When I walk walking into Jen Easterly’s office on a bright January day in Arlington, Virginia, I’m greeted by a giant shark head lurking on the floor. I immediately spot a Rubik’s Cube—an Oriental hallmark—inscribed with the logo of the organization she has led for the past three and a half years—the Cybersecurity and Infrastructure Security Agency, or CISA, which President Donald Trump created during his first mandate
Easterly, who is 56 years old, jumps up to greet me. The first thing that hits me is her denim pants that have a dragon on one leg and a snake on the other. Then she goes into updates on CISA’s “Secure Our World” animated video series and, in the same breath, laments that she hasn’t had time for a private guitar lesson in weeks. Apparently a regular day at work for her, except for one thing. As of January 20, Inauguration Day, Easterly’s time at CISA will come to an end. Trump had shot the agency’s first director, Chris Krebs, after CISA refused to question the integrity of the 2020 election, and Easterly now says she was not asked to stay. Rumors are swirling that CISA programs—or even the whole agency— may soon be on Trump’s chopping block.
The timing couldn’t be worse for the nation to lose its top cybersecurity cop. Group linked to Beijing called Salt Typhoon spent months last year rampaging through US telecommunications and siphoning call logs, recordings, text messages, and possibly even location data. Many experts called it the biggest hack in US telecommunications history. Easterly and her agency unwittingly detected Salt Typhoon activity on federal networks early last year — warning signs that ultimately accelerated the unraveling of the espionage campaign.
The work of removing Chinese spies from victim networks is not over, but the walls are already closing in on CISA. Trump’s nominee to run the Department of Homeland Security, Kristi Noem, told a Senate committee last week that CISA needs to be “smaller” and “more nimble.” And a day after the inauguration, all members of the Cyber Safety Review Board—who were appointed by Easterly and actively investigated the Salt Typhoon breach—were let go.
When Easter officially became the second director of the agencyin 2021, the government was still reeling from a different hype-solar winds. Kremlin-backed hackers have compromised widely used software to infiltrate the networks of US agencies and other targets. Helping American institutions defend themselves has become an even more urgent and daunting project. CISA does not enforce laws or collect intelligence; its job is to evangelize digital security measures and offer free services so that institutions can see what they need to do to avoid being hacked or—more realistically—to be hacked less badly. Easterly went to work building relationships across the federal government and with state and local officials, corporate executives, and utility managers. In crises like the Salt Typhoon campaign, these relationships are crucial to quickly contain the damage.
It takes a determined person, and perhaps a charismatic one, to build a relationship with such a vast group of people. Easterly has the background for it: She worked in the Army (with multiple deployments), the National Security Agency, and the National Security Council under Barack Obama, and she spent nearly five years in charge of Morgan Stanley’s global cybersecurity. She also helped establish US Cyber Command within the Department of Defense. Somehow, though, she’s cool. To break the ice, and probably to make an impression, Easterly leaned into his passions during his time in office, cubing and jamming with executives and utility operators across the country. And yes, there’s her eclectic style—high fashion (by cybersecurity standards, anyway) mixed with bell bottoms and Birkenstocks—but also her quiet, intense obsession with trying to solve the puzzle that is digital defense.
This interview has been edited for length and clarity, combining on-camera and off-camera portions. check WRED’s YouTube channel for the video.
