Registration / Help Desk

Palms Atrium

Exhibit Hall

Grand Sierra D/E

Welcome Reception

Palms 3

End of Reception

Registration / Help Desk

Palms Atrium

Continental Breakfast / Exhibit Hall

Grand Sierra D/E

Welcome Remarks

Palms 1/2

Featured Vocalist: Valecia Stochetti, Cybersecurity Engineer, Center for Internet Security

Color Guard and National Anthem

Palms 1/2

Keynote Introduction

Palms 1/2

Keynote Presentation –How to Work Better Together –Through Collaboration in Tech, Security and AI

Palms 1/2

As the first female White House Chief Information Officer, Theresa Payton led national cybersecurity and digital transformation efforts that demanded unprecedented collaboration across fragmented agencies and stakeholders, proving that breaking silos and building shared situational awareness are essential for success in complex, high-stakes environments.

Drawing from her White House experience and current advisory work with Fortune 500 boards at Fortalice Solutions, Theresa shows how adaptive, cross-functional teams—much like the Team of Teams model, enable organizations to respond faster and smarter to AI-amplified threats, evolving cyber risks, and digital transformation challenges.

In today's landscape, true collaboration in tech and security means aligning people, processes, and technology: fostering transparency, ethical governance, and inclusive decision-making so that AI becomes a unifying force rather than a divider.

Theresa’s AI TRUST Framework and real-world lessons, from defending national networks to securing AI-driven operations, offer practical strategies for leaders to build resilient partnerships that protect systems and data while accelerating innovation.

Her keynote delivers an optimistic, actionable message:

"Collaboration isn't just nice to do, it's the competitive edge that turns fragmented threats into unified strength," empowering attendees to lead stronger, more connected teams in the age of AI, cybersecurity, and digital trust.

Theresa Payton, First Female White House Chief Information Officer; AI Strategist; Business and Personal Security Expert; Privacy Visionary

Transition Remarks

Palms 1/2

Networking Break in the Exhibit Hall

Network with your colleagues and discuss technology solutions with the event sponsors.

Concurrent Sessions I

Executive Security Exchange: CISO Roundtable Discussions

Grand Sierra F

This breakout session is designed to foster dynamic peer exchange among Chief Information Security Officers (CISOs) and senior security leaders, focusing on practical strategies to strengthen enterprise security posture. Participants will be organized into small roundtable groups, each assigned a topic such as Defense in Depth, Continuous Monitoring, Security Validation, AI Security Strategy, Security Culture, or Data Loss Prevention. Groups will designate a facilitator and scribe to capture insights, challenges, and leading practices, encouraging open dialogue, real-world storytelling, and collaborative ideation grounded in state and local environments.

Microsoft will actively support the session by rotating between tables, providing perspective, challenging assumptions, and deepening discussion.

All inputs will be consolidated into a structured summary and distributed post-session, serving as a shared knowledge asset to enable continued collaboration and capture actionable insights, trends, and opportunities.

Nathan Willigar, Chief Security Advisor, SLED Microsoft

* * * * * * * * * * * * * * * * * * * * * * * * * *

Sponsored Session

Grand Sierra G

Session title and description forthcoming.

* * * * * * * * * * * * * * * * * * * * * * * * * *

Ransomware Ready (1 of 4): Been There, Done That

Coral B

(Ransomware Prevention/Resilience)

This panel of SLTT leaders talks about the value of a cybersecurity program, what they have tried and lessons learned. The topics address high priority, low level of entry capabilities for small under-resourced organizations to mitigate ransomware impacts. They include training, patching, endpoint protection, and phishing prevention.

Moderator: Carlos Kizzee, Senior Vice President, CIS Stakeholder Engagement, Center for Internet Security

Rob Beach, Chief Technology Officer, City of Palm Beach, State of Florida

Gary Coverdale, Chief Information Security Officer, Santa Barbara County, State of California

Ben Edelen, Chief Information Security Officer, Boulder County, State of Colorado

* * * * * * * * * * * * * * * * * * * * * * * * * *

Elections in the Age of AI

Bonaire 1/2

(Elections Security)

AI technologies are transforming modern election campaigns, voter behavior, and election processes. This presentation will highlight applications of AI in elections, such as enhancing voter accessibility, improving election administration, creating campaign materials, and enabling civic engagement. The talk will also address risk and challenges that AI presents, as well as governance considerations to address these challenges.

Dr. Thomas P. Scanlon, Senior Research Scientist and Technical Manager, CERT Division, Software Engineering Institute, Carnegie Mellon University

* * * * * * * * * * * * * * * * * * * * * * * * * *

Building Trustworthy AI: A Practical Roadmap for Responsible AI Adoption Across SLTT Government

Coral C

(AI, GenAI, Machine Learning)

Generative AI is moving rapidly from experimentation to everyday use across state, local, tribal, and territorial (SLTT) governments—but readiness, governance maturity, and risk management approaches vary widely. This session brings together practical guidance and peer insights to help SLTT leaders move from intent to execution. Attendees will learn how jurisdictions are establishing clear expectations for responsible AI use through transparency statements, tailored Responsible AI guidance, and operational playbooks for AI readiness, governance, risk review, and procurement.

Subject matter experts directly involved in shaping emerging AI Governance, Risk, and Procurement Playbooks will discuss where SLTTs truly stand today, what challenges persist, and what’s coming next—including the safe integration of tools like copilots, agentic systems, and AI-enabled SaaS platforms. Participants will walk away with actionable templates, real-world examples, and best practices to support secure prompting, protect sensitive data, reinforce human-in-the-loop review, and confidently scale AI adoption across enterprise workflows—while balancing innovation with accountability.

