NSA Cybersecurity Directorate Leadership Shake-Up Raises Questions About Operational Continuity

## Opening The National Security Agency's cybersecurity directorate is undergoing its latest leadership transition, with David Imbordino set to take the helm in an acting capacity at the end of this month. This marks yet another interim appointment for a critical government cybersecurity organization that has been without permanent leadership for over nine months, highlighting ongoing challenges in establishing stable command structures within America's most sensitive cyber operations. The leadership reshuffle comes at a time when the NSA's cybersecurity directorate plays an increasingly public role in protecting American critical infrastructure and sharing threat intelligence with private sector partners. Established in 2019, the directorate represents a fundamental shift in how the traditionally secretive intelligence agency operates, moving from its historical "No Such Agency" reputation toward more open collaboration with industry and international partners. Holly Baroody, currently serving as a senior NSA official in the United Kingdom, will return to assume the acting deputy director position this summer, creating an entirely new interim leadership team for one of America's most important cybersecurity organizations. The simultaneous leadership changes raise questions about operational continuity and strategic direction during a period of heightened cyber threats from nation-state adversaries. The timing of these personnel moves coincides with broader leadership uncertainties across the U.S. cyber defense apparatus, as multiple key positions remain unfilled pending Senate confirmations and administrative decisions. ## What Happened David Imbordino's appointment as acting director represents the continuation of a leadership vacuum that has persisted since early last year when the directorate's permanent leadership departed the NSA. Currently serving as the deputy chief of the cybersecurity directorate, Imbordino brings over two decades of experience to the role, having joined the NSA shortly after the September 11 terrorist attacks in a career that has spanned some of the most critical periods in American cybersecurity history. Greg Smithberger, who has been serving as the acting director and was previously the NSA's top representative in the United Kingdom, is retiring at the end of the month, necessitating the leadership transition. Smithberger's departure removes another experienced hand from the organization's leadership structure, continuing a pattern of turnover that has affected multiple levels of the cybersecurity directorate's command hierarchy. Imbordino's most prominent previous assignment was co-leading a joint task force with U.S. Cyber Command specifically dedicated to protecting the 2020 presidential election from foreign interference. In this role, he partnered with then-Army Brigadier General William Hartman, who has since assumed acting leadership of both Cyber Command and the NSA following the abrupt dismissal of the previous chief in April. The Election Security Group, which has operated in various forms since the 2018 midterms, represented a significant evolution in how the NSA approaches public-facing cybersecurity missions. The 2020 election security mission marked a notable departure from traditional NSA operations, with both Imbordino and Hartman speaking publicly about potential threats to Election Day. This public engagement reflected the broader transformation of the cybersecurity directorate from a purely classified intelligence operation to an organization that regularly engages with private sector partners and shares threat intelligence with critical infrastructure operators. Holly Baroody's return from the United Kingdom to serve as acting deputy director brings additional senior leadership experience to the transition. Previously, Baroody served as executive director at U.S. Cyber Command, making her the command's top civilian leader, and also held the position of deputy to the commander of the Cyber National Mission Force. Her background in both NSA and Cyber Command operations provides continuity in the complex dual-hatted leadership structure that governs both organizations. The cybersecurity directorate was established in 2019 during a period of growing recognition that the United States needed to fundamentally reshape its approach to cyber defense. The creation of the directorate addressed widespread concerns that America was too reluctant to share intelligence about foreign digital threats and that better collaboration was needed with critical infrastructure providers and private industry partners. Recent operations demonstrate the directorate's evolving mission scope. Just last month, the NSA collaborated with the Cybersecurity and Infrastructure Security Agency and Canadian partners to issue an advisory warning about BRICKSTORM malware threats. These types of public-private partnerships represent the core mission that the new acting leadership team will need to continue and expand. The leadership uncertainty extends beyond the cybersecurity directorate to the broader NSA and Cyber Command structure. Army Lieutenant General Josh Rudd has been selected to lead both Cyber Command and the NSA, but confirmation hearings have not yet been scheduled, leaving the timeline for permanent leadership appointments unclear. Additionally, Tim Kosiba, a former NSA official recently chosen for the number two position at the NSA, is expected to begin work in the coming days, while Marine Corps Major General Lorna Mahlock has been nominated to serve as Cyber Command's next deputy chief. ## Why It