Registration / Help Desk / Exhibit Hall

Welcome Reception

End of Reception

Registration / Continental Breakfast / Help Desk / Exhibit Hall

Welcome Remarks

Color Guard and National Anthem

Keynote Introduction

Keynote Presentation – How to Work Better Together – Through Collaboration in Tech, Security and AI

As the first female White House Chief Information Officer, Theresa Payton led national cybersecurity and digital transformation efforts that demanded unprecedented collaboration across fragmented agencies and stakeholders, proving that breaking silos and building shared situational awareness are essential for success in complex, high-stakes environments.

Drawing from her White House experience and current advisory work with Fortune 500 boards at Fortalice Solutions, Theresa shows how adaptive, cross-functional teams—much like the Team of Teams model, enable organizations to respond faster and smarter to AI-amplified threats, evolving cyber risks, and digital transformation challenges.

In today's landscape, true collaboration in tech and security means aligning people, processes, and technology: fostering transparency, ethical governance, and inclusive decision-making so that AI becomes a unifying force rather than a divider.

Theresa’s AI TRUST Framework and real-world lessons, from defending national networks to securing AI-driven operations, offer practical strategies for leaders to build resilient partnerships that protect systems and data while accelerating innovation.

Her keynote delivers an optimistic, actionable message:

"Collaboration isn't just nice to do, it's the competitive edge that turns fragmented threats into unified strength," empowering attendees to lead stronger, more connected teams in the age of AI, cybersecurity, and digital trust.

Theresa Payton, First Female White House Chief Information Officer; AI Strategist; Business and Personal Security Expert; Privacy Visionary

Transition Remarks

Networking Break in the Exhibit Hall

Network with your colleagues and discuss technology solutions with the event sponsors.

Concurrent Sessions I

Sponsored Session

Session title and description forthcoming.

* * * * * * * * * * * * * * * * * * * * * * * * * *

Sponsored Session

Session title and description forthcoming.

* * * * * * * * * * * * * * * * * * * * * * * * * *

Ransomware Ready (1 of 4): Foundations First – Access Control and Backups That Protect What Matters

(Ransomware Prevention/Resilience)

Small jurisdictions often face the perfect storm of limited staff, aging technology, and increasing ransomware pressure. This session focuses on two of the most powerful and achievable starter controls: Access Control and Data Backup. Participants will learn how these foundational policies prevent unauthorized access, limit lateral movement, and enable reliable recovery, even in environments with minimal resources, and will leave with sample policies and simple implementation checklists from peer jurisdictions.

* * * * * * * * * * * * * * * * * * * * * * * * * *

Elections in the Age of AI

(Elections Security)

AI technologies are transforming modern election campaigns, voter behavior, and election processes. This presentation will highlight applications of AI in elections, such as enhancing voter accessibility, improving election administration, creating campaign materials, and enabling civic engagement. The talk will also address risk and challenges that AI presents, as well as governance considerations to address these challenges.

* * * * * * * * * * * * * * * * * * * * * * * * * *

Building Trustworthy AI: A Practical Roadmap for Responsible AI Adoption Across SLTT Government

(AI, GenAI, Machine Learning)

Generative AI is moving rapidly from experimentation to everyday use across state, local, tribal, and territorial (SLTT) governments—but readiness, governance maturity, and risk management approaches vary widely. This session brings together practical guidance and peer insights to help SLTT leaders move from intent to execution. Attendees will learn how jurisdictions are establishing clear expectations for responsible AI use through transparency statements, tailored Responsible AI guidance, and operational playbooks for AI readiness, governance, risk review, and procurement.

Subject matter experts directly involved in shaping emerging AI Governance, Risk, and Procurement Playbooks will discuss where SLTTs truly stand today, what challenges persist, and what’s coming next—including the safe integration of tools like copilots, agentic systems, and AI-enabled SaaS platforms. Participants will walk away with actionable templates, real-world examples, and best practices to support secure prompting, protect sensitive data, reinforce human-in-the-loop review, and confidently scale AI adoption across enterprise workflows—while balancing innovation with accountability.

