The Multi State Information Sharing & Analysis Center (MS-ISAC) held their annual meeting in Seattle, Washington from April 28-30. Approximately 150 federal, state & local government security leaders participated in the gathering. So what was on the agenda? The MS-ISAC is a voluntary and collaborative organization with participation from all 50 states and the District of Columbia. They provide a central resource for gathering information on cyber threats to critical infrastructure from the states and providing two-way sharing of information between and among the states and with local government.This was the MS-ISAC’s fifth annual meeting, with previous meetings in Washington DC, Denver, Chicago, and Minneapolis. Here are some of the meeting highlights from the first two days:MS-ISAC Chair Will Pelgrin provided a year in review presentation to kick off Monday morning. His presentation discussed many of the recent accomplishments provided by the MS-ISAC, including government savings of about $33 million on contracts for encryption by working with the GSA Smartbuy program. Steve Hartman, CISO of Nebraska, presented their state’s certification and accreditation program. A group teleconference was held on cybersecurity issues with Congrassman James R. Lanevin, Chairman of the Homeland Security Subcommittee on Emerging Threats, Cybersecurity and Science and Technology, United State House of Representatives.Opportunities to partner on training with SANS Institute were presented. Hacking the Critical Infrastructure was offered by Jason Larsen from IOActive. I love Jason’s job title: “Director of All Things Scary.” CyberStorm II Panel with numerous state and federal representatives was excellent.Leverging PCI Compliance: Managing Risk in Michigan (presented by yours truly).A Demonstration of Online Security Tracking Application by Scott Burger from the State of Colorado. The Role of North American Electric Reliability Corporation and the ES-ISAC was presented by Scott Mix, Manager of Situtation Awareness & Infrastructure Security. Best-Practice Breakout sessions were presented on: Vulnerability Management by Pennsylvania’s CISO Bob Malley. Establishing a Chief Privacy Officer by representatives from Arizona, Ohio, West Virgina, and Orgeon.Successfully Navigating the Federal Homeland Security Grant Program Process by representatives from South Carolina, California, Delaware, New York, and Florida.Exploring GSA SmartBuy Opportunities by GSA officials.An Introduction to the GFIRST Community by Reggie McKinney, Chief of Staff for US-CERT. In addition, everyone attending was placed into working groups on issues ranging from procurement to security operations to legislation. Each group met and built a plan for 2008-2009. The final day was kicked off by Greg Garcia, Assistant Secretary for Cyber Security and Communications. Greg met with the MS-ISAC executive board on a wide variety of topics over breakfast, and his keynote covered progress in cybersecurity to date as well as future plans and challenges. The last speaker, John Strand from SANS, provided a 3 hours session on “hacking for managers” or the latest trends in computer hacking. Overall, this was the best MS-ISAC conference to date – in my opinion. The level of trust, depth of discussions and sophistication of intra-state communication is definately improving each year. Most of all, professional colleagues are now becoming friends – which means CISOs can pick up the phone and get real help on a variety of cybersecurity topics. This wasn’t true a few years back. For those governments who didn’t attend, talk with your state CISO on the MS-ISAC about getting the slides and get involved with one of the excellent work groups. It’s never too late to get connected. It is well worth the effort. Related content opinion 3 security career lessons from 'Back to the Future' You don't need to be able to predict the future to have a successful security career, but you had darned well better be able to learn from the past. By Dan Lohrmann Jan 12, 2021 6 mins Careers Security interview Secrets of industry-hopping CSOs Who says you can't change industries? Veteran security leaders Mark Weatherford and Cheri McGuire teach you how it’s done. By Dan Lohrmann Mar 02, 2020 12 mins Careers Security opinion Why security pros are addicted to FUD and what you can do about it Despite professing anti-FUD rhetoric, cyber experts fan the flames, breathlessly sharing the details of the latest data breaches. It's a risky addiction that can lead to security apathy in enterprises. Here's how to harness it. By Dan Lohrmann Sep 06, 2018 7 mins Security opinion Bridging the smart cities security divide There are plenty of organizations that seem to be working on answers to secure smart cities, but in many ways it's like the early days of cloud computing with everyone building their own solutions. By Dan Lohrmann Feb 01, 2018 6 mins Internet of Things Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe