After cuts to DoD’s cyber workforce, experts see short-term readiness risks, but also opportunity

TECHNET AUGUSTA 2025 — In the months since the US government embarked on an unprecedented downsizing of the federal workforce spearheaded by the Department of Government Efficiency, tens of thousands of government employees have been shown the door, including civilians in the digital trenches at the Pentagon’s cyber agencies.

It’s a move that senior DoD officials have said publicly offers the opportunity to “ruthlessly realign,” as Lt. Gen. Paul Stanton, the head of the Defense Information Systems Agency and the DoD Cyber Defense Command said in May. 

But experts told Breaking Defense that while they mostly have faith in the long-term prospects of America’s cyber workforce and its current leadership, the disruption is likely to increase risk in the short term, both from external adversaries and for internal morale.

“If [adversaries] see that we’re unable to respond, as we have in the past, then it’s very likely that we will see an increase in malicious activity on the part of the adversaries of our country. No question about it,” said Daniel Ragsdale, who served in cyber roles at the Pentagon in the Biden and Trump administrations. However, he said, “to date, I don’t believe that we’re in that place.” 

It’s difficult to say precisely how many Pentagon cyber operators are among the estimated 300,000 federal workers expected to be fired or to take buy-out offers, but the Pentagon announced earlier this year that it planned to cut roughly 60,000 civilians from its overall workforce through the deferred resignation program, the firing of probationary employees and other means of termination. 

As of November 2024, the Pentagon’s cyber workforce included 225,000 “highly trained civilians, military and contractor personnel.” That was before Stanton told Congress in May that he expected a 10 percent cut from DISA’s 20,000-person workforce, and before Lt. Gen William Hartman, who serves as the acting commander of US Cyber Command and the National Security Agency, told lawmakers an expected 8 percent cut to his command would be “impactful.”

The Pentagon also implemented a partial hiring freeze that a defense official said will continue until Secretary of Defense Pete Hegseth believes it’s “no longer necessary.” DoD does still hire for “critical national security roles” including in the “cyber fields,” the official said, at a rate of 1,000 new hires per month across the department “in line with larger re-optimization goals.“

Beyond that, the official declined to provide new figures for the DoD’s current cyber workforce or to comment more broadly for this report. The lack of clarity, one expert said, is part of the problem.

“It’s really hard to get a full picture across the entire Department of Defense of where we are right now with the force and where we think we need to go, because it’s so disparate and fractionated,” Quentin Hodgson, a cybersecurity expert and senior defense researcher at the RAND Corporation, told Breaking Defense. 

‘In The Short Term It Will Be Damaging To Readiness’

When discussing the cuts with lawmakers in May, Hartman and Stanton appeared optimistic.

“It’s giving us an opportunity to ruthlessly realign and optimize how we are addressing what is an evolving mission,” Stanton said at the time, while also acknowledging that his team eventually needs “to hire the right people back into the right positions to then lead us forward.”

At the time, Hartman said that he was “confident” such positions can be filled with internal personnel and “be able to executive the agency’s mission.” 

But for years the Pentagon has been emphasizing the need to expand, not shrink, its cyber workforce as the cyber domain has exploded in complexity. 

“To combat current and future cyber threats and attacks, the DoD must employ an agile, highly skilled and diverse cyber workforce. The Department must also expand its cyber workforce with various roles and develop talent to securely build, operate and maintain its digital and critical infrastructures and protect and defend our data against cyber adversaries at home and abroad,” the Pentagon’s 2023 cyber workforce strategy stated. 

Hodgson said that while the Pentagon was “making some progress over the last couple of years to try to bridge that gap,” the “changes in approach with the new administration […] are widening that gap again.”

“I think in the near term, there’s going to be struggles, because they have lost probably some talent that they would rather not have lost,” he added.

In May, Patrick Johnson, director of the Workforce Innovation Directorate under the Pentagon’s chief information officer, reportedly told a webinar, “We’re going to see a reduction in the size of our force.” However, he added that the Pentagon was still able to hire 200 cyber personnel a month — still a stark contrast from the 1,500 it usually hired before the freeze came into play. 