* * * * * * * * * * * * * * * * * * * * * * * * * *

Whole-of-State in Action, Part I: Confronting Challenges in State–Local Partnership

(Whole-of-State)

Whole-of-State in Action: This panel dives deeply into the realities and friction points of operationalizing whole-of-state cybersecurity. Panelists—representing states at different maturity levels and using different models of MS ISAC participation—will discuss the nuanced challenges that arise when aligning state strategies with the needs, capabilities, and constraints of local jurisdictions. The facilitator will press into real-world issues such as sustaining local engagement, addressing unfunded mandates, balancing compliance and flexibility, strengthening local cyber hygiene, and building long term resilience beyond grant cycles. Panelists will emphasize how they are confronting these challenges through governance models, shared services, capacity building strategies, cross jurisdictional trust structures, and continuous improvement cycles. This candid, practitioner focused discussion will resonate strongly with SLTT attendees seeking relatable experiences, tangible tactics, and evidence of progress happening across the nation. Each state's story will highlight that while no two whole of state approaches are the same, shared learning accelerates success for all. The session concludes with actionable next steps and invitations to deepen engagement with MS ISAC and other relevant resources and peer networks.

* * * * * * * * * * * * * * * * * * * * * * * * * *

GovRAMP 101: Strengthening Third-Party Cybersecurity Risk Management for Public Sector Agencies

(GovRamp)

As state and local governments increasingly rely on cloud services and third-party vendors, managing cybersecurity risk across the digital supply chain has become a mission-critical responsibility. This foundational session introduces GovRAMP and demonstrates how agencies can leverage it to build a scalable, repeatable, and defensible third-party cybersecurity risk management program.

Designed for both technical and non-technical stakeholders, GovRAMP 101 provides practical guidance for integrating GovRAMP into procurement, IT, security, and compliance workflows—reducing risk while accelerating secure technology adoption.

Participants will explore:

•GovRAMP Overview: Understanding what GovRAMP is, how it aligns with NIST standards, and how it supports consistent, risk-based security assurance across vendors.

•Getting Started with GovRAMP: Step-by-step guidance for agencies beginning their GovRAMP journey, including assessing current practices and defining roles and responsibilities.

•Sample Security Policies & Procurement Language: How to use GovRAMP-aligned policy templates and procurement language to clearly communicate security expectations to vendors from the outset.

•Internal Stakeholder Education: Strategies for educating leadership, procurement, legal, IT, and program teams on shared responsibility and the value of standardized security reviews.

•Vendor Education & Engagement: Helping vendors understand GovRAMP requirements, pathways, and benefits to foster transparency and collaboration.

•Leveraging Continuous Monitoring: Using GovRAMP’s continuous monitoring approach to maintain ongoing visibility into vendor risk, reduce reassessment fatigue, and respond to changes over time.

Attendees will leave with a clear understanding of how GovRAMP can serve as the backbone of an agency’s third-party cybersecurity risk management program—enabling more secure, efficient, and confident technology decisions.

Leah McGrath, Executive Director and Board Ex-Officio, GovRAMP

* * * * * * * * * * * * * * * * * * * * * * * * * *

Short Break

Concurrent Sessions II

Sponsored Session

Session title and description forthcoming.

* * * * * * * * * * * * * * * * * * * * * * * * * *

Modernizing Vulnerability Operations at State Scale: Virginia's Journey to Unified Risk Management in a Decentralized Environment

(Vulnerability Management/Risk Management)

In this case study, the Virginia Information Technologies Agency (VITA) shares its multi-year effort to modernize statewide vulnerability and exposure management across 68 independent executive branch agencies. Session attendees will learn how VITA reduced manual triage effort by 80%, cut high-risk vulnerabilities by 50% in three months, and established a scalable, intelligence-driven model for remediation across a decentralized enterprise.

* * * * * * * * * * * * * * * * * * * * * * * * * *

Ransomware Ready (2 of 4): Block the Bait, Seal the Gaps — Email/Phishing Defense and Software Update Policies

(Ransomware Prevention/Resilience)

Ransomware most often enters through an email click or an unpatched system—two risks that small and under-resourced jurisdictions can meaningfully reduce with clear policy and consistent practice. This session centers on developing and implementing Email and Phishing Protection and Software Update (Patch Management) policies that meet the needs of small, diverse government environments, including practical guidance on handling suspicious messages, patching prioritization, and a "minimum viable patching calendar."

