Registration / Help Desk / Exhibit Hall

Palms Atrium / Palms Registration Desk

Welcome Reception

End of Reception

Registration / Continental Breakfast / Help Desk / Exhibit Hall

Welcome Remarks

Color Guard and National Anthem

Keynote Introduction

Keynote Presentation – How to Work Better Together – Through Collaboration in Tech, Security and AI

As the first female White House Chief Information Officer, Theresa Payton led national cybersecurity and digital transformation efforts that demanded unprecedented collaboration across fragmented agencies and stakeholders, proving that breaking silos and building shared situational awareness are essential for success in complex, high-stakes environments.

Drawing from her White House experience and current advisory work with Fortune 500 boards at Fortalice Solutions, Theresa shows how adaptive, cross-functional teams—much like the Team of Teams model, enable organizations to respond faster and smarter to AI-amplified threats, evolving cyber risks, and digital transformation challenges.

In today's landscape, true collaboration in tech and security means aligning people, processes, and technology: fostering transparency, ethical governance, and inclusive decision-making so that AI becomes a unifying force rather than a divider.

Theresa’s AI TRUST Framework and real-world lessons, from defending national networks to securing AI-driven operations, offer practical strategies for leaders to build resilient partnerships that protect systems and data while accelerating innovation.

Her keynote delivers an optimistic, actionable message:

"Collaboration isn't just nice to do, it's the competitive edge that turns fragmented threats into unified strength," empowering attendees to lead stronger, more connected teams in the age of AI, cybersecurity, and digital trust.

Theresa Payton, First Female White House Chief Information Officer; AI Strategist; Business and Personal Security Expert; Privacy Visionary

Transition Remarks

Networking Break in the Exhibit Hall

Network with your colleagues and discuss technology solutions with the event sponsors.

Concurrent Sessions I

Sponsored Session

Session title and description forthcoming.

* * * * * * * * * * * * * * * * * * * * * * * * * *

Sponsored Session

Session title and description forthcoming.

* * * * * * * * * * * * * * * * * * * * * * * * * *

Ransomware Ready (1 of 4): Foundations First – Access Control and Backups That Protect What Matters

(Ransomware Prevention/Resilience)

Small jurisdictions often face the perfect storm of limited staff, aging technology, and increasing ransomware pressure. This session focuses on two of the most powerful and achievable starter controls: Access Control and Data Backup. Participants will learn how these foundational policies prevent unauthorized access, limit lateral movement, and enable reliable recovery, even in environments with minimal resources, and will leave with sample policies and simple implementation checklists from peer jurisdictions.

Rob Beach, Chief Technology Officer, City of Palm Beach, State of Florida

Gary Coverdale, Chief Information Security Officer, Santa Barbara County, State of California

Ben Edelen, Chief Information Security Officer, Boulder County, State of Colorado

Matthew McCrystal, Operational Readiness Manager, Ohio Secretary of State

Rob Reese, Cyber Incident Response Team (CIRT) Manager, MS-ISAC

Kim Watson, Senior Program Advisory, Center for Internet Security

* * * * * * * * * * * * * * * * * * * * * * * * * *

Elections in the Age of AI

(Elections Security)

AI technologies are transforming modern election campaigns, voter behavior, and election processes. This presentation will highlight applications of AI in elections, such as enhancing voter accessibility, improving election administration, creating campaign materials, and enabling civic engagement. The talk will also address risk and challenges that AI presents, as well as governance considerations to address these challenges.

Dr. Thomas P. Scanlon, Senior Research Scientist and Technical Manager, CERT Division, Software Engineering Institute, Carnegie Mellon University

* * * * * * * * * * * * * * * * * * * * * * * * * *

Building Trustworthy AI: A Practical Roadmap for Responsible AI Adoption Across SLTT Government

(AI, GenAI, Machine Learning)

Generative AI is moving rapidly from experimentation to everyday use across state, local, tribal, and territorial (SLTT) governments—but readiness, governance maturity, and risk management approaches vary widely. This session brings together practical guidance and peer insights to help SLTT leaders move from intent to execution. Attendees will learn how jurisdictions are establishing clear expectations for responsible AI use through transparency statements, tailored Responsible AI guidance, and operational playbooks for AI readiness, governance, risk review, and procurement.

Subject matter experts directly involved in shaping emerging AI Governance, Risk, and Procurement Playbooks will discuss where SLTTs truly stand today, what challenges persist, and what’s coming next—including the safe integration of tools like copilots, agentic systems, and AI-enabled SaaS platforms. Participants will walk away with actionable templates, real-world examples, and best practices to support secure prompting, protect sensitive data, reinforce human-in-the-loop review, and confidently scale AI adoption across enterprise workflows—while balancing innovation with accountability.

