Highlights from the 16th Annual MS-ISAC Meeting

The Multi-State Information Sharing and Analysis Center (MS-ISAC) and the Election Infrastructure Information Sharing and Analysis Center (EI-ISAC) held a joint annual meeting from Aug. 6-9, 2023, in Salt Lake City, Utah. More than 900 people were registered from all across the United States and U.S. territories, and the attendees included federal, state and local government professionals, managers and cybersecurity analysts, elections officials, private-sector cybersecurity partners, vendor sponsors, elected officials and more.

Special emphasis was placed on the fact that this was a working meeting and not a conference. This was the largest gathering of MS-ISAC ever, and also provided an opportunity to celebrate the 20-year anniversary of when MS-ISAC was first formed in 2003. The group has grown to more than 14,000 state and local government members over the past 20 years, and programs that were started along the way, such as the MS-ISAC mentoring program, have surged in popularity and participation.

(Note: I covered the immense value offered by the MS-ISAC Leadership Mentoring Program in detail five years ago in this blog post. There is also much more background on the MS-ISAC in this blog from 2014.)

The 2023 Annual Meeting agenda was packed with government training, cybersecurity and cyber defense topics, along with election infrastructure topics. There was a heavy focus on networking with peers from other governments, learning from best practices and tools offered by federal agencies like the Cybersecurity Infrastructure and Security Agency (CISA) and the FBI, teamwork, resources, cyber grants, partnerships, and more.
Here are some of the multiday meeting highlights:

Keynote speakers:

• Deidre Henderson, lieutenant governor, state of Utah
• John Gilligan, CEO and president, Center for Internet Security
• Amit Yoran, chairman and CEO, Tenable
• Bridget Bean, assistant director, Integrated Operations Division, CISA
• Ernie Fernandez, vice president, state and local government, Microsoft
• Karen Sorady, VP of MS-ISAC Member Engagement, Center for Internet Security
• Carlos Kizzee, SVP, CIS Stakeholder Engagement Operations, Center for Internet Security

Keynote lunch panel of MS-ISAC founding members on the history of the organization:

• Will Pelgrin, CEO and co-founder, CyberWA
• Joe Frohlich, cybersecurity advisor, CISA
• Timothy Guerriero, information security manager, PING
• Arnold Kishi, senior advisor, Office of Enterprise Technology Services, state of Hawaii
• Mike Lettman, cyber security advisor (CSA), Region 9, CISA
• Daniel Lohrmann, Field CISO, Presidio
• Lynne Pizzini, director of security governance and Assurance, Tri Counties Bank
• Mark Weatherford, SVP and chief security officer, AlertEnterprise

Here is a sampling of the breakout sessions:

• Game On! Tabletop Series: Threat Actor Targets Local Government
• Election Infrastructure Introduction: Hacking the Annual Meeting for the Utmost Value to Your Organization
• Workforce Management the NICE way: How the NICE Cybersecurity Workforce Framework Can Work for You
• Do You Live in a Smart City?
• Think Big: Why You Should Be Considering Whole-of-State Cybersecurity
• Level Up Your Cybersecurity Game With NCSR
• Collaboration Stories: How to Tap into the Growing Movement of CISOs Working Together
• Our Journey to an Autonomous Security Operations Center
• Get Your Head in the Cloud: Guidance for Cloud Adoption on GCP
• CISA Updates for the Election Community

MY PERSPECTIVES ON THE 2023 MS-ISAC MEETING

The growth and maturity of MS-ISAC is simply amazing, and all the attendees I spoke with found great value in attending. The networking opportunities and best practices offered along with hands-on training sessions make this a top event for government cybersecurity professionals.

Many of the government staff had their travel paid for under a CIS scholarship, so the price was right for cash-strapped governments across the country.
This event also felt like homecoming week for many of the CISOs who initially helped form MS-ISAC 20 years ago. It was great to see government cyber leaders who have now moved on to other roles in the public and private sectors describe the original collaboration goals of the MS-ISAC members and how that vision has now far exceeded initial expectations.

I was able to present two breakout sessions that resulted in literally dozens of follow-up conversations regarding true ransomware stories and why security pros fail — and how to succeed. Other presenters that I spoke with had great interactions and follow ups as well, showing an interest and a hunger from government cyber professionals to grow in their careers and capabilities.

FINAL THOUGHTS

What is also clear is that MS-ISAC and EI-ISAC have a lot of difficult work to do and a daunting set of cyber tasks ahead as risks continue to grow. No one was under the illusion that our government cyber battles are almost over. In fact, the ransomware and other cyber attacks seem to only get more costly and impactful.

Nevertheless, it is also clear that the MS-ISAC and EI-ISAC are rising to these new challenges and continue to strengthen our public-sector cyber defenses. The event offered a much-needed post-COVID lift to the men and women who serve our country on the front lines of state and local cyber battles.
The next national MS-ISAC and EI-ISAC meeting is planned to be held in Orlando in June 2024.