Stephanie Gass, Sr. Director of Information Security, Center for Internet Security

James Globe, VP of Strategic Cybersecurity Capabilities, Technology & Innovation

Jason Skeen, Information Technology Security Manager, Mecklenburg County, State of North Carolina

Al Yu, Information Technology Director, Blackhawk County, State of Iowa

* * * * * * * * * * * * * * * * * * * * * * * * * *

Whole-of-State in Action, Part I: Confronting Challenges in State–Local Partnership

Grand Sierra H/I

(Whole-of-State)

Whole-of-State in Action: This panel dives deeply into the realities and friction points of operationalizing whole-of-state cybersecurity. Panelists—representing states at different maturity levels and using different models of MS ISAC participation—will discuss the nuanced challenges that arise when aligning state strategies with the needs, capabilities, and constraints of local jurisdictions. The facilitator will press into real-world issues such as sustaining local engagement, addressing unfunded mandates, balancing compliance and flexibility, strengthening local cyber hygiene, and building long term resilience beyond grant cycles. Panelists will emphasize how they are confronting these challenges through governance models, shared services, capacity building strategies, cross jurisdictional trust structures, and continuous improvement cycles. This candid, practitioner focused discussion will resonate strongly with SLTT attendees seeking relatable experiences, tangible tactics, and evidence of progress happening across the nation. Each state's story will highlight that while no two whole of state approaches are the same, shared learning accelerates success for all. The session concludes with actionable next steps and invitations to deepen engagement with MS ISAC and other relevant resources and peer networks.

Moderator: Karen Sorady, VP of MS-ISAC Member Engagement, Center for Internet Security

Meghan Cook, Director, Cyber Incident Response Team, Division of Homeland Security & Emergency Services, State of New York

John Israel, Chief Information Security Officer, State of Minnesota

Aime Msengiyumva, Deputy Chief Information Security Officer, State of Tennessee

* * * * * * * * * * * * * * * * * * * * * * * * * *

GovRAMP 101: Strengthening Third-Party Cybersecurity Risk Management for Public Sector Agencies

Bonaire 5/6

(GovRamp)

As state and local governments increasingly rely on cloud services and third-party vendors, managing cybersecurity risk across the digital supply chain has become a mission-critical responsibility. This foundational session introduces GovRAMP and demonstrates how agencies can leverage it to build a scalable, repeatable, and defensible third-party cybersecurity risk management program.

Designed for both technical and non-technical stakeholders, GovRAMP 101 provides practical guidance for integrating GovRAMP into procurement, IT, security, and compliance workflows—reducing risk while accelerating secure technology adoption.

Participants will explore:

•GovRAMP Overview: Understanding what GovRAMP is, how it aligns with NIST standards, and how it supports consistent, risk-based security assurance across vendors.

•Getting Started with GovRAMP: Step-by-step guidance for agencies beginning their GovRAMP journey, including assessing current practices and defining roles and responsibilities.

•Sample Security Policies & Procurement Language: How to use GovRAMP-aligned policy templates and procurement language to clearly communicate security expectations to vendors from the outset.

•Internal Stakeholder Education: Strategies for educating leadership, procurement, legal, IT, and program teams on shared responsibility and the value of standardized security reviews.

•Vendor Education & Engagement: Helping vendors understand GovRAMP requirements, pathways, and benefits to foster transparency and collaboration.

•Leveraging Continuous Monitoring: Using GovRAMP’s continuous monitoring approach to maintain ongoing visibility into vendor risk, reduce reassessment fatigue, and respond to changes over time.

Attendees will leave with a clear understanding of how GovRAMP can serve as the backbone of an agency’s third-party cybersecurity risk management program—enabling more secure, efficient, and confident technology decisions.

Leah McGrath, Executive Director and Board Ex-Officio, GovRAMP

* * * * * * * * * * * * * * * * * * * * * * * * * *

Short Break

Concurrent Sessions II

Public Sector CISO Roundtable

Antigua 1/2

Join leading public sector security executives at the Public Sector CISO Roundtable. This interactive session moves beyond high-level discussions to address the most pressing, real-world priorities, challenges, and specific agency needs facing modern cybersecurity leaders.

Participants will explore how to successfully navigate the complex convergence of sophisticated threat actors, legacy system modernization, and strict regulatory mandates. A core focus will be placed on the dual nature of artificial intelligence: analyzing how AI amplifies threat actor tactics while strategically leveraging it as a workforce force multiplier to enhance threat detection and SOC operations.

Finally, the roundtable will dive into practical strategies for building long-term cyber resilience. Attendees will collaborate on architectural best practices, SOC modernization, and the evolving future of public-private information sharing in an AI-driven landscape.

IMPORTANT NOTE: Email confirmation of Invite required to attend.

Enrique Alvarez, Public Sector Advisor, Google Cloud

Soledad Antelada Toledano, Security Advisor, Google Google Cloud

* * * * * * * * * * * * * * * * * * * * * * * * * *

Modernizing Vulnerability Operations at State Scale: Virginia's Journey to Unified Risk Management in a Decentralized Environment

Grand Sierra F

(Vulnerability Management/Risk Management)

In this case study, the Virginia Information Technologies Agency (VITA) shares its multi-year effort to modernize statewide vulnerability and exposure management across 68 independent executive branch agencies. Session attendees will learn how VITA reduced manual triage effort by 80%, cut high-risk vulnerabilities by 50% in three months, and established a scalable, intelligence-driven model for remediation across a decentralized enterprise.