Moderator: Brian Calkin, Chief Technology & Innovation Officer, Center for Internet Security

Stephanie Gass, Sr. Director of Information Security, Center for Internet Security

James Globe, VP of Strategic Cybersecurity Capabilities, Technology & Innovation

David Schwartz, Strategist, Department of Juvenile Justice, State of Georgia

Jason Skeen, Information Technology Security Manager, Mecklenburg County, State of North Carolina

Al Yu, IT Director, Blackhawk County, State of Iowa

* * * * * * * * * * * * * * * * * * * * * * * * * *

Whole-of-State in Action, Part I: Confronting Challenges in State–Local Partnership

(Whole-of-State)

Whole-of-State in Action: This panel dives deeply into the realities and friction points of operationalizing whole-of-state cybersecurity. Panelists—representing states at different maturity levels and using different models of MS ISAC participation—will discuss the nuanced challenges that arise when aligning state strategies with the needs, capabilities, and constraints of local jurisdictions. The facilitator will press into real-world issues such as sustaining local engagement, addressing unfunded mandates, balancing compliance and flexibility, strengthening local cyber hygiene, and building long term resilience beyond grant cycles. Panelists will emphasize how they are confronting these challenges through governance models, shared services, capacity building strategies, cross jurisdictional trust structures, and continuous improvement cycles. This candid, practitioner focused discussion will resonate strongly with SLTT attendees seeking relatable experiences, tangible tactics, and evidence of progress happening across the nation. Each state's story will highlight that while no two whole of state approaches are the same, shared learning accelerates success for all. The session concludes with actionable next steps and invitations to deepen engagement with MS ISAC and other relevant resources and peer networks.

Meghan Cook, Director, Cyber Incident Response Team, Division of Homeland Security & Emergency Services, State of New York

John Godfrey, Chief Information Security Officer, State of Kansas

John Israel, Chief Information Security Officer, State of Minnesota

Aime Msengiyumva, Deputy Chief Information Security Officer, State of Tennessee

Karen Sorady, VP of MS-ISAC Member Engagement, Center for Internet Security

Netta Squires, President Government Affairs, Cybersecurity & Resilience, Open District Solutions

Jason Walker, Chief Information Security Officer, State of Florida

* * * * * * * * * * * * * * * * * * * * * * * * * *

GovRAMP 101: Strengthening Third-Party Cybersecurity Risk Management for Public Sector Agencies

(GovRamp)

As state and local governments increasingly rely on cloud services and third-party vendors, managing cybersecurity risk across the digital supply chain has become a mission-critical responsibility. This foundational session introduces GovRAMP and demonstrates how agencies can leverage it to build a scalable, repeatable, and defensible third-party cybersecurity risk management program.

Designed for both technical and non-technical stakeholders, GovRAMP 101 provides practical guidance for integrating GovRAMP into procurement, IT, security, and compliance workflows—reducing risk while accelerating secure technology adoption.

Participants will explore:

•GovRAMP Overview: Understanding what GovRAMP is, how it aligns with NIST standards, and how it supports consistent, risk-based security assurance across vendors.

•Getting Started with GovRAMP: Step-by-step guidance for agencies beginning their GovRAMP journey, including assessing current practices and defining roles and responsibilities.

•Sample Security Policies & Procurement Language: How to use GovRAMP-aligned policy templates and procurement language to clearly communicate security expectations to vendors from the outset.

•Internal Stakeholder Education: Strategies for educating leadership, procurement, legal, IT, and program teams on shared responsibility and the value of standardized security reviews.

•Vendor Education & Engagement: Helping vendors understand GovRAMP requirements, pathways, and benefits to foster transparency and collaboration.

•Leveraging Continuous Monitoring: Using GovRAMP’s continuous monitoring approach to maintain ongoing visibility into vendor risk, reduce reassessment fatigue, and respond to changes over time.

Attendees will leave with a clear understanding of how GovRAMP can serve as the backbone of an agency’s third-party cybersecurity risk management program—enabling more secure, efficient, and confident technology decisions.

Leah McGrath, Executive Director and Board Ex-Officio, GovRAMP

* * * * * * * * * * * * * * * * * * * * * * * * * *

Short Break

Concurrent Sessions II

Sponsored Session

Session title and description forthcoming.

* * * * * * * * * * * * * * * * * * * * * * * * * *

Modernizing Vulnerability Operations at State Scale: Virginia's Journey to Unified Risk Management in a Decentralized Environment

(Vulnerability Management/Risk Management)

In this case study, the Virginia Information Technologies Agency (VITA) shares its multi-year effort to modernize statewide vulnerability and exposure management across 68 independent executive branch agencies. Session attendees will learn how VITA reduced manual triage effort by 80%, cut high-risk vulnerabilities by 50% in three months, and established a scalable, intelligence-driven model for remediation across a decentralized enterprise.