* * * * * * * * * * * * * * * * * * * * * * * * * *

Ongoing Election Threats, Information Sharing and What's Left at the Federal Level

(Elections Security)

Session description forthcoming.

* * * * * * * * * * * * * * * * * * * * * * * * * *

AI, Human Behavior, and Cyber Resilience in Government

(AI, GenAI, Machine Learning)

As artificial intelligence reshapes the cyber threat landscape, government organizations must prepare for more than technical attacks alone. This session presents a practical case study from a large local government environment and introduces a multidisciplinary approach integrating cybersecurity leadership, AI risk, cyber psychology, and Organizational Psychology. Attendees will learn how modern threats increasingly exploit cognitive overload, trust gaps, and behavioral predictability, and how leaders can respond by building resilience in people, systems, and institutions.

Moderator: Phil Bertolini, Chief Delivery Officer, Government Technology

* * * * * * * * * * * * * * * * * * * * * * * * * *

MS-ISAC Higher Ed Member Connect and Fraudulent Student Applications

(Higher Education)

This session focuses on the value of MS-ISAC's Member Connect platform for higher education and the importance of expanding participation across institutions. The session then transitions to a discussion on ghost student accounts—fraudulent enrollment records—and their significant impact on federal funding for higher-education organizations.

Moderator: Brian Cohen, Vice President, Center for Digital Education

* * * * * * * * * * * * * * * * * * * * * * * * * *

Secure by Design: Embedding Enterprise Cyber Resilience into Local Government Software

(Local Government)

This session explores how organizations can make security a foundational characteristic across the entire system lifecycle, from concept and design to deployment, operation, and decommissioning. Drawing on enterprise cyber strategies, real-world case studies, and practical frameworks, attendees will learn how to embed security into culture, governance, and supply chains to create infrastructure that is inherently robust, resistant to attack, and capable of rapid recovery.

* * * * * * * * * * * * * * * * * * * * * * * * * *

Working Lunch

General Session – Joint Threat Brief: Center for Internet Security and Center for Digital Government

Dan Lohrmann, Senior Fellow, Center for Digital Government

Networking Break in the Exhibit Hall

Network with your colleagues and discuss technology solutions with the event sponsors.

Concurrent Sessions III

Sponsored Session

Session title and description forthcoming.

* * * * * * * * * * * * * * * * * * * * * * * * * *

Vulnerability Management Best Practices

(Vulnerability Management/Risk Management)

Effective vulnerability management requires clear articulation of value, urgency, and business impact. This session facilitates a conversation on practical strategies to strengthen vulnerability management programs and secure the budgets needed to sustain them—covering how to speak the language of the business, frame risk effectively, and position security investments as essential enablers rather than cost centers.

* * * * * * * * * * * * * * * * * * * * * * * * * *

Ransomware Ready (3 of 4): Detect, Contain, Recover — Endpoint Protection and Incident Response for Lean Teams

(Ransomware Prevention/Resilience)

Even with preventative controls in place, small jurisdictions must be ready to act fast when ransomware indicators appear. This session helps participants implement Endpoint Protection and Incident Response policies in a way that fits "small shop" realities: shared roles, limited monitoring, and mixed device inventories. Attendees will receive actionable draft policies, role checklists, and "first 30 minutes" response guidance, plus opportunities to join future MS-ISAC-hosted tabletop exercises.

* * * * * * * * * * * * * * * * * * * * * * * * * *

Promoting AI's Safe Usage for Elections

(Elections Security)

This session explores the evolving role of artificial intelligence in electoral processes, focusing on its potential to improve data-driven decision-making amid the growing challenges of misinformation, manipulation, and voter suppression. It examines how AI tools could address information gaps for voters, candidates, and election commissions while acknowledging the skepticism and concerns that surround the use of AI in critical civic functions.

* * * * * * * * * * * * * * * * * * * * * * * * * *

Cyber Risk in the Public Sector: Managing Shared Responsibilities, AI Tools, and Secure Digital Supply Chains

(GovRamp)

In today’s rapidly evolving digital landscape, state agencies and local governments face increasing cyber risks—especially when adopting third-party tools and cloud-based solutions. This hands-on workshop equips public sector professionals with practical strategies to assess and manage cyber risks across their digital ecosystems.