Moderator: Phil Bertolini, Chief Delivery Officer, Government Technology

Richard White, Director, Security. Products & Services, Virginia IT Agency, Commonwealth of Virginia

* * * * * * * * * * * * * * * * * * * * * * * * * *

Ransomware Ready (2 of 4): Foundations First — Access Control & Backups That Protect What Matters

Coral B

(Ransomware Prevention/Resilience)

Small jurisdictions often face the perfect storm of limited staff, aging technology, and increasing ransomware pressure. This session focuses on two of the most powerful and achievable starter controls: Access Control and Data Backup. Participants will learn how these foundational policies prevent unauthorized access, limit lateral movement, and enable reliable recovery, even in environments with minimal resources. Using policy templates, this session will walk through essential access management steps to establish unique user accounts, timely remove old accounts, handle role changes, manage privileged access hygiene, and the introduction of multi-factor authentication as a critical added safeguard that significantly decreases the risk of compromised credentials in small, resource constrained environments. The session will also overview building a sustainable data backup policy, discussing how offline and off-network backups, monthly restore testing, and clear ownership roles directly support ransomware resilience. Attendees will leave this session with sample policies and a checklist for validating backups. This session is ideal for teams needing "where do we start?" guidance, setting the stage for continued skill‑building across the full four‑session series and joining a broader year‑long effort to refine and exercise these policies with MS‑ISAC collaboration and TTX exercise support.

Moderator: Carlos Kizzee, Senior Vice President, CIS Stakeholder Engagement, Center for Internet Security

Gary Coverdale, Chief Information Security Officer, Santa Barbara County, State of California

Ben Edelen, Chief Information Security Officer, Boulder County, State of Colorado

* * * * * * * * * * * * * * * * * * * * * * * * * *

Ongoing Election Threats, Information Sharing and What's Left at the Federal Level

Grand Sierra G

(Elections Security)

As election officials continue to navigate an increasingly complex threat environment, the intersection of cybersecurity, physical security, geopolitical tensions, and malign information operations has elevated the importance of timely and actionable threat intelligence. This session will examine the evolving landscape of threats facing election infrastructure, including the influence of global conflicts, nation-state activity, domestic extremism, and emerging cyber tactics targeting public trust and election operations.

Participants will gain insight into how threat intelligence is gathered, analyzed, and shared to support election security and resilience. The discussion will highlight the critical role of information sharing in helping election officials identify risks, prepare for incidents, and strengthen coordinated response efforts across jurisdictions.

The session will also explore the current role of federal agencies in protecting elections.

Randy Rose, Vice President of Security Operations and Intelligence, CIS Security Ops & Intelligence

* * * * * * * * * * * * * * * * * * * * * * * * * *

AI, Human Behavior, and Cyber Resilience in Government: Building a Practical AI Enterprise Strategy for SLTTs

Bonaire 3/4

(AI, GenAI, Machine Learning)

As artificial intelligence reshapes the cyber threat landscape, government organizations must prepare for more than technical attacks alone. This session presents a practical case study from a large local government environment and introduces a multidisciplinary approach integrating cybersecurity leadership, AI risk, cyber psychology, and Organizational Psychology. Attendees will learn how modern threats increasingly exploit cognitive overload, trust gaps, and behavioral predictability, and how leaders can respond by building resilience in people, systems, and institutions.

Moderator: Phil Bertolini, Chief Delivery Officer, Government Technology

Allen Ohanian, Chief Information Officer, Los Angeles County Department of Children and Family Services, State of California

* * * * * * * * * * * * * * * * * * * * * * * * * *

MS-ISAC Higher Ed Member Connect and Fraudulent Student Applications

Bonaire 7/8

(Higher Education)

This session focuses on the value of MS-ISAC's Member Connect platform for higher education and the importance of expanding participation across institutions. The session then transitions to a discussion on ghost student accounts—fraudulent enrollment records—and their significant impact on federal funding for higher-education organizations.

Moderator: Brian Cohen, Vice President, Center for Digital Education

Fred Rankin, IT Director of Cyber Security/Infrastructure/End User Services, Lane Community College

* * * * * * * * * * * * * * * * * * * * * * * * * *

Secure by Design: Embedding Enterprise Cyber Resilience into Local Government Software

Bonaire 5/6

(Local Government)

This session explores how organizations can make security a foundational characteristic across the entire system lifecycle, from concept and design to deployment, operation, and decommissioning. Drawing on enterprise cyber strategies, real-world case studies, and practical frameworks, attendees will learn how to embed security into culture, governance, and supply chains to create infrastructure that is inherently robust, resistant to attack, and capable of rapid recovery.

Charles Burton, Director of Information Technology, Calcasieu Parrish, State of Louisiana

* * * * * * * * * * * * * * * * * * * * * * * * * *

Working Lunch

Palms 1/2

General Session – Joint Threat Brief: Center for Internet Security and Center for Digital Government

Palms 1/2

Moderator: Dan Lohrmann, Senior Fellow, Center for Digital Government

Lauren McFayden, Threat Intelligence Analyst, Center for Internet Security

Randy Rose, Vice President of Security Operations and Intelligence, CIS Security Ops & Intelligence

Theodore Sayers, Senior Director of Threat Intelligence, CIS Security Ops & Intelligence

Networking Break in the Exhibit Hall

Grand Sierra D/E

Network with your colleagues and discuss technology solutions with the event sponsors.

Concurrent Sessions III

Own the Intelligence: Where Should Your AI Live?