Michael Watson, Chief Information Officer, Commonwealth of Virginia

Richard White, Director, Security. Products & Services, Virginia IT Agency, Commonwealth of Virginia

* * * * * * * * * * * * * * * * * * * * * * * * * *

Ransomware Ready (2 of 4): Block the Bait, Seal the Gaps — Email/Phishing Defense and Software Update Policies

(Ransomware Prevention/Resilience)

Ransomware most often enters through an email click or an unpatched system—two risks that small and under-resourced jurisdictions can meaningfully reduce with clear policy and consistent practice. This session centers on developing and implementing Email and Phishing Protection and Software Update (Patch Management) policies that meet the needs of small, diverse government environments, including practical guidance on handling suspicious messages, patching prioritization, and a "minimum viable patching calendar."

Rob Beach, Chief Technology Officer, City of Palm Beach, State of Florida

Gary Coverdale, Chief Information Security Officer, Santa Barbara County, State of California

Ben Edelen, Chief Information Security Officer, Boulder County, State of Colorado

Matthew McCrystal, Operational Readiness Manager, Ohio Secretary of State

Rob Reese, Cyber Incident Response Team (CIRT) Manager, MS-ISAC

Kim Watson, Senior Program Advisory, Center for Internet Security

* * * * * * * * * * * * * * * * * * * * * * * * * *

Ongoing Election Threats, Information Sharing and What's Left at the Federal Level

(Elections Security)

As election officials continue to navigate an increasingly complex threat environment, the intersection of cybersecurity, physical security, geopolitical tensions, and malign information operations has elevated the importance of timely and actionable threat intelligence. This session will examine the evolving landscape of threats facing election infrastructure, including the influence of global conflicts, nation-state activity, domestic extremism, and emerging cyber tactics targeting public trust and election operations.

Participants will gain insight into how threat intelligence is gathered, analyzed, and shared to support election security and resilience. The discussion will highlight the critical role of information sharing in helping election officials identify risks, prepare for incidents, and strengthen coordinated response efforts across jurisdictions.

The session will also explore the current role of federal agencies in protecting elections.

* * * * * * * * * * * * * * * * * * * * * * * * * *

AI, Human Behavior, and Cyber Resilience in Government: Building a Practical AI Enterprise Strategy for SLTTs

(AI, GenAI, Machine Learning)

As artificial intelligence reshapes the cyber threat landscape, government organizations must prepare for more than technical attacks alone. This session presents a practical case study from a large local government environment and introduces a multidisciplinary approach integrating cybersecurity leadership, AI risk, cyber psychology, and Organizational Psychology. Attendees will learn how modern threats increasingly exploit cognitive overload, trust gaps, and behavioral predictability, and how leaders can respond by building resilience in people, systems, and institutions.

Moderator: Phil Bertolini, Chief Delivery Officer, Government Technology

* * * * * * * * * * * * * * * * * * * * * * * * * *

MS-ISAC Higher Ed Member Connect and Fraudulent Student Applications

(Higher Education)

This session focuses on the value of MS-ISAC's Member Connect platform for higher education and the importance of expanding participation across institutions. The session then transitions to a discussion on ghost student accounts—fraudulent enrollment records—and their significant impact on federal funding for higher-education organizations.

Moderator: Brian Cohen, Vice President, Center for Digital Education

Jonathon Neff, Chief Information Security Officer, University of Montana

Fred Rankin, IT Director of Cyber Security/Infrastructure/End User Services, Lane Community College

* * * * * * * * * * * * * * * * * * * * * * * * * *

Secure by Design: Embedding Enterprise Cyber Resilience into Local Government Software

(Local Government)

This session explores how organizations can make security a foundational characteristic across the entire system lifecycle, from concept and design to deployment, operation, and decommissioning. Drawing on enterprise cyber strategies, real-world case studies, and practical frameworks, attendees will learn how to embed security into culture, governance, and supply chains to create infrastructure that is inherently robust, resistant to attack, and capable of rapid recovery.

Charles Burton, Director of Information Technology, Calcasieu Parrish, State of Louisiana

* * * * * * * * * * * * * * * * * * * * * * * * * *

Working Lunch

General Session – Joint Threat Brief: Center for Internet Security and Center for Digital Government

Moderator: Dan Lohrmann, Senior Fellow, Center for Digital Government

Randy Rose, Vice President of Security Operations and Intelligence, CIS Security Ops & Intelligence

Theodore Sayers, Senior Director of Threat Intelligence, CIS Security Ops & Intelligence

Networking Break in the Exhibit Hall

Network with your colleagues and discuss technology solutions with the event sponsors.

Concurrent Sessions III

Sponsored Session

Session title and description forthcoming.

* * * * * * * * * * * * * * * * * * * * * * * * * *

Vulnerability Management Best Practices

(Vulnerability Management/Risk Management)

Effective vulnerability management requires clear articulation of value, urgency, and business impact. This session facilitates a conversation on practical strategies to strengthen vulnerability management programs and secure the budgets needed to sustain them—covering how to speak the language of the business, frame risk effectively, and position security investments as essential enablers rather than cost centers.

