Icon for email, a simple dark blue paper plane
Dark blue phone icon

Phil Kirk

Director, Region 7 (Kansas City), Cybersecurity and Infrastructure Agency (CISA), DHS, MA in Security Studies (CHDS) '11

Phil Kirk is the Region 7 Director for the Cybersecurity and Infrastructure Security Agency (CISA) in the U.S. Department of Homeland Security (DHS). Region 7 is headquartered in Kansas City, Missouri, and serves the states of Iowa, Kansas, Missouri and Nebraska. CISA is the Nation’s risk advisor, working with partners to defend against today’s digital and physical threats and collaborating to build more secure and resilient infrastructure for the future. 

Through leadership and management of field-based resources and capabilities, Regional Directors guide all of CISA’s numerous and varied programs. Mr. Kirk was selected as Regional Director of the Office of Infrastructure Protection in the National Protection and Programs Directorate (NPPD) of DHS in 2016, prior to the creation of CISA through the Cyber Security and Infrastructure Security Act of 2018. He then served as the Acting Director of CISA Region 7 for two years until his appointment to the Senior Executive Service in January 2021. He is the senior CISA official in the region and is accountable for the execution of programs to defend critical infrastructure against the threats of today, while coordinating and collaborating with partners across all levels of government and in the private sector to secure against evolving threats of tomorrow. He serves as the senior advisor and liaison between DHS and senior federal, state, local, and tribal governments and private sector officials on matters relating to the security and resiliency of nationally, regionally, and locally significant critical infrastructure. Mr. Kirk is also responsible for directing incident management activities as they relate to critical infrastructure restoration and resilience. 

Previous to his tenure with CISA, Mr. Kirk spent over 20 years of his federal career in a diverse and progressive set of positions in the Federal Emergency Management Agency (FEMA) in Region 7, most recently as the Federal Preparedness Coordinator and National Preparedness Division Director. In this position, Mr. Kirk served as a consultant and the principal advisor to the FEMA Regional Administrator regarding all preparedness matters. He led multiple programs and initiatives to strengthen, integrate, and operationalize the preparedness efforts of the region to build preparedness capabilities across all levels of government, jurisdictions, disciplines, critical infrastructure sectors, and citizen groups. 

Before being named the first Federal Preparedness Coordinator in 2008, he served as the Chief of the Response Branch in the Response and Recovery Division. Prior to that assignment, Mr. Kirk was a Branch Chief in the Mitigation Division for five years. Mr. Kirk began his career in FEMA in 1994 as the Public Affairs and Congressional Liaison Officer. 

In 1998, Mr. Kirk left FEMA and moved to Washington, DC, where he held the position of Intergovernmental Relations Manager for the U.S. Chemical Safety and Hazard Investigation Board, a then new independent federal agency, with the mission of ensuring the safety of workers and the public by reducing the number and severity of industrial chemical accidents. After serving a year in this position, Mr. Kirk returned to FEMA. 

Prior to joining FEMA, Mr. Kirk was the District Director for a Member of the U.S. House of Representatives from the state of Kansas and was employed by the Congressman for nearly six years, starting in 1989. 

Mr. Kirk holds a Master of Arts in Security Studies from the Naval Postgraduate School Center for Homeland Defense and Security. He obtained his Bachelor of Science degree in Agricultural Economics from Kansas State University. Mr. Kirk and his spouse, Shelly Kirk, reside in Oak Grove, Missouri. 

"The prevalence and sophistication of new technologies means everyone has to be proactive when it comes to cybersecurity. Every organization — large and small — must be prepared to respond to disruptive cyber incidents. As the nation’s cyber defense agency, CISA stands ready to help organizations prepare for, respond to, and mitigate the impact of cyberattacks."

What led you to NPS, and how did your experience impact your career trajectory?

I came to the Naval Postgraduate School the first time for the Homeland Security Executive Leaders Program within the Center for Homeland Defense and Security in 2009 after becoming the first Federal Preparedness Coordinator for the Department of Homeland Security’s FEMA Region 7 (Iowa, Kansas, Missouri, and Nebraska). That program allowed me to engage in critical and creative thinking with other multi-disciplinary leaders and opened my eyes to viewing the entire homeland security enterprise from multiple lenses. I was drawn to this level of collaboration and integration through the Center, which drove me to apply for the Master of Arts in Security Studies Program. 