Grand Sierra F

Daniel Gohl, Chief Technology and Strategy Officer for US SLED, HP

* * * * * * * * * * * * * * * * * * * * * * * * * *

Vulnerability Management Best Practices

Grand Sierra G

(Vulnerability Management/Risk Management)

Effective vulnerability management requires clear articulation of value, urgency, and business impact. This session facilitates a conversation on practical strategies to strengthen vulnerability management programs and secure the budgets needed to sustain them—covering how to speak the language of the business, frame risk effectively, and position security investments as essential enablers rather than cost centers.

Anthony Coronas, Director of Information Technology, Yocha Dehe Wintun Nation, State of California

* * * * * * * * * * * * * * * * * * * * * * * * * *

Ransomware Ready (3 of 4): Detect, Contain, Recover — Endpoint Protection and Incident Response for Lean Teams

Coral B

(Ransomware Prevention/Resilience)

Even with preventative controls in place, small jurisdictions must be ready to act fast when ransomware indicators appear. This session helps participants implement both Incident Response and Incident Handling—and be able to quickly identify which is needed. Attendees will work through how to make sure their IT and business continuity plans share the same priorities. Those joint priorities are the basis for quick assessment of an incident to determine what should happen next, to include communications and escalation requirements. Session will include Incident Handling workflows and checklists for environments where the first responder may also be the system administrator, communications lead, and recovery coordinator and escalation may include coordination with the MS-ISAC SOC or support designated by an insurance provider. This session will provide attendees with actionable draft policies, role checklists, and a simple "first 30 minutes" response guidance, plus opportunities to test these policies in real‑world scenarios.

Rob Reese, Cyber Incident Response Team (CIRT) Manager, MS-ISAC

Kim Watson, Senior Program Advisory, Center for Internet Security (former)

* * * * * * * * * * * * * * * * * * * * * * * * * *

Promoting AI's Safe Usage for Elections

Bonaire 5/6

(Elections Security)

This session explores the evolving role of artificial intelligence in electoral processes, focusing on its potential to improve data-driven decision-making amid the growing challenges of misinformation, manipulation, and voter suppression. It examines how AI tools could address information gaps for voters, candidates, and election commissions while acknowledging the skepticism and concerns that surround the use of AI in critical civic functions.

Biplav Srivastava, Professor, AI Institute, University of South Carolina

* * * * * * * * * * * * * * * * * * * * * * * * * *

Cyber Risk in the Public Sector: Managing Shared Responsibilities, AI Tools, and Secure Digital Supply Chains

Grand Sierra H/I

(GovRamp)

In today’s rapidly evolving digital landscape, state agencies and local governments face increasing cyber risks—especially when adopting third-party tools and cloud-based solutions. This hands-on workshop equips public sector professionals with practical strategies to assess and manage cyber risks across their digital ecosystems.

Participants will explore:

•Shared Responsibility Models: Clarifying “what’s yours, what’s mine, and what’s ours” when implementing third-party platforms and cloud services.

•Tracking Generative & Agentic AI: Understanding how AI is embedded in cloud products and how to monitor its use for compliance and risk.

•Efficient Security Reviews: Conducting apples-to-apples evaluations of vendors and digital supply chain components to streamline security assessments.

•GovRAMP Implementation: Step-by-step guidance on how to apply GovRAMP principles to your agency’s procurement and IT processes.

Through real-world scenarios, attendees will leave with actionable tools to strengthen their cyber posture and make informed decisions about technology adoption.

Leah McGrath, Executive Director and Board Ex-Officio, GovRAMP

* * * * * * * * * * * * * * * * * * * * * * * * * *

Small Government, Big Problems: Utilizing Open-Source Software to Support Citizens

Coral C

(Local Government)

Small and local governments face an outsized challenge: rising expectations from citizens paired with shrinking budgets, limited staff, and a complex technology landscape. This session explores how open-source software can help governments break out of that cycle—providing flexibility, transparency, and long-term sustainability while reducing vendor lock-in and enabling collaboration across agencies. The session addresses common concerns around support, security, and staffing, and separates myth from reality around open source in government.

Moderator: Deb Snyder, Senior Fellow, Center for Digital Government

Bob Henderson, Director of Information Technology, Cass County, State of North Dakota

* * * * * * * * * * * * * * * * * * * * * * * * * *

Log Aggregation and SIEM Overview

Bonaire 7/8

(Threat Intel/SecOps/IR)

This technical presentation provides a practical overview of log aggregation and its evolution into full Security Information and Event Management (SIEM) capabilities. The session covers centralized log aggregation, real-world methods for collecting logs from diverse sources (Linux, Windows, network devices, cloud/container environments), prevalent log formats and parsing techniques, and the distinction between basic aggregation platforms and mature SIEM solutions. Attendees will leave with actionable insights to design scalable logging pipelines.

Moderator: Phil Bertolini, Chief Delivery Officer, Government Technology

Harold Garron, Disaster Recovery Manager, Cooper University Healthcare

Kyle Smith, Vice President, GTM Strategy, NuHarbor Security

* * * * * * * * * * * * * * * * * * * * * * * * * *

Short Break / Transition to the General Session

Sponsored Session

Palms 1/2

Title and Description Forthcoming

General Session – Strengthening the Nation Together: The New MS-ISAC Charter and Governance Model for the Future of SLTT Cybersecurity

Palms 1/2

In this end-of-day plenary keynote, a member of the Interim Member Governance Board (IMGB) will unveil the newly revised MS-ISAC Charter and Governance Model, developed through rigorous engagement with the SLTT community. This session explores how the revised governance structure strengthens MS-ISAC's value proposition, reinforces transparency and member influence, and creates a more unified, collaborative environment among the MS-ISAC and the state, local, tribal, and territorial government ecosystem. The session concludes with a first-of-its-kind MS-ISAC Champagne Toast.

