Former CISA CIO Costello Joins Merlin Group to Shape GovTech AI Strategy

TYSONS CORNER, Va. – March 19, 2026 – By Kenneth Walker

In a move that underscores the strategic value of federal expertise in the private sector, former Cybersecurity and Infrastructure Security Agency (CISA) CIO Robert (Bob) Costello has been appointed Chief Digital & Information Officer at Merlin Group. The announcement positions a veteran public sector technology leader at the helm of digital and AI strategy for a firm dedicated to scaling technology companies for the complex government market.

Costello, who departed CISA earlier this month after nearly five years as its top technology executive, brings over two decades of leadership experience from within the Department of Homeland Security (DHS). His new role at Merlin Group will involve steering the company's internal technology architecture and enterprise AI initiatives while also advising its network of affiliates and portfolio companies on navigating the intricate federal landscape.

This high-profile transition is more than a routine executive appointment; it represents a significant strategic maneuver for Merlin Group and reflects a powerful trend in the national security technology sector: the flow of top-tier talent from public service to private enterprise, where deep institutional knowledge can unlock immense value.

A Strategic Move in the Public-Private Talent Flow

Costello's transition is a prime example of the 'revolving door' phenomenon, where senior government officials move into private sector roles that leverage their unique experience. While such moves are often scrutinized under federal ethics regulations—which include post-employment restrictions on lobbying and representation to prevent conflicts of interest—they are a common and often necessary feature of the government contracting ecosystem. Private firms covet the deep-seated understanding of mission requirements, bureaucratic navigation, and procurement intricacies that officials like Costello possess.

During his tenure at CISA, Costello was responsible for the agency's enterprise IT strategy and digital services, directly supporting the nation's civilian cyber defense mission. His work involved advancing technology modernization, strengthening enterprise security, and improving operational capabilities. Before his CIO role, he held senior positions at U.S. Customs and Border Protection (CBP), where he directed the modernization of the largest data network within DHS and led the migration of over 100 applications to a SECDEVOPS methodology.

This extensive background in large-scale federal IT modernization is precisely what Merlin Group sought. "Bob is a proven technology leader who understands how to translate complex mission requirements into practical, modern digital capabilities," said David Phelps, Founder, CEO, and Chairman of Merlin Group, in a statement. "As Merlin continues to expand our platform and support the growth of cybersecurity and mission technology companies, Bob's experience leading large-scale IT modernization efforts across the federal government will be invaluable."

Deepening Merlin's Government Tech Arsenal

Merlin Group operates a unique model designed to act as a bridge between innovative technology companies and the often-impenetrable U.S. government market. The firm is a network of affiliates, each targeting a specific barrier to entry.

• Merlin Ventures serves as the venture capital arm, making seed-stage investments in emerging cybersecurity firms, particularly from the vibrant Israeli tech scene.
• Constellation GovCloud tackles the formidable regulatory hurdle of FedRAMP (Federal Risk and Authorization Management Program), offering a managed service that dramatically accelerates the path for SaaS companies to achieve an Authority to Operate (ATO) in the federal cloud market.
• Merlin Cyber provides a comprehensive go-to-market acceleration platform, offering services in sales, marketing, and technical support to help companies effectively sell into the public sector.

Costello's expertise is expected to amplify the effectiveness of this entire ecosystem. His intimate knowledge of federal security frameworks like Trusted Internet Connections (TIC) 3.0 and zero-trust architecture—initiatives he helped implement—provides a real-world perspective that can guide Merlin's portfolio companies in product development and positioning. The move also reunites Costello with former colleague Matt Hartman, now Merlin Group's Chief Strategy Officer.

"Having worked alongside Bob during our time at CISA and across DHS, I've seen firsthand the depth of his leadership and his ability to deliver real technology change in demanding mission environments," Hartman stated. "Bob has built a reputation for operational excellence, strategic vision, and a strong focus on mission outcomes."

From CISA Modernization to Private Sector AI Leadership

At the core of Costello's new mandate is the leadership of Merlin Group's digital and artificial intelligence strategy. Within CISA, he was a vocal proponent for using advanced technology not only for mission enhancement but also as a critical tool for recruiting and retaining talent. His new position provides a different vantage point from which to influence the adoption of AI and other emerging technologies across government.

By shaping Merlin's internal strategy and advising its portfolio, Costello can help ensure that the technologies being developed are directly aligned with the current and future needs of federal agencies. His experience gives him a clear-eyed view of the practical challenges of deploying new systems within legacy government environments, a perspective that can help startups avoid common pitfalls.

Costello himself pointed to this role as a connector and accelerator. "Merlin has built a unique platform that connects technology companies with organizations responsible for protecting our nation's most critical systems," he said. "I'm excited to join the team and help develop the digital capabilities that support Merlin's growth while helping innovative solutions reach mission operators faster."

His appointment comes as Merlin navigates a competitive landscape of venture firms and investment groups all vying to fund the next major breakthrough in government and defense technology. Firms like In-Q-Tel, Shield Capital, and Andreessen Horowitz's 'American Dynamism' fund are also focused on nurturing startups in the national security space. Costello's recruitment represents a significant competitive asset for Merlin, adding a layer of unparalleled government operational experience to its strategic investment and market acceleration model.