Anthony Coronas, Director of Information Technology, Yocha Dehe Wintun Nation, State of California

* * * * * * * * * * * * * * * * * * * * * * * * * *

Ransomware Ready (3 of 4): Detect, Contain, Recover — Endpoint Protection and Incident Response for Lean Teams

(Ransomware Prevention/Resilience)

Even with preventative controls in place, small jurisdictions must be ready to act fast when ransomware indicators appear. This session helps participants implement Endpoint Protection and Incident Response policies in a way that fits "small shop" realities: shared roles, limited monitoring, and mixed device inventories. Attendees will receive actionable draft policies, role checklists, and "first 30 minutes" response guidance, plus opportunities to join future MS-ISAC-hosted tabletop exercises.

Rob Beach, Chief Technology Officer, City of Palm Beach, State of Florida

Gary Coverdale, Chief Information Security Officer, Santa Barbara County, State of California

Ben Edelen, Chief Information Security Officer, Boulder County, State of Colorado

Matthew McCrystal, Operational Readiness Manager, Ohio Secretary of State

Rob Reese, Cyber Incident Response Team (CIRT) Manager, MS-ISAC

Kim Watson, Senior Program Advisory, Center for Internet Security

* * * * * * * * * * * * * * * * * * * * * * * * * *

Promoting AI's Safe Usage for Elections

(Elections Security)

This session explores the evolving role of artificial intelligence in electoral processes, focusing on its potential to improve data-driven decision-making amid the growing challenges of misinformation, manipulation, and voter suppression. It examines how AI tools could address information gaps for voters, candidates, and election commissions while acknowledging the skepticism and concerns that surround the use of AI in critical civic functions.

Anthony Coronas, Director of Information Technology, Yocha Dehe Wintun Nation, State of California

Biplav Srivastava, Professor, AI Institute, University of South Carolina

* * * * * * * * * * * * * * * * * * * * * * * * * *

Cyber Risk in the Public Sector: Managing Shared Responsibilities, AI Tools, and Secure Digital Supply Chains

(GovRamp)

In today’s rapidly evolving digital landscape, state agencies and local governments face increasing cyber risks—especially when adopting third-party tools and cloud-based solutions. This hands-on workshop equips public sector professionals with practical strategies to assess and manage cyber risks across their digital ecosystems.

Participants will explore:

•Shared Responsibility Models: Clarifying “what’s yours, what’s mine, and what’s ours” when implementing third-party platforms and cloud services.

•Tracking Generative & Agentic AI: Understanding how AI is embedded in cloud products and how to monitor its use for compliance and risk.

•Efficient Security Reviews: Conducting apples-to-apples evaluations of vendors and digital supply chain components to streamline security assessments.

•GovRAMP Implementation: Step-by-step guidance on how to apply GovRAMP principles to your agency’s procurement and IT processes.

Through real-world scenarios, attendees will leave with actionable tools to strengthen their cyber posture and make informed decisions about technology adoption.

Leah McGrath, Executive Director and Board Ex-Officio, GovRAMP

* * * * * * * * * * * * * * * * * * * * * * * * * *

Small Government, Big Problems: Utilizing Open-Source Software to Support Citizens

(Local Government)

Small and local governments face an outsized challenge: rising expectations from citizens paired with shrinking budgets, limited staff, and a complex technology landscape. This session explores how open-source software can help governments break out of that cycle—providing flexibility, transparency, and long-term sustainability while reducing vendor lock-in and enabling collaboration across agencies. The session addresses common concerns around support, security, and staffing, and separates myth from reality around open source in government.

Bob Henderson, Director of Information Technology, Cass County, State of North Dakota

* * * * * * * * * * * * * * * * * * * * * * * * * *

Log Aggregation and SIEM Overview

(Threat Intel/SecOps/IR)

This technical presentation provides a practical overview of log aggregation and its evolution into full Security Information and Event Management (SIEM) capabilities. The session covers centralized log aggregation, real-world methods for collecting logs from diverse sources (Linux, Windows, network devices, cloud/container environments), prevalent log formats and parsing techniques, and the distinction between basic aggregation platforms and mature SIEM solutions. Attendees will leave with actionable insights to design scalable logging pipelines.

Harold Garron, Disaster Recovery Manager, Cooper University Healthcare

Rob Reese, Cyber Incident Response Team (CIRT) Manager, MS-ISAC

* * * * * * * * * * * * * * * * * * * * * * * * * *

Short Break / Transition to the General Session

Fireside Chat

General Session – Strengthening the Nation Together: The New MS-ISAC Charter and Governance Model for the Future of SLTT Cybersecurity

In this end-of-day plenary keynote, the Chair of the Interim Member Governance Board (IMGB) will unveil the newly revised MS-ISAC Charter and Governance Model, developed through rigorous engagement with the SLTT community. This session explores how the revised governance structure strengthens MS-ISAC's value proposition, reinforces transparency and member influence, and creates a more unified, collaborative environment among the MS-ISAC and the state, local, tribal, and territorial government ecosystem. The session concludes with a first-of-its-kind MS-ISAC Champagne Toast.