Matters The ongoing leadership transitions at the NSA's cybersecurity directorate carry significant implications for America's cyber defense posture at a time when nation-state cyber threats are intensifying and critical infrastructure attacks are becoming more frequent and sophisticated. Leadership stability is crucial for maintaining the complex relationships and operational tempo required for effective cybersecurity operations, particularly in an organization that must balance classified intelligence activities with increasingly public-facing defensive missions. The cybersecurity directorate's unique position within the broader U.S. cyber defense ecosystem makes leadership continuity especially critical. Unlike purely domestic agencies or traditional military commands, the directorate operates at the intersection of intelligence collection, threat analysis, and public-private partnership coordination. This multi-faceted mission requires leaders who can navigate complex bureaucratic relationships while maintaining operational effectiveness across diverse stakeholder communities. Acting leadership appointments, while necessary during transition periods, can create uncertainty about long-term strategic direction and policy priorities. Private sector partners who depend on consistent threat intelligence sharing and collaborative relationships may find it challenging to establish the trust and communication channels necessary for effective cooperation when dealing with interim leadership structures. The directorate's mission increasingly depends on these partnerships, making leadership stability a national security imperative. The timing of these transitions coincides with a period of heightened cyber threat activity from multiple nation-state adversaries. Recent attacks on critical infrastructure, including pipeline systems, water treatment facilities, and healthcare networks, demonstrate the urgent need for coordinated cyber defense efforts. The cybersecurity directorate plays a central role in analyzing these threats, developing defensive strategies, and sharing actionable intelligence with potential targets. Furthermore, the leadership changes occur as Congress and the Biden administration are pushing for expanded cybersecurity regulations and mandatory incident reporting requirements for critical infrastructure operators. The successful implementation of these policies depends heavily on the relationship between government agencies like the NSA and private sector entities, relationships that require consistent leadership engagement and strategic vision. The directorate's evolution from a purely classified intelligence organization to one that regularly engages in public threat sharing represents a fundamental shift in American cybersecurity strategy. This transformation requires leaders who understand both the intelligence community's operational requirements and the private sector's business considerations, a balance that becomes more challenging to maintain during periods of leadership uncertainty. ## What To Do Organizations that regularly engage with the NSA's cybersecurity directorate should proactively establish communication channels with the new acting leadership team to ensure continuity in threat intelligence sharing and collaborative security initiatives. Critical infrastructure operators should reach out to their existing NSA contacts to confirm that established reporting procedures and communication protocols remain unchanged during the leadership transition. Private sector cybersecurity teams should monitor NSA cybersecurity advisories and bulletins closely during this transition period to ensure they continue receiving actionable threat intelligence. The agency's recent collaboration on BRICKSTORM malware warnings demonstrates the continued operational effectiveness of the directorate, but organizations should verify that their threat intelligence feeds and partnership agreements remain active and current. Cybersecurity professionals should take advan Organizations should also use this opportunity to evaluate their internal threat intelligence capabilities and incident response procedures to ensure they can maintain effective cybersecurity operations even if government partnership dynamics change. This includes reviewing threat intelligence subscription services, industry information sharing arrangements, and internal security monitoring capabilities. Congressional oversight committees and policy makers should prioritize the confirmation process for permanent NSA and Cyber Command leadership to provide the stability necessary for effective cyber defense operations. The extended period of acting leadership appointments creates unnecessary uncertainty in an already complex threat environment that demands consistent strategic direction and operational continuity. ## Closing The NSA cybersecurity directorate's latest leadership transition highlights the ongoing challenges of maintaining stable command structures within America's most critical cyber defense organizations. While acting appointments provide necessary operational continuity, the extended period without permanent leadership raises questions about strategic consistency and partnership effectiveness during a time of heightened cyber threats. The success of David Imbordino and Holly Baroody in their new acting roles will largely depend on their ability to maintain the directorate's evolving public-private partnership mission while preserving the intelligence capabilities that form the foundation of effective threat analysis and response. **Tags:** NSA, cybersecurity leadership, government transitions, threat intelligence, critical infrastructure