With larger budgets on the way, the Cybersecurity and Infrastructure Security Agency (CISA) is currently analyzing the size of the workforce it needs and one likely takeaway will be an expansion of its workforce outside the nation’s capital region to improve its work with state and local governments and the private sector, the agency’s chief said last Friday.

In addition to further building the workforce with greater resources, the agency also expects to bolster its capabilities in hunting threats on networks, managing vulnerabilities, responding to cyber incidents, and utilizing its new public-private planning collaborative to help in all these areas, Jen Easterly, the director of CISA, said during a virtual panel discussion hosted by the Center for Strategic and International Studies.

CISA’s current budget is about $2 billion and the Biden administration is proposing it receive $2.1 billion in fiscal year 2022, which began Oct. 1. The agency earlier this year received $650 million in additional funding from Congress as part of a stimulus package proposed by the administration.

The House has voted to appropriate $2.4 billion for the agency in FY ’22 and Senate Democrats on the appropriations committee are recommending $2.6 billion for CISA.

“We are likely to get a plus-up in the budget,” Easterly said, adding that “I do think that we are going to need a larger budget,” potentially $5 billion.

Rep. John Katko (R-N.Y.), the ranking member on the House Homeland Security Committee, has said that CISA needs to be a $5 billion agency. He was on the panel with Easterly.

CISA was established three years ago within the Department of Homeland Security to work across the federal civilian government, and with the private sector, to strengthen the nation’s defenses and resilience to attacks on information systems and physical infrastructure. Given the relative youth of the agency, Easterly said, “we are making sure that we are putting all the processes in place so that we can absorb that funding and we can spend it responsibly and effectively and so I’m excited about being able to bring in new resources.”

A top priority for CISA is bringing in more cyber talent, which is in high demand across governments and the private sector, in the U.S. and worldwide.

“It’s really not about technology, it’s all about being able to bring in the right talent,” she said.

To that end, on Nov. 15, DHS will be implementing its Cyber Talent Management System, which Easterly pointed out is aimed at streamlining the hiring process with more flexibility, including “based on aptitude and attitude,” and to pay closer to market salaries.

The ongoing “force structure assessment,” said Easterly, who is a former Army officer, is “sort of a troops to task as I would call it in the Army, that is looking across all of our organization to see are we right-sized.”

A “preview” of this assessment is the need to expand field support, which CISA already provides in the areas of cybersecurity, protective security and chemical security. But as cyber-attacks, in particular ransomware, have increased, state and local governments, critical infrastructure entities, and businesses of all sizes have become frequent targets and the demand for CISA’s help has shot up.

“I am looking to probably grow our cybersecurity folks, our state coordinators as well as our cybersecurity advisers because I think we need a greater presence out in the field cause that’s where the companies are, that’s where the state and local folks are, that’s where the small businesses are and so really increasing that field force,” Easterly said.

She told Katko, who told Easterly to speak out on her resource needs, “I think that’s one thing that we’re going to come back on.”

The other area for more funding is “we are likely going to look to increase our vulnerability management capabilities, our threat hunting capabilities, and incident response capabilities and we’re probably going to be building off the Joint Cyber Defense Collaborative, the JCDC.”

The JCDC, which CISA stood up this summer, is meant to move the current public-private partnership around cybersecurity to a new paradigm of operational collaboration where government and industry work together, whether shoulder-to-shoulder or virtually to share information in near-real time that is actionable.