Registration and Morning Refreshments in the Exhibit Area

Opening Remarks

Liana Bailey Crimmins, State Chief Information Officer & Director, Department of Technology, State of California

Keynote - Strengthening the Shield: Insights from the Trenches of National Security

There’s no question - public-sector leaders must continue to strengthen their cyber hygiene, foster cross-sector partnerships, and adapt to the evolving threat landscape. Join Rachel Wilson, former NSA cyber operations leader, for an engaging and action-driven keynote that bridges real-world cybersecurity expertise with the challenges of emerging technologies. Drawing on her experience safeguarding critical systems, Rachel explores the heightened risks posed by AI-enabled threats like ransomware, insider attacks, and credential exploitation. This session is a call to action for everyone, from CIOs to frontline technologists, to embrace a proactive and resilient approach to protecting critical assets in the age of AI.

Rachel Wilson, Managing Director and Chief Data Officer, Morgan Stanley Wealth Management

Networking Break in Exhibit Area

Concurrent Sessions

National Threat Briefing: Current Risks Facing Public Agencies

Nation-state actors and well-organized threat groups continue to target public infrastructure, agencies, and critical systems across the country. This session provides a timely, intelligence-based briefing from federal and state cybersecurity leaders. Panelists will walk through credible threat activity observed in recent months, including real-world examples and closed case insights where possible. This session is intended to raise awareness of the types of threats facing California agencies right now and the tactics being used against government targets.

Moderator: Josh Ehlers, Chief Information Officer, California Highway Patrol

Anthony Freed, Director of Research, Halcyon

Nate Le, Assistant Special Agent in Charge, Federal Bureau of Investigation

Maria Lipana, Cyber Threat Intelligence Branch Chief, Cal-CSIC, CA Governor’s Office of Emergency Services

Demystifying Zero Trust: What It Means and Why It Matters

"Zero Trust" is becoming a central concept in government cybersecurity, but what does it mean? This session breaks down the core ideas behind Zero Trust in plain language. Cybersecurity leaders will explain how Zero Trust shifts the focus from defending the perimeter to assuming no one can be trusted by default. Cybersecurity leaders will share why this mindset is essential, how it helps prevent breaches, and what it means for departments across the state. Whether you're a cybersecurity pro or a department lead, this conversation will demystify the concept and show why it matters to everyone.

Moderator: Faith DeuPree, Security Policy and Compliance Manager, Cybersecurity Division, CA Employment Development Department

Matthew Forsberg, Cyber Operations Branch Manager, CA Cybersecurity

Integration Center (Cal-CSIC), CA Office of Emergency Services

Jon Holcomb, Director of Cybersecurity Consulting, U.S. West, AHEAD

Eric Nehls, Policy and Standards Program Manager, Office of Information Security, CA Department of Technology

2025 Update: California’s Cyber-AI Workforce & Education Pipeline and Roadmap

California is building a statewide Cyber-AI career pipeline that spans all levels of education (K12 through doctoral degrees) which aligns and links industry certifications and workforce models like apprenticeships and internships. This session highlights recent developments from the California Cybersecurity Task Force, including the launch of C3EP3, a unified career education and pathway project led by Cal OES, CDT, CalCSIC, and CSU Fresno bringing Cyber-AI-IT to enhance learning across classrooms, colleges/universities, and the public sector. Panelists will explore how these efforts align with AI Cybersecurity curriculum and standards, hiring needs and regional/local hubs. Get a clear view of how California is scaling a diverse, skilled cyber-AI workforce to meet cutting-edge public-sector needs in 2025.

