The Cybersecurity and Infrastructure Security Agency (CISA) has announced the appointment of Nicholas Andersen as its new Executive Assistant Director for Cybersecurity. Andersen, a well-recognized figure in national security and cybersecurity, officially began his role on September 2, 2025. He will be responsible for leading CISA’s cybersecurity mission at a time when the nation faces complex digital threats targeting critical infrastructure.
“I am pleased to welcome Nick Andersen to our CISA leadership team,” said Acting CISA Director Madhu Gottumukkala. “His broad experience across business, government, and technology uniquely positions him to strengthen our engagement with critical infrastructure partners, helping them better assess risk and elevate their security posture. I look forward to working with him as we advance our mission and safeguard the resilience of our nation during this pivotal time.”
For Nicholas Andersen, the new role is both a responsibility and a continuation of his long-standing mission to defend the United States. “I am honored to have the opportunity to join CISA and the trust placed in me by President Donald Trump and Secretary Kristi Noem,” Andersen said. “Having led organizations in both the public and private sectors, I deeply appreciate the vital role a robust cyber defense agency plays in securing our nation’s critical infrastructure. My career has been dedicated to defending America, and I look forward to continuing that mission at CISA.”
Nicholas Andersen: Career in Security
Andersen has spent much of his professional life safeguarding the country’s critical infrastructure against both physical and digital threats. His career reflects a balance of military service, government leadership, and private sector expertise, giving him a unique perspective on today’s cyber challenges.
A decorated U.S. Marine veteran, Andersen’s military background instilled the discipline and foresight that have marked his leadership roles. He has been recognized as Intelligence Executive of the Year and named one of the top 10 CISOs to watch by Washington Executive Magazine.
In the private sector, Andersen served as President and Chief Operating Officer at Invictus, where he oversaw cybersecurity, intelligence integration, and technology delivery for both federal and commercial partners. His role as Chief Information Security Officer at Lumen Technologies Public Sector further highlighted his ability to bridge public and private interests. There, he designed and executed a comprehensive cybersecurity strategy, launched secure offerings, and established partnerships that enhanced national resilience.
His government service is equally distinguished. From 2019 to 2021, Andersen held senior roles at the Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response. As Principal Deputy Assistant Secretary and later Acting Assistant Secretary, he directed national initiatives to protect the U.S. energy sector against cyber and physical threats. He played a key role in responding to Iranian cyber threats, energy crises, and disaster recovery efforts in Puerto Rico.
Transition in Leadership
Andersen’s arrival also brings a shift in leadership within CISA’s cybersecurity division. Chris Butera, who has been serving as Acting Executive Assistant Director for Cybersecurity, will transition into the role of Acting Deputy Executive Assistant Director. This continuity ensures that the agency’s cybersecurity operations remain steady while Andersen takes the helm.
CISA, often referred to as the nation’s cyber defense agency, is tasked with protecting both digital and physical infrastructure that Americans rely on every day. The appointment of Nicholas Andersen comes at a time when threats to this infrastructure are evolving rapidly, from state-sponsored attacks to criminal exploitation of critical services.
With Andersen’s diverse background and proven leadership, CISA aims to deepen its collaboration with industry partners, enhance national preparedness, and ensure resilience in the face of growing cyber threats and attacks.