Participants will explore:

•Shared Responsibility Models: Clarifying “what’s yours, what’s mine, and what’s ours” when implementing third-party platforms and cloud services.

•Tracking Generative & Agentic AI: Understanding how AI is embedded in cloud products and how to monitor its use for compliance and risk.

•Efficient Security Reviews: Conducting apples-to-apples evaluations of vendors and digital supply chain components to streamline security assessments.

•GovRAMP Implementation: Step-by-step guidance on how to apply GovRAMP principles to your agency’s procurement and IT processes.

Through real-world scenarios, attendees will leave with actionable tools to strengthen their cyber posture and make informed decisions about technology adoption.

Leah McGrath, Executive Director and Board Ex-Officio, GovRAMP

* * * * * * * * * * * * * * * * * * * * * * * * * *

Small Government, Big Problems: Utilizing Open-Source Software to Support Citizens

(Local Government)

Small and local governments face an outsized challenge: rising expectations from citizens paired with shrinking budgets, limited staff, and a complex technology landscape. This session explores how open-source software can help governments break out of that cycle—providing flexibility, transparency, and long-term sustainability while reducing vendor lock-in and enabling collaboration across agencies. The session addresses common concerns around support, security, and staffing, and separates myth from reality around open source in government.

* * * * * * * * * * * * * * * * * * * * * * * * * *

Log Aggregation and SIEM Overview

(Threat Intel/SecOps/IR)

This technical presentation provides a practical overview of log aggregation and its evolution into full Security Information and Event Management (SIEM) capabilities. The session covers centralized log aggregation, real-world methods for collecting logs from diverse sources (Linux, Windows, network devices, cloud/container environments), prevalent log formats and parsing techniques, and the distinction between basic aggregation platforms and mature SIEM solutions. Attendees will leave with actionable insights to design scalable logging pipelines.

* * * * * * * * * * * * * * * * * * * * * * * * * *

Short Break / Transition to the General Session

Fireside Chat

General Session – Strengthening the Nation Together: The New MS-ISAC Charter and Governance Model for the Future of SLTT Cybersecurity

In this end-of-day plenary keynote, the Chair of the Interim Member Governance Board (IMGB) will unveil the newly revised MS-ISAC Charter and Governance Model, developed through rigorous engagement with the SLTT community. This session explores how the revised governance structure strengthens MS-ISAC's value proposition, reinforces transparency and member influence, and creates a more unified, collaborative environment among the MS-ISAC and the state, local, tribal, and territorial government ecosystem. The session concludes with a first-of-its-kind MS-ISAC Champagne Toast.

ISAC Awards Ceremony

Closing Reception

Adjourn Day 1

Registration / Continental Breakfast / Help Desk / Exhibit Hall

Opening Remarks and Day 1 Recap

Keynote Presentation – Cyberchat Q and A: Insights for Elevating Cyber Resilience in Your Organization

Once adversaries in the cybersphere, Hector Monsegur and Chris Tarbell have joined forces to help organizations confront today’s most pressing cyber threats. Drawing on their extraordinary experiences - one as a former black-hat hacker, the other as an FBI special agent - their conversation offers a rare, dual-lens view of the modern threat landscape. In a dynamic, audience-driven discussion, Monsegur and Tarbell break down the most significant risks facing organizations today, how real-world attacks unfold, and where defenses most often fail. Together, they share practical insights and actionable frameworks that leaders can apply to strengthen security, reduce risk, and protect operations from disruptions that can cripple organizations and erode trust.

Chris Tarbell, Director, Cyber Security and Investigations, Berkley Research Group and Former FBI Special Agent

Hector Monsegur, Cyber Security Expert and Co-founder, SafeHill

Transition Remarks

Networking Break in the Exhibit Hall

Network with your colleagues and discuss technology solutions with the event sponsors.

Concurrent Sessions I

Sponsored Session

Session title and description forthcoming.