Moderator: John Hanafee, Advisory Services Program Chief, CA Information Security Office, CA Department of Technology

Keith Clement, Ph.D., Professor, Department of Criminology, California State University, Fresno

Crystal Holcomb, Deputy Director, Office of Professional Development, CA Department of Technology

Laura Walls, Coordinator, CA Career Resource Network, CA Department of Education

Attack Surface Reduction: Building a Culture of Risk Awareness and Proactive Defense

As cyber threats grow more complex, reducing your agency’s attack surface is no longer just the responsibility of the CISO or IT team. This session will focus on how to build a culture of shared ownership around risk, where every department plays a role in reducing exposure. Panelists will highlight tools and strategies for proactive defense, including threat hunting, vulnerability management, and the use of state-provided threat intelligence to stay ahead of evolving risks. Attendees will gain insights into how to align people, processes, and technology to make their organizations harder targets.

Moderator: Bradley Ponce, Chief Information Security Officer, Governor’s Office of Land Use and Climate Innovation

Gerard Laygui, Chief Information Security Officer, CA Governor’s Office of Emergency Services

Jason Thompson, Advanced Security Engineer, Comcast Business

Identity at the Center: Strengthening Access, Privacy, and Protection

Strong identity management is essential to securing systems, protecting data, and maintaining public trust. This session will explore how government agencies can modernize identity practices to defend against evolving threats, including AI-powered phishing attacks and social engineering tactics. Join us to discuss the connection between identity, access control, and privacy, and share approaches to reducing risk across systems and users. Learn how identity is becoming a frontline defense in a rapidly changing threat landscape.

Moderator: Mike Marshall, Agency Information Officer, CA Environmental Protection Agency

Mike Cook, Head of Fraud Insights, Socure

Adam German, Agency Chief Information Security Officer, CA Health and Human Services Agency

Matt Mello, Chief Information Security Officer, CA Department of Education

Mike Wyatt, Principal, Deloitte

Enterprise Risk Governance: Structure, Accountability, and Momentum

Effective enterprise risk management depends on clear structures, defined responsibilities, and leadership that can turn insight into action. This session will explore how agencies can develop strong governance models to manage cyber and operational risk across departments. IT leaders will discuss how mature organizations align risk priorities with mission goals, establish decision-making processes, and use methods like the FAIR framework to quantify risk in meaningful terms. Attendees will learn how to guide their organizations toward a more disciplined, transparent, and measurable approach to risk.

Moderator: Matt Nicholls, Chief Cybersecurity Risk Officer, CA State Transportation Agency

Ryan Fogleman, Information Security Officer, Departmental Information Security Office, CA Department of Technology

Robert Mayorga, Chief Information Security Officer, CA Franchise Tax Board

Lunch

Bits & Bytes - GenAI 101: Cutting Through the Noise

This quick, plain-language session will ground attendees in the fundamentals of generative AI: what it is, what it isn’t, and what it means for government work. Presenters will break down common terms, clarify capabilities and limitations, and address some of the most persistent myths and misunderstandings. Whether you’re new to the topic or just need a reset, this is your chance to align on the basics and start from a shared understanding of what GenAI can do, and what it can’t.

Tolgay Kizilelma, PhD., Chief Cybersecurity Compliance Officer, California State Transportation Agency

Nithya Krishna, Agency Information Security Officer, Labor and Workforce Development Agency

Short Break

Please proceed to the concurrent sessions

Concurrent Sessions

Zero Trust Advanced: From Concept to Implementation

For teams already familiar with the principles of Zero Trust, the next challenge is turning that understanding into action. This session will explore how to apply Zero Trust in real environments, from identity management and network segmentation to data protection and continuous monitoring. Panelists will share strategies for assessing Zero Trust maturity, aligning with NIST procedures and best practices, and integrating tools that support policy enforcement. Join us to learn how to build architecture roadmaps and secure buy-in across teams to make Zero Trust real and effective.

