Full Report
Leatherman, a 22-year FBI veteran, has been heavily involved in cyber investigations as section chief and deputy assistant director over the past three years. The post FBI veteran Brett Leatherman to lead Cyber division appeared first on CyberScoop.
Analysis Summary
# Industry News: FBI Promotes Veteran to Lead Cyber Division
## Summary
The FBI has promoted 22-year veteran Brett Leatherman to Assistant Director, leading the Cyber Division. This move signals organizational continuity within a division critical for national security, counterintelligence, and law enforcement against sophisticated cyber adversaries. Leatherman's background includes leading efforts against major cybercrime groups like LockBitSupp and state-sponsored hacking operations.
## Key Details
- Date: Announced June 9, 2025 (via LinkedIn and reporting)
- Companies Involved: Federal Bureau of Investigation (FBI)
- Category: Government Leadership Appointment/Organizational Update
## The Story
Brett Leatherman, a long-time FBI agent with extensive experience in cyber investigations, has been selected by Director Kash Patel to lead the FBI's Cyber Division. Leatherman has served as section chief and deputy assistant director for the division over the last three years, giving him deep operational familiarity. His past involvement includes leading investigations into high-profile ransomware outfits (like LockBitSupp), combating widespread malware distribution (LummaC2), and contributing to efforts against major nation-state threat actors (Salt Typhoon and Volt Typhoon). He replaces Bryan Vorndran, who departed for a role at Microsoft, and his elevation is seen as stabilizing the division following recent senior-level departures.
## Business Impact
### For the Companies Involved
- **FBI:** Ensures leadership continuity in its critical cyber mandate, leveraging internal expertise to maintain ongoing complex investigations against criminal and state actors.
### For Competitors
- **Private Sector Security Firms (e.g., Microsoft, Mandiant, CrowdStrike):** A veteran appointee means established lines of communication and operational familiarity when engaging with the FBI on threat intelligence sharing, joint takedowns, and policy alignment.
- **Cybercriminal & Nation-State Actors:** Leatherman's promotion signals no softening in enforcement; his known track record suggests continued aggressive pursuit and disruption strategies against these adversaries.
### For Customers
- **Critical Infrastructure & Large Enterprises:** Continued visibility into high-level FBI cyber priorities and sustained partnership efforts in areas like ransomware defense and espionage counter-targeting.
### For the Market
- Stability in federal cyber enforcement leadership is generally viewed positively, reinforcing the government’s commitment to making malicious cyber activity "unsustainable."
## Technical Implications
Leatherman emphasized disrupting criminal and state actors, sharing intelligence, and shaping the operating environment. This suggests continued prioritization of offensive cyber operations (disruption) alongside proactive defensive engagement (shaping the environment) rather than strictly reactive forensics.
## Strategic Analysis
- **Market Positioning:** The FBI maintains its position as the lead national authority combining law enforcement capabilities with intelligence gathering relevant to cyber threats.
- **Competitive Advantage:** Promoting an insider with a proven track record ensures institutional knowledge is retained, crucial for complex, long-running threat campaigns like state-sponsored espionage.
- **Challenges:** The primary challenge remains retaining talent, evidenced by the recent departure of his predecessor (Vorndran) and key policy lead (Cynthia Kaiser) to higher-paying private sector roles, a trend Leatherman must manage to keep the division fully staffed with expertise.
## Industry Reactions
The appointment of an FBI insider is generally viewed as a stabilizing force. Industry watchers will be keen to see if Leatherman’s tenure focuses more heavily on disruption tactics (as hinted in his statement) or pivots toward enhanced public-private intelligence collaboration, especially given the recent talent drain toward the private sector.
## Future Outlook
- **Predictions and expectations:** Expect Leatherman to continue the strong focus on high-value transnational cybercrime and nation-state espionage targeting US infrastructure.
- **What to watch for:** How leadership manages agency churn (staff retaining institutional knowledge given private sector recruitment) and any major policy shifts related to information sharing mandates.
## For Security Professionals
Practitioners dealing with federal investigations, regulatory compliance, or critical infrastructure defense should recognize Leatherman's established priorities: disruption of ransomware, countering specific nation-state TTPs, and utilizing intelligence for defense. Relationships with his deputies will be key for coordinated incident response efforts.