* * * * * * * * * * * * * * * * * * * * * * * * * *

Ransomware Ready (4 of 4): People Are the Perimeter — Practical User Awareness and Training That Changes Behavior

(Ransomware Prevention/Resilience)

The most effective ransomware defense combines technical controls with an informed, confident workforce. This capstone session of the Ransomware Ready series focuses on establishing a User Awareness and Training Policy that empowers staff across all departments to identify and prevent ransomware risks. The session will launch a year-long MS-ISAC collaborative initiative where participants exercise new policies in virtual training settings and contribute to periodic updates of the Ransomware Prevention Toolkit.

* * * * * * * * * * * * * * * * * * * * * * * * * *

Managing Election Supply Chain Security Through Procurement

(Elections Security)

Election infrastructure relies on complex supply chains spanning technology, services, and physical materials, making procurement a critical control point for managing security risk. This session explores how election officials can integrate supply chain security into procurement practices to safeguard the integrity, availability, and trustworthiness of election systems and technology providers.

* * * * * * * * * * * * * * * * * * * * * * * * * *

Shadow AI in the C-Suite: What You Don't Know About

(AI, GenAI, Machine Learning)

Right now, someone in your organization is pasting sensitive data into an AI tool you didn't approve, don't monitor, and can't audit. This session demystifies AI for executive leaders, cutting through the hype to show that AI runs on the same infrastructure you already secure. The session walks through four critical privacy risk categories—including data exposure, shadow AI adoption, and vendor liability, then delivers a practical decision framework for accepting or mitigating each one.

Moderator: Teri Takai, Chief Programs Officer, Center for Digital Government

* * * * * * * * * * * * * * * * * * * * * * * * * *

Whole-of-State Part II: State Playbooks for Advancing Local Cyber Resilience

(Whole-of-State)

Whole-of-State in Action: States across the country are evolving rapidly in how they support local governments on cybersecurity—yet no two models look alike. Building on the first session in the Whole-of-State in Action series, panelists will provide an unfiltered look into how their government structures, funding strategies, SLCGP implementations, and intergovernmental partnerships are shaping cyber resilience for municipalities, counties, school districts, and tribes. Through a facilitated dialogue, state leaders will share their practical playbooks: what's working, what they would do differently, and how they are building trust while navigating political, financial, and operational realities. Attendees will gain insight into diverse state models, from states offering comprehensive statewide MS ISAC membership to those developing bespoke state only services or locally driven programs. This session prioritizes transparency, lessons learned, and peer-to-peer value. Local attendees will leave with a clearer picture of the services and support emerging across states, while state officials will gain cross-state inspiration to mature their programs.

* * * * * * * * * * * * * * * * * * * * * * * * * *

Protecting PLC/SCADA Labs in Higher Education

(Higher Education)

In higher-education institutions that collaborate with local industry partners to support workplace-learning programs, securing environments that rely on PLC/SCADA hardware is essential. This discussion outlines how one institution protected its operational environment, given the software's limitations and its challenges operating within modern network architectures.

Brian Cohen, Vice President, Center for Digital Education

* * * * * * * * * * * * * * * * * * * * * * * * * *

From Reactive to Resilient: Securing Executive Buy-In to Scale Local Government Cybersecurity

(Local Government)

This case study explores the journey of transforming a reactive security posture into a fully funded, proactive program within a county government. The session pulls back the curtain on specific strategies used to secure executive buy-in for a 300% increase in staffing and the budget for a modernized security stack—covering how to speak the language of elected officials, leverage strategic partnerships, and navigate the local government budget cycle.

Moderator: Phil Bertolini, Chief Delivery Officer, Government Technology

* * * * * * * * * * * * * * * * * * * * * * * * * *

Short Break

Concurrent Sessions II

Sponsored Session

Session title and description forthcoming.

* * * * * * * * * * * * * * * * * * * * * * * * * *

Why Do Security Pros and Teams Fail, and What Can You Do About It?

(Professional Development)

Session description forthcoming.

Dan Lohrmann, Senior Fellow, Center for Digital Government

* * * * * * * * * * * * * * * * * * * * * * * * * *

Secure Elections: Working with Emergency Managers

(Elections Security)

Secure elections require more than cybersecurity; they demand close coordination between election officials and emergency managers. As elections are designated critical infrastructure, election officials must integrate emergency planning, incident command, risk assessment, and crisis communication into election operations. This session explores how emergency management expertise in preparedness, response coordination, and recovery helps ensure continuity of voting during natural disasters, cyber incidents, and physical threats.