Now, in my 34th year of federal civil service and as a member of the Senior Executive Service (SES) and one of ten regional directors for the Cybersecurity and Infrastructure Security Agency, I continue to work with federal, state, local, tribal and territorial (FSLTT) stakeholders and the private sector to reduce risks to and increase the resilience of our critical cyber infrastructure and emergency communications infrastructure. The world-class education I received through the courses, professors, and my classmates at NPS, without question, assisted me greatly in achieving my current position, while also reinforcing my passion for a career in public service.

Cyber warfare is a major threat of the 21st century security landscape. We’ve seen attacks on critical infrastructure both home and abroad and warnings issued by both the U.S. government and private organizations to prepare ourselves for cyberattacks. What are some immediate actions federal and private organizations should take to lessen vulnerabilities and support CISA initiatives? What actions can individuals take to protect themselves?

The prevalence and sophistication of new technologies means everyone has to be proactive when it comes to cybersecurity. Every organization — large and small — must be prepared to respond to disruptive cyber incidents. As the nation’s cyber defense agency, CISA stands ready to help organizations prepare for, respond to, and mitigate the impact of cyberattacks. This means enforcing multi-factor authentication and strong passwords for their employees, installing software updates (prioritizing known exploited vulnerabilities), and securing accounts and credentials. CISA has a number of resources to help organizations available at CISA.gov/Shields-Up.

I would be remiss if I didn’t mention that October is Cybersecurity Awareness Month. CISA will be heavily focused on amplifying the message that everyone has a role to play in helping the nation bolster our collective cyber defenses. There are four immediate actions that organizations and individuals can take right now to protect their online information and privacy and drastically improve their cyber hygiene.

  1. Enable Multi-Factor Authentication. Every single person with an internet connection should take the extra step to protect themselves. By enabling MFA, you are opting in on an extra step to confirm your identity. That extra protection can prevent someone from accessing your information, bank account, social media accounts and more.
  2. Update Your Software. Cyber criminals seek out security weaknesses in outdated software that they can exploit. This is why it’s very important to update the operating system on your phones, tablets and laptops as well as update your applications on all your devices too.
  3. Think Before You Click and know how to recognize signs of phishing attacks. Phishing attacks are some of the most commonly successful types of cyber theft. Some of those signs include a suspicious sender’s address that may imitate a legitimate business or suspicious attachments. You can report phishing attempts 24/7 at gov/report.
  4. Use Strong Passwords. One of the first lines of defense for keeping information safe online is the use of a password. Much of a user’s personal information is stored on their computer, smartphone or tablet, which is why nobody should recycle the same password across multiple apps and websites. By using a password manager to generate and store unique passwords, individuals can make sure their accounts are more secure.

Due to increasing dependency on automation and integrated, connected systems, CISA must be among the first organizations to understand both the advantages and risks presented by new technologies. How is CISA Region 7 working to build more secure and resilient infrastructure to protect against future threats to our national security? What changes and advances in technology need to happen to better secure U.S. infrastructure?  

Throughout this year, CISA Region 7 team has been busy working to build and sustain trusted and effective partnerships between government and the private sector. The team connects stakeholders with relevant information-sharing resources, such as HSIN-CI and the MS-ISAC, and CISA Alerts to ensure they have the most current threat information; promotes and enhances emergency communications capabilities by providing training, exercises, and other forms of technical assistance through the Interoperable Communications Technical Assistance Program; and conducts physical and cyber security exercises and dozens of security assessments throughout the region.

It’s not so much changes or advances in technology that need to happen so much as it’s a change in how the responsibility of cybersecurity is thought about. Protecting the critical systems and functions that underpin our everyday lives is becoming increasingly complex as adversaries develop new techniques to comprise them. However, physical security and cybersecurity activities are often treated as separate entities within most organizations and businesses. When business and security leaders operate in these silos, they lack a holistic view of security threats targeting their enterprise. As a result, attacks are more likely to exploit this inherent vulnerability, which could then lead to significant impacts. These silos need to be broken down so that all the right people are at the table talking: senior executives and boards of directors; procurement professionals; and network administrators, systems administrators, and front-line cybersecurity staff. Ultimately, cybersecurity is a shared responsibility.

