January 25, 2023 By Mark Stone 4 min read

After Congress approved his nomination in 2021, Chris Inglis served as the first-ever National Cyber Director for the White House. Now, he plans to retire. So who’s next?

As of this writing in January of 2023, there remains uncertainty around who will fill the role. However, the frontrunner is Kemba Walden, Acting Director of the National Cyber Director’s office. Walden is a former Microsoft executive who joined the National Cyber Director’s office in May. Before her appointment, Walden was the Deputy National Security Advisor for Cyber and Emerging Technology in the Biden Administration.

If not Walden, who else might take over from Inglis? The best answer is to look at the senior cybersecurity folks in the Biden administration who advise Biden directly.

A group of well-qualified successors

The national cybersecurity of the United States has been a priority for President Biden. To ensure that the most efficient protocols are being followed, the president has designated several senior members from his team to serve as direct advisors with specific responsibility for cybersecurity issues. These advisors bring extensive expertise in national security operations and risk management from multiple sectors. They played key roles in establishing national defenses, and are expert problem-solvers in the face of evolving threats. This highly specialized group provides the strength and stability needed to maintain national cybersecurity in a rapidly evolving threat landscape.

The key senior cybersecurity officials include the aforementioned Chris Inglis as the first National Cyber Director, Jen Easterly as the Director of the Cybersecurity and Infrastructure Security Agency (CISA), Alejandro Mayorkas as the Secretary of Homeland Security, Kemba Walden as the first Principal Deputy National Cyber Director, Neal Higgins as Deputy National Cyber Director for National Cybersecurity and Rob Knake as Deputy National Cyber Director for Budget and Policy.

A promising candidate

While everyone here plays a crucial role, Jen Easterly stands out based on her comprehensive cybersecurity background. Easterly is an internationally renowned cybersecurity expert, formerly serving as the Deputy Director of the United States Cybersecurity and Infrastructure Security Agency (CISA) and the Senior Advisor to the Under Secretary for National Protection and Programs Directorate at the Department of Homeland Security (DHS). Before joining CISA, she held management positions in both private industries and within the government. This included a four-year tenure with IBM Global Services as Senior Consulting Analyst.

Ms. Easterly’s expansive career has seen cybersecurity accomplishments in both the public and private sectors. Many of her notable successes occurred while working at CISA, initiating groundbreaking efforts to enhance information sharing among critical infrastructure sectors, as well as leading work that addressed cyber threats from foreign actors. She also spearheaded cybersecurity workforce development and led a collective effort to modernize Federal government organizations’ response to ever-increasing threats from malicious actors online.

Outside of her government service, Easterly was also instrumental in creating several successful commercial programs focused on protecting corporate IT assets through best practices such as risk assignment and attack surface reduction.

Initial concerns vanquished

Though many promising candidates have emerged for National Cyber Director, the role itself was not without contention. After the appointment of Chris Inglis, concerns arose that there were “too many cooks” in the federal cyber leadership kitchen. Additionally, there was uncertainty as to who would be the true “quarterback” taking over command of national cybersecurity going forward. While Inglis’ extended background in national security steered much of the discourse toward a sense of assurance, undertones still remained that he was just one man wielding undue power without a larger organization behind him for support.

Though uncertain at the time, these concerns have since dissolved. Inglis has proven himself more than capable of tackling national cybersecurity amid a coalition of national leaders and organizations.

The role of national cyber director

The National Cyber Director has provided immense benefits to the public and private sectors over the past year and a half. The director essentially acts as a bridge between the two sectors, ensuring that national interests remain on top of government agendas while also fostering collaboration with industry stakeholders.

As National Cyber Director, Inglis developed national-level policies to protect organizations of all sizes from cyber threats and worked with government agencies to identify areas of need throughout the cybersecurity landscape. As a result, businesses could prioritize cybersecurity investments. know their threats better, remain at the cutting edge of technological innovation and adopt best practices — all in an effort to ensure national security.