* * * * * * * * * * * * * * * * * * * * * * * * * *

Advanced DLP Protection for GenAI

(AI, GenAI, Machine Learning)

GenAI isn't the real problem—unmanaged data is. This session examines practical approaches to securing both GenAI and sensitive data assets, sharing two logical approaches to address data loss across three primary categories: sensitive corporate data and intellectual property, PII/PHI, and maliciously generated code. Attendees will leave with a clearer picture of how smarter XDR-based protection enables teams to innovate without leaking what matters most.

* * * * * * * * * * * * * * * * * * * * * * * * * *

Building Defensible Cyber Maturity in Resource-Constrained Governments

(Local Government)

Many state and local government entities approach cybersecurity maturity assessments as compliance exercises—something to complete, file, and forget. This session challenges that model. Drawing from hands-on experience designing and delivering Texas Cybersecurity Framework (TCF) assessments across a wide range of SLED entities, this session walks through how to build assessment methodology that is consistent, repeatable, and genuinely defensible. Attendees will leave with a clearer framework for thinking about maturity assessment not as a snapshot, but as a foundation for long-term program development.

Moderator: Deb Snyder, Senior Fellow, Center for Digital Government

* * * * * * * * * * * * * * * * * * * * * * * * * *

Operationalizing Zero Trust: Advancing Maturity Through SASE and SSE

(Security Best Practice)

This session provides a practical framework for operationalizing Zero Trust using Secure Access Service Edge (SASE) and Security Service Edge (SSE) capabilities aligned to CISA's Zero Trust Maturity Model (ZTMM). The discussion focuses on how SLTT entities can move from "Initial" to "Advanced" maturity by integrating identity, device posture, network segmentation, application access, and data protection into a cohesive enforcement fabric.

* * * * * * * * * * * * * * * * * * * * * * * * * *

IT Budgets: From Cost Centers to Business Enablers

(Budget/Leadership)

Cybersecurity remains one of the toughest investments to justify because its ROI is largely invisible. When security works, nothing happens, and "nothing" is a hard sell. This session is a facilitated conversation focused on practical strategies to increase your chances of getting IT and cybersecurity budgets approved—by speaking the language of the business, framing risk effectively, and positioning security as a business enabler rather than a cost center.

* * * * * * * * * * * * * * * * * * * * * * * * * *

Working Lunch

General Session

Networking Break in the Exhibit Hall

Network with your colleagues and discuss technology solutions with the event sponsors.

Concurrent Sessions III

Sponsored Session

Session title and description forthcoming.

* * * * * * * * * * * * * * * * * * * * * * * * * *

SCARE to CARES: Navigating Ransomware Incidents without Chaos

(Ransomware Prevention/Incident Response)

Ransomware attacks rarely fail because of technology alone. Organizations struggle when stress rises, communication breaks down, and teams lose clarity during fast-moving incidents. This session introduces the SCARE to CARES leadership framework—developed from real-world experience leading through a major ransomware incident—helping leaders guide teams from fear and chaos toward calm, coordination, and decisive action through: Communicate, Adapt, Relationships, Empower, and Stay Calm.

* * * * * * * * * * * * * * * * * * * * * * * * * *

Understanding the Perpetrators Who Threaten Election Workers: Behavioral Insights from DOJ Election Threat Cases

(Elections Security)

This session presents a case-study analysis of twenty-one criminal cases prosecuted by the Department of Justice's Election Threats Task Force, analyzed through the lens of behavioral threat assessment frameworks. The discussion connects research findings to the current election threat environment and presents ten actionable recommendations that election officials and security partners can implement to strengthen prevention, detection, and response efforts.

* * * * * * * * * * * * * * * * * * * * * * * * * *

Envisioning a Future State Cybersecurity Program 2028 (Public Sector)

(AI, GenAI, Machine Learning)

Public sector cybersecurity programs are trying to fight today's attacks with yesterday's organizational operating models. This session outlines a near-term, achievable future state model for public sector cybersecurity that fully leverages data science and generative AI technologies, backed by strong governance and leadership—connecting emerging technology with frameworks like NIST NICE, CSF, and ISO 27001 to present a notional Future State Program for 2028.

