should be cutting this expertise.”
Along with firing scores of probationary workers, over the last month, CISA has put on leave at least a dozen employees who are tasked with stopping foreign interference in U.S. elections, part of a wider trend of dismantling U.S. efforts to fight foreign meddling in elections.
But concerns stemming from cybersecurity workforce cuts extend beyond the CISA workforce.
Former NSA cybersecurity director Rob Joyce raised “grave concerns” that aggressive threats to cuts of U.S. government probationary employees will have a “devastating impact on the cybersecurity and our national security.”
“At my former agency, remarkable technical talent was recruited into developmental programs that provided intensive unique training and hands-on experience to cultivate vital skills,” Joyce said. “Eliminating probationary employees will destroy a pipeline of top talent responsible for hunting and eradicating [Chinese] threats.”
To help assist fired employers at her former agency, Easterly has created a matching website to connect former CISA alumni and prospective employers.
For his part, Thompson has started a hotline to encourage fired employees at the Department of Homeland Security and its components to share their stories.
After the Trump administration tapped the Office of Personnel Management to fire federal employees en masse, a federal judge temporarily blocked it, citing OPM’s lack of authority to fire employees at other agencies. This week, OPM updated its guidance to reflect that firing decisions are made by individual departments and agencies, spurring the rehiring or reinstatement of batches of fired workers in the weeks since. CISA has yet to follow suit.
Asked if she’d return to the agency, Shaw paused. “I would have to go back,” she finally said, citing CISA’s essential mission and a regular paycheck. “I mean, they’d have to earn my trust back. But I don’t know how you do that.”
Colby Hochmuth contributed to this report.