Moderator: Teri Takai, Chief Programs Officer, Center for Digital Government

Carlos Kizzee, Senior Vice President, CIS Stakeholder Engagement, Center for Internet Security

Major General (ret.) Rich Neely, Executive Vice President & General Manager for Operations, Intelligence and Services (OIS) at the Center for Internet Security (CIS)

ISAC Awards Ceremony

Palms 1/2

Presented by: Center for Internet Security Volunteer Committee

Closing Reception

Grand Sierra D/E

Adjourn Day 1

Registration / Help Desk

Palms Atrium

Continental Breakfast / Exhibit Hall

Grand Sierra D/E

Opening Remarks and Day 1 Recap

Palms 1/2

Keynote Presentation – Cyberchat Q and A: Insights for Elevating Cyber Resilience in Your Organization

Palms 1/2

Once adversaries in the cybersphere, Hector Monsegur and Chris Tarbell have joined forces to help organizations confront today’s most pressing cyber threats. Drawing on their extraordinary experiences - one as a former black-hat hacker, the other as an FBI special agent - their conversation offers a rare, dual-lens view of the modern threat landscape. In a dynamic, audience-driven discussion, Monsegur and Tarbell break down the most significant risks facing organizations today, how real-world attacks unfold, and where defenses most often fail. Together, they share practical insights and actionable frameworks that leaders can apply to strengthen security, reduce risk, and protect operations from disruptions that can cripple organizations and erode trust.

Chris Tarbell, Director, Cyber Security and Investigations, Berkley Research Group and Former FBI Special Agent

Hector Monsegur, Cyber Security Expert and Co-founder, SafeHill

Transition Remarks

Palms 1/2

Networking Break in the Exhibit Hall

Grand Sierra D/E

Network with your colleagues and discuss technology solutions with the event sponsors.

Concurrent Sessions I

Zero Trust: Good not Good Enough

* * * * * * * * * * * * * * * * * * * * * * * * * *

Ransomware Ready (4 of 4): Test, Test, Test

Coral B

(Ransomware Prevention/Resilience)

The most effective ransomware defense combines technical controls with an informed, confident workforce. This capstone session of the Ransomware Ready series focuses on establishing a test and exercise program that not just drives improvements, but also empowers staff across departments to respond efficiently and effectively to cyber impacts. The session will focus on simple strategies to make time spent 'practicing' provide significant return on investment. The session will capstone the series with a Call to Action and next steps; launching a year long MS ISAC collaborative initiative where participants will exercise their new policies in virtual training and workshop settings, collaborate to share improvements and lessons learned, and contribute to periodic updates of the Ransomware Prevention Toolkit as threats and operational environments evolve. Attendees of this session series will leave with both the tools and the community needed to keep their policies living, relevant, and resilient.

Rob Reese, Cyber Incident Response Team (CIRT) Manager, MS-ISAC

Kim Watson, Senior Program Advisory, Center for Internet Security

* * * * * * * * * * * * * * * * * * * * * * * * * *

Managing Election Supply Chain Security Through Procurement

Grand Sierra F

(Elections Security)

Election infrastructure relies on complex supply chains spanning technology, services, and physical materials, making procurement a critical control point for managing security risk. This session explores how election officials can integrate supply chain security into procurement practices to safeguard the integrity, availability, and trustworthiness of election systems and technology providers.

Grace Mozingo, Senior Program Support Specialist, MS-ISAC PMO, Center for Internet Security, Inc.

* * * * * * * * * * * * * * * * * * * * * * * * * *

Shadow AI in the C-Suite: What You Don't Know About

Grand Sierra H/I

(AI, GenAI, Machine Learning)

Right now, someone in your organization is pasting sensitive data into an AI tool you didn't approve, don't monitor, and can't audit. This session demystifies AI for executive leaders, cutting through the hype to show that AI runs on the same infrastructure you already secure. The session walks through four critical privacy risk categories—including data exposure, shadow AI adoption, and vendor liability, then delivers a practical decision framework for accepting or mitigating each one.

Moderator: Deb Snyder, Senior Fellow, Center for Digital Government

Chase Fopiano, CISSP, CCSP, CIPM, Executive Director, National Privacy Council

Stephanie Gass, Senior Director of Information Security

* * * * * * * * * * * * * * * * * * * * * * * * * *

Whole-of-State Part II: State Playbooks for Advancing Local Cyber Resilience

Coral C

(Whole-of-State)

Whole-of-State in Action: States across the country are evolving rapidly in how they support local governments on cybersecurity—yet no two models look alike. Building on the first session in the Whole-of-State in Action series, panelists will provide an unfiltered look into how their government structures, funding strategies, SLCGP implementations, and intergovernmental partnerships are shaping cyber resilience for municipalities, counties, school districts, and tribes. Through a facilitated dialogue, state leaders will share their practical playbooks: what's working, what they would do differently, and how they are building trust while navigating political, financial, and operational realities. Attendees will gain insight into diverse state models, from states offering comprehensive statewide MS ISAC membership to those developing bespoke state only services or locally driven programs. This session prioritizes transparency, lessons learned, and peer-to-peer value. Local attendees will leave with a clearer picture of the services and support emerging across states, while state officials will gain cross-state inspiration to mature their programs.

