George Washington University (GWU)

The challenges and issues facing state agencies regarding IT investments and modernization are very similar to those federal agencies are dealing with, but often are compounded because state responsibilities (licensing, inspection, and citizen assistance, to name a few) are that much closer to the customers who need their services.

This three-day event tracks many of the priorities that state CIOs are paying attention to –cybersecurity, resilience, modernization, cloud computing, data management, using AI, and analytics, to name a few.

Learning Objectives:

• Establish a working definition of resilience for your organization
• Understand the complementary roles of cybersecurity and resilience in keeping agency systems operational in the event of a cyber attack
• Evaluate ways to use SIEM and SOAR to strengthen your SOC’s performance
• Outline how using modernization toolkits can speed the delivery of better services to citizens
• Identify the forms of hybrid cloud (such as public bolstered by private cloud) that best suit your agency’s requirements
• Understand the integration of SaaS platforms into your agency’s cloud choices
• Understand how to use data platforms to create governance policies that provide quality data
• Evaluate the use of analytics to drive budgeting and enterprise resource planning (ERP) systems
• Delineate ways that GenAI tools can be used for better forecasting and making data-driven decisions

Cybersecurity consistently ranks as state CIOs’ top priority in IT. But resilience – the ability to anticipate, withstand, recover from, and adapt to cyberattacks and disruptions, ensuring critical services continue despite adversity, and moving beyond prevention to focus on rapid response and continuity of operations when breaches inevitably occur – has not received the same kind of attention. 

A report in November 2024 focusing on states’ efforts on resilience found that 69% of respondents in the state/local/education (SLED) sector acknowledged that cyber resilience is not a whole-organization priority and a majority of IT governance teams didn’t understand what cyber resilience is. 

Learning Objectives:

• Establish a working definition of resilience for your organization
• Understand the complementary roles of cybersecurity and resilience in keeping agency systems operational in the event of a cyber attack
• Evaluate ways to use SIEM and SOAR to strengthen your SOC’s performance

The National Association of State CIOs (NASCIO) reported in its 2025 State CIO Survey that many states have been providing supplemental funding to their CIO organizations to use on IT modernization and/or innovation. Whether streamlining state DMVs or setting up digital services for courts, agencies are focusing on providing better, more streamlined services to their customers. 

Included in these modernization efforts is the continuing embrace of the cloud. All the respondents to the NASCIO survey said they have a multi-cloud strategy; their reasons were many and varied, such as modernizing their applications, optimizing their budgets, and aging (legacy) hardware. CIOs in states with federated governance structures discussed selecting software-as-a-service (SaaS) solutions, with the potential to build on their state’s cloud portfolio. 

Learning Objectives:

• Outline how using modernization toolkits can speed the delivery of better services to citizens
• Identify the forms of hybrid cloud (such as public bolstered by private cloud) that best suit your agency’s requirements
• Understand the integration of SaaS platforms into your agency’s cloud choices

State and local governments are concentrating on improving internal operations in order to deliver services more efficiently and cost-effectively. In plain terms, agencies want to simplify the work employees do and the steps constituents must take to receive services.

State-level CIOs are looking to reduce operational friction, leverage technology to automate processes, and streamline bureaucracy for both employees and the public. For instance, agencies are automating repetitive, rules-based tasks, such as digitizing frequently used documents to send and receive; defining principles that minimize the need for citizens to submit the same information multiple times to different agencies; and asking employees for suggestions to remove bottlenecks in their processes. 

Learning Objectives:

• Understand your agency’s workflow and where bottlenecks, duplication, and repetitive tasks slow down performance
• Evaluate the customer experience and how to align digital services with their needs, such as consolidating agency-wide digital phone, and in-person experiences to reduce friction
• Delineate metrics that can track performance improvements and employees’ job satisfaction 

Public sector and enterprise organizations face increasing pressure to demonstrate compliance with evolving regulations, frameworks, and internal policies—often across complex, rapidly changing environments. Yet Governance, Risk, and Compliance (GRC) efforts remain largely manual and point-in-time.

Modernizing GRC involves shifting from siloed processes to automated, integrated, and predictive systems. New GRC platforms can provide real-time reporting, AI-driven risk analytics, and continuous control monitoring to enhance agencies’ agility, strengthen security posture and improve regulatory compliance.

Join us as thought leaders from government and industry share how organizations are modernizing GRC by using authoritative asset intelligence to continuously validate controls, align policy with operational reality, and reduce audit burden – shifting compliance from documentation exercises to ongoing, defensible assurance.

Learning Objectives:

• Outline the metrics to track increased efficiency as processes are streamlined
• Delineate the contours of the cyber threat landscape to see where AI tools can provide a comprehensive view and improve threat detection
• List regulatory frameworks your agency must comply with and where GRC automation can simplify their compliance requirements

Federal agencies are under relentless pressure to modernize their security posture as they face an onslaught of new, enhanced threats – from hostile nation-states, criminal networks, and hackers determined to stir up trouble.

