Brandon Wales: A Beacon of Optimism in Federal Cybersecurity

In an era where cyber threats loom larger than ever, Brandon Wales stands out as a figure of aggressive optimism regarding the state and future of federal cybersecurity. Having served as the executive director of the Cybersecurity and Infrastructure Security Agency (CISA) for nearly five years, Wales recently departed from federal service, leaving behind a legacy of resilience and progress in the face of unprecedented challenges.

A Legacy of Resilience

When asked what he would change about federal cybersecurity, Wales’s response was strikingly simple: “nothing.” This assertion may raise eyebrows, but it is rooted in a profound understanding of the evolution of cybersecurity within federal agencies. Reflecting on his tenure, Wales expressed pride in how CISA rallied around its mission following the tumultuous events surrounding the SolarWinds compromise. The agency’s ability to collaborate across government and industry to counter the Russian SVR’s cyber activities exemplified a turning point in federal cybersecurity.

Wales noted, “When I look back three-and-a-half years later from that, the state of federal cybersecurity is so much stronger today because of the things that we started putting in place right in the aftermath of those compromises.” His belief that even the most challenging days can serve as catalysts for improvement underscores a fundamental shift in the culture of cybersecurity within the federal government.

The Evolution of Cybersecurity Practices

Wales’s nearly two-decade career at the Department of Homeland Security has afforded him a unique perspective on the evolution of federal cybersecurity efforts. From the early days of the Continuous Diagnostics and Mitigation (CDM) program to the recent winding down of the National Cyber Protection System (Einstein), Wales has witnessed firsthand how lessons learned from past incidents have driven CISA and other agencies forward.

One notable example of progress is the implementation of Domain-based Message Authentication, Reporting, and Conformance (DMARC). When CISA issued a binding operational directive in 2017 requiring agencies to adopt DMARC, many were slow to comply. However, Wales emphasized that within 18 months, the federal government achieved the broadest adoption of DMARC of any sector in the economy. This rapid transformation was made possible by a culture of accountability and a commitment to security that has been cultivated over the past decade.

Tools for Change: Binding Operational Directives

Wales highlighted the significance of Binding Operational Directives (BODs) and Emergency Directives (EODs) as essential tools in creating a security-focused culture within federal IT. These directives not only address immediate cyber threats but also empower Chief Information Security Officers (CISOs) to prioritize resources effectively.

“By highlighting it through the emergency directive, we’re saying, given what we know, given what we are seeing, you need to move this to the top of the queue,” Wales explained. This proactive approach has allowed federal agencies to address vulnerabilities swiftly and effectively, ultimately strengthening their cybersecurity posture.

The Carrot and the Stick: Funding and Incentives

While BODs and EODs serve as a necessary “stick” to enforce compliance, CISA also employs a “carrot” approach to incentivize agencies to improve their cybersecurity measures. The CDM program, in particular, has been instrumental in providing agencies with the resources needed to enhance their cybersecurity capabilities.

Wales noted the impact of the $650 million allocated through the American Rescue Plan Act, which was designed to improve host-level visibility across the federal government. The agility of the CDM program allowed CISA to quickly deploy these funds, demonstrating the importance of flexibility in addressing emerging cyber threats.

Looking Ahead: Priorities for the Future

As Wales transitions from his role at CISA, he leaves behind a roadmap for the agency’s future. Key priorities include finalizing the cyber incident reporting rules for critical infrastructure by October 2025 and maintaining a government-wide focus on protecting systems from nation-state attacks, particularly those originating from China.

Wales emphasized the significant threat posed by China to critical infrastructure, stating, “It is going to require consistent work by CISA to help continue to drive improvements in our security and to counter what China is trying to achieve.” This acknowledgment of the evolving threat landscape underscores the need for ongoing vigilance and adaptability in federal cybersecurity efforts.

Conclusion

Brandon Wales’s tenure at CISA has been marked by a commitment to resilience, collaboration, and proactive measures in the face of cyber threats. His aggressive optimism serves as a reminder that even in the darkest days, there are opportunities for growth and improvement. As he embarks on the next chapter of his career, Wales’s influence on federal cybersecurity will undoubtedly continue to resonate, inspiring future leaders to build on the foundation he helped establish.