web analytics

Highlights from the 16th Annual MS-ISAC Meeting – Source: securityboulevard.com

highlights-from-the-16th-annual-ms-isac-meeting-–-source:-securityboulevard.com
Rate this post

Source: securityboulevard.com – Author: Lohrmann on Cybersecurity

The 2023 MS-ISAC and EI-ISAC meeting just wrapped up in Salt Lake City. Here’s a roundup of what happened and what’s next.

August 13, 2023 • 

Dan Lohrmann

AWS Builder Community Hub

Bridget Bean, assistant director of the Integrated Operations Division of the Cybersecurity and Infrastructure Security Agency, delivers a keynote address at the 2023 MS-SIAC Annual Meeting.

D. Lohrmann

The Multi-State Information Sharing and Analysis Center (MS-ISAC) and the Election Infrastructure Information Sharing and Analysis Center (EI-ISAC) held a joint annual meeting from Aug. 6-9, 2023, in Salt Lake City, Utah. More than 900 people were registered from all across the United States and U.S. territories, and the attendees included federal, state and local government professionals, managers and cybersecurity analysts, elections officials, private-sector cybersecurity partners, vendor sponsors, elected officials and more.

Special emphasis was placed on the fact that this was a working meeting and not a conference. This was the largest gathering of MS-ISAC ever, and also provided an opportunity to celebrate the 20-year anniversary of when MS-ISAC was first formed in 2003. The group has grown to more than 14,000 state and local government members over the past 20 years, and programs that were started along the way, such as the MS-ISAC mentoring program, have surged in popularity and participation.

(Note: I covered the immense value offered by the MS-ISAC Leadership Mentoring Program in detail five years ago in this blog post. There is also much more background on the MS-ISAC in this blog from 2014.)

The 2023 Annual Meeting agenda was packed with government training, cybersecurity and cyber defense topics, along with election infrastructure topics. There was a heavy focus on networking with peers from other governments, learning from best practices and tools offered by federal agencies like the Cybersecurity Infrastructure and Security Agency (CISA) and the FBI, teamwork, resources, cyber grants, partnerships, and more.

Here are some of the multiday meeting highlights:

Keynote speakers:

  • Deidre Henderson, lieutenant governor, state of Utah
  • John Gilligan, CEO and president, Center for Internet Security
  • Amit Yoran, chairman and CEO, Tenable
  • Bridget Bean, assistant director, Integrated Operations Division, CISA
  • Ernie Fernandez, vice president, state and local government, Microsoft
  • Karen Sorady, VP of MS-ISAC Member Engagement, Center for Internet Security
  • Carlos Kizzee, SVP, CIS Stakeholder Engagement Operations, Center for Internet Security

Keynote lunch panel of MS-ISAC founding members on the history of the organization:

  • Will Pelgrin, CEO and co-founder, CyberWA
  • Joe Frohlich, cybersecurity advisor, CISA
  • Timothy Guerriero, information security manager, PING
  • Arnold Kishi, senior advisor, Office of Enterprise Technology Services, state of Hawaii
  • Mike Lettman, cyber security advisor (CSA), Region 9, CISA
  • Daniel Lohrmann, Field CISO, Presidio
  • Lynne Pizzini, director of security governance and Assurance, Tri Counties Bank
  • Mark Weatherford, SVP and chief security officer, AlertEnterprise

Here is a sampling of the breakout sessions:

  • Game On! Tabletop Series: Threat Actor Targets Local Government
  • Election Infrastructure Introduction: Hacking the Annual Meeting for the Utmost Value to Your Organization
  • Workforce Management the NICE way: How the NICE Cybersecurity Workforce Framework Can Work for You
  • Do You Live in a Smart City?
  • Think Big: Why You Should Be Considering Whole-of-State Cybersecurity
  • Level Up Your Cybersecurity Game With NCSR
  • Collaboration Stories: How to Tap into the Growing Movement of CISOs Working Together
  • Our Journey to an Autonomous Security Operations Center
  • Get Your Head in the Cloud: Guidance for Cloud Adoption on GCP
  • CISA Updates for the Election Community

MY PERSPECTIVES ON THE 2023 MS-ISAC MEETING

The growth and maturity of MS-ISAC is simply amazing, and all the attendees I spoke with found great value in attending. The networking opportunities and best practices offered along with hands-on training sessions make this a top event for government cybersecurity professionals.