Moderator: Payam Hojjat, Statewide Cybersecurity Risk Governance Chief, Office of Information Security, CA Department of Technology

Adam German, Agency Chief Information Security Officer, CA Health and Human Services Agency

Abdullah Lababidi, Cybersecurity Risk Specialist, Department of Technology, State of California

Jared Paulsen, Senior Solutions Consultant, Palo Alto Networks

From Intelligence to Action: Operationalizing Threat Data for Defense

Threat intelligence must be acted on. This session will explore how agencies can use credible threat intel from partners like CISA, Cal-CSIC, and others to actively reduce their attack surface and hunt for risks before they become incidents. Experts will share real-world examples of how threat indicators, vulnerability reports, and behavioral insights have been turned into specific defensive actions. Expect to leave with a clearer view of how to integrate threat intel into day-to-day cybersecurity operations.

Moderator: Vanessa Faur, Cyber Security Analyst, CA Cybersecurity Integration Center, CA Office of Emergency Services

Josh Ehlers, Chief and CIO of Information Management Division, California Highway Patrol

Nate Le, Assistant Special Agent in Charge, Federal Bureau of Investigation

Managing Third-Party Risk: From Procurement to Ongoing Oversight

Third parties play a critical role in government operations, but they also introduce risk that must be actively managed throughout the contract lifecycle. This session will explore how agencies can assess cybersecurity risk during procurement and maintain visibility as third parties change systems and add features. Panelists will share strategies for monitoring third-party compliance, collaborating across departments, and adapting risk assessments as environments evolve. You will come away with practical guidance for building resilient third-party relationships and strengthening their overall security posture.

Moderator: Tolgay Kizilelma, PhD., Chief Cybersecurity Compliance Officer, California State Transportation Agency

Kory Fesliyan, Statewide Risk Program Manager, Office of Information Security, CA Department of Technology

Dylan Pletcher, Chief Information Security Officer, CalSTRS

Cybersecurity Help Is Here: Tools and Support from State Partners

Many government agencies face growing cyber risks without the staff or budget to fully address them. This session will spotlight the resources available from state partners like the California Department of Technology and Cal-CSIC, designed to support agencies that need expert help, tools, or guidance. We’ll look at how to access services like threat intelligence, vulnerability scans, incident response, and security assessments. Participants will leave with a better understanding of what’s available, how to request support, and how to strengthen their cybersecurity posture using tools they already have access to.

John Hanafee, Advisory Services Program Chief, CA Information Security Office, CA Department of Technology

Matt Mello, Chief Information Security Officer, CA Department of Education

AI in Cybersecurity: Risk, Readiness, and Responsible Use

The rapid growth of artificial intelligence brings new opportunities and new risks to government cybersecurity. This session will examine how AI can improve threat detection, help upskill teams, and support data loss prevention, but also how unsanctioned Shadow AI and AI-enabled attacks introduce risks that agencies may not be prepared for. Panelists will explore how to set internal guardrails, secure AI systems, and responsibly integrate AI into cybersecurity workflows. Attendees will come away with a better understanding of how to manage AI as both a tool and a risk within a cybersecurity strategy.

Moderator: Thea Man, Chief Information Security Officer, CA Office of Data and Innovation

Nithya Krishna, Agency Information Security Officer, Labor and Workforce Development Agency

Networking Break in Exhibit Area

Cyber Smarts Showdown: A Team Trivia Challenge

Think you know cybersecurity? Ready to put that knowledge to the test? Join fellow attendees for a fast-paced, team-based trivia game covering topics like cyber hygiene, threat actors, identity management, privacy, and real-world government use cases. This interactive session is a chance to collaborate, compete, and connect with peers from across the public sector. Whether you're in it to win or just want to sharpen your knowledge and meet new people, this is your moment to engage, learn, and have some fun.

Hosted by:

Ken Kojima, Chief Information Security Officer, CA Department of Corrections and Rehabilitation

Thea Man, Chief Information Security Officer, CA Office of Data and Innovation

Networking Reception in the Exhibit Area

Network with your colleagues and discuss technology solutions with the event exhibitors.

End of Conference

Conference times, agenda, and speakers are subject to change.