IBM Security Intelligence reached out to the Office of the National Cyber Director (ONCD) about the role. They responded with the following statement:

“ONCD’s mission is to create a resilient, safe and equitable cyber space. We’re doing so by focusing on long-term strategic planning while executing on near-term tactics to mitigate existing vulnerabilities. Ultimately, we desire to seize the initiative back from the adversary and reimagine cyberspace with an affirmative vision consistent with our values.”

How ONCD meets its goals

ONCD’s statement went on to elaborate on how it has tackled those objectives:

“Most notably, ONCD is leading the interagency drafting process for the Biden-Harris Administration’s National Cybersecurity Strategy. A process through which we’ve solicited input from over 300 stakeholders across industry, foreign governments, academia and the nonprofit sector. This exceptional level of collaboration is a recognition that the terrain in cyber space is principally privately owned, and public-private partnerships are paramount to addressing cybersecurity challenges successfully.

“We also initiated an ongoing series of topical executive fora. By using the unique convening power of the White House, we’re bringing together industry executives with Cabinet Secretaries and Deputies to share threat intelligence and drive collaboration at the highest levels possible. Among these was the National Cyber Workforce and Education Summit in July. At the Summit, ONCD announced the development of a National Cyber Workforce and Education Strategy. A resulting RFI received over 150 responses from a broad section of stakeholders. ONCD is reviewing those and working to publish the full strategy, incorporating many of those inputs, in the coming months.

“Finally, we worked aggressively with our colleagues across the interagency to bring enhanced security to the federal enterprise. This included overseeing the implementation of Executive Order 14028, deployment of Zero Trust Architecture, release of first-of-its-kind ‘Spring Guidance’ on cybersecurity budgeting and initiating a planning process for post-quantum encryption.”

Closing in on the next national cyber director

This still leaves the identity of the next National Cyber Director in question. As the U.S. government bolsters its cyber defenses, replacing Inglis remains a priority. This influential role will develop and coordinate the nation’s cybersecurity strategy.

Asked about any insights as to plans once Chris Inglis retires, the ONCD states:

“With respect to Director Inglis’ retirement —  he will retire sometime this year after five decades of public service. At that time, Principal Deputy Kemba Walden will become Acting National Cyber Director and continue to lead the organization with the same passion as she has as Deputy Principal.”

Whether it’s Walden, Easterly or another senior official, the country’s cybersecurity efforts appear to be in good hands.

More from Government

CIRCIA feedback update: Critical infrastructure providers weigh in on NPRM

3 min read - In 2022, the Cyber Incident for Reporting Critical Infrastructure Act (CIRCIA) went into effect. According to Secretary of Homeland Security Alejandro N. Mayorkas, "CIRCIA enhances our ability to spot trends, render assistance to victims of cyber incidents and quickly share information with other potential victims, driving cyber risk reduction across all critical infrastructure sectors."While the law itself is on the books, the reporting requirements for covered entities won't come into force until CISA completes its rulemaking process. As part of…

Important details about CIRCIA ransomware reporting

4 min read - In March 2022, the Biden Administration signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). This landmark legislation tasks the Cybersecurity and Infrastructure Security Agency (CISA) to develop and implement regulations requiring covered entities to report covered cyber incidents and ransomware payments.The CIRCIA incident reports are meant to enable CISA to:Rapidly deploy resources and render assistance to victims suffering attacksAnalyze incoming reporting across sectors to spot trendsQuickly share information with network defenders to warn other…

Unpacking the NIST cybersecurity framework 2.0

4 min read - The NIST cybersecurity framework (CSF) helps organizations improve risk management using common language that focuses on business drivers to enhance cybersecurity.NIST CSF 1.0 was released in February 2014, and version 1.1 in April 2018. In February 2024, NIST released its newest CSF iteration: 2.0. The journey to CSF 2.0 began with a request for information (RFI) in February 2022. Over the next two years, NIST engaged the cybersecurity community through analysis, workshops, comments and draft revision to refine existing standards…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today