Many of the government staff had their travel paid for under a CIS scholarship, so the price was right for cash-strapped governments across the country.

This event also felt like homecoming week for many of the CISOs who initially helped form MS-ISAC 20 years ago. It was great to see government cyber leaders who have now moved on to other roles in the public and private sectors describe the original collaboration goals of the MS-ISAC members and how that vision has now far exceeded initial expectations.

I was able to present two breakout sessions that resulted in literally dozens of follow-up conversations regarding true ransomware stories and why security pros fail — and how to succeed. Other presenters that I spoke with had great interactions and follow ups as well, showing an interest and a hunger from government cyber professionals to grow in their careers and capabilities.

FINAL THOUGHTS

What is also clear is that MS-ISAC and EI-ISAC have a lot of difficult work to do and a daunting set of cyber tasks ahead as risks continue to grow. No one was under the illusion that our government cyber battles are almost over. In fact, the ransomware and other cyber attacks seem to only get more costly and impactful.

Nevertheless, it is also clear that the MS-ISAC and EI-ISAC are rising to these new challenges and continue to strengthen our public-sector cyber defenses. The event offered a much-needed post-COVID lift to the men and women who serve our country on the front lines of state and local cyber battles.

The next national MS-ISAC and EI-ISAC meeting is planned to be held in Orlando in June 2024.

Cybersecurity

Dan Lohrmann

Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.

See More Stories by Dan Lohrmann

*** This is a Security Bloggers Network syndicated blog from Lohrmann on Cybersecurity authored by Lohrmann on Cybersecurity. Read the original post at: https://www.govtech.com/blogs/lohrmann-on-cybersecurity/highlights-from-the-16th-annual-ms-isac-meeting

Original Post URL: https://securityboulevard.com/2023/08/highlights-from-the-16th-annual-ms-isac-meeting/

Category & Tags: Security Bloggers Network – Security Bloggers Network

Views: 0

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

Codrut Andrei
Cybersecurity Talent Crisis Today and Tomorrow by Codrut Andrei
Cybersecurity Talent Crisis Today and...
SCYTHE
Better Cybersecurity Metrics – SOC Metrics – Threat Hunting Metrics – Cyber Threat Intelligence (CTI) Metrics – Incident Response (IR) Metrics for CISOs by SCYTHE
Better Cybersecurity Metrics – SOC...
ACSC Australia
Personal Cyber Security First Steps by Australian Government – ACSC
Personal Cyber Security First Steps...
Joas Antonio
100 Security Operation Tools for SOCs by Joas Antonio
100 Security Operation Tools for...
Joas Antonio
Guide for Multi-Cloud Read Team AWS – GCP – AZURE by Joas Antonio
Guide for Multi-Cloud Read Team...
SANS
SANS Faculty Cybersecurity Free Tools – SANS Instructors have built more than 150 open source tools that support your work and help you implement better security.
SANS Faculty Cybersecurity Free Tools...
Marcos Jaimovich
The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.
The Silent Spectre Haunting Your...
Marcos Jaimovich
Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?
Goodbye to Traditional: Why Conventional...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...
IZZMIER
Incident Response Playbooks & Workflows Ready for use in your SOC & Redteams
Incident Response Playbooks & Workflows...
LOGPOINT
396 Use Cases & Siem Rules Code ready for use for Mitre Attacks Events Detection in Your SOC by Logpoint
396 Use Cases & Siem...