Carlos Kizzee, Senior Vice President, MS-ISAC Strategies and Plans, Center for Internet Security

ISAC Awards Ceremony

Closing Reception

Adjourn Day 1

Registration / Continental Breakfast / Help Desk / Exhibit Hall

Opening Remarks and Day 1 Recap

Keynote Presentation – Cyberchat Q and A: Insights for Elevating Cyber Resilience in Your Organization

Once adversaries in the cybersphere, Hector Monsegur and Chris Tarbell have joined forces to help organizations confront today’s most pressing cyber threats. Drawing on their extraordinary experiences - one as a former black-hat hacker, the other as an FBI special agent - their conversation offers a rare, dual-lens view of the modern threat landscape. In a dynamic, audience-driven discussion, Monsegur and Tarbell break down the most significant risks facing organizations today, how real-world attacks unfold, and where defenses most often fail. Together, they share practical insights and actionable frameworks that leaders can apply to strengthen security, reduce risk, and protect operations from disruptions that can cripple organizations and erode trust.

Chris Tarbell, Director, Cyber Security and Investigations, Berkley Research Group and Former FBI Special Agent

Hector Monsegur, Cyber Security Expert and Co-founder, SafeHill

Transition Remarks

Networking Break in the Exhibit Hall

Network with your colleagues and discuss technology solutions with the event sponsors.

Concurrent Sessions I

Ransomware Ready (4 of 4): People Are the Perimeter — Practical User Awareness and Training That Changes Behavior

(Ransomware Prevention/Resilience)

The most effective ransomware defense combines technical controls with an informed, confident workforce. This capstone session of the Ransomware Ready series focuses on establishing a User Awareness and Training Policy that empowers staff across all departments to identify and prevent ransomware risks. The session will launch a year-long MS-ISAC collaborative initiative where participants exercise new policies in virtual training settings and contribute to periodic updates of the Ransomware Prevention Toolkit.

Rob Beach, Chief Technology Officer, City of Palm Beach, State of Florida

Gary Coverdale, Chief Information Security Officer, Santa Barbara County, State of California

Ben Edelen, Chief Information Security Officer, Boulder County, State of Colorado

Matthew McCrystal, Operational Readiness Manager, Ohio Secretary of State

Rob Reese, Cyber Incident Response Team (CIRT) Manager, MS-ISAC

Kim Watson, Senior Program Advisory, Center for Internet Security

* * * * * * * * * * * * * * * * * * * * * * * * * *

Managing Election Supply Chain Security Through Procurement

(Elections Security)

Election infrastructure relies on complex supply chains spanning technology, services, and physical materials, making procurement a critical control point for managing security risk. This session explores how election officials can integrate supply chain security into procurement practices to safeguard the integrity, availability, and trustworthiness of election systems and technology providers.

* * * * * * * * * * * * * * * * * * * * * * * * * *

Shadow AI in the C-Suite: What You Don't Know About

(AI, GenAI, Machine Learning)

Right now, someone in your organization is pasting sensitive data into an AI tool you didn't approve, don't monitor, and can't audit. This session demystifies AI for executive leaders, cutting through the hype to show that AI runs on the same infrastructure you already secure. The session walks through four critical privacy risk categories—including data exposure, shadow AI adoption, and vendor liability, then delivers a practical decision framework for accepting or mitigating each one.

Moderator: Deb Snyder, Senior Fellow, Center for Digital Government

Chase Fopiano, CISSP, CCSP, CIPM, Executive Director, National Privacy Council

Stephanie Gass, Senior Director of Information Security

* * * * * * * * * * * * * * * * * * * * * * * * * *

Whole-of-State Part II: State Playbooks for Advancing Local Cyber Resilience

(Whole-of-State)

Whole-of-State in Action: States across the country are evolving rapidly in how they support local governments on cybersecurity—yet no two models look alike. Building on the first session in the Whole-of-State in Action series, panelists will provide an unfiltered look into how their government structures, funding strategies, SLCGP implementations, and intergovernmental partnerships are shaping cyber resilience for municipalities, counties, school districts, and tribes. Through a facilitated dialogue, state leaders will share their practical playbooks: what's working, what they would do differently, and how they are building trust while navigating political, financial, and operational realities. Attendees will gain insight into diverse state models, from states offering comprehensive statewide MS ISAC membership to those developing bespoke state only services or locally driven programs. This session prioritizes transparency, lessons learned, and peer-to-peer value. Local attendees will leave with a clearer picture of the services and support emerging across states, while state officials will gain cross-state inspiration to mature their programs.

Meghan Cook, Director, Cyber Incident Response Team, Division of Homeland Security & Emergency Services State of New York

John Godfrey, Chief Information Security Officer, State of Kansas

John Israel, Chief Information Security Officer, State of Minnesota

Aime Msengiyumva, Deputy Chief Information Security Officer, State of Tennessee

Karen Sorady, VP of MS-ISAC Member Engagement, Center for Internet Security

Netta Squires, President Government Affairs, Cybersecurity & Resilience, Open District Solutions

Jason Walker, Chief Information Security Officer, State of Florida

* * * * * * * * * * * * * * * * * * * * * * * * * *

Protecting PLC/SCADA Labs in Higher Education

(Higher Education)

In higher-education institutions that collaborate with local industry partners to support workplace-learning programs, securing environments that rely on PLC/SCADA hardware is essential. This discussion outlines how one institution protected its operational environment, given the software's limitations and its challenges operating within modern network architectures.

