Has CISA Finally Found Its New Leader in Tom Parker? TechTarget and Informa Tech’s Digital Business Combine.TechTarget and InformaTechTarget and Informa Tech’s Digital Business Combine.Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.Dark Reading Resource LibraryBlack Hat NewsOmdia CybersecurityAdvertiseNewsletter Sign-UpNewsletter Sign-UpCybersecurity TopicsRelated TopicsApplication SecurityCybersecurity CareersCloud SecurityCyber RiskCyberattacks & Data BreachesCybersecurity AnalyticsCybersecurity OperationsData PrivacyEndpoint SecurityICS/OT SecurityIdentity & Access Mgmt SecurityInsider ThreatsIoTMobile SecurityPerimeterPhysical SecurityRemote WorkforceThreat IntelligenceVulnerabilities & ThreatsRecent in Cybersecurity TopicsСloud SecurityHackers Use AI for Exploit Development, Attack AutomationHackers Use AI for Exploit Development, Attack AutomationbyAlexander CulafiMay 11, 20264 Min ReadСloud SecurityAfter Replacing TeamPCP Malware, 'PCPJack' Steals Cloud SecretsAfter Replacing TeamPCP Malware, 'PCPJack' Steals Cloud SecretsbyNate NelsonMay 7, 20265 Min ReadWorld Related TopicsDR GlobalMiddle East & AfricaAsia PacificLatin AmericaSee AllThe EdgeDR TechnologyEventsRelated TopicsUpcoming EventsPodcastsWebinarsSEE ALLResourcesRelated TopicsResource LibraryNewslettersPodcastsReportsVideosWebinarsWhite Papers Partner PerspectivesDark Reading Resource LibraryCybersecurity OperationsThreat IntelligenceCyber RiskCybersecurity CareersNewsHas CISA Finally Found Its New Leader in Tom Parker?Dark Reading investigates rumors that Tom Parker, a board room "operator" and longtime cyber exec, could be next in line to take over CISA.Becky Bracken,Senior Editor,Dark ReadingMay 7, 20265 Min ReadSource: Timon Schneider via Alamy Stock PhotoIt’s been a brutal 16 months since the Cybersecurity and Infrastructure Security Agency (CISA) has had a Senate-confirmed director. Now, a new name has bubbled up as a possible pick to take over the beleaguered agency: Tom Parker, a low-key, British-born cybersecurity expert known for business savvy, technical expertise, and decades of focus on the delicate economics of cybercrime and cyber defense. Reports say that although he has not yet been officially nominated, Parker is a contender to get the nod from new Department of Homeland Security Secretary, Markwayne Mullin. A request for comment from Dark Reading to DHS was referred to the White House, which has not yet responded. Parker however tells Dark Reading that despite recent reporting, he has not had any “direct engagement” with the administration on taking on the role, but would welcome the conversation. "Having spent the past two decades working across administrations, Congress, and the private sector on national cybersecurity strategy, policy, and large-scale cyber operations, I would welcome a conversation with the administration about how we continue strengthening the security and resilience of the nation's most critical infrastructure and building operationally robust partnerships with American cyber businesses," Parker tells Dark Reading. "This mission of CISA is more important than it ever has been, with increasingly emboldened adversaries that seek to harm US digital assets at home and abroad, using increasingly sophisticated methods of attack, such as the use of AI." Related:Name That Toon: Mark of (Security) ProgressIt should be noted, Parker has also been a long-time contributor to Dark Reading. A Look at Tom Parker's Cyber Bona FidesThose who know and have worked with Parker throughout his career say he would be a solid choice to lead CISA with his unique set of skills. "For 20 years he has been the authority on adversaries," Ryan LaSalle, CEO of Nisos, says about Parker. "He’s a true operator, has absolutely been a force for resiliency in this country, and would bring a new level of expertise to CISA."  LaSalle points out that Parker has never been a polarizing figure, and thinks that this could give him an edge in today's hyper-intense political environment. His longtime collaborator and business partner, cybersecurity expert Matt Devost, says he thinks Parker could in fact help bring down the political temperature at CISA. And, he adds, the time he and Parker spent red teaming for some of the biggest companies in the world earned Parker invaluable insights into the cybersecurity risks businesses face every day. Related:20 Years in Cyber: Dark Reading Marks Milestone With Month of Special Coverage“Thirty minutes later [after a red-team exercise] he could go into the board and explain the risk in terms they understood,” Devost says. “He would continue to enable the trust between the private sector and CISA.”Parker certainly has demonstrated that he knows