Brett Leatherman, a career FBI official with deep cybersecurity experience, has been tapped to serve as assistant director of the bureau’s Cyber Division.
In a post on LinkedIn, Leatherman said he was chosen by new FBI Director Kash Patel to take over the role after Bryan Vorndran recently retired.
“I’m grateful to continue serving alongside the men and women of the FBI cyber program — professionals who represent some of the best technical, investigative, and analytic talent in the world, and who get to perform a mission like no other,” Leatherman said, thanking Vorndran for making the division “partnership focused and victim centric.”
Leatherman will be stepping up from a position as deputy assistant FBI director for cyber operations.
He has spent more than two decades at the FBI, working in the Cleveland and Detroit field offices before joining the Cyber Division. He was section chief of National Security Cyber Operations for the FBI, where he worked on state-affiliated cyberthreats with multiple U.S. intelligence agencies.
As deputy assistant director for cyber operations, he managed the teams handling sophisticated criminal and state-sponsored cyber groups while also serving as director of the National Cyber Investigative Joint Task Force — an interagency information sharing effort. He spoke with Recorded Future News in April about Chinese state-backed cyberthreats.
Leatherman noted his past work in his LinkedIn post, writing that his new role “demands urgency, innovation, and close partnerships across government, industry, and international alliances.”
He pledged to “impose cost on our cyber adversaries while supporting victims of cyber crime.”
“Our charge is simple but not easy: make malicious cyber activity unsustainable. That means disrupting criminal and nation-state actors, sharing intelligence that helps victims defend and recover, and shaping the broader operating environment through persistent engagement,” he said.
Recorded Future News was first to report last month that Vorndran planned to retire after serving in the role since 2021. Vorndran, who joined Microsoft as the company’s deputy CISO responsible for cybersecurity of global supply chains, is credited with making the FBI more aggressive in disrupting malicious hackers and cybercrime gangs.
During Vorndran’s tenure, the bureau expanded its anti-cybercrime tactics beyond the indictment-and-arrest approach. The FBI now is more likely to conduct incident response, such as outreach to LockBit ransomware victims, dismantle the online infrastructure of groups and claw back ransomware payments, as in the case of the Colonial Pipeline attack.
“We’re not going to pressure the threat through indictments and arrests. That’s a very small percentage we’ll be able to get our hands on. Pressuring the threat means eroding the ecosystem of which they operate, whether it’s their malware developers, their traditional infrastructure, their money, or their communications,” Vorndran told Recorded Future News in 2022.
Vorndran also helped popularize advisories released alongside multiple U.S. agencies, helping draw public attention to digital threats to give the private sector a greater understanding of possible risks so resilience can be prioritized accordingly.
Recorded Future
Intelligence Cloud.
