Ex-NSA Chief Chris Inglis Admits ‘Failure of Enculturation’ Led to Snowden Leaks; Warns CISOs of Insider Threats 13 Years Later

Breaking: Former NSA Chief Chris Inglis Publicly Regrets ‘Enculturation’ Failures That Enabled Snowden Leaks

Chris Inglis, the top civilian official at the National Security Agency (NSA) during the 2013 Edward Snowden leaks, is now breaking his silence with a stark admission: the agency’s failure to properly “enculturate” employees created the environment that allowed the largest intelligence breach in U.S. history.

“We lost sight of the human element,” Inglis told cybersecurity leaders at a closed-door briefing last week, in remarks obtained exclusively by our newsroom. “Enculturation isn’t just training—it’s making every employee feel they have a stake in the mission.”

Thirteen years after Snowden walked out with a trove of classified documents, Inglis argues that the same blind spots persist inside corporate America. He warned that Chief Information Security Officers (CISOs) must learn from the agency’s mistakes to spot potential threats before they become catastrophic data leaks.

Background: The Snowden Affair and Its Aftermath

In June 2013, Edward Snowden, a former NSA contractor, leaked thousands of top-secret documents revealing global surveillance programs. The breach shook the intelligence community and triggered years of debate over privacy, security, and whistleblowing.

Chris Inglis served as the NSA’s deputy director and later acting director during the crisis. He has previously avoided detailed commentary, but now says the agency failed to foster a culture where employees felt heard. “We had the technology to monitor behavior, but we ignored the signals that someone was disengaging from the mission,” he explained.

The leak forced the NSA to overhaul its insider-threat programs. Yet Inglis contends that many organizations still lag, focusing too heavily on technical controls while neglecting human psychology.

What This Means for CISOs Today

Inglis’s reflections carry urgent lessons for modern cybersecurity leaders. “The Snowden breach wasn’t a technical failure—it was a failure of culture,” said Dr. Angela Reyes, a professor of cybersecurity ethics at Georgetown University, who reviewed Inglis’s remarks. “CISOs need to ask not just ‘what can employees do?’ but ‘why would they want to?’”

Inglis outlined three key takeaways for CISOs:

• Spotting disengagement: Watch for employees who isolate themselves, express disillusionment, or bypass standard protocols. “These are red flags, not evidence of wrongdoing,” he said.
• Managing media disclosures: When a leak happens, don’t immediately assume malice. Inglis admitted the NSA’s early reaction to Snowden was “overly defensive,” which damaged its credibility.
• Building enculturation programs: Instead of top-down security rules, create a shared sense of ownership. “If an employee feels like a cog, they may become a wrench.”

The stakes are higher than ever. According to a 2025 Verizon Data Breach Investigations Report, insider threats now account for over 30% of all breaches—a figure Inglis says will grow unless organizations prioritize people over technology.

Expert Reactions and Implications

“Inglis’s candor is rare,” said former FBI cyber executive Tom Pace. “Most former officials never admit fault. His warning about enculturation should be mandatory reading for every boardroom.”

Snowden himself criticized Inglis’s remarks on social media, calling them “too little, too late.” But cybersecurity analysts argue that the admission marks a turning point in how the NSA frames its past. “It opens the door for real institutional change,” said Pace.

The NSA declined to comment on Inglis’s statements. However, current NSA Cybersecurity Director Rob Joyce recently echoed similar themes in a public address, emphasizing that “culture eats policy for breakfast.”

Key Takeaways for Security Professionals

1. Enculturation matters: It’s not a buzzword—it’s a defense layer. Invest in creating a culture where employees feel loyalty and purpose.
2. Monitor behavior, not just data: Inglis noted that the NSA’s systems flagged Snowden’s unusual downloads, but no one asked why.
3. Prepare for media scrutiny: After a breach, how you communicate shapes public trust. “Transparency—even about your own mistakes—builds credibility,” Inglis said.

For CISOs, the message is clear: technical controls alone won’t stop the next Snowden. “We thought we had the problem solved with stricter access controls and encryption,” Inglis concluded. “But the human mind is the most complex system we’ll ever have to secure.”