Moderator: Netta Squires, President Government Affairs, Cybersecurity & Resilience, Open District Solutions

John Godfrey, Chief Information Security Officer, State of Kansas

John Israel, Chief Information Security Officer, State of Minnesota

Aime Msengiyumva, Deputy Chief Information Security Officer, State of Tennessee

* * * * * * * * * * * * * * * * * * * * * * * * * *

Protecting PLC/SCADA Labs in Higher Education

Grand Sierra G

(Higher Education)

In higher-education institutions that collaborate with local industry partners to support workplace-learning programs, securing environments that rely on PLC/SCADA hardware is essential. This discussion outlines how one institution protected its operational environment, given the software's limitations and its challenges operating within modern network architectures.

Moderator: Brian Cohen, Vice President, Center for Digital Education

Fred Rankin, IT Director of Cyber Security/Infrastructure/End User Services, Lane Community College

* * * * * * * * * * * * * * * * * * * * * * * * * *

From Reactive to Resilient: Securing Executive Buy-In to Scale Local Government Cybersecurity

Bonaire 1/2

(Local Government)

This case study explores the journey of transforming a reactive security posture into a fully funded, proactive program within a county government. The session pulls back the curtain on specific strategies used to secure executive buy-in for a 300% increase in staffing and the budget for a modernized security stack—covering how to speak the language of elected officials, leverage strategic partnerships, and navigate the local government budget cycle.

Moderator: Phil Bertolini, Chief Delivery Officer, Government Technology

James Longhurst, Information Systems Associate Director, Utah County

Brandon Wong, Information Security Manager, Utah County

* * * * * * * * * * * * * * * * * * * * * * * * * *

Short Break

Concurrent Sessions II

Why Do Security Pros and Teams Fail, and What Can You Do About It?

Grand Sierra H/I

(Professional Development)

Why do cybersecurity and technology professionals and their teams fail? Drawing on years of experience as Michigan’s former CISO and enterprise-level CIO, CTO, and CSO, Dan Lohrmann explores this question through surprising real-world stories and insights from leading award-winning government teams. While many believe the solution lies in more training, certifications, higher salaries, bigger budgets, better leadership skills, or stronger executive buy-in, Lohrmann reveals why even well-resourced teams can still fall short and what truly drives success. This keynote outlines seven ways to revitalize your role, your team, and your professional outlook, offering practical, actionable guidance along with interactive table discussions designed to help attendees personally apply the lessons learned.

Dan Lohrmann, Senior Fellow, Center for Digital Government

* * * * * * * * * * * * * * * * * * * * * * * * * *

Secure Elections: Working with Emergency Managers

Grand Sierra F

(Elections Security)

Secure elections require more than cybersecurity; they demand close coordination between election officials and emergency managers. As elections are designated critical infrastructure, election officials must integrate emergency planning, incident command, risk assessment, and crisis communication into election operations. This session explores how emergency management expertise in preparedness, response coordination, and recovery helps ensure continuity of voting during natural disasters, cyber incidents, and physical threats.

Paul Lux, Supervisor of Elections, Okaloosa County, State of Florida

Mark Peck, Senior Network Engineer, Greene County, State of Missouri

Netta Squires, President Government Affairs, Cybersecurity & Resilience, Open District Solutions

* * * * * * * * * * * * * * * * * * * * * * * * * *

Building Defensible Cyber Maturity in Resource-Constrained Governments

Bonaire 5/6

(Local Government)

Many state and local government entities approach cybersecurity maturity assessments as compliance exercises—something to complete, file, and forget. This session challenges that model. Drawing from hands-on experience designing and delivering Texas Cybersecurity Framework (TCF) assessments across a wide range of SLED entities, this session walks through how to build assessment methodology that is consistent, repeatable, and genuinely defensible. Attendees will leave with a clearer framework for thinking about maturity assessment not as a snapshot, but as a foundation for long-term program development.

Moderator: Deb Snyder, Senior Fellow, Center for Digital Government

Garrett Ragland-Helf, Group Facilitator, MS-ISAC Leadership Mentoring Program

* * * * * * * * * * * * * * * * * * * * * * * * * *

Operationalizing Zero Trust: Advancing Maturity Through SASE and SSE

Coral B

(Security Best Practice)

This session provides a practical framework for operationalizing Zero Trust using Secure Access Service Edge (SASE) and Security Service Edge (SSE) capabilities aligned to CISA's Zero Trust Maturity Model (ZTMM). The discussion focuses on how SLTT entities can move from "Initial" to "Advanced" maturity by integrating identity, device posture, network segmentation, application access, and data protection into a cohesive enforcement fabric.

Mikel Costello, Enterprise Architect / Strategic Planning and Design Manager, WaTech, State of Washington

* * * * * * * * * * * * * * * * * * * * * * * * * *

IT Budgets: From Cost Centers to Business Enablers

Bonaire 3/4

(Budget/Leadership)

Cybersecurity remains one of the toughest investments to justify because its ROI is largely invisible. When security works, nothing happens, and "nothing" is a hard sell. This session is a facilitated conversation focused on practical strategies to increase your chances of getting IT and cybersecurity budgets approved—by speaking the language of the business, framing risk effectively, and positioning security as a business enabler rather than a cost center.

Moderator: Teri Takai, Chief Programs Officer, Center for Digital Government

Anthony Coronas, Director of Information Technology, Yocha Dehe Wintun Nation, State of California

* * * * * * * * * * * * * * * * * * * * * * * * * *

Working Lunch

Palms 1/2

General Session

Palms 1/2

Networking Break in the Exhibit Hall

Grand Sierra D/E

Network with your colleagues and discuss technology solutions with the event sponsors.