* * * * * * * * * * * * * * * * * * * * * * * * * *

Quantum Resiliency in Cryptography for SLTT Security

(Emerging Technology)

Cryptographically-relevant quantum computers will arrive any time now, and as long-lived institutions, SLTTs are uniquely valuable targets for "harvest now, decrypt later" strategies. This session covers why quantum matters for SLTTs, a plain-English overview of quantum computing, which classical cryptographic algorithms are at risk (including RSA and Elliptic Curve Cryptography), what quantum-resilient cryptography looks like, and a practical roadmap for cryptographic inventory, prioritization, and pilot PQC deployment.

* * * * * * * * * * * * * * * * * * * * * * * * * *

Visualizing Security Posture by Mapping Tools to the CIS Framework

(Security Best Practice)

This case study explores a practical, visual approach to Governance, Risk, and Compliance (GRC) designed to solve the challenges of assessment fatigue, redundant toolsets, and resource drain. Attendees will walk through a complete use case of mapping an organization's security stack directly to CIS Control Safeguards, highlighting rapid identification of coverage gaps, elimination of overlapping vendor solutions, and the ability to clearly communicate compliance posture to both technical teams and executive leadership.

* * * * * * * * * * * * * * * * * * * * * * * * * *

San Bernardino County Sheriff's Department — Royal Ransomware Recovery I Right of Boom Realities: Leadership Lessons on Key Activities That Enhance Preparedness

(Ransomware Prevention/Incident Response)

This session presents an in-depth overview of the Royal Ransomware attack that struck the San Bernardino County Sheriff's Department on 4/7/2023, one of the largest law-enforcement agencies in the nation. The attack prompted immediate coordination with Cyber Insurance, County IT, the FBI, DHS, CalOES, JRIC, and Microsoft, and disrupted multiple mission-critical systems including CAD, CLETS, report writing, jail and patrol systems, and more. Attendees will gain firsthand insight into the response timeline, key decisions, and lessons learned. In this candid panel discussion, leaders who have navigated real-world cyber crises share the essential lessons they learned "right of boom," providing insights on best practices that should be contemplated and operationalized long before an incident occurs. Panelists explore the practical value of pre-event planning, including establishing and exercising response policies, validating communication chains, pre-authorizing decision pathways, and conducting meaningful tabletop exercises that truly stress-test assumptions.

Moderator: Dan Lohrmann, Senior Fellow, Center for Digital Government

* * * * * * * * * * * * * * * * * * * * * * * * * *

Why Should I Be Bothered? OT Teams and the Cybersecurity Hassle

(Operational Technology (OT) Security)

This session examines the unique challenges faced by Operational Technology (OT) teams when confronted with cybersecurity requirements, exploring why OT professionals often view security mandates as a "hassle" and how to bridge the gap between IT security practices and OT operational realities.

* * * * * * * * * * * * * * * * * * * * * * * * * *

Short Break / Transition to the General Session

General Session

Fireside Chat – MYTHOS Retold: Combatting the Artificially Enhanced Threat Actor

Dan Lohrmann, Senior Fellow, Center for Digital Government

Adjourn Day 2

Registration / Continental Breakfast / Help Desk

Opening Remarks and Day 2 Recap

General Session – State Key Perspectives on the Future of SLTT Cybersecurity – NASCIO Survey Results Briefing

Transition Remarks

General Session – From Vision to Reality: How Florida is Ensuring Stable State Funding for Local Government Cybersecurity Programs

The State of Florida is breaking new ground by advancing landmark legislation establishing a dedicated statewide appropriation to strengthen cybersecurity programs, tools, and services specifically for counties, cities, school districts, and special districts. This session brings together local government leadership who championed the effort and state legislators who sponsored and shaped the bill, offering attendees rare insights into how policy, advocacy, and operational needs can converge to produce a transformative funding model for local governments.

Transition Remarks

General Session – “LTT” Key Perspectives on the Future of SLTT Cybersecurity

Transition Remarks

General Session – The Voice of the SLTT: How to Thrive in Cybersecurity in 2026–2027

Closing Remarks: Next Steps in Our SLTT Cybersecurity Call to Action

End of Summit

Conference times, agenda, and speakers are subject to change.