his way around a boardroom. He's currently an executive with IBM, and has launched and sold two start-ups: FusionX, which he sold to Accenture in 2010; and Hubble, founded in 2020 and funded by CrowdStrike and Accel, which he sold to KKR/NetSPI in 2024. He also served as chief information security officer (CISO) for insurer AIG Business between his startup stints. Navigating Tough Political Waters at CISAWhoever steps in to lead CISA next will have a hard job ahead of them, says Jake Williams, cyber expert and vice president of research at Hunter Strategy: "Trust in CISA to provide timely, actionable, and apolitical data to industry partners is at an all-time low. This is critical, because as much as CISA helps private organizations, it relies on the data those organizations share, too." Roselle Safran, founder of cybersecurity startup company KeyCaliber and former US Executive Office of the President Branch Chief and DHS cybersecurity analyst under the Obama administration, says she has only met Parker in passing, but thinks navigating government bureaucracy can be tough for someone more accustomed to getting things done at enterprise speed, she adds. Related:Anthropic's Mythos Has Landed: Here's What Comes Next for Cyber"Tom's experience as a founder will be quite valuable. Founders know how to set a clear vision, attract talent, iterate quickly when processes aren't working, and deliver results, all of which will be needed for the next CISA leader to be effective,” Safran says. “Of course, government work brings its own set of unique and nuanced constraints, particularly due to its bureaucratic nature and the need to address multiple stakeholders simultaneously. However, he likely has the ability to learn quickly.” And although he’s not exactly a Beltway insider, Parker’s no stranger to Washington DC either. He served as a consultant for US-CERT, later folded into CISA, and was on the Department of Homeland Security cyber advisory committee under the George W. Bush administration director Tom Ridge. Parker also joined the FedRAMP working group that created the first set of federal regulations for software, and worked with cybersecurity legend Dan Kaminsky to help policymakers understand the nuance around net-neutrality regulations. One former high-ranking CISA official, who asked not to be named directly, says he doesn't know Parker personally, but hopes that the new director, whoever they are, will focus on secure-by-design, “given how quickly AI is changing the economics of breaking and building software.” The former CISA official says he would also like to see the CVE program get funded. Credentials and skill set aside, confirmation in the Senate likely will be a tough slog for any nominee. The previous choice, Sean Plankey, finally withdrew from consideration last April after lingering in the confirmation process for 13 months. Senator Ron Wyden blocked Plankey’s confirmation in an effort to force the US government to release details on China's Salt Typhoon attacks on US communications networks. His office did not respond to a request for comment on whether he would similarly work to stymie Parker's confirmation. Don't miss the latest Dark Reading Confidential podcast, How the Story of a USB Penetration Test Went Viral. Two decades ago Dark Reading posted its first blockbuster piece — a column by a pen tester who sprinkled rigged thumb drives around a credit union parking lot and let curious employees do the rest. This episode looks back at the history-making piece with its author, Steve Stasiukonis. Listen now!Read more about:CISO CornerAbout the AuthorBecky BrackenSenior Editor, Dark ReadingAward-winning journalist and senior editor at Dark Reading reporting across diverse media platforms, including podcasts and video. Becky is passionate about delivering insightful, high-quality information and storytelling that informs and engages the cybersecurity community. Her specific focus is on the intersection of cybersecurity and public policy and its impact on the enterprise. As the host and producer of the recently Azbee-recognized Dark Reading Confidential podcast, she presents compelling conversations with industry leaders, exploring the latest trends and challenges in cybersecurity. Becky is also the moderator Dark Reading's popular editorial webinars, and oversees Dark Reading's Commentary section, curating expert perspectives intended to drive meaningful dialogue. Additionally, she is the host of Dark Reading's Black Hat News Desk, delivering timely and in-depth coverage right from the heart of one of the industry's most important events.Beyond editorial responsibilities, Becky is a regular writer and reporter for Dark Reading, contributing