Registration and Morning Refreshments in the Exhibit Area

Opening Remarks

Liana Bailey Crimmins, State Chief Information Officer & Director, Department of Technology, State of California

Keynote - Strengthening the Shield: Insights from the Trenches of National Security

There’s no question - public-sector leaders must continue to strengthen their cyber hygiene, foster cross-sector partnerships, and adapt to the evolving threat landscape. Join Rachel Wilson, former NSA cyber operations leader, for an engaging and action-driven keynote that bridges real-world cybersecurity expertise with the challenges of emerging technologies. Drawing on her experience safeguarding critical systems, Rachel explores the heightened risks posed by AI-enabled threats like ransomware, insider attacks, and credential exploitation. This session is a call to action for everyone, from CIOs to frontline technologists, to embrace a proactive and resilient approach to protecting critical assets in the age of AI.

Rachel Wilson, Managing Director and Chief Data Officer, Morgan Stanley Wealth Management

Networking Break in Exhibit Area

Concurrent Sessions

National Threat Briefing: Current Risks Facing Public Agencies

Nation-state actors and well-organized threat groups continue to target public infrastructure, agencies, and critical systems across the country. This session provides a timely, intelligence-based briefing from federal and state cybersecurity leaders. Panelists will walk through credible threat activity observed in recent months, including real-world examples and closed case insights where possible. This session is intended to raise awareness of the types of threats facing California agencies right now and the tactics being used against government targets.

Demystifying Zero Trust: What It Means and Why It Matters

"Zero Trust" is becoming a central concept in government cybersecurity, but what does it mean? This session breaks down the core ideas behind Zero Trust in plain language. Cybersecurity leaders will explain how Zero Trust shifts the focus from defending the perimeter to assuming no one can be trusted by default. Cybersecurity leaders will share why this mindset is essential, how it helps prevent breaches, and what it means for departments across the state. Whether you're a cybersecurity pro or a department lead, this conversation will demystify the concept and show why it matters to everyone.

2025 Update: California’s Cyber-AI Workforce & Education Pipeline and Roadmap

California is building a statewide Cyber-AI career pipeline that spans all levels of education (K12 through doctoral degrees) which aligns and links industry certifications and workforce models like apprenticeships and internships. This session highlights recent developments from the California Cybersecurity Task Force, including the launch of C3EP3, a unified career education and pathway project led by Cal OES, CDT, CalCSIC, and CSU Fresno bringing Cyber-AI-IT to enhance learning across classrooms, colleges/universities, and the public sector. Panelists will explore how these efforts align with AI Cybersecurity curriculum and standards, hiring needs and regional/local hubs. Get a clear view of how California is scaling a diverse, skilled cyber-AI workforce to meet cutting-edge public-sector needs in 2025.

Attack Surface Reduction: Building a Culture of Risk Awareness and Proactive Defense

As cyber threats grow more complex, reducing your agency’s attack surface is no longer just the responsibility of the CISO or IT team. This session will focus on how to build a culture of shared ownership around risk, where every department plays a role in reducing exposure. Panelists will highlight tools and strategies for proactive defense, including threat hunting, vulnerability management, and the use of state-provided threat intelligence to stay ahead of evolving risks. Attendees will gain insights into how to align people, processes, and technology to make their organizations harder targets.

Identity at the Center: Strengthening Access, Privacy, and Protection

Strong identity management is essential to securing systems, protecting data, and maintaining public trust. This session will explore how government agencies can modernize identity practices to defend against evolving threats, including AI-powered phishing attacks and social engineering tactics. Join us to discuss the connection between identity, access control, and privacy, and share approaches to reducing risk across systems and users. Learn how identity is becoming a frontline defense in a rapidly changing threat landscape.

