Pick Again Please: How Another Unqualified Cybersecurity Appointment Undermines U.S. National Security

A Non-Partisan Perspective on a Critical National Security Issue

I am not a political person. I have no affiliation with any party, and I do not care about partisan games. I am a Veteran, an American, and a Cyber Wonk—and I believe that our country can and must do better when it comes to cybersecurity leadership. Not later. Not when another opportunity comes. NOW.

We are losing the global cybersecurity war, and Americans have died as a direct result of failed cybersecurity policies. This is not about left or right; it is about national security, strategic readiness, and making sure the United States is prepared to defend itself in cyberspace. The purpose of this article is simple: to shed light on a few of the critical failures in U.S. cybersecurity leadership and why we must demand better.

The Big Problem: Another Unqualified Appointment

The appointment of Sean Cairncross as the National Cyber Director is yet another example of failed leadership in U.S. cybersecurity policy—a decision that prioritizes political loyalty over technical expertise. While I am sure he is a nice guy and he is surely qualified from a business and organizational leadership perspective for a different role in the government, he is not the right choice for leading cybersecurity.

Cairncross is a lawyer and political operative. He has zero background in cybersecurity, zero experience in cyber warfare, and no track record of managing complex cyber defense initiatives. And yet, he is now responsible for overseeing the nation’s cybersecurity strategy at a time when our adversaries are outpacing us.

I have zero experience in finance, zero experience in medical matters, but I know how the government works and I understand organizational dynamics. Maybe I should be Treasury Secretary or head of HHS?

Seems dumb right, because it is.

A Pattern of Poor Cybersecurity Leadership

This is not an isolated incident. For years, both Republican and Democratic administrations have appointed career bureaucrats or political insiders to critical cybersecurity roles, rather than qualified cybersecurity professionals who understand the evolving threat landscape.

This systemic failure has led to a government that is reactive rather than proactive, focusing on paperwork-heavy compliance mandates instead of meaningful security solutions. Instead of putting real experts in charge, we have watched a cycle of regulatory stagnation, bureaucratic red tape, and predictable policy failures that leave America vulnerable.

Hospitals have been ransomed. Children are under attack. American's are dying. We lose billions of dollars to cybercrime annually, and this is the best we can find to do the work of leading the organization responsible for our defense?

More Compliance, Fewer Solutions

One of the clearest signs of failed cybersecurity leadership is the overwhelming reliance on compliance-driven regulations rather than practical, technical solutions. Lawyers and business leaders think in the terms of regulation and laws, not operational cyber effectiveness and action, just to be clear. As of now:

• We see more cybersecurity laws and regulatory frameworks, but these do little to actually stop cyberattacks.

• We spend billions on cyber audits and certifications, but attackers continue to exploit well-known vulnerabilities.

• Government agencies, critical infrastructure, and private companies are repeatedly breached—often by nation-state actors who face no meaningful consequences.

Why? Because cybersecurity policy in the U.S. has become a bureaucratic exercise rather than a strategic initiative. We are stuck in a reactive loop, treating symptoms instead of fixing the underlying problems.

Just for clarity's sake last year according to public records analysis we spent:

In the fiscal year 2024, the United States government allocated approximately $12.72 billion for cybersecurity initiatives across various federal agencies.

This figure includes funding for both civilian and defense-related cybersecurity efforts. For instance, the Department of Defense's budget request for fiscal year 2024 encompassed $13.5 billion dedicated to cyber activities, highlighting the emphasis on bolstering the nation's cyber defenses.

Additionally, the Cybersecurity and Infrastructure Security Agency (CISA), a key entity within the Department of Homeland Security responsible for safeguarding the nation's critical infrastructure, had a budget of $3.0 billion for fiscal year 2025.

These investments reflect the government's ongoing cash dump into the endless void of cyber spending and certification and compliance chasing. If you want to DOGE something, DOGE cyber.

The Global Cyber War: America Is Losing

The consequences of this lack of leadership and technical vision are dire. The U.S. is losing the global cybersecurity war to adversaries who take the matter seriously.

• China, Russia, Iran, and North Korea have state-sponsored cyber units dedicated to offensive and defensive operations.

• Cyberattacks on critical U.S. infrastructure—power grids, pipelines, hospitals—are escalating in both frequency and severity.

• Americans have died as a direct result of failed cybersecurity policies—from ransomware attacks crippling hospitals to power outages caused by cyber-sabotage.

Yet, instead of treating this as a national security crisis, we continue to appoint unqualified individuals to critical leadership positions, ensuring that we remain on the defensive while our adversaries perfect their offensive capabilities.

A Call for Change: Cybersecurity as a Strategic Priority

This is not about politics. It’s about survival. The U.S. needs to fundamentally shift its approach to cybersecurity leadership:

1. Appoint Experts, Not Political Allies – The National Cyber Director should have deep technical expertise in cybersecurity, cyber warfare, and threat intelligence, not a background in political operations.

2. Prioritize Functional Cyber Defense Over Compliance – Regulations are necessary, but they are not a replacement for real, proactive cybersecurity measures that actually secure critical infrastructure and systems.

3. Treat Cybersecurity Like a War, Because It Is One – Adversaries are not following compliance checklists—they are launching continuous, coordinated attacks on U.S. assets. We need offensive cyber capabilities and a national security doctrine that reflects this reality.

Final Thought: The Clock Is Ticking

The U.S. cannot afford to keep making these same mistakes. If our leaders continue to treat cybersecurity as an afterthought—handing critical leadership roles to unqualified individuals—then we will continue to lose this war. And in this war, the consequences are not just financial losses or data breaches. They are human lives.

I am sure my Carincross is a great patriot (I hope so anyway) and a very smart dude (he sure dresses nice). But I would argue he isn't the guy for this particular job.

If the U.S. is serious about cybersecurity, it needs serious leadership. And Sean Cairncross simply isn’t the right person for the job.

References

• Appointment of Sean Cairncross as National Cyber Director: https://www.politico.com/news/2025/02/11/sean-cairncross-cyber-director-nomination-00203759?utm_source=chatgpt.com

• Lack of Cybersecurity Expertise in Leadership Roles: https://www.politico.com/news/2025/02/11/sean-cairncross-cyber-director-nomination-00203759?utm_source=chatgpt.com

• Reliance on Compliance Over Functional Solutions: https://www.forbes.com/sites/bobzukis/2024/07/26/the-cybersecurity-leadership-crisis-dooming-americas-companies/?utm_source=chatgpt.com

• Escalating Cyberattacks on Critical Infrastructure: https://www.wired.com/story/big-interview-jen-easterly-cisa-cybersecurity?utm_source=chatgpt.com

• Consequences of Failed Cybersecurity Policies: https://en.wikipedia.org/wiki/Office_of_Personnel_Management_data_breach?utm_source=chatgpt.com

• Call for Appointing Qualified Experts: https://www.forbes.com/sites/bobzukis/2024/07/26/the-cybersecurity-leadership-crisis-dooming-americas-companies/?utm_source=chatgpt.com

• Need for Proactive Cyber Defense Strategies: https://www.wired.com/story/big-interview-jen-easterly-cisa-cybersecurity?utm_source=chatgpt.com