The United States Cybersecurity and Infrastructure Security Agency (CISA) is confronting a pivotal moment following the recent resignations of two senior officials who were instrumental in the agency's Secure by Design initiative. Bob Lord and Lauren Zabierek, both senior advisers at CISA, announced their departures on April 21, 2025, citing personal reasons without providing further details. Their exits have raised concerns about the future of the Secure by Design program, which has been a cornerstone of CISA's efforts to enhance software security across the private sector.
Launched in April 2023, Secure by Design aimed to shift the responsibility for cybersecurity upstream by encouraging software manufacturers to integrate security measures during the design phase. The initiative garnered support from more than 250 technology companies, including industry giants like Microsoft and Google, which committed to practices such as implementing multifactor authentication, reducing default passwords, and improving patching processes. This voluntary approach was designed to foster collaboration between the public and private sectors, promoting a more secure digital ecosystem.
Lord, a former chief security officer at the Democratic National Committee and Yahoo, joined CISA in 2022 and quickly became a leading figure in the Secure by Design initiative. Zabierek, who previously led the Cyber Security Project at Harvard's Belfer Center, joined CISA in 2023.
Both officials expressed pride in their work on Secure by Design, with Zabierek describing it as "one of the most meaningful experiences of my career" and Lord indicating plans to continue contributing to the movement after a short break.
Their resignations come at a time when CISA is undergoing significant changes. The agency has experienced workforce reductions and a shift in leadership priorities under the current administration. Acting CISA Director Bridget Bean emphasized that while the agency's approaches to Secure by Design may evolve, its commitment to the principles remains steadfast.
[RELATED: CISA Cuts: What They Might Mean for Cyber Defense for All]
The tech industry has expressed concern over the potential impact of these leadership changes on the Secure by Design initiative. The Business Software Alliance (BSA) reiterated its support for the principles of Secure by Design, urging CISA to continue its efforts to promote secure software development practices.
As the landscape of federal cybersecurity continues to evolve, the future of Secure by Design will depend on CISA's ability to maintain momentum and adapt to changing political and industry dynamics. The agency's next steps will be critical in determining whether the initiative can sustain its goals and continue to influence the cybersecurity practices of software manufacturers.
The departure of key leaders from CISA's Secure by Design initiative marks a significant turning point for the agency's cybersecurity efforts. While the principles of the initiative remain supported, its future success will hinge on effective leadership, continued industry collaboration, and a commitment to integrating security into the software development lifecycle.
As CISA navigates these challenges, the cybersecurity community will be closely watching to see how the agency adapts and progresses in its mission to enhance national cybersecurity.
Follow SecureWorld News for more stories related to cybersecurity.