GovSec Summit USA
by GovInfoSecurity
May 5, 2026 | 8:30AM - 5:30PM ET | Washington, DC
Hosted by BankInfoSecurity
Event Overview
The 2026 GovSec Summit USA by GovInfoSecurity, brings together 100+ federal and public-sector CISOs and senior cyber leaders to discuss how cyber leadership is changing as disruption becomes routine. Agencies are no longer responding to isolated incidents, but managing ongoing cyber risk amid policy shifts, persistent threats, and operational strain.
The summit focuses on how leaders are adapting governance, operating models, and decision-making to work effectively in this environment. Sessions emphasize practical approaches to balancing compliance, mission needs, speed, and accountability across complex organizations.
Rather than focusing on tools, the event treats cybersecurity as an enterprise risk and governance issue tied to mission delivery, budgets, coordination, and public trust. Attendees will engage with peers and senior leaders who are shaping modern cyber leadership.
Dr. Meghan Hollis-Peel
Greg Tatum
Jessica Bolton
Danielle Jablanski
Shuchi Agrawal
Todd Pauley
Bryce Carter
Everett Bates
Zechariah Akinpelu
Ravikumar Mukkamala
David Ginn
Joseph Berglund
2025 Speakers
Thought Leaders Leading Deep-Dive Discussions on Stage
ISMG Summits bring the foremost thought leaders and educators in the security space to the stage at interactive workshops and networking events. Learn from the who’s who in the cybersecurity industry, passionate about the latest tools and technology to defend against threats.
Steering Committee
Guiding Our Summit With Industry Expertise
Our Summit Advisory Committee comprises industry visionaries whose guidance ensures the conference programs remain relevant, cutting-edge, and aligned with the most pressing cybersecurity challenges and opportunities – enabling attendees to apply the insights and learnings to their daily work.
Chris Riotta
Rex Booth
Anthony Labbate
Bill Streilein
Alison King
Venue
Conrad New York Downtown
102 N End Avenue, New York, NY 10282
NOTE: All requests to attend will be reviewed by event staff and approved based on professional qualifications and event capacity.
Topic Highlights
- Identity, Zero Trust, and the Reality of Implementation
- Governing Cyber Risk in a Fragmented Regulatory Environment
- People, Budgets, and the Future of Public-Sector Cyber Defense
- From Compliance to Capability: Making Security Governance Operational
- Modernization Under Constraint: Securing Legacy and Hybrid Environments
What Attendees Will Gain
- Insight into how agencies are operationalizing cyber governance under constant disruption
- Real-world approaches to balancing compliance, mission risk, and speed of execution
- Lessons learned on adapting cybersecurity strategies to achieve long-term resilience
- A peer-driven forum focused on decision-making, accountability, and leadership, not just technology
This summit is designed for CISOs who are not just managing cyber programs, but governing risk as a core function of modern government.
Agenda
Given the ever-evolving nature of cybersecurity, the agenda will be continually updated to feature the most timely and relevant sessions.
8:50 AM - 9:00 AM ET
Chair’s Opening Address
8:30 am - 8:35 am et
Opening Comments
9:00 AM - 9:40 AM ET
Panel Discussion: Navigating Regulatory Fragmentation and Compliance Burdens in Government Cybersecurity
Government agencies face an increasingly complex landscape of overlapping regulations, mandates, and compliance requirements. Fragmented policies can strain resources, slow adoption of new technologies, and complicate cybersecurity operations.
As agencies try to implement consistent security controls across networks, cloud environments, and mission-critical systems, the challenge of maintaining compliance without stifling innovation grows ever more pressing. This panel brings together government and industry leaders to discuss practical approaches for streamlining compliance, reducing operational friction, and aligning regulatory priorities with mission needs. Attendees will gain insight into emerging frameworks, successful coordination strategies, and real-world lessons for balancing regulatory adherence with operational agility and risk management.
- How can agencies manage overlapping cybersecurity regulations without overburdening IT and security teams?
- What strategies are proving effective for aligning compliance efforts with mission priorities and operational realities? Who owns the risk for those and how do you drive strategy?
- How can leadership balance regulatory adherence with innovation and risk management in rapidly evolving threat environments?
