19-year-old DOGE engineer Edward Coristin has secured a position at the U.S. Cybersecurity and Infrastructure Security Agency (CISA). Alongside him, 38-year-old software engineer Kyle Shutt, also a former member of the DOGE team, has joined the agency, WIRED reports, citing a government source.
CISA declined to comment, referring journalists to the Department of Homeland Security (DHS), its parent agency. However, DHS has yet to issue an official response.
Coristin, known by his alias Big Balls, has been working across various federal agencies and departments since January, serving as a DOGE operator. He has been spotted at the General Services Administration (GSA), the Office of Personnel Management (OPM), the State Department, and the Federal Emergency Management Agency (FEMA). At the State Department, Coristin allegedly had access to systems containing sensitive intelligence data on U.S. diplomats and global intelligence sources.
According to journalists, Coristin now holds the title of Senior Advisor at CISA. His DOGE colleague, Kyle Shutt, has also joined the agency. Prior to his collaboration with Musk, Shutt was one of the developers behind WinRed, the platform used by the Republican Party to raise $1.8 billion for the 2024 election campaign. Like Coristin, Shutt also previously worked at GSA.
It remains unclear what level of access Coristin and Shutt have been granted within CISA. However, the agency is responsible for securing federal civilian networks and works closely with operators of critical infrastructure across the country. CISA has access to data on cyberattacks, software vulnerabilities, and risk assessments for various systems, including those linked to elections. Since 2018, the agency has been assisting local election commissions in identifying and mitigating security vulnerabilities.
Previously, WIRED reported that in 2022, Coristin worked at Path Network, a company specializing in network traffic monitoring, known for hiring former hackers. According to cybersecurity journalist Brian Krebs, Coristin’s online presence may be linked to The Com, a cybercriminal group implicated in the Snowflake breach and other cyberattacks. While there is no direct evidence tying Coristin to these incidents, traces of an online account allegedly linked to him suggest that its owner sought assistance in orchestrating a DDoS attack. Experts believe this account is connected to Coristin. Additionally, he was reportedly dismissed from Path Network for allegedly leaking internal company documents to a competitor.
Last week, The Washington Post reported that Coristin had assumed a senior advisory role at DHS, though the specific division remained undisclosed. It has now been confirmed that he is working at CISA.
