Nick Andersen
Acting Director
Office of the Director
14 reports
Cybersecurity and Infrastructure Security Agency
CISA Leadership and Organizational Structure (DHS Component)
Government · Matrix structure · 4K employees · Washington, DC
6
Agency head span
↓ tighter than peers (avg 8)
4
Avg span
moderate
3
Max depth
3 levels
Interactive org chart
Cybersecurity and Infrastructure Security Agency organizational chart
Explore the agency leadership model, component structure, and reporting layers from official public sources.
Open editable chart
Take this model into your AI workspace Use AI to reason through the model, then bring the scenario back into Creately Atlas.
Choose a prompt, then open an AI app and paste.
Download the CSV data instead
This org chart summarizes CISA’s publicly listed senior leadership, divisions, and selected regional leadership based on official CISA.gov sources as of the current quarter (2026-Q2). It reflects CISA’s matrix structure within DHS.
What to model
Use the chart to test org decisions, not just view reporting lines
Start with the public baseline, then use the scenario views and source-backed changes to ask what happens when leadership, span, or team ownership shifts.
Scenario views in the chart
- Add cross-agency AI and data risk role Model adding a Chief AI and Data Risk Officer reporting to the Director to coordinate AI risk across cybersecurity and infrastructure missions.
Atlas work this supports
- Compare public operating models Use this official-source baseline to compare agencies, components, reporting layers, and field-office networks.
- Model vacancies and transitions Create planning scenarios for acting leaders, new offices, component moves, and cross-agency coordination changes.
- Keep an official source trail Track source URLs, leadership updates, and agency structure changes in one Atlas workspace for review.
The people
Key leaders and offices
11 senior leadership roles or offices from official public sources. Use this section as a current agency-leadership index, not a private-company filing table.
Chris Butera
Acting Executive Assistant Director for Cybersecurity
Cybersecurity Division
0 reports
Steve Casapulla
Executive Assistant Director for Infrastructure Security (ISD)
Infrastructure Security Division
0 reports
Billy Bob Brown, Jr.
Executive Assistant Director for Emergency Communications (ECD)
Emergency Communications Division
0 reports
James H. Harrell II
Assistant Director for Integrated Operations (IOD)
Integrated Operations Division
4 reports
Steve Casapulla
Interim Assistant Director for the National Risk Management Center (NRMC)
National Risk Management Center
0 reports
Christine Serrano Glassner
Chief External Affairs Officer
External Affairs
0 reports
Spencer R. Fisher
Chief Counsel
Office of the Chief Counsel
0 reports
Nicole Windham
Chief Operations Support Officer
Mission Support and Enablement
0 reports
Elizabeth Jackson
Acting Chief Financial Officer
Finance
0 reports
Preston Werntz
Acting Chief Information Officer
Information Technology
0 reports
The operating model
How Cybersecurity and Infrastructure Security Agency divides the work
4 offices, branches, or components organize the agency mission. Tile size scales with estimated staff where public estimates exist.
Cybersecurity Division
1K employees
p2
Leads federal civilian cybersecurity operations, guidance, and services, including vulnerability management and incident coordination.
Infrastructure Security Division
800 employees
p3
Manages risk to critical infrastructure sectors through assessments, advisories, and partnership programs.
Emergency Communications Division
300 employees
p4
Supports interoperable and resilient emergency communications nationwide.
Integrated Operations Division
500 employees
p5
Coordinates CISA operations, situational awareness, and regional integration.
The agency brief
What this U.S. agency structure tells us
CISA is a component agency of the U.S. Department of Homeland Security with statutory authority to lead national efforts to understand, manage, and reduce risk to cyber and physical infrastructure. Its structure blends mission-focused divisions (Cybersecurity, Infrastructure Security, Emergency Communications, Integrated Operations, and the National Risk Management Center) with enterprise-wide mission support functions and a nationwide regional network. The matrix design allows CISA to deliver services across sectors and geographies while maintaining centralized policy, risk analysis, and operational coordination in support of federal, state, local, tribal, territorial, and private-sector partners.
- Civilian-led national cyber and infrastructure risk agency
- Strong regional footprint supporting state and local partners
- Matrix structure linking mission divisions and regions
The comparison
Compare with related agencies
Compared with FEMA (also within DHS), CISA is less incident-response centric and more risk-management and advisory focused. Relative to DOJ cyber components, CISA emphasizes partnership and voluntary risk reduction rather than law enforcement. Compared with NSA or U.S. Cyber Command, CISA is civilian-led, …
Senior office count
Cybersecurity and Infrastructure Security Agency
11
Reporting depth
Cybersecurity and Infrastructure Security Agency
3 levels
Current signals
What changed recently
No leadership changes beyond those reflected on the current official CISA leadership page.
Frequently Asked Questions
Who leads Cybersecurity and Infrastructure Security Agency?
CISA is led by the Acting Director, Nick Andersen.
What does Cybersecurity and Infrastructure Security Agency do?
CISA leads national efforts to manage cybersecurity and physical infrastructure risk through partnerships, services, and operational coordination.
What are the major offices or components of Cybersecurity and Infrastructure Security Agency?
Major components include the Cybersecurity Division, Infrastructure Security Division, Emergency Communications Division, Integrated Operations Division, the National Risk Management Center, and regional offices.
Who does Cybersecurity and Infrastructure Security Agency report to?
CISA is a component agency of the U.S. Department of Homeland Security.
How can this org chart be used for planning or analysis?
The org chart helps model reporting lines, assess spans of control, and plan reorganizations or new mission capabilities within CISA.
Sources
Reference
Cite this page
If you reference this page in research, analysis, or news writing, use one of the formats below. Citation includes the SEC filing source where applicable.
APA 7th
Creately. (2026). Cybersecurity and Infrastructure Security Agency organizational structure. Creately. Retrieved , from https://creately.com/org-chart/us-government/cybersecurity-and-infrastructure-security-agency/MLA 9th
"Cybersecurity and Infrastructure Security Agency Organizational Structure." Creately, April 1, 2026, https://creately.com/org-chart/us-government/cybersecurity-and-infrastructure-security-agency/. Accessed .Chicago 17
Creately. "Cybersecurity and Infrastructure Security Agency Organizational Structure." Last modified April 1, 2026. https://creately.com/org-chart/us-government/cybersecurity-and-infrastructure-security-agency/.Permanent URL: https://creately.com/org-chart/us-government/cybersecurity-and-infrastructure-security-agency/ · last updated 2026-04-01