Q&A: A cybersecurity leader wants more from CISA

An incident-response firm like ProCircular can’t always do the second part of its job—respond!—on its own. These companies, which usually provide cybersecurity consulting services and guide clients through breaches, have traditionally called upon federal agents and government cybersecurity initiatives to help accomplish their mission.

In the past, FBI agents provided ProCircular CEO Aaron Warner’s team with insights and adversary profiles, while the CISA offers an essential security layer for small firms, according to Aaron Warner.

“Frankly, that support has eroded quite a bit,” Warner told IT Brew.

Warner noted recent and concerning reductions in federal agencies’ cybersecurity impact:

• CISA faces a 17% reduction in funding this fiscal year—from almost $2.9 billion for FY2025 to just under $2.4 billion budgeted in FY2026.
• FBI agents focused on cybersecurity are being reassigned, leaving private industry without reliable data-breach support.
• The Multi-State Information Sharing and Analysis Center (MS-ISAC), which initially provided no-cost cybersecurity resources for state and local governments, transitioned to a paid membership model in October 2025.

We ask Warner how those cuts impact small and big companies, as well as the incident-response orgs trying to help both.

Responses below have been edited for length and clarity.

How has the FBI helped your incident response efforts?

Once we have characterized the threat, we used to be able to call any number of folks at the Bureau, usually special agents that are assigned to cybersecurity, and say, “This is the nature of the threat. These are the actions we’re seeing inside of this environment. We think it’s this threat actor. What can you do to help?”

Very often you would talk to an FBI agent who had specialized in that specific threat actor, so they could say, and this is where the rubber hits the road, “That [group] has exfiltrated data 12 times the last time we’ve tracked them, but in the last three months, they haven’t really done that. They’ve gone more towards that traditional ransomware route. So, I wouldn’t be worried about exfiltration.” That kind of insight, even though it’s informal, can guide our response, and frankly, saves our clients a ton of time, because we’re not chasing around what a bad guy could or might do.

How do you get the information that you used to get from FBI field agents?

We’ve bumped up the intelligence feeds that we pay for. We go to other members of private industry, probably more often, to try and fill that in. But frankly, there are some contacts we just can’t replace. In some cases, we just have to make decisions without the insights that we could have gained with somebody from the Bureau or somebody from CISA, helping us to understand.

It’s useful for us to know if a breach is a one-off, or if it’s a part of a larger attack. If it's part of a larger attack; then perhaps we can communicate to the other 100–200 organizations fitting that profile that it’s coming. That is the kind of role a CISA could take: a functional, proactive federal group tasked with protecting private industry, particularly critical infrastructure and small [business]. Those are the places where they can make a real difference, and have in the past.

What are the consequences for you, when there’s less funded CISA?

We get phone calls from a lot of small organizations that we can’t help and we don’t have anywhere to send them. And I know that’s not a commercial effect on us, but these are our neighbors. These are organizations that we really would love to support—libraries and so forth. We simply can’t help them. We can't afford to help them. CISA, historically, would have taken on that role. …Some of the intelligence support, some of the events to connect public and private, have evaporated. So we don’t have as many opportunities to get in the same room with public, private, federal [officials]; there’s a lot of information sharing that happens at those kinds of events, and at the end of the day, that's how we fight our battles; it’s with knowledge.

What kind of federal actions would give you hope here?

I would love a more focused effort from CISA to address the most at-risk organizations in the US. That would mean specific industries: healthcare would certainly fit into that. But there are others: Accounting. As silly as it sounds, tax season is coming up, and we always see attacks go through the roof when people are filing taxes. Organizations like that tend to be small; they tend not to be able to afford their own controls. I would love to see a concerted effort on the part of CISA to protect those organizations, mostly because we can’t. I would also love to see CISA start to do some of their events again, Start to do more of the public–private outreach. There are things private industry is good at, and there are things that Defense Department is good at, that state is good at. I think that a lot of us in industry assumed that CISA’s role would be one of coordination between those various groups, and they're, sort of, not there. I would love to see them take on a more active role in connecting the various parts of the cybersecurity and regulatory industry.