Sanjit Ganguli,
VP, CTO in Residence, Zscaler
9:40 AM - 10:20 AM ET
Mitigating Data Breaches: Detection, Response, and Containment in Practice
With adversaries moving faster and operating across cloud, on-prem, and legacy systems, early detection and effective containment are critical to limiting impact.
In this session, we examine real-world breach scenarios, explore what works in practice, and discuss how agencies can strengthen their detection, response, and containment capabilities to reduce risk and protect sensitive data.
- Tackle common failure points and improve visibility to prevent breaches from going undetected or escalating
- Strengthen detection, incident response, and containment across hybrid, multi-cloud, and legacy environments
- Prepare government teams to manage complex breaches involving multiple agencies, contractors, and shared services while preserving mission continuity
Vlad Brodsky,
Chief Information Officer & Chief Information Security Officer, OTC Markets Group Inc.
Steve Lenderman,
Head of Fraud Prevention, iSolved, CyberEdBoard Member
Josh Cigna,
Solutions Architect, Yubico
10:20 AM - 11:00 AM ET
Networking Break
11:00 AM - 11:30 AM ET
Applying Advanced Detection and Identity & Access Management in Government
As government agencies face increasingly sophisticated threats, advanced detection and IAM are essential to protecting users, systems, and data across complex environments.
This session draws on practical insights to highlight how agencies can operationalize these capabilities to strengthen defenses, reduce attacker dwell time, and support mission continuity.
- Defend government environments by deploying advanced detection to identify and disrupt threats earlier
- Strengthen identity security by applying modern IAM controls across users, devices, and privileged access
- Integrate detection and IAM to contain incidents faster and limit attacker movement
Chris Wysopal,
Chief Security Evangelist, Veracode
11:30 AM - 12:00 PM ET
Preparing for Cyber Conflict Below the Threshold of War
Cyber operations today increasingly occur in the gray zone, below the threshold of traditional armed conflict, where adversaries seek to disrupt, degrade, or influence government functions without triggering open war.
Government leaders must anticipate and respond to these operations with strategies that combine cyber defense, resilience, and interagency coordination. In this fireside chat, we explore how agencies can prepare for and manage persistent, low-intensity cyber conflict while safeguarding critical missions and public trust.
- How can we identify where low-level and gray-zone cyber operations pose the greatest risk to government missions?
- What steps can we take to detect, attribute, and respond to below-threshold threats using effective policy, coordination, and technical capabilities?
- What leadership lessons from international incidents and evolving threat landscapes can we apply to strengthen cyber resilience?
Vincent Stoffer,
Field CTO, Corelight, Inc
12:00 PM - 12:30 PM ET
Beyond Response: Addressing the Aftermath of Ransomware Incident
Ransomware incidents do not end when systems are restored or attackers are removed. For government agencies, the true impact — and opportunity — emerges in the days and months that follow.
As attacks grow more targeted and disruptive, agencies must evolve beyond one-time response efforts and adapt their people, processes, and governance in real time and after recovery. This session explores how agencies translate live ransomware incidents into lasting operational improvements, refine decision-making under pressure, and strengthen resilience across technical, legal, communications, and leadership functions, during recovery and well beyond the initial response.
- Examine how agencies should adapt operational priorities, risk tolerance, and mission delivery after a ransomware incident
- Understand how to refine response playbooks post-incident to improve coordination across IT, security, legal, public affairs, and executive leadership
- Identify how agencies can institutionalize lessons learned through after-action reviews, training, exercises, and strengthened external partnerships
Chris Young,
Cybersecurity Enterprise Account Executive, OpenText
12:30 PM - 1:30 PM ET
Lunch
1:30 PM - 2:00 PM ET
Modernizing Government Cybersecurity Without Breaking Legacy Systems
Government agencies face increasing pressure to modernize cybersecurity defenses while continuing to rely on legacy systems that support critical missions and services. Budget constraints, operational dependencies, and aging infrastructure make wholesale replacement unrealistic.
This fireside chat explores how government leaders are balancing innovation with stability, incrementally improving security, managing risk, and enabling modernization without disrupting essential operations.
- Where do legacy systems introduce the greatest cybersecurity and operational risks for government missions?
- How can agencies prioritize modernization while maintaining continuity and applying effective security controls?
- How are agencies leveraging cloud, zero trust, and automation without destabilizing systems, and what leadership approaches support this?