Concurrent Sessions III

SCARE to CARES: Navigating Ransomware Incidents without Chaos

Grand Sierra F

(Ransomware Prevention/Incident Response)

Ransomware attacks rarely fail because of technology alone. Organizations struggle when stress rises, communication breaks down, and teams lose clarity during fast-moving incidents. This session introduces the SCARE to CARES leadership framework—developed from real-world experience leading through a major ransomware incident—helping leaders guide teams from fear and chaos toward calm, coordination, and decisive action through: Communicate, Adapt, Relationships, Empower, and Stay Calm.

Saby Waraich, Former Public Sector CIO & Cybersecurity Executive, Keynote Speaker, Author, SCARE to CARES

* * * * * * * * * * * * * * * * * * * * * * * * * *

Understanding the Perpetrators Who Threaten Election Workers: Behavioral Insights from DOJ Election Threat Cases

Grand Sierra G

(Elections Security)

This session presents a case-study analysis of twenty-one criminal cases prosecuted by the Department of Justice's Election Threats Task Force, analyzed through the lens of behavioral threat assessment frameworks. The discussion connects research findings to the current election threat environment and presents ten actionable recommendations that election officials and security partners can implement to strengthen prevention, detection, and response efforts.

Nikki Fisher, Chief Election Security Officer, Oregon Secretary of State

* * * * * * * * * * * * * * * * * * * * * * * * * *

Beyond Mythos and GPT 5.5-Cyber Models: Imagineering a Future State Cybersecurity Program 2028 (Public Sector)

Bonaire 1/2

(AI, GenAI, Machine Learning)

Public sector cybersecurity programs are trying to fight today's attacks with yesterday's organizational operating models. This session outlines a near-term, achievable future state model for public sector cybersecurity that fully leverages data science and generative AI technologies, backed by strong governance and leadership—connecting emerging technology with frameworks like NIST NICE, CSF, and ISO 27001 to present a notional Future State Program for 2028.

Moderator: Phil Bertolini, Chief Delivery Officer, Government Technology

James Globe, VP of Strategic Cybersecurity Capabilities, Technology & Innovation

Paul Grabow, Principal Researcher, Cybersecurity CMMC Practitioner

* * * * * * * * * * * * * * * * * * * * * * * * * *

Quantum Resiliency in Cryptography for SLTT Security

Grand Sierra H/I

(Emerging Technology)

Cryptographically-relevant quantum computers will arrive any time now, and as long-lived institutions, SLTTs are uniquely valuable targets for "harvest now, decrypt later" strategies. This session covers why quantum matters for SLTTs, a plain-English overview of quantum computing, which classical cryptographic algorithms are at risk (including RSA and Elliptic Curve Cryptography), what quantum-resilient cryptography looks like, and a practical roadmap for cryptographic inventory, prioritization, and pilot PQC deployment.

Dave Beller, Quantum Resiliency in Cryptography for SLTT Security, San Diego Unified School District

* * * * * * * * * * * * * * * * * * * * * * * * * *

Visualizing Security Posture by Mapping Tools to the CIS Framework

Bonaire 7/8

(Security Best Practice)

This case study explores a practical, visual approach to Governance, Risk, and Compliance (GRC) designed to solve the challenges of assessment fatigue, redundant toolsets, and resource drain. Attendees will walk through a complete use case of mapping an organization's security stack directly to CIS Control Safeguards, highlighting rapid identification of coverage gaps, elimination of overlapping vendor solutions, and the ability to clearly communicate compliance posture to both technical teams and executive leadership.

Andy Boell, Owner/Cybersecurity Specialist, Midwest Cyber

Valecia Stochetti, Cybersecurity Engineer, Center for Internet Security

* * * * * * * * * * * * * * * * * * * * * * * * * *

San Bernardino County Sheriff's Department — Royal Ransomware Recovery I Right of Boom Realities: Leadership Lessons on Key Activities That Enhance Preparedness

Coral B

(Ransomware Prevention/Incident Response)

This session presents an in-depth overview of the Royal Ransomware attack that struck the San Bernardino County Sheriff's Department on 4/7/2023, one of the largest law-enforcement agencies in the nation. The attack prompted immediate coordination with Cyber Insurance, County IT, the FBI, DHS, CalOES, JRIC, and Microsoft, and disrupted multiple mission-critical systems including CAD, CLETS, report writing, jail and patrol systems, and more. Attendees will gain firsthand insight into the response timeline, key decisions, and lessons learned. In this candid panel discussion, leaders who have navigated real-world cyber crises share the essential lessons they learned "right of boom," providing insights on best practices that should be contemplated and operationalized long before an incident occurs. Panelists explore the practical value of pre-event planning, including establishing and exercising response policies, validating communication chains, pre-authorizing decision pathways, and conducting meaningful tabletop exercises that truly stress-test assumptions.

Moderator: Dan Lohrmann, Senior Fellow, Center for Digital Government

Jonathan Alonzo, Cybersecurity Manager, San Bernardino County Sheriff Department, State of California

* * * * * * * * * * * * * * * * * * * * * * * * * *

Why Should I Be Bothered? OT Teams and the Cybersecurity Hassle

Bonaire 5/6

(Operational Technology (OT) Security)

This session examines the unique challenges faced by Operational Technology (OT) teams when confronted with cybersecurity requirements, exploring why OT professionals often view security mandates as a "hassle" and how to bridge the gap between IT security practices and OT operational realities.