“Our goal is to limit that, provide the administration, and particularly the secretary and the deputy secretary, the information they need to make reasoned and rational decisions on the size of the force and where we have to cut, and be as focused and strategic as we can,” he said, according to Meritalk. “A lot of these things, you cannot simply turn the switch on and have it flood back in.”

Mark Montgomery, senior director of the Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies, said a growing cyber force remains critical to keeping up with America’s adversaries.

“The reason we had a new DoD cyber workforce strategy was [because] it’s really clear the Chinese, particularly, are aggressively targeting us. Look, we have small amounts of criminal problems, some problems with the Russians and Iranians, but China is the significant threat facing the department,” Montgomery said. “Then you have a number of emerging technologies coming where you need to have new skill sets […] so you have to have a refreshed and skilled workforce in those issues, and it’s hard to do that if what you’re doing is a ‘shields up’ approach. It creates risk. Any detriment to the growth of DoD’s cybersecurity workforce puts the entire enterprise at risk.”

Matt Pearl, who directs the Strategic Technologies Program at the Center for Strategic International Studies, told Breaking Defense the belt-tightening doesn’t just affect US cyber operations.

“A key part of this is being effective partners, and I’m concerned that they don’t have the personnel,” Pearl said. “Hartman said in his testimony that some junior people are going to have to step up into more senior ranks or senior positions in terms of civilian roles, and I don’t know if they have those relationships and the ability to do that sort of coordination.” 

Ragsdale, who served as the principal director for cyber at Office of the Under Secretary of Defense research and engineering before becoming the White House’s Deputy Assistant National Cyber Director, added that the downsizing could hurt internally as well. 

“In the short term it will be damaging to readiness. I think it’s a short-term disruption, short-term uncertainty, short-term perhaps damaging to the morale of the workforce,” he said. 

Some ‘Good News’ For The DoD

But it’s not all gloom and doom, the experts said, as the DoD should be well equipped to deal with such losses — it just may take a while. 

“The good news is they are the DoD, which means they have resources,” Montgomery said, adding that compared to other agencies, the DOGE-inspired impacts were rather “limited” on the DoD. 

Also, he said, the DoD will likely bounce back given the Pentagon’s cyber workforce chief, Mark Gorak, who he described as a “centralized leader,” is in a “good position” to grow the workforce when the dust settles. Gorak’s formal title is the Principle Director for Resources and Analysis, a job that the Pentagon says includes overseeing “driving cyber workforce development in the DoD.”

Similarly, Ragsdale also praised Gorak, saying he is really trying to “bring in that talent and expertise, and he’s a reformer,” explaining that he was able to fill gaps in the workforce prior to DOGE’s existence so he’ll likely be able to do it again. 

But the Pentagon’s cyber workforce may be more than just OK in the long term, Hodgson said. 

“I guess if I was to put a positive spin on it, this may require the department to make some more strategic choices about where it’s going to invest in people over the long term,” he said. 

Ragsdale shared this positivity, saying that, “with the right leaders in place, with the right reforms in place, if we can continue to attract and retain high cyber talent, I think that long term readiness could actually be enhanced.” 

Hodgson added that to help fill the current gaps, the DoD could transition some of its rather mundane tasks to artificial intelligence. 

“You can do things to offload a lot of routine actions that a lot of the private sector companies have figured out how to offload and not have large workforces dedicated to,” Hodgson said. “I think there will in the next year or so, probably some challenges, but that also presents an opportunity that maybe we can figure out a way in the Department of Defense to not simply rely on or always defaulting to, ‘I need more people to do this mission.’”

Ragsdale echoed Hodgson’s idea of leveraging AI to fill some workforce gaps, saying that the DoD is going to have to “leverage to the full extent possible capabilities that will streamline and enhance your ability to do your job,” including using both “automation in general and agentic AI” that could take some of “those non productive activities off your plate.” 

But offloading such tasks to AI may have been made more difficult due to cuts among other federal workforces. The National Institute of Standards and Technology in the Commerce Department has seen its own cuts, which Montgomery said could affect its ability to develop the standards by which the DoD can use AI in the first place.

Ultimately, Hodgson said that for the Pentagon’s cyber workforce “we will have to wait and see what happens.” 

“Like anything … change is hard. So I think that there will be just some challenges that we’re gonna have to watch out for over the next six to 12 months at least, before we really understand what the potential impact is going to be,” he said.