articles that delve into the evolving cybersecurity landscape. Prior to joining Dark Reading, Becky honed her expertise as a cybersecurity reporter for Threatpost, where she covered breaking news and emerging threats in the digital security space.She holds a BA in political science from the University of Arizona, and a BA in journalism from the Walter Cronkite School of Journalism at Arizona State University. See more from Becky BrackenWant more Dark Reading stories in your Google search results?Add Us NowMore InsightsIndustry ReportsHow Enterprises Are Developing Secure ApplicationsInside RSAC 2026: security leaders reveal the risks redefining your defense strategyHow Enterprises Are Harnessing Emerging Technologies in CybersecurityDitch the Data Center: Understanding Flexible Cloud Infrastructure Security Management2025 State of MalwareAccess More ResearchWebinarsThe New Attack Surface: How Attackers Are Exploiting OAuth to Own Your Cloud WorkspacePrompt Injection Is Just the Start: Securing LLMs in AI SystemsAnatomy of a Data Breach: What to Do if it Happens to YouHow Well Can You See What's in Your Cloud?Implementing CTEM: Beyond Vulnerability ManagementMore WebinarsEditor's ChoiceThreat IntelligenceFrom Stuxnet to ChatGPT: 20 News Events That Shaped CyberFrom Stuxnet to ChatGPT: 20 News Events That Shaped CyberbyDark Reading Editorial TeamMay 6, 202631 Min ReadCyber RiskPhysical Cargo Theft Gets a Boost From CybercriminalsPhysical Cargo Theft Gets a Boost From CybercriminalsbyRobert LemosMay 4, 20265 Min ReadWant more Dark Reading stories in your Google search results?Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.SubscribeRSAC 2026: key news & insightsAt RSAC 2026, Dark Reading captured critical intelligence on AI, new attack methods, geopolitics, and much moreGet Your RecapWebinarsThe New Attack Surface: How Attackers Are Exploiting OAuth to Own Your Cloud WorkspaceWed, June 24,2026 at 1pm ESTPrompt Injection Is Just the Start: Securing LLMs in AI SystemsTues, May 26, 2026, at 1pm ESTAnatomy of a Data Breach: What to Do if it Happens to YouJune 18th, 2026 | 11:00am -5:00pm ET | Doors Open at 10:30am ETHow Well Can You See What's in Your Cloud?Thurs, June 4, 2026 at 1:00pm ESTImplementing CTEM: Beyond Vulnerability ManagementThurs, May 21, 2026 at 1pm ESTMore WebinarsBlack Hat USA | Mandalay Bay, Las VegasThe premier cybersecurity event of the year returns to Mandalay Bay with a re‑engineered, six‑day program built to ignite innovation, push boundaries, and bring the global security community together like never before. Use code: DARKREADING to save $200 on a Briefings pass or $100 on a Business pass.GET YOUR PASSDiscover MoreBlack HatOmdiaWorking With UsAbout UsAdvertiseReprintsJoin UsNewsletter Sign-UpFollow UsCopyright © 2026 TechTarget, Inc. d/b/a Informa TechTarget. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers. All copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.’s registered office is 275 Grove St. Newton, MA 02466.Home|Cookie Policy|Privacy|Terms of UseYour Privacy Choices

Tom Parker is emerging as a leading candidate to become the next leader of the Cyber Security and Infrastructure Security Agency (CISA), following a 16-month period without a Senate-confirmed director. According to Dark Reading’s investigation, Parker, a British-born cybersecurity expert with a background in business strategy and cybercrime economics, is being considered by new Department of Homeland Security Secretary Markwayne Mullin. Parker’s experience, spanning two decades across administrations, Congress, and the private sector, positions him well for the role, particularly given the escalating threat landscape and the increasing use of AI by malicious actors. He has demonstrated a keen understanding of adversarial behavior and operational resilience, honed through extensive red-team engagements for major companies and his work as an executive at IBM, as well as his startup ventures. Parker's prior involvement with US-CERT and the FedRAMP working group further strengthens his credentials, and his ability to translate complex technical risks into understandable terms for boards—a skill developed during his time at AIG Business—would be highly valuable to CISA’s partnerships with the private sector. Despite facing a potentially challenging confirmation process due to past delays and ongoing political scrutiny, Parker’s unique blend of operational expertise, business acumen, and experience navigating Washington’s complex landscape could provide a fresh perspective and boost the agency’s effectiveness. Sources indicate Parker has not had direct engagement with the administration, but welcomes the opportunity to discuss the agency's mission.