Emmanuel Adinkra, Senior IT Administrator, Santa Clarita Water Agency

* * * * * * * * * * * * * * * * * * * * * * * * * *

Short Break / Transition to the General Session

General Session - Preparing for the Unknown: Physical & Cyber Threats on Election Day

Palms1/2

Moderator: Phil Bertolini, Chief Delivery Officer, Government Technology

Fireside Chat – MYTHOS Retold: Combatting the Artificially Enhanced Threat Actor

Palms 1/2

Artificial intelligence is reshaping the threat landscape but not always in the ways headlines suggest. In this fireside chat, experts will unpack the reality behind AI-driven capabilities like Mythos and what they truly mean for state, local, tribal, and territorial (SLTT) defenders. While AI can dramatically accelerate vulnerability discovery and compress the timeline from detection to exploitation, most weaknesses and the defenses that mitigate them remain familiar. Panelists will translate emerging risks into actionable strategy, focusing on how SLTT organizations can strengthen resilience through security fundamentals, faster decision-making, and collective defense. Attendees will leave with a clearer understanding of where AI meaningfully changes the game and where it doesn’t, along with practical steps to stay ahead of increasingly automated adversaries without being overwhelmed by the hype.

Moderator: Dan Lohrmann, Senior Fellow, Center for Digital Government

Tony Sager, Senior Vice President and Chief Evangelist, Center for Internet Security

Trent Shoultz, Senior Director, Solutions Consulting, State & Local Government and Education, Palo Alto Networks

Adjourn Day 2

Registration / Help Desk

Palms Atrium

Continental Breakfast / Exhibit Hall

Grand Sierra D/E

Opening Remarks and Day 2 Recap

Palms 1/2

General Session – State Key Perspectives on the Future of SLTT Cybersecurity – NASCIO Survey Results Briefing

Palms 1/2

Transition Remarks

Palms 1/2

General Session – Local Perspectives: How Florida is Ensuring Stable State-Funding for Local Government Cybersecurity Programs

Palms 1/2

Across the nation, local governments face increasingly sophisticated cybersecurity threats without the corresponding resources to defend against them. The State of Florida is breaking new ground by advancing landmark legislation establishing a dedicated statewide appropriation to strengthen cybersecurity programs, tools, and services specifically for counties, cities, school districts, and special districts. This session brings together local government leadership who championed the effort and state legislators who sponsored and shaped the bill; offering attendees rare insights into how policy, advocacy, and operational needs can converge to produce a transformative funding model for local governments.

Moderator: Carlos Kizzee, Senior Vice President, CIS Stakeholder Engagement, Center for Internet Security

The Honorable Rep. Monique Miller, State Representative, Florida House of Representatives

Rob Beach, Director of Information Technology, City of Palm Bay, Florida/President FLGISA

Todd Bayley, Chief Information Officer, Pasco County, State of Florida

Transition Remarks

Palms 1/2

General Session – Territorial Perspectives: How Puerto Rico Secures a Multi-Agency Government in a Territorial Operating Model

Palms 1/2

Puerto Rico operates one of the most complex government IT and cybersecurity environments in the United States, serving 3.2 million residents across 120+ agencies, all within the constraints and opportunities of an unincorporated territorial governance model. This session provides a rare, inside look at how the Puerto Rico Office of Management and Budget (OGP) and Puerto Rico Innovation & Technology Service (PRITS) are modernizing cybersecurity, centralizing services, and strengthening resilience across a highly distributed, resource variable government enterprise. Attendees will hear firsthand how Puerto Rico is tackling challenges familiar across the SLTT community: fragmented legacy systems, uneven cybersecurity maturity, procurement hurdles, workforce shortages, and the operational realities of natural disasters. The Commonwealth will share their lessons learned in building shared services, implementing enterprise-level identity and network security programs, driving agency alignment, and maturing governance in a decentralized environment. Participants will leave with actionable practices that any SLTT can adapt regardless of size, geography, or political structure; and a renewed understanding of how unified cybersecurity strategy can thrive even in the most complex environments.

Kateri Gill, Director of Strategic Partnerships, Center for Internet Security (CIS).

Transition Remarks

Palms 1/2

General Session – Tribal Perspectives: Securing Sovereign Nations in a Shared Threat Landscape

Palms 1/2

Join the Tribal ISAC for a dynamic panel discussion featuring Tribal Nations professionals as they share firsthand perspectives on navigating cybersecurity and IT management within sovereign jurisdictions. Their perspectives will highlight how tribal governments balance self-determination with the demands of an increasingly complex threat environment while addressing challenges familiar across the SLTT community, including constrained funding, workforce shortages, and rapidly evolving cyber risks. Through a conversation facilitated by the Tribal ISAC, panelists will offer practical insights into how tribes are building resilience, sustaining critical services, and attracting and retaining skilled IT and cybersecurity professionals in support of their nation’s security and resilience. Attendees will gain a deeper understanding of the unique legal, cultural, and operational considerations shaping tribal cybersecurity strategies, alongside actionable ideas that resonate across all sectors. Whether you serve tribal communities or broader SLTT organizations, this session will provide valuable perspectives and peer-driven solutions you can apply immediately.

Closing Remarks: Next Steps in Our SLTT Cybersecurity Call to Action

Palms 1/2

Carlos Kizzee, Senior Vice President, CIS Stakeholder Engagement, Center for Internet Security

Teri Takai, Chief Programs Officer, Center for Digital Government

End of Summit

Conference times, agenda, and speakers are subject to change.