Indian American Cybersecurity Chief Madhu Gottumukkala Removed After Tumultuous Tenure Marked by Scandals

The Trump administration removed Madhu Gottumukkala from his position as acting director of the Cybersecurity and Infrastructure Security Agency on Feb. 27, 2026, capping a nine-month tenure marked by security lapses, failed polygraph tests, mass layoffs and widespread criticism from both Democrats and Republicans.

Gottumukkala, 49, an Indian-born American engineering executive, was reassigned to a position as director of strategic implementation at the Department of Homeland Security, which houses CISA, according to multiple outlets including TechCrunch, Cybersecurity Dive and CyberScoop.

Nick Andersen, who served as the agency’s executive director for cybersecurity, will replace him as acting director, a CISA spokesperson told TechCrunch.

The move came one day after CyberScoop reported on widespread dismay with the agency’s performance during the first year of the Trump administration, with significant criticism aimed at Gottumukkala’s leadership on both sides of the aisle.

“Madhu Gottumukkala has done a remarkable job in a thankless task of helping reform CISA back to its core statutory mission,” a Department of Homeland Security official told CyberScoop Thursday, offering a defense even as he was being removed from the role.

Gottumukkala previously served as South Dakota’s chief information officer under then-Governor Kristi Noem, now DHS secretary, from September 2024 to May 2025, and as the state’s chief technology officer from August to September 2024.

His close ties to Secretary Noem helped secure his appointment to CISA. As Cybersecurity Dive noted, “He has close ties to Secretary of Homeland Security Kristi Noem, for whom he worked in South Dakota when she was governor and he was the state’s CIO. (He did not have any cybersecurity leadership experience before taking charge of CISA.)”

The Security Breach

The most high-profile controversy erupted in January 2026 when Politico reported that Gottumukkala had uploaded at least four documents marked “for official use only” to OpenAI’s public ChatGPT platform between mid-July and early August 202.

The documents contained contracting information and cybersecurity materials not intended for public release, according to Politico. While the files were not classified, their “For Official Use Only” marking meant they were sensitive and not meant for public platforms.

The uploads triggered cybersecurity sensors in early August, generating several alerts in the first week alone, according to CSO Online citing four Department of Homeland Security officials. The incident occurred despite Gottumukkala having personally requested special permission to use ChatGPT shortly after joining CISA — at a time when the AI tool was blocked for most DHS employees over concerns that sensitive information could be retained outside federal systems.

Data entered into the public version of ChatGPT can be incorporated into the model’s training data and exposed to hundreds of millions of users, raising questions about whether government-related data could have been exposed more widely, according to Sunday Guardian.

CISA spokesperson Marci McCarthy confirmed that Gottumukkala received approval to use ChatGPT under DHS safeguards and described the usage as “short-term and limited,” according to CSO Online. She said he last used the tool in mid-July 2025 under an authorized temporary exception.

The Failed Polygraph Controversy

In December 2025, Politico reported that Gottumukkala had failed a counterintelligence polygraph test in late July 2025. He had requested access to a controlled access program — an act that would require taking a polygraph — in June 2025.

After he failed the test, DHS subsequently suspended six career staffers who had administered it, characterizing the polygraph as “unsanctioned,” according to TechCrunch.

Gottumukkala disputed the characterization of events and told lawmakers that he did not agree with that description, according to Sunday Guardian Live.

 Politico reported that Gottumukkala had failed a counterintelligence polygraph test in late July 2025. He had requested access to a controlled access program — an act that would require taking a polygraph.

Under Gottumukkala’s leadership, CISA experienced devastating workforce reductions. The agency’s personnel dropped from over 3,300 to around 2,200 through buyouts, early retirements, and layoffs — a loss of more than 1,000 employees.

During a Jan. 21, 2026 House Homeland Security Committee hearing, Chairman Bennie Thompson entered a chart into the record showing the number of personnel had fallen from 3,387 before President Trump’s inauguration to 2,389 by mid-December.

Under questioning from Thompson, Gottumukkala said CISA’s attrition rate was 7.5% last year, a figure he said was lower than most agencies. Gottumukkala said the agency has “the required staff” to do its work, but Thompson said he was still awaiting an expected letter from Gottumukkala on workforce needs and wanted a more precise number on current vacancies.

“We recognize that a disciplined mission requires the right workforce — not a larger one, but a more capable and skilled one,” Gottumukkala said in his opening remarks at the hearing.

Democrats pressed Gottumukkala repeatedly on whether any CISA personnel had been reassigned to working on immigration enforcement. Gottumukkala said this hadn’t happened during his time at the agency, contradicting published reports and a claim from Gottumukkala that Democrats said was false. Thompson’s chart showed 65 employees being reassigned out of CISA.

Hours before his own removal, Gottumukkala succeeded in pushing out CISA’s chief information officer Bob Costello after clashing with him, according to Cybersecurity Dive.

Nextgov reported Thursday that CISA lost Costello, the agency’s CIO tasked with overseeing the agency’s IT systems and data policies. The news outlet reported Gottumukkala tried to transfer Costello but was blocked by unnamed political appointees. He finally succeeded Thursday, just hours before his own removal.

Indian American Background

Madhu Gottumukkala was born in Andhra Pradesh, India, on Oct. 29, 1976. He graduated from Andhra University with a bachelor of engineering in electronics and communication engineering, earned a master’s degree in computer science engineering from the University of Texas at Arlington, and received a Master of Business Administration in engineering and technology management from the University of Dallas.

In April 2025, Noem named Gottumukkala as deputy director of CISA; he began serving in the position on May 16. That month, Gottumukkala told personnel at the agency that much of its leadership was resigning and that he would serve as its acting director beginning on May 30.

As acting director, Gottumukkala was characterized by Cybersecurity Dive as “a reliable political ally of the Trump administration.” Over the past nine months, Gottumukkala “dutifully implemented a series of workforce and program cuts that demoralized the agency’s staff and alienated many of its partners in state and local government and the critical infrastructure community,” according to Cybersecurity Dive.

Those cuts attracted criticism from experts and lawmakers, however, and by November, Gottumukkala was promising that CISA would soon begin a hiring spree to rebuild its diminished capacity. Even so, he told Congress in late January, CISA’s work “is mission-focused, which means capability is measured by outcomes, not head count,” according to Cybersecurity Dive.

CISA employees expressed relief at Gottumukkala’s departure. “I am excited for this leadership change,” said one CISA employee, who requested anonymity to speak freely, according to Cybersecurity Dive. Gottumukkala “was clearly the wrong person” to lead CISA, this employee added.

This story was aggregated by AI from several news reports and edited by American Kahani’s News Desk.