LASTEST PUBLISHED POSTS

New York State
Cybersecurity Program Template A resource to help individual licensees and individually owned businesses develop a cybersecurity program as required by New York State’s Cybersecurity Regulation 23 NYCRR Part 500
Cybersecurity Program Template A resource...
Apress
Cyber Security on Azure An IT Professional’s Guide to Microsoft Azure Security
Cyber Security on Azure An...
CyberJA
ASSET IDENTIFICATION & CLASSIFICATION-A CRITICAL COMPONENT OF CYBER RISK MANAGEMENT
ASSET IDENTIFICATION & CLASSIFICATION-A CRITICAL...
SOSAFE
CybercrimeTrends 2024 The latest threats and security best practices
CybercrimeTrends 2024 The latest threats...
Routledge
Cyber Security Politics Socio-Technological Transformations and Political Fragmentation
Cyber Security Politics Socio-Technological Transformations...
Cigref
Surviving a Massive cyber-attack by Cigref
Surviving a Massive cyber-attack by...
Cigref
Surviving a Massive cyber-attack by Cigref
Surviving a Massive cyber-attack by...
Splunk
SPLUNK® AND THE CIS CRITICALSECURITY CONTROLS Mapping Splunk Software to the CIS 20 CSC Version 6.0
SPLUNK® AND THE CIS CRITICALSECURITY...
SOC SIEM Use Cases
SOC SIEM Use Cases
safecode
Six Pillars of DevSecOps- Collaboration and Integration
Six Pillars of DevSecOps- Collaboration...
SentineOne
WatchTower I ntelligence-Driven Threat Hunting
WatchTower I ntelligence-Driven Threat Hunting
CNIL
Security of Personal Data
Security of Personal Data

More Latest Published Posts

CISA | Cybersecurity and Infrastructure Security Agency
UNDERSTANDING AND RESPONDING TO DISTRIBUTED DENIAL-OF-SERVICE ATTACKS
UNDERSTANDING AND RESPONDING TO DISTRIBUTED DENIAL-OF-SERVICE ATTACKS
McKinsey & Company
Transforming risk efficiency and effectiveness
Transforming risk efficiency and effectiveness
Arnold Antoo
Zero Trust Security Model
Zero Trust Security Model
Richea Perry
Your Cybersecurity Toolkit
Your Cybersecurity Toolkit
IGNITE Technologies
Wireless Penetration Testing
Wireless Penetration Testing
Joas A Santos
Windows API for Red Team #101
Windows API for Red Team #101
Economic Research Working Paper
Artificial Intelligence and Intellectual Property
Artificial Intelligence and Intellectual Property
CASOS DE USO APLICABLES EN UN SIEM
CASOS DE USO APLICABLES EN UN SIEM
IGNITE Technologies
Burp Suite for Pentester
Burp Suite for Pentester
The Institute of Internal auditors
Auditing Risk Culture
Auditing Risk Culture
DevSecOps Guide
ATTACKING PHP APPLICATIONS
ATTACKING PHP APPLICATIONS
DevSecOps Guide
ATTACKING KUBERNETES WITH SECURITY BEST PRACTICE
ATTACKING KUBERNETES WITH SECURITY BEST PRACTICE
CLTC WHITE PAPER SERIES
Guidance for the Development of AI Risk and Impact Assessments
Guidance for the Development of AI Risk and Impact Assessments
Active Directory
Active Directory IT AuditChecklist
Active Directory IT AuditChecklist
A guide to business continuity planning
A guide to business continuity planning
LOG RHYTHM
Using MITRE ATT&CK™ in Threat Huntingand Detection
Using MITRE ATT&CK™ in Threat Huntingand Detection
Kaspersky
H2 2023 – A brief overviewof main incidentsin industrial cybersecurity
H2 2023 – A brief overviewof main incidentsin industrial cybersecurity
Andrey Prozorov
24 Great Cybersecurity Frameworks
24 Great Cybersecurity Frameworks
ENISA-EUROPA
SEGURIDAD DE TELECOMUNICACIONES
SEGURIDAD DE TELECOMUNICACIONES
Project Management Institute
Building Resilience Through Strategic Risk Management
Building Resilience Through Strategic Risk Management
DATA LOSS PREVENTION (DLP)
DATA LOSS PREVENTION (DLP)
AICSSolutions
Cybersecurity Red Team
Cybersecurity Red Team
cisco
Cyber Incident Response
Cyber Incident Response
CSR Cyber Security Council
EVERY BUSINESS HAS DUTIES OF CARE IN THE FIELD OF CYBER SECURITY
EVERY BUSINESS HAS DUTIES OF CARE IN THE FIELD OF CYBER SECURITY
SYBEX
Cybersecurity ESSENTIALS
Cybersecurity ESSENTIALS
Agency for Digital Government
Cyber security in supplier relation ships
Cyber security in supplier relation ships
RINKU
Curso de introducción KALI LINUX PARA HACKERS ÉTICOS
Curso de introducción KALI LINUX PARA HACKERS ÉTICOS
CNIL
PRACTICE GUIDE GDPR
PRACTICE GUIDE GDPR