Moderator: Brian Cohen, Vice President, Center for Digital Education

* * * * * * * * * * * * * * * * * * * * * * * * * *

From Reactive to Resilient: Securing Executive Buy-In to Scale Local Government Cybersecurity

(Local Government)

This case study explores the journey of transforming a reactive security posture into a fully funded, proactive program within a county government. The session pulls back the curtain on specific strategies used to secure executive buy-in for a 300% increase in staffing and the budget for a modernized security stack—covering how to speak the language of elected officials, leverage strategic partnerships, and navigate the local government budget cycle.

Moderator: Phil Bertolini, Chief Delivery Officer, Government Technology

* * * * * * * * * * * * * * * * * * * * * * * * * *

Short Break

Concurrent Sessions II

Why Do Security Pros and Teams Fail, and What Can You Do About It?

(Professional Development)

Session description forthcoming.

Dan Lohrmann, Senior Fellow, Center for Digital Government

* * * * * * * * * * * * * * * * * * * * * * * * * *

Secure Elections: Working with Emergency Managers

(Elections Security)

Secure elections require more than cybersecurity; they demand close coordination between election officials and emergency managers. As elections are designated critical infrastructure, election officials must integrate emergency planning, incident command, risk assessment, and crisis communication into election operations. This session explores how emergency management expertise in preparedness, response coordination, and recovery helps ensure continuity of voting during natural disasters, cyber incidents, and physical threats.

Paul Lux, Supervisor of Elections, Okaloosa County, State of Florida

Mark Peck, Senior Network Engineer, Greene County, State of Missouri

Netta Squires, President Government Affairs, Cybersecurity & Resilience, Open District Solutions

* * * * * * * * * * * * * * * * * * * * * * * * * *

Advanced DLP Protection for GenAI

(AI, GenAI, Machine Learning)

GenAI isn't the real problem—unmanaged data is. This session examines practical approaches to securing both GenAI and sensitive data assets, sharing two logical approaches to address data loss across three primary categories: sensitive corporate data and intellectual property, PII/PHI, and maliciously generated code. Attendees will leave with a clearer picture of how smarter XDR-based protection enables teams to innovate without leaking what matters most.

Stephanie Gass, Senior Director of Information Security

Gregory Smith, Chief Information Security Officer, Frederick County, State of Maryland

* * * * * * * * * * * * * * * * * * * * * * * * * *

Building Defensible Cyber Maturity in Resource-Constrained Governments

(Local Government)

Many state and local government entities approach cybersecurity maturity assessments as compliance exercises—something to complete, file, and forget. This session challenges that model. Drawing from hands-on experience designing and delivering Texas Cybersecurity Framework (TCF) assessments across a wide range of SLED entities, this session walks through how to build assessment methodology that is consistent, repeatable, and genuinely defensible. Attendees will leave with a clearer framework for thinking about maturity assessment not as a snapshot, but as a foundation for long-term program development.

Moderator: Deb Snyder, Senior Fellow, Center for Digital Government

Garrett Ragland-Helf, Group Facilitator, MS-ISAC Leadership Mentoring Program

* * * * * * * * * * * * * * * * * * * * * * * * * *

Operationalizing Zero Trust: Advancing Maturity Through SASE and SSE

(Security Best Practice)

This session provides a practical framework for operationalizing Zero Trust using Secure Access Service Edge (SASE) and Security Service Edge (SSE) capabilities aligned to CISA's Zero Trust Maturity Model (ZTMM). The discussion focuses on how SLTT entities can move from "Initial" to "Advanced" maturity by integrating identity, device posture, network segmentation, application access, and data protection into a cohesive enforcement fabric.

Mikel Costello, Enterprise Architect / Strategic Planning and Design Manager, WaTech, State of Washington

* * * * * * * * * * * * * * * * * * * * * * * * * *

IT Budgets: From Cost Centers to Business Enablers

(Budget/Leadership)

Cybersecurity remains one of the toughest investments to justify because its ROI is largely invisible. When security works, nothing happens, and "nothing" is a hard sell. This session is a facilitated conversation focused on practical strategies to increase your chances of getting IT and cybersecurity budgets approved—by speaking the language of the business, framing risk effectively, and positioning security as a business enabler rather than a cost center.

Anthony Coronas, Director of Information Technology, Yocha Dehe Wintun Nation, State of California

* * * * * * * * * * * * * * * * * * * * * * * * * *

Working Lunch

General Session

Networking Break in the Exhibit Hall

Network with your colleagues and discuss technology solutions with the event sponsors.

