{"id":2366,"date":"2025-03-18T00:20:09","date_gmt":"2025-03-18T00:20:09","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=2366"},"modified":"2025-03-18T00:20:09","modified_gmt":"2025-03-18T00:20:09","slug":"white-house-exempts-cyber-pros-from-mass-layoffs-judge-reinstates-cisa-firings","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=2366","title":{"rendered":"White House exempts cyber pros from mass layoffs; Judge reinstates CISA firings"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

The tide may be turning for US federal cybersecurity professionals who have faced job cuts or the threat thereof at the hand of Elon Musk\u2019s Department of Government Efficiency (DOGE).<\/p>\n

Last week the US District Court of Maryland ordered the Trump administration to rehire<\/a> federal government employees previously fired via DOGE initiatives, including probationary employees laid off at the US Cybersecurity and Infrastructure Security Agency (CISA). CISA employees subjected to the layoffs<\/a> received an email informing them that their employment has been restored at the pay rate they had before they were terminated.<\/p>\n

CISA also posted a notice on its website<\/a> asking probationary employees who had not been contacted by the agency to \u201cprovide a password protected attachment that provides your full name, your dates of employment (including date of termination), and one other identifying factor such as date of birth or social security number. Please, to the extent that it is available, attach any termination notice.\u201d<\/p>\n

CISA\u2019s notice says the fired probationary employees, all of whom were hired or promoted within the past three years, will be immediately placed on administrative leave, a paid non-duty status, meaning they will be paid and resume benefits but cannot resume work in their old jobs.<\/p>\n

The sudden reversal of the CISA firings is symptomatic of the turmoil and uncertainty<\/a> that has characterized the DOGE project, creating massive public backlash and questionable improvements<\/a> in government efficiency. Richard F. Forno, director of the UMBC Graduate Cybersecurity Program and the assistant director of UMBC\u2019s Cybersecurity Institute, told CSO that this latest whiplash underscores that DOGE continues to demonstrate \u201ca lack of management competence\u201d in a host of areas.<\/p>\n

Temporary reinstatements might become permanent<\/h2>\n

CISA fired 130 probationary employees<\/a> last month on Valentine\u2019s Day. Many of the fired employees were hired under the Cybersecurity Talent Management System program, which was designed to lure top<\/a> cybersecurity professionals \u2014 some earning seven figures in the private sector \u2014 to rewarding but comparatively low-paying government jobs.<\/p>\n

In his decision to reinstate the employees, Judge James K. Bredar of the US District Court in Maryland, said the firings were illegal because they were not preceded by notice to the states that would be impacted. He said that contrary to the Trump administration\u2019s position, the mass firings were not for performance-related reasons and should be considered reductions in force, subject to state notifications and other procedural requirements.<\/p>\n

Bredar ordered the agencies, including CISA, to reinstate the fired employees. He stayed the firings for 14 days and signaled he could rule on a permanent injunction that might allow the employees to stay beyond the 14 days and perhaps indefinitely.<\/p>\n

CISA document process raises security concerns<\/h2>\n

It\u2019s unclear why CISA posted its request for fired employees to send a password-protected attachment containing personally identifiable information to a publicly promoted email address. It\u2019s also unclear how the password-protected document process would work. CISA did not respond to CSO\u2019s request for clarification.<\/p>\n

Some cybersecurity professionals cast doubt on how secure such a submission could be. Veteran cybersecurity professional Nate Allen told CSO, \u201cUnless all these employees have prior training and a standard, supported method of creating encrypted attachments, which I truly doubt with all my soul, this is basically asking for all sorts of problems.\u201d<\/p>\n

White House exempted cybersecurity workers from mass layoffs<\/h2>\n

Still, the reversal of the CISA firings follows other good news for government cybersecurity workers. Last week, Greg Barbaccia, the United States federal CIO, urged federal agencies to refrain from laying off cybersecurity teams<\/a> as they raced to complete plans for mass layoffs within their departments and agencies.<\/p>\n

Barbaccia was responding to questions about whether cybersecurity employees\u2019 work is national security\u2013related and, therefore, exempt from layoffs.<\/p>\n

\u201cWe believe cybersecurity is national security and we encourage Department-level Chief Information Officers to consider this when reviewing their organizations,\u201d he wrote in the email to information technology employees across the federal government.<\/p>\n

\u201cSkilled cyber security professionals\u201d play \u201ca vital role in mission delivery and information assurance,\u201d Barbaccia said. \u201cWe are confident federal agencies will be able to identify efficiencies across their non-cyber mission areas without negatively affecting their agency\u2019s cyber posture,\u201d he added.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

The tide may be turning for US federal cybersecurity professionals who have faced job cuts or the threat thereof at the hand of Elon Musk\u2019s Department of Government Efficiency (DOGE). Last week the US District Court of Maryland ordered the Trump administration to rehire federal government employees previously fired via DOGE initiatives, including probationary employees […]<\/p>\n","protected":false},"author":0,"featured_media":2367,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-2366","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/2366"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2366"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/2366\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/2367"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2366"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2366"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2366"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}