• United States



State CISOs Talk Security in Seattle

May 02, 20083 mins
IT Leadership

The Multi State Information Sharing & Analysis Center (MS-ISAC) held their annual meeting in Seattle, Washington from April 28-30. Approximately 150 federal, state & local government security leaders participated in the gathering. So what was on the agenda?

The MS-ISAC is a voluntary and collaborative organization with participation from all 50 states and the District of Columbia. They provide a central resource for gathering information on cyber threats to critical infrastructure from the states and providing two-way sharing of information between and among the states and with local government.

This was the MS-ISAC’s fifth annual meeting, with previous meetings in Washington DC, Denver, Chicago, and Minneapolis. Here are some of the meeting highlights from the first two days:

MS-ISAC Chair Will Pelgrin provided a year in review presentation to kick off Monday morning. His presentation discussed many of the recent accomplishments provided by the MS-ISAC, including government savings of about $33 million on contracts for encryption by working with the GSA Smartbuy program.

Steve Hartman, CISO of Nebraska, presented their state’s certification and accreditation program.

A group teleconference was held on cybersecurity issues with Congrassman James R. Lanevin, Chairman of the Homeland Security Subcommittee on Emerging Threats, Cybersecurity and Science and Technology, United State House of Representatives.

Opportunities to partner on training with SANS Institute were presented.

Hacking the Critical Infrastructure was offered by Jason Larsen from IOActive. I love Jason’s job title: “Director of All Things Scary.”

CyberStorm II Panel with numerous state and federal representatives was excellent.

Leverging PCI Compliance: Managing Risk in Michigan (presented by yours truly).

A Demonstration of Online Security Tracking Application by Scott Burger from the State of Colorado.

The Role of North American Electric Reliability Corporation and the ES-ISAC was presented by Scott Mix, Manager of Situtation Awareness & Infrastructure Security.

Best-Practice Breakout sessions were presented on:

Vulnerability Management by Pennsylvania’s CISO Bob Malley.

Establishing a Chief Privacy Officer by representatives from Arizona, Ohio, West Virgina, and Orgeon.

Successfully Navigating the Federal Homeland Security Grant Program Process by representatives from South Carolina, California, Delaware, New York, and Florida.

Exploring GSA SmartBuy Opportunities by GSA officials.

An Introduction to the GFIRST Community by Reggie McKinney, Chief of Staff for US-CERT.


In addition, everyone attending was placed into working groups on issues ranging from procurement to security operations to legislation. Each group met and built a plan for 2008-2009.

The final day was kicked off by Greg Garcia, Assistant Secretary for Cyber Security and Communications. Greg met with the MS-ISAC executive board on a wide variety of topics over breakfast, and his keynote covered progress in cybersecurity to date as well as future plans and challenges. The last speaker, John Strand from SANS, provided a 3 hours session on “hacking for managers” or the latest trends in computer hacking.

Overall, this was the best MS-ISAC conference to date – in my opinion. The level of trust, depth of discussions and sophistication of intra-state communication is definately improving each year. Most of all, professional colleagues are now becoming friends – which means CISOs can pick up the phone and get real help on a variety of cybersecurity topics. This wasn’t true a few years back.

For those governments who didn’t attend, talk with your state CISO on the MS-ISAC about getting the slides and get involved with one of the excellent work groups. It’s never too late to get connected. It is well worth the effort.  


Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist and author. During his distinguished career, Dan has served global organizations in the public and private sectors in a variety of executive leadership capacities, including enterprise-wide Chief Security Officer (CSO), Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) roles in Michigan State Government. Dan was named: "CSO of the Year," "Public Official of the Year," and a Computerworld "Premier 100 IT Leader." Dan is the co-author of the Wiley book, “Cyber Mayday and the Day After: A Leader’s Guide to Preparing, Managing and Recovering From Inevitable Business Disruptions.” Dan Lohrmann joined Presidio in November 2021 as an advisory CISO supporting mainly public sector clients. He formerly served as the Chief Strategist and Chief Security Officer for Security Mentor, Inc. Dan started his career at the National Security Agency (NSA). He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US / UK military facility. Lohrmann is on the advisory board for four university information assurance (IA) programs, including Norwich University, University of Detroit Mercy (UDM), Valparaiso University and Walsh College. Earlier in his career he authored two books - Virtual Integrity: Faithfully Navigating the Brave New Web and BYOD For You: The Guide to Bring Your Own Device to Work. Mr. Lohrmann holds a Master's Degree in Computer Science (CS) from Johns Hopkins University in Baltimore, Maryland, and a Bachelor's Degree in CS from Valparaiso University in Indiana.

More from this author