How do you apply your experience with FEMA preparedness and response to cybersecurity preparedness? How does preparedness ensure the security of key infrastructure?

My experience at FEMA related to preparedness and incident response provided a strong knowledge base of our nation’s entire homeland security enterprise, better preparing me for my position in CISA. One of the primary objectives at FEMA was to increase capabilities and capacity to lessen or mitigate the impacts of natural disasters and man-made incidents. This was primarily accomplished with stakeholders at all levels by executing the National Preparedness Cycle through planning, organizing, training, equipping, exercising, evaluating and taking corrective actions to ensure effective coordination during incident response. As the nation’s cyber defense agency, CISA leads the national effort to understand and manage cyber and physical risk to our critical infrastructure with the vision of a secure and resilient critical infrastructure for the American people. Both agencies focus significant efforts and resources on working with partners at all levels of government, the private sector, and individual citizens to understand, evaluate and mitigate risks to increase our collective resilience to current threats, whatever those threats may be, and to provide incident response and support when needed. At CISA, our focus is more targeted to cyber, physical, and emergency communications critical infrastructure. FEMA is a critical partner for CISA, as are the other DHS operational components and the federal interagency. We all work together to understand and solve complex problems to safeguard our homeland and the American people.

How is CISA working with industry to combat emerging cyber threats to our nation's critical infrastructure?

Ensuring the security and resilience of the nation’s critical infrastructure is a shared responsibility across the entire community. No one entity, government or private sector, has the knowledge, authority or resources to do it alone. This is why over the past year, CISA has been dedicated to transforming public-private partnership into operational collaboration. That is moving from information sharing to information enabling – the active exchange of data in real-time that can be actioned in order to improve security.

In April of 2022, CISA launched a specific effort under the Joint Cyber Defense Collaborative to bring in industrial control system vendors, integrators and operators for closer collaboration on cybersecurity issues. Through the JCDC, we are engaged in ongoing operational collaboration to exchange, enrich and amplify actionable information across the public and private sector. Industry partners include cybersecurity companies and critical infrastructure owners and operators. U.S. government partners are diverse and include the U.S. Department of Defense.

While there is much mis- and disinformation surrounding election security, fair and free elections are a hallmark of American democracy and any threat to that needs to be taken seriously. What is CISA’s role in securing election infrastructure on the local and national levels? What actions is CISA taking to combat mis- and disinformation surrounding election security and instill confidence in the election system?

Election security is a top priority for CISA and we are working side-by-side with our nation’s election officials to protect the resilience of our elections and uphold our nation’s sacred democratic process. We’re engaged with officials in all 50 states, the District of Columbia, and the territories to manage risk from a number of places:

  • Cybersecurity threats from sophisticated, state-sponsored threat actors and cyber criminals
  • Insider threats from people with institutional knowledge and current or prior authorized access to equipment or sensitive information
  • Physical security concerns, including unprecedented levels of threats and harassment targeting election officials
  • Rampant disinformation about elections that gives rise to threats to election infrastructure and officials and undermines confidence in our democratic institutions

Day in and day out we are working to share intelligence and information with our state and local government and private sector partners; provide guidance on how to secure critical election systems; and to expand services and resources — in partnership with the Department of Justice and the broader law enforcement community — that help to keep election officials and voters safe and strengthen the physical security of the nation’s election infrastructure.

Additionally, CISA supports state and local election officials through no-cost voluntary services, including phishing campaign assessments, cyber hygiene scans, penetration tests, and physical security assessments, among other services that can help them to reduce cyber risk to their systems and networks.

Stay Engaged With The Faces Of NPS!

Nominate Someone For Faces Of NPS!

Nominate yourself or another Naval Postgraduate School alumnus, current student, faculty or staff member for consideration in a future Faces of NPS e-newsletter!

Join Our Mailing List!

.iframe-container{ position: relative; width: 100%; padding-bottom: 56.25%; height: 0; } .iframe-container iframe{ position: absolute; top:0; left: 0; width: 100%; height: 100%; }