Kristopher Schroeder,
Founder & CEO, Replica Cyber
2:00 PM - 2:30 PM ET
Defending AI Systems Against Emerging Cyber Attacks
As artificial intelligence becomes embedded in government operations, AI systems are increasingly mission-critical and high-value targets. Emerging cyber threats against AI require strategies that go beyond traditional controls, addressing data integrity, model risk, supply chain exposure, and adversarial manipulation.
This session explores how government leaders can protect AI systems throughout their lifecycle while enabling responsible innovation and mission impact.
- Identify where AI systems pose the greatest risk to government missions and public trust
- Assess and classify AI systems as mission-critical assets to prioritize protection
- Mitigate AI-specific threats including data poisoning, model theft, and adversarial attacks
Tim Hill
VP, Software Engineering, Rocket Software
2:30 PM - 3:00 PM ET
From Compliance to Capability: Making Governance Actionable
Many government agencies meet compliance requirements yet still struggle to translate governance frameworks into real operational capability.
This case study session examines how one organization moved beyond checkbox compliance to make governance actionable, aligning policy, risk management, and day-to-day security operations. Attendees will gain practical insight into how clear ownership, measurable outcomes, and integrated decision-making can turn governance from an obligation into a force multiplier for resilience and mission success.
- Why compliance alone fails to reduce real-world cyber risk
- How governance can be embedded into day-to-day mission operations
- What metrics truly reflect security effectiveness rather than audit readiness
- Where we are seeing measurable improvement
Sandeep Bhide
VP Product Management, ProcessUnity
3:00 PM - 3:30 PM ET
Zero Trust After the Hype: What Actually Works in Government
Zero Trust has become a foundational principle in government cybersecurity strategies, yet many agencies continue to struggle with translating the concept into measurable security outcomes. Beyond frameworks and mandates, leaders must determine what Zero Trust looks like in practice across complex, hybrid, and legacy environments.
In this session, we cut through the hype to share real-world lessons learned, highlight what has proven effective, and discuss how agencies can mature Zero Trust implementations to better reduce risk and support mission objectives.
- How to prioritize Zero Trust capabilities that deliver immediate security value in government environments
- How to apply Zero Trust principles realistically across legacy systems, mission-critical applications, and modern infrastructure
- How to balance investments and measure Zero Trust effectiveness using outcomes beyond compliance
Scott Tenenbaum
Head of Claims, North America, Resilience
David Anderson
CIPP/US, Vice President, Cyber, Woodruff Sawyer - A Gallagher Company
Kimberly Pack
Counsel, Thompson Hine LLP
3:30 PM - 4:00 PM ET
Networking Break
4:00 pm - 4:40 pm ET
Breakout Discussions
Join a roundtable breakout discussion on one of the topics below
T1. How can agencies manage third-party cyber risk more effectively?
T2. What threats are hiding in plain sight?
T3. What does it take to be a cybersecurity leader of the future?
T4. What cyber threats will define cyber risk in the public sector by 2030?
Vincent Stoffer,
Field CTO, Corelight, Inc
4:40 pm - 5:20 pm Et
Securing U.S. Government Networks Amid Budget Constraints and the Skills Gap
Government cybersecurity leaders are navigating an increasingly complex threat landscape while facing tightening budgets, workforce shortages, and resource limitations. Beyond technology investments, the cybersecurity skills gap has become a critical risk to mission resilience across U.S. federal, state, and local agencies. Leaders must make strategic decisions to prioritize risk, optimize existing investments, and strengthen human capital, all without compromising mission-critical operations.
This closing panel brings together government and industry leaders to discuss practical, cost-effective strategies to secure government networks while addressing today’s most urgent workforce and resource challenges.
- How can agencies prioritize cybersecurity investments, including workforce development, when budgets and resources are constrained?
- What cost-effective strategies, technologies, and operating models help mitigate cyber risk while addressing the cybersecurity skills gap?
- How can leaders optimize people, tools, and processes to maintain resilience and mission continuity in a resource-limited environment?
Seth Rose,
Supervisory Special Agent Group 06, U.S. Department of the Treasury/Cyber Investigations Unit
Imran Khan
VP Cyber Security Transformation Lead, BNP Paribas
5:20 PM - 5:30 PM ET
Chair’s Closing Address
Register
CPE Credits
Our Summits offer Continuing Education Credits. Learn informative and engaging content created specifically for security professionals.