Concurrent Sessions III

SCARE to CARES: Navigating Ransomware Incidents without Chaos

(Ransomware Prevention/Incident Response)

Ransomware attacks rarely fail because of technology alone. Organizations struggle when stress rises, communication breaks down, and teams lose clarity during fast-moving incidents. This session introduces the SCARE to CARES leadership framework—developed from real-world experience leading through a major ransomware incident—helping leaders guide teams from fear and chaos toward calm, coordination, and decisive action through: Communicate, Adapt, Relationships, Empower, and Stay Calm.

Saby Waraich, Chief Information Officer and Chief Information Security Officer, Clackamas Community College, State of Oregon

* * * * * * * * * * * * * * * * * * * * * * * * * *

Understanding the Perpetrators Who Threaten Election Workers: Behavioral Insights from DOJ Election Threat Cases

(Elections Security)

This session presents a case-study analysis of twenty-one criminal cases prosecuted by the Department of Justice's Election Threats Task Force, analyzed through the lens of behavioral threat assessment frameworks. The discussion connects research findings to the current election threat environment and presents ten actionable recommendations that election officials and security partners can implement to strengthen prevention, detection, and response efforts.

Nikki Fisher, Chief Election Security Officer, Oregon Secretary of State

* * * * * * * * * * * * * * * * * * * * * * * * * *

Envisioning a Future State Cybersecurity Program 2028 (Public Sector)

(AI, GenAI, Machine Learning)

Public sector cybersecurity programs are trying to fight today's attacks with yesterday's organizational operating models. This session outlines a near-term, achievable future state model for public sector cybersecurity that fully leverages data science and generative AI technologies, backed by strong governance and leadership—connecting emerging technology with frameworks like NIST NICE, CSF, and ISO 27001 to present a notional Future State Program for 2028.

James Globe, VP of Strategic Cybersecurity Capabilities, Technology & Innovation

Paul Grabow, Principal Researcher, Cybersecurity CMMC Practitioner

* * * * * * * * * * * * * * * * * * * * * * * * * *

Quantum Resiliency in Cryptography for SLTT Security

(Emerging Technology)

Cryptographically-relevant quantum computers will arrive any time now, and as long-lived institutions, SLTTs are uniquely valuable targets for "harvest now, decrypt later" strategies. This session covers why quantum matters for SLTTs, a plain-English overview of quantum computing, which classical cryptographic algorithms are at risk (including RSA and Elliptic Curve Cryptography), what quantum-resilient cryptography looks like, and a practical roadmap for cryptographic inventory, prioritization, and pilot PQC deployment.

Dave Beller, Quantum Resiliency in Cryptography for SLTT Security, San Diego Unified School District

* * * * * * * * * * * * * * * * * * * * * * * * * *

Visualizing Security Posture by Mapping Tools to the CIS Framework

(Security Best Practice)

This case study explores a practical, visual approach to Governance, Risk, and Compliance (GRC) designed to solve the challenges of assessment fatigue, redundant toolsets, and resource drain. Attendees will walk through a complete use case of mapping an organization's security stack directly to CIS Control Safeguards, highlighting rapid identification of coverage gaps, elimination of overlapping vendor solutions, and the ability to clearly communicate compliance posture to both technical teams and executive leadership.

Andy Boell, Owner/Cybersecurity Specialist, Midwest Cyber

Valecia Stochetti, Cybersecurity Engineer, Center for Internet Security

* * * * * * * * * * * * * * * * * * * * * * * * * *

San Bernardino County Sheriff's Department — Royal Ransomware Recovery I Right of Boom Realities: Leadership Lessons on Key Activities That Enhance Preparedness

(Ransomware Prevention/Incident Response)

This session presents an in-depth overview of the Royal Ransomware attack that struck the San Bernardino County Sheriff's Department on 4/7/2023, one of the largest law-enforcement agencies in the nation. The attack prompted immediate coordination with Cyber Insurance, County IT, the FBI, DHS, CalOES, JRIC, and Microsoft, and disrupted multiple mission-critical systems including CAD, CLETS, report writing, jail and patrol systems, and more. Attendees will gain firsthand insight into the response timeline, key decisions, and lessons learned. In this candid panel discussion, leaders who have navigated real-world cyber crises share the essential lessons they learned "right of boom," providing insights on best practices that should be contemplated and operationalized long before an incident occurs. Panelists explore the practical value of pre-event planning, including establishing and exercising response policies, validating communication chains, pre-authorizing decision pathways, and conducting meaningful tabletop exercises that truly stress-test assumptions.

Moderator: Dan Lohrmann, Senior Fellow, Center for Digital Government

* * * * * * * * * * * * * * * * * * * * * * * * * *

Why Should I Be Bothered? OT Teams and the Cybersecurity Hassle

(Operational Technology (OT) Security)

This session examines the unique challenges faced by Operational Technology (OT) teams when confronted with cybersecurity requirements, exploring why OT professionals often view security mandates as a "hassle" and how to bridge the gap between IT security practices and OT operational realities.

