IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Highlights from the 16th Annual MS-ISAC Meeting

The 2023 MS-ISAC and EI-ISAC meeting just wrapped up in Salt Lake City. Here’s a roundup of what happened and what’s next.

Bridget Bean, assistant director of the Integrated Operations Division of the Cybersecurity and Infrastructure Security Agency speaking onstage next to an empty table awaiting a panel.
Bridget Bean, assistant director of the Integrated Operations Division of the Cybersecurity and Infrastructure Security Agency, delivers a keynote address at the 2023 MS-SIAC Annual Meeting.
D. Lohrmann
The Multi-State Information Sharing and Analysis Center (MS-ISAC) and the Election Infrastructure Information Sharing and Analysis Center (EI-ISAC) held a joint annual meeting from Aug. 6-9, 2023, in Salt Lake City, Utah. More than 900 people were registered from all across the United States and U.S. territories, and the attendees included federal, state and local government professionals, managers and cybersecurity analysts, elections officials, private-sector cybersecurity partners, vendor sponsors, elected officials and more.

Special emphasis was placed on the fact that this was a working meeting and not a conference. This was the largest gathering of MS-ISAC ever, and also provided an opportunity to celebrate the 20-year anniversary of when MS-ISAC was first formed in 2003. The group has grown to more than 14,000 state and local government members over the past 20 years, and programs that were started along the way, such as the MS-ISAC mentoring program, have surged in popularity and participation.

(Note: I covered the immense value offered by the MS-ISAC Leadership Mentoring Program in detail five years ago in this blog post. There is also much more background on the MS-ISAC in this blog from 2014.)

The 2023 Annual Meeting agenda was packed with government training, cybersecurity and cyber defense topics, along with election infrastructure topics. There was a heavy focus on networking with peers from other governments, learning from best practices and tools offered by federal agencies like the Cybersecurity Infrastructure and Security Agency (CISA) and the FBI, teamwork, resources, cyber grants, partnerships, and more.
A photo from an attendee of a conference room full of people with someone speaking on the stage at the MS-ISAC Annual Meeting.
Here are some of the multiday meeting highlights:

Keynote speakers:
  • Deidre Henderson, lieutenant governor, state of Utah
  • John Gilligan, CEO and president, Center for Internet Security
  • Amit Yoran, chairman and CEO, Tenable
  • Bridget Bean, assistant director, Integrated Operations Division, CISA
  • Ernie Fernandez, vice president, state and local government, Microsoft
  • Karen Sorady, VP of MS-ISAC Member Engagement, Center for Internet Security
  • Carlos Kizzee, SVP, CIS Stakeholder Engagement Operations, Center for Internet Security

Keynote lunch panel of MS-ISAC founding members on the history of the organization:
  • Will Pelgrin, CEO and co-founder, CyberWA
  • Joe Frohlich, cybersecurity advisor, CISA
  • Timothy Guerriero, information security manager, PING
  • Arnold Kishi, senior advisor, Office of Enterprise Technology Services, state of Hawaii
  • Mike Lettman, cyber security advisor (CSA), Region 9, CISA
  • Daniel Lohrmann, Field CISO, Presidio
  • Lynne Pizzini, director of security governance and Assurance, Tri Counties Bank
  • Mark Weatherford, SVP and chief security officer, AlertEnterprise
msisac - k2.jpg

Here is a sampling of the breakout sessions:
  • Game On! Tabletop Series: Threat Actor Targets Local Government
  • Election Infrastructure Introduction: Hacking the Annual Meeting for the Utmost Value to Your Organization
  • Workforce Management the NICE way: How the NICE Cybersecurity Workforce Framework Can Work for You
  • Do You Live in a Smart City?
  • Think Big: Why You Should Be Considering Whole-of-State Cybersecurity
  • Level Up Your Cybersecurity Game With NCSR
  • Collaboration Stories: How to Tap into the Growing Movement of CISOs Working Together
  • Our Journey to an Autonomous Security Operations Center
  • Get Your Head in the Cloud: Guidance for Cloud Adoption on GCP
  • CISA Updates for the Election Community
A panel of speakers onstage at the MS-ISAC 2023 Annual Meeting.

MY PERSPECTIVES ON THE 2023 MS-ISAC MEETING


The growth and maturity of MS-ISAC is simply amazing, and all the attendees I spoke with found great value in attending. The networking opportunities and best practices offered along with hands-on training sessions make this a top event for government cybersecurity professionals.

Many of the government staff had their travel paid for under a CIS scholarship, so the price was right for cash-strapped governments across the country.
People stopping for a photo during a networking reception at the MS-ISAC 2023 Annual Meeting.
This event also felt like homecoming week for many of the CISOs who initially helped form MS-ISAC 20 years ago. It was great to see government cyber leaders who have now moved on to other roles in the public and private sectors describe the original collaboration goals of the MS-ISAC members and how that vision has now far exceeded initial expectations.

I was able to present two breakout sessions that resulted in literally dozens of follow-up conversations regarding true ransomware stories and why security pros fail — and how to succeed. Other presenters that I spoke with had great interactions and follow ups as well, showing an interest and a hunger from government cyber professionals to grow in their careers and capabilities.
A group of people posing for a photo at the MS-ISAC 2023 Annual Meeting.

FINAL THOUGHTS


What is also clear is that MS-ISAC and EI-ISAC have a lot of difficult work to do and a daunting set of cyber tasks ahead as risks continue to grow. No one was under the illusion that our government cyber battles are almost over. In fact, the ransomware and other cyber attacks seem to only get more costly and impactful.

Nevertheless, it is also clear that the MS-ISAC and EI-ISAC are rising to these new challenges and continue to strengthen our public-sector cyber defenses. The event offered a much-needed post-COVID lift to the men and women who serve our country on the front lines of state and local cyber battles.
People networking at the MS-ISAC 2023 Annual Meeting.
The next national MS-ISAC and EI-ISAC meeting is planned to be held in Orlando in June 2024.
Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.