Edward Coristine, a 19-year-old engineer with Elon Musk’s so-called Department of Government Efficiency (DOGE) known as “Big Balls,” is now on staff at the Cybersecurity and Infrastructure Security Agency, WIRED has confirmed. He is joined by another member of the DOGE team, 38-year-old software engineer Kyle Schutt, who is now also on the CISA staff, according to a government source.
CISA referred WIRED to the Department of Homeland Security (DHS), of which it’s a component agency, when reached for comment. DHS did not immediately reply to a request for comment.
Coristine—briefly an intern for Musk’s brain-computer interface company Neuralink, as WIRED has reported—has been working his way through numerous federal agencies and departments as a DOGE operative since January. He has been tracked at the General Services Administration (GSA), the Office of Personnel Management, the State Department, and the Federal Emergency Management Agency. At State’s Bureau of Diplomatic Technology, he potentially had access to systems containing sensitive information about diplomats and many sources around the world who provide the US government with intelligence and expertise.
As the journalist Marisa Kabas was first to report, he has now moved to CISA, a division of DHS. He is listed in the staff directory as a senior adviser.
A second DOGE worker, Schutt, has also joined Coristine at CISA. Schutt has reportedly also been at the GSA. Prior to his work with DOGE, he worked on the launch of WinRed, a fundraising platform for Republicans that helped the party raise $1.8 billion during the 2024 election campaigns.
It’s not clear what level of access Coristine might have to data and networks at CISA, but the agency, which is responsible for the defense of civilian federal government networks and works closely with critical infrastructure owners around the country, stores a lot of sensitive and critical security information on its networks. This includes information about software vulnerabilities, breaches, and network risk assessments conducted for local and state election offices. Since 2018, CISA has helped state and local election offices around the country assess vulnerabilities in their networks and help secure them. CISA also works with the Federal Bureau of Investigation and the National Security Agency to notify victims of breaches and process information about software vulnerabilities before the information becomes public.
Coristine, as WIRED has previously reported, worked briefly in 2022 for Path Network, a network monitoring firm known for hiring reformed blackhat hackers. According to security journalist Brian Krebs, an account once associated with him was also previously linked with a loosely formed cybercriminal community known as The Com, whose members have been responsible for various hacking operations in the last few years, including the hack of numerous Snowflake accounts. Coristine has not been associated with the Snowflake breaches, but as WIRED has reported, an account that has been associated with him did appear to suggest the owner of the account was seeking help to conduct a distributed denial-of-service attack—a criminal technique that involves launching extensive traffic at a domain to disable it and prevent legitimate traffic from reaching it. Krebs also reported that Path had fired Coristine for allegedly leaking internal company documents to a competitor.
The Washington Post reported last week that Coristine had been assigned to the DHS as a senior adviser but didn’t indicate what part of the sprawling agency he had joined.
“What’s the point of fighting cybercrime if we’re just going to give access for government networks to people with cybercriminal gang affiliations?” says a cybersecurity researcher who tracks cybercriminal groups.
