Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA), was fired by Donald Trump in 2020 for publicly affirming that the presidential election was secure and free from widespread fraud. Fast-forward to April 2025: Trump, now back in the White House, issued an executive order revoking Krebs’ security clearances and ordering a federal investigation into his conduct, specifically targeting both Krebs and his employer, SentinelOne. The order also suspended clearances for other SentinelOne employees and threatened the company’s ability to do business with the government.
Krebs responded by resigning from SentinelOne to fight the administration’s campaign against him, stating, “This is a fight for democracy, freedom of expression, and the rule of law. I’m ready to give it my all”. SentinelOne’s stock dropped, and the chilling effect on the broader cybersecurity sector was immediate and palpable.
The Industry’s Response: Silence, Not Solidarity
Despite Krebs’ reputation for professionalism and integrity, the cybersecurity industry has, with rare exceptions, responded with silence. Reuters reached out to 33 major cybersecurity firms and three industry groups—only one responded with a comment. Industry leaders, major vendors, and conference organizers have largely avoided public statements. Even companies with direct ties to Krebs, such as Microsoft and CrowdStrike, declined to comment.
This silence is not just disappointing—it’s dangerous. The executive order against Krebs is not merely a personal vendetta; it is a test of constitutional norms and the independence of the cybersecurity profession. By targeting Krebs for telling the truth, the administration is sending a message: dissent—especially when it contradicts the preferred political narrative—will be punished. The industry’s lack of response is, in effect, complicity.
Why This Matters
- Chilling Effect: If a high-profile, well-respected figure like Krebs can be targeted for doing his job, no one in the industry is safe. The message is clear: toe the line or risk your career and your company’s future.
- Erosion of Trust: Cybersecurity is built on trust and integrity. If practitioners cannot speak the truth without fear of retaliation, the entire profession is undermined.
- Precedent for Authoritarianism: The use of executive power to punish private citizens and companies for protected speech is a hallmark of authoritarianism. The industry’s silence enables further overreach.
What Every RSA Attendee Should Do
RSA Conference 2025’s theme is “Many Voices. One Community.” But a community that stays silent in the face of injustice is not united—it is complicit. Every attendee, whether you’re a practitioner, vendor, or “A-lister,” has a responsibility to meet this moment.
When you visit vendor booths or encounter cybersecurity leaders and influencers at RSA, ask them:
- What are you and your company doing to publicly support Chris Krebs and SentinelOne?
- How are you defending the principles of free speech and professional integrity in cybersecurity?
- Are you willing to risk contracts, revenue, or reputation to stand up for what’s right?
- What concrete actions will you take to ensure that truth-telling cybersecurity professionals are protected, not punished?
Don’t let them dodge. Don’t accept platitudes.
If you’re a vendor or a leader: issue a public statement. Sign an open letter. Organize a session or a panel on defending professional independence. Use your platform—on stage, on social media, in the press—to call out this abuse of power.
If you’re an attendee: demand answers. Refuse to let silence be the industry’s answer to authoritarian overreach.
Remember: Silence is not safety. Silence is capitulation. If the cybersecurity community cannot defend its own when the truth is under attack, then what exactly are we protecting?
This is your moment. Don’t waste it.
RSAC 2025 Sets A Dangerous Precedent for Cybersecurity Leadership
(I posted this on LI, but I like to own my content, so am also posting here.)
The cybersecurity community deserves better than what we’re witnessing at RSAC 2025, today.
While Kristi Noem delivers today’s keynote, the absence of traditional cybersecurity leaders from agencies like NSA and CISA speaks volumes about shifting priorities in our field. This contrast becomes even more troubling when viewed alongside recent developments with Chris Krebs. The former CISA director — widely respected for his defense of election security — has faced unprecedented retaliation: security clearances revoked, his employer SentinelOne effectively blacklisted, and federal investigations directed into his tenure for simply upholding the integrity of our democratic systems.
Meanwhile, Secretary Noem — who has publicly committed to “reining in” CISA’s disinformation efforts and called its election integrity work “shocking” — receives our industry’s most prestigious speaking platform. Her tenure at DHS has featured more political theater than substantive cybersecurity leadership — or just leadership in general — prioritizing spectacle over the technical expertise and collaborative approach our field demands.
RSAC has always represented rigorous, forward-thinking discussion about defending critical infrastructure and fostering trust in technology. By elevating political figures who undermine the very principles our community stands for — while one of our most principled voices faces silencing — we’re accepting a dangerous new standard.
The cybersecurity field requires leaders who value expertise, accountability, and the defense of democratic norms. We must ask ourselves: what message are we sending about our professional values when we applaud those who work to dismantle the very protections we’ve built?
Every individual involved with RSAC who had a part to play in this decision should be deeply, deeply ashamed of themselves.