Emmanuel Adinkra, Senior IT Teach, Santa Clarita Water Agency

* * * * * * * * * * * * * * * * * * * * * * * * * *

Short Break / Transition to the General Session

General Session

Fireside Chat – MYTHOS Retold: Combatting the Artificially Enhanced Threat Actor

Artificial intelligence is reshaping the threat landscape but not always in the ways headlines suggest. In this fireside chat, experts will unpack the reality behind AI-driven capabilities like Mythos and what they truly mean for state, local, tribal, and territorial (SLTT) defenders. While AI can dramatically accelerate vulnerability discovery and compress the timeline from detection to exploitation, most weaknesses and the defenses that mitigate them remain familiar. Panelists will translate emerging risks into actionable strategy, focusing on how SLTT organizations can strengthen resilience through security fundamentals, faster decision-making, and collective defense. Attendees will leave with a clearer understanding of where AI meaningfully changes the game and where it doesn’t, along with practical steps to stay ahead of increasingly automated adversaries without being overwhelmed by the hype.

Moderator: Dan Lohrmann, Senior Fellow, Center for Digital Government

Tony Sager, Senior Vice President and Chief Evangelist, Center for Internet Security

Adjourn Day 2

Registration / Continental Breakfast / Help Desk

Opening Remarks and Day 2 Recap

General Session – State Key Perspectives on the Future of SLTT Cybersecurity – NASCIO Survey Results Briefing

Transition Remarks

General Session – Local Perspectives: How Florida is Ensuring Stable State-Funding for Local Government Cybersecurity Programs

Across the nation, local governments face increasingly sophisticated cybersecurity threats without the corresponding resources to defend against them. The State of Florida is breaking new ground by advancing landmark legislation establishing a dedicated statewide appropriation to strengthen cybersecurity programs, tools, and services specifically for counties, cities, school districts, and special districts. This session brings together local government leadership who championed the effort and state legislators who sponsored and shaped the bill; offering attendees rare insights into how policy, advocacy, and operational needs can converge to produce a transformative funding model for local governments.

Moderator: Carlos Kizzee, Senior Vice President, MS-ISAC Strategies and Plans, Center for Internet Security

The Honorable Rep. Monique Miller, State Representative, Florida House of Representatives

Rob Beach, Director of Information Technology, City of Palm Bay, Florida/President FLGISA

Todd Bayley, Chief Information Officer, Pasco County, State of Florida

Transition Remarks

General Session – Territorial Perspectives: How Puerto Rico Secures a Multi-Agency Government in a Territorial Operating Model

Puerto Rico operates one of the most complex government IT and cybersecurity environments in the United States, serving 3.2 million residents across 120+ agencies, all within the constraints and opportunities of an unincorporated territorial governance model. This session provides a rare, inside look at how the Puerto Rico Office of Management and Budget (OGP) and Puerto Rico Innovation & Technology Service (PRITS) are modernizing cybersecurity, centralizing services, and strengthening resilience across a highly distributed, resource variable government enterprise. Attendees will hear firsthand how Puerto Rico is tackling challenges familiar across the SLTT community: fragmented legacy systems, uneven cybersecurity maturity, procurement hurdles, workforce shortages, and the operational realities of natural disasters. The Commonwealth will share their lessons learned in building shared services, implementing enterprise-level identity and network security programs, driving agency alignment, and maturing governance in a decentralized environment. Participants will leave with actionable practices that any SLTT can adapt regardless of size, geography, or political structure; and a renewed understanding of how unified cybersecurity strategy can thrive even in the most complex environments.

Transition Remarks

General Session – Tribal Perspectives: Securing Sovereign Nations in a Shared Threat Landscape

Join the Tribal ISAC for a dynamic panel discussion featuring Tribal Nations professionals as they share firsthand perspectives on navigating cybersecurity and IT management within sovereign jurisdictions. Their perspectives will highlight how tribal governments balance self-determination with the demands of an increasingly complex threat environment while addressing challenges familiar across the SLTT community, including constrained funding, workforce shortages, and rapidly evolving cyber risks. Through a conversation facilitated by the Tribal ISAC, panelists will offer practical insights into how tribes are building resilience, sustaining critical services, and attracting and retaining skilled IT and cybersecurity professionals in support of their nation’s security and resilience. Attendees will gain a deeper understanding of the unique legal, cultural, and operational considerations shaping tribal cybersecurity strategies, alongside actionable ideas that resonate across all sectors. Whether you serve tribal communities or broader SLTT organizations, this session will provide valuable perspectives and peer-driven solutions you can apply immediately.

Moderator: Toni Pepper, Executive Director, Tribal Information Sharing and Analysis Center

Closing Remarks: Next Steps in Our SLTT Cybersecurity Call to Action

Carlos Kizzee, Senior Vice President, MS-ISAC Strategies and Plans, Center for Internet Security

Teri Takai, Chief Programs Officer, Center for Digital Government

End of Summit

Conference times, agenda, and speakers are subject to change.