The path forward starts with three proven principles: Least Privilege Access, which blocks users from gaining entry to data and software they are not allowed to use; Zero Trust architectures, designed to “never trust, always identify;” and microsegmentation, which allows networks to be blockaded into very small sections that can be walled off from the overall network.

Join us for an in-depth webinar where thought leaders from government and industry break down how these three concepts work together to limit exposure, stop lateral movement, and protect sensitive government data.

Public sector organizations are operating in an increasingly complex environment shaped by evolving cyber threats, aging infrastructure, workforce shortages and growing expectations for modern digital services.

AI-driven attacks are expanding the threat landscape while legacy systems and fragmented data make it harder for agencies and institutions to respond quickly. At the same time, constituents, staff and students expect faster, more intuitive services similar to what they experience in the private sector.

To keep pace, government and education organizations are modernizing IT operations, strengthening endpoint security and adopting automation and AI to improve both cybersecurity and service delivery.

The Ivanti Public Sector Summit brings together leaders from federal, defense, state and local government, education and industry to discuss practical strategies for securing endpoints, modernizing IT service management and delivering trusted digital services.

Learning Objectives:

• Explain how modernization initiatives help agencies address evolving cybersecurity threats.
• Evaluate strategies for improving coordination between IT and security teams.
• Identify best practices for securing communications in classified and tactical environments.
• Describe key outcomes of effective vulnerability and patch management programs.
• Assess how AI and automation can improve IT service management and service delivery.

Mission Essential Functions MEFs aren’t a checklist—they’re public outcomes that must be delivered when agency systems are under pressure. The hard part isn’t defining MEFs; it’s proving they can be delivered even though systems have been degraded by an incident.

Establishing a connected model that works upstream, from meeting the mission back through capabilities, applications, and necessary technologies, enables faster incident decisions, clearer resilience priorities, and defensible readiness evidence that stays current as the environment changes.

Learning Objectives:

• Identify the end-to-end dependency chain required to deliver each MEF during a disruption
• Delineate the steps to build traceability that spots failure points and reduces time-to-decision
• Evaluate and prioritize resilience work based on mission impact rather than system volume or noise
• Build evidence of leadership- and audit-ready preparedness, with a shared model across mission, continuity-of-operations plans, apps, infrastructure, and security

Government agencies are pushing toward a more agile, high‑tech future. It requires using AI to eliminate time‑intensive operational work, strengthen foundational service and operations data, and accelerate mission‑critical functions without compromising security or compliance.

Public sector organizations are now approaching AI as an operational capability rather than a pilot, including the decisions required to retire legacy processes, establish governed data foundations, and adopt new ways of working. The challenge is moving beyond traditional “Generative AI” (which only provides answers) to “Agentic AI,” which can autonomously perform multi-step tasks, navigate disparate systems, and resolve issues with human-in-the-loop oversight.

Learning Objectives:

• Outline your agency’s data readiness for AI and what will constitute foundation data for AI applications
• Delineate the steps involved in retiring legacy processes within your agency
• Identify processes where agentic AI can streamline the steps and boost productivity

Join us as thought leaders from government and industry share their expertise, their experiences, and their suggestions for harnessing the power of AI to provide noticeable improvements to internal operations while improving security and opening up opportunities for new and expanded services to their constituencies. 

Agencies throughout state, local, territorial, and tribal governments are being encouraged to incorporate artificial intelligence (AI) into their everyday operations, to streamline processes, modernize outdated systems, and strengthen cybersecurity defenses. Using AI is viewed as one promising way to deal with shrinking budgets and increased demand for services by citizens. 

This three-day event addresses key issues that agencies must contend with in ensuring that investment in AI generates maximum benefit. 

Learning Objectives:

• Outline the capabilities of AI management and compliance platforms and match them to the needs of your agency
• Delineate the use of the platforms to maintain auditability and traceability
• Understand how these platforms can guard against “shadow AI,” unauthorized use of AI within the agency
• Identify available AI tools to determine which best fit the security needs of your agency
• Review ways to integrate AI cybersecurity into existing defenses
• Understand the nature and magnitude of the threats posed by AI-empowered attacks
• Delineate places in your agency’s IT systems where AI can serve as a bridge between legacy systems and new services for citizens
• Establish priorities for tasks and processes that can be streamlined through the use of AI tools
• Outline metrics that can measure improvements, such as improved accuracy in testing, cost savings through reductions in outside labor costs (such as coding), and faster turnaround time in updating apps

State and local agencies are exploring how to incorporate artificial intelligence (AI) into their operations – as long as they observe their own state-level and any applicable federal-level regulations.