Enterprise Risk Governance: Structure, Accountability, and Momentum

Effective enterprise risk management depends on clear structures, defined responsibilities, and leadership that can turn insight into action. This session will explore how agencies can develop strong governance models to manage cyber and operational risk across departments. IT leaders will discuss how mature organizations align risk priorities with mission goals, establish decision-making processes, and use methods like the FAIR framework to quantify risk in meaningful terms. Attendees will learn how to guide their organizations toward a more disciplined, transparent, and measurable approach to risk.

Lunch

Bits & Bytes - GenAI 101: Cutting Through the Noise

This quick, plain-language session will ground attendees in the fundamentals of generative AI: what it is, what it isn’t, and what it means for government work. Presenters will break down common terms, clarify capabilities and limitations, and address some of the most persistent myths and misunderstandings. Whether you’re new to the topic or just need a reset, this is your chance to align on the basics and start from a shared understanding of what GenAI can do, and what it can’t.

Short Break

Please proceed to the concurrent sessions

Concurrent Sessions

Zero Trust Advanced: From Concept to Implementation

For teams already familiar with the principles of Zero Trust, the next challenge is turning that understanding into action. This session will explore how to apply Zero Trust in real environments, from identity management and network segmentation to data protection and continuous monitoring. Panelists will share strategies for assessing Zero Trust maturity, aligning with NIST procedures and best practices, and integrating tools that support policy enforcement. Join us to learn how to build architecture roadmaps and secure buy-in across teams to make Zero Trust real and effective.

From Intelligence to Action: Operationalizing Threat Data for Defense

Threat intelligence must be acted on. This session will explore how agencies can use credible threat intel from partners like CISA, Cal-CSIC, and others to actively reduce their attack surface and hunt for risks before they become incidents. Experts will share real-world examples of how threat indicators, vulnerability reports, and behavioral insights have been turned into specific defensive actions. Expect to leave with a clearer view of how to integrate threat intel into day-to-day cybersecurity operations.

Managing Third-Party Risk: From Procurement to Ongoing Oversight

Third parties play a critical role in government operations, but they also introduce risk that must be actively managed throughout the contract lifecycle. This session will explore how agencies can assess cybersecurity risk during procurement and maintain visibility as third parties change systems and add features. Panelists will share strategies for monitoring third-party compliance, collaborating across departments, and adapting risk assessments as environments evolve. You will come away with practical guidance for building resilient third-party relationships and strengthening their overall security posture.

Cybersecurity Help Is Here: Tools and Support from State Partners

Many government agencies face growing cyber risks without the staff or budget to fully address them. This session will spotlight the resources available from state partners like the California Department of Technology and Cal-CSIC, designed to support agencies that need expert help, tools, or guidance. We’ll look at how to access services like threat intelligence, vulnerability scans, incident response, and security assessments. Participants will leave with a better understanding of what’s available, how to request support, and how to strengthen their cybersecurity posture using tools they already have access to.

AI in Cybersecurity: Risk, Readiness, and Responsible Use

The rapid growth of artificial intelligence brings new opportunities and new risks to government cybersecurity. This session will examine how AI can improve threat detection, help upskill teams, and support data loss prevention, but also how unsanctioned Shadow AI and AI-enabled attacks introduce risks that agencies may not be prepared for. Panelists will explore how to set internal guardrails, secure AI systems, and responsibly integrate AI into cybersecurity workflows. Attendees will come away with a better understanding of how to manage AI as both a tool and a risk within a cybersecurity strategy.

Networking Break in Exhibit Area

Cyber Smarts Showdown: A Team Trivia Challenge

Think you know cybersecurity? Ready to put that knowledge to the test? Join fellow attendees for a fast-paced, team-based trivia game covering topics like cyber hygiene, threat actors, identity management, privacy, and real-world government use cases. This interactive session is a chance to collaborate, compete, and connect with peers from across the public sector. Whether you're in it to win or just want to sharpen your knowledge and meet new people, this is your moment to engage, learn, and have some fun.

Networking Reception in the Exhibit Area

Network with your colleagues and discuss technology solutions with the event exhibitors.

End of Conference

Conference times, agenda, and speakers are subject to change.