Edward Coristine, a 19-year-old engineer associated with Elon Musk’s Department of Government Efficiency (DOGE), informally referred to as “Big Balls,” has been appointed to the staff at the Cybersecurity and Infrastructure Security Agency (CISA), according to confirmation from WIRED. Alongside Coristine, 38-year-old software engineer Kyle Schutt, another member of the DOGE team, has also joined the CISA staff, as reported by a government source.
When contacted for comment, CISA directed inquiries to the Department of Homeland Security (DHS), its parent agency, which did not immediately respond.
Coristine, who briefly interned at Musk’s brain-computer interface company Neuralink, as previously reported by WIRED, has been involved with several federal agencies since January as a DOGE operative. His assignments have included roles at the General Services Administration (GSA), the Office of Personnel Management, the State Department, and the Federal Emergency Management Agency (FEMA). Within the State Department’s Bureau of Diplomatic Technology, Coristine potentially had access to sensitive systems containing information on diplomats and intelligence sources worldwide.
Journalist Marisa Kabas first reported Coristine’s move to CISA, a division under DHS, where he is now listed as a senior advisor in the staff directory.
Kyle Schutt, another DOGE worker, has also transitioned to CISA alongside Coristine. Schutt has been associated with the GSA and previously worked on launching WinRed, a fundraising platform for the Republican Party that raised $1.8 billion during the 2024 election campaigns.
Coristine’s level of access to CISA’s data and networks remains unclear. However, CISA, responsible for defending civilian federal government networks and collaborating with critical infrastructure owners, handles extensive sensitive security information. This includes data on software vulnerabilities, breaches, and network risk assessments for local and state election offices. Since 2018, the agency has aided state and local election offices in securing their networks. CISA also partners with the FBI and the NSA to notify breach victims and process information on software vulnerabilities before public dissemination.
According to previous reports by WIRED, Coristine had a brief tenure in 2022 at Path Network, a network monitoring firm known for employing reformed blackhat hackers. Security journalist Brian Krebs noted an account previously linked to Coristine was connected to The Com, a loose cybercriminal group responsible for various hacking operations, including breaches of Snowflake accounts. Though Coristine has not been directly associated with these breaches, WIRED reported that an account linked to him appeared to seek assistance in conducting a Distributed Denial of Service attack. Furthermore, Krebs reported that Path Network dismissed Coristine for allegedly leaking company documents to a competitor.
The Washington Post reported the previous week that Coristine had been designated as a senior advisor at DHS but did not specify his exact role within the large agency.
A cybersecurity researcher, who monitors cybercriminal groups, expressed concern, questioning the rationale behind granting government network access to individuals with known affiliations with cybercriminal gangs.