To meet these requirements, AI governance and compliance platforms help organizations manage, monitor, and enforce policies for safe, ethical, and legal use of AI, covering the entire lifecycle from development to deployment, by automating risk assessment, bias detection, and access control. These platforms centralize control, provide transparency, track data lineage, and automate auditing to build trust and prevent issues like unfair outcomes or data breaches.

Learning Objectives:

• Outline the capabilities of AI management and compliance platforms and match them to the needs of your agency
• Delineate the use of the platforms to maintain auditability and traceability
• Understand how these platforms can guard against “shadow AI,” unauthorized use of AI within the agency

It is widely recognized that the introduction of AI tools is a two-edged sword when it comes to cybersecurity. Attackers, whether profit-driven hackers or hostile nation-states, are using AI to launch faster, wider-spread and more sophisticated attacks, including AI-generated phishing and spear phishing emails, malware capable of adapting to changes in defensive responses, and deepfakes that are very hard to detect.

State and local agencies are attractive targets, since there are many more of them and often do not have the financial or IT resources of federal agencies. 

This makes state and local agencies’ use of AI in cyber defense critical – AI tools can operate at machine speed and scale and adapt in response to evolving threats. These tools can significantly improve threat detection and intelligence by identifying anomalies and patterns signaling attacks under way; automating incident responses such as isolating compromised devices and resetting credentials; using Natural Language Processing (NLP) to flag sophisticated phishing and social engineering attacks; and prioritizing vulnerabilities to emphasize the most critical risks. 

Learning Objectives:

• Identify available AI tools to determine which best fit the security needs of your agency
• Review ways to integrate AI cybersecurity into existing defenses
• Understand the nature and magnitude of the threats posed by AI-empowered attacks

At its annual conference in October 2025, the National Association of State CIOs (NASCIO) focused on “measurable modernization” facilitated by artificial intelligence (AI). Intelligent, AI-powered tools can streamline IT, converting slow, manual legacy system upgrades into faster, cheaper, and more secure processes by automating code analysis, testing, data migration, and even generating code, ultimately making systems more efficient, scalable, and future-proof while freeing humans for higher-value tasks. 

There are several ways AI is suited to improve operations. To name just a few:

• By analyzing legacy code, such as COBOL, to understand its structure, find inefficiencies and even rewrite it into modern coding languages, AI reduces legacy debt and eases manpower needs for obsolete coding skills.
• AI tools can automate testing and quality controls, significantly speeding up quality assurance and moving apps to more easily supported operations.
• Using AI can generate predictive maintenance, identifying potential system failures and enabling self-healing capabilities.

Learning Objectives:

• Delineate places in your agency’s IT systems where AI can serve as a bridge between legacy systems and new services for citizens
• Establish priorities for tasks and processes that can be streamlined through the use of AI tools
• Outline metrics that can measure improvements, such as improved accuracy in testing, cost savings through reductions in outside labor costs (such as coding), and faster turnaround time in updating apps

• Understand the components and processes that comprise Open RAN systems
• Evaluate your agency’s systems and the groundwork that can be done now to prepare for open source hardware
• Identify the system requirements to incorporate ISAC into your agency’s edge devices
• Delineate steps to maximize AI use in ISAC-enabled networks, including assessment of available databases and their cleanliness
• Determine what additional information needs to be gathered to utilize ISAC capabilities
• Delineate the investments your agency has planned and how they can adapt to 6G in future use
• Begin building a plan to harness 6G capabilities to enhance your agency’s performance and achievement of mission

Major, globally visible events—such as the World Cup or Olympic Games—fundamentally change how cyber-physical risk must be identified and prioritized. Events such as these usually are designated as National Special Security Events (NSSEs), based on factors like national significance, projected attendance, and potential threat levels, with the U.S. Secret Service leading security operations.

Cyber-physical risk is the potential for cyberattacks on networked systems—such as IoT devices, industrial control systems, or medical equipment—to cause real-world damage, including physical injury, environmental catastrophes, or destruction of infrastructure. These risks occur at the intersection of digital, networked software and physical, mechanical processes. NSSEs increase the potential for attacks on such devices as credential readers, environmental control systems (heating, cooling, and water), and hospitals near the events.

Join us as thought leaders from government and industry discuss how organizations can prepare to support a major event by identifying, quantifying, and prioritizing cyber-physical risks pertaining to operational technologies (OT) deployed for the event.

Learning Objectives:

• Understand the distinct risks to OT in major event environments, especially when systems are temporary, shared across public and private owners, or rapidly deployed
• Identify which OT-related threats or vulnerabilities tend to have the most significant downstream or cascading impacts, and which are most often underestimated during planning
• Learn how to assess and model cyber-physical risk across interconnected systems, such as venues, transportation, and broadcast infrastructure
• Delineate what effective integration between cybersecurity, physical security, and operational stakeholders looks like in practice – and where it breaks down most often