It’s been a brutal 16 months since the Cybersecurity and Infrastructure Agency (CISA) has had a Senate-confirmed director. Now, a new name has bubbled up as a possible pick to take over the beleaguered agency: Tom Parker, a low-key, British-born cybersecurity expert known for business savvy, technical expertise, and decades of focus on the delicate economics of cybercrime and cyber defense.
Reports say that although he has not yet been officially nominated, Parker is a contender to get the nod from new Department of Homeland Security Secretary, Markwayne Mullin. A request for comment from Dark Reading to DHS was referred to the White House, which has not yet responded.
Parker however tells Dark Reading that despite recent reporting, he has not had any “direct engagement” with the administration on taking on the role, but would welcome the opportunity.
“Having spent the past two decades working across administrations, Congress, and the private sector on national cybersecurity strategy, policy, and large-scale cyber operations, I would welcome a conversation with the administration about how we continue strengthening the security and resilience of the nation’s most critical infrastructure and building operationally robust partnerships with American cyber businesses,” Parker tells Dark Reading. “This mission of CISA is more important than it ever has been, with increasingly emboldened adversaries that seek to harm US digital assets at home and abroad, using increasingly sophisticated methods of attack, such as the use of AI.”
It should be noted, Parker has also been a long-time contributor to Dark Reading.
A Look at Tom Parker’s Cyber Bona Fides
Those who know and have worked with Parker throughout his career say he would be a solid choice to lead CISA with his unique set of skills.
“For 20 years he has been the authority on adversaries,” Ryan LaSalle, CEO of Nisos, says about Parker. “He’s a true operator, has absolutely been a force for resiliency in this country, and would bring a new level of expertise to CISA.”
LaSalle points out that Parker has never been a polarizing figure, and thinks that this could give him an edge in today’s hyper-intense political environment. His longtime collaborator and business partner, cybersecurity expert Matt Devos, says he thinks Parker could in fact help bring down the political temperature at CISA.
And, he adds, the time he and Parker spent red teaming for some of the biggest companies in the world earned Parker invaluable insights into the cybersecurity risks businesses face every day.
“Thirty minutes later [after a red-team exercise] he could go into the board and explain the risk in terms they understood,” Devos says. “He would continue to enable the trust between the private sector and CISA.”
Parker certainly has demonstrated that he knows his way around a boardroom. He’s currently an executive with IBM, and has launched and sold two start-ups: FusionX, which he sold to Accenture in 2010; and Hubble, founded in 2020 and funded by CrowdStrike and Accel, which he sold to KKR/NetSPI in 2024. He also served as CISO for insurer AIG Business between his startup stints.
Navigating Tough Political Waters at CISA
Whoever steps in to lead CISA next will have a hard job ahead of them, says Jake Williams, cyber expert and vice president of research at Hunter Strategy: “Trust in CISA to provide timely, actionable, and apolitical data to industry partners is at an all-time low. This is critical, because as much as CISA helps private organizations, it relies on the data those organizations share, too.”
Roselle Safran, founder of cybersecurity startup company KeyCaliber and former US Executive Office of the President Branch Chief and DHS cybersecurity analyst under the Obama administration, says she has only met Parker in passing, but thinks navigating government bureaucracy can be tough for someone more accustomed to getting things done at enterprise speed, she adds.
“Founders know how to set a clear vision, attract talent, iterate quickly when processes aren’t working, and deliver results, all of which will be needed for the next CISA leader to be effective,” Safran says. “Of course, government work brings its own set of unique and nuanced constraints, particularly due to its bureaucratic nature and the need to address multiple stakeholders simultaneously. However, he likely has the ability to learn quickly.”
And although he’s not exactly a Beltway insider, Parker’s no stranger to Washington DC either. He served as a consultant for US-CERT, later folded into CISA, and was on the Department of Homeland Security cyber advisory committee under the George W. Bush administration director Tom Ridge. Parker also joined the FedRAMP working group that created the first set of federal regulations for software, and worked with cybersecurity legend Dan Kaminsky to help policymakers understand the nuance around net-neutrality regulations.
One former high-ranking CISA official, who asked not to be named directly, says he doesn’t know Parker personally, but hopes that the new director, whoever they are, will focus on secure-by-design, “given how quickly AI is changing the economics of breaking and building software.” The former CISA official says he would also like to see the CVE program get funded.
Credentials and skill set aside, confirmation in the Senate will likely be a tough slog for any nominee. The previous choice, Sean Plankey, finally withdrew from consideration last April after lingering in the confirmation process for 13 months. Senator Ron Wyden blocked Plankey’s confirmation in an effort to force the US government to release details on China’s Salt Typhoon attacks on US communications networks. His office did not respond to a request for comment on whether he would similarly work to stymie Parker’s confirmation.
Don’t miss the latest Dark Reading Confidential podcast, How the Story of a USB Penetration Test Went Viral. Two decades ago Dark Reading posted its first blockbuster piece — a column by a pen tester who sprinkled rigged thumb drives around a credit union parking lot and let curious employees do the rest. This episode looks back at the history-making piece with its author, Steve Stasiukonis. Listen now!
