Agenda
May 28, 2025
Times are subject to change.
Registration, Breakfast & Networking
Pick up your event badge and network with your peers!
Pick up your event badge and network with your peers!
Opening Remarks
Welcome to The Qualys Public Sector Cyber Risk Conference
Welcome to The Qualys Public Sector Cyber Risk Conference
Morgan Stanley Keynote

Rachel Wilson
Head of Wealth Management Data Security & Infrastructure RiskMorgan Stanley
AI Integration: Transforming Federal Cybersecurity
Artificial intelligence is reshaping the cybersecurity landscape, enabling faster threat detection, automated response, and enhanced risk management. In this fireside chat, a federal cybersecurity leader will discuss how agencies are leveraging AI to strengthen their security postures, improve situational awareness, and mitigate emerging threats. The conversation will explore best practices for AI adoption, key implementation challenges, and strategies for ensuring responsible and secure AI integration, safeguarding AI-driven systems, and optimizing automated workflows to enhance cybersecurity operations.
Artificial intelligence is reshaping the cybersecurity landscape, enabling faster threat detection, automated response, and enhanced risk management. In this fireside chat, a federal cybersecurity leader will discuss how agencies are leveraging AI to strengthen their security postures, improve situational awareness, and mitigate emerging threats. The conversation will explore best practices for AI adoption, key implementation challenges, and strategies for ensuring responsible and secure AI integration, safeguarding AI-driven systems, and optimizing automated workflows to enhance cybersecurity operations.

Kat Megas
Program Manager, Cybersecurity, Privacy & AINIST
Modernizing FISMA: Addressing the Gaps in Visibility, Culture, and Technology
As federal agencies strive to strengthen their cybersecurity posture, many continue to grapple with foundational challenges in meeting FISMA requirements. Inconsistent maturity levels, decentralized accountability, and outdated technology investments make it difficult to establish centralized visibility and sustain continuous monitoring efforts. At the same time, evolving threats and a rapidly expanding attack surface—from cloud environments to interconnected systems—demand more agile, risk-informed approaches. Cultural resistance to change and competing priorities further complicate efforts to modernize compliance programs. This panel will explore the systemic barriers that hinder progress and discuss strategies for re-establishing the basics, aligning efforts across federated environments, and leveraging automation to close visibility gaps and enable smarter risk-based decisions. Join us for a candid conversation about what it really takes to make FISMA compliance meaningful—and achievable—in today’s high-stakes threat landscape.
As federal agencies strive to strengthen their cybersecurity posture, many continue to grapple with foundational challenges in meeting FISMA requirements. Inconsistent maturity levels, decentralized accountability, and outdated technology investments make it difficult to establish centralized visibility and sustain continuous monitoring efforts. At the same time, evolving threats and a rapidly expanding attack surface—from cloud environments to interconnected systems—demand more agile, risk-informed approaches. Cultural resistance to change and competing priorities further complicate efforts to modernize compliance programs. This panel will explore the systemic barriers that hinder progress and discuss strategies for re-establishing the basics, aligning efforts across federated environments, and leveraging automation to close visibility gaps and enable smarter risk-based decisions. Join us for a candid conversation about what it really takes to make FISMA compliance meaningful—and achievable—in today’s high-stakes threat landscape.

Victoria Yan Pillitteri
Manager, Security Engineering & Risk Management GroupNIST
Operationalizing Zero Trust: Strategies for Federal Cybersecurity Modernization
Operationalizing Zero Trust is transforming federal cybersecurity, requiring agencies to reevaluate how they quantify asset risk with the speed and agility needed to make real-time enforcement decisions. But Zero Trust goes beyond simply granting or denying access — it also demands the ability to rapidly remediate risk so assets can securely regain access, as delays in identifying and mitigating risk factors can lead to operational slowdowns and security gaps. In this fireside chat, we’ll explore the improvements needed to quickly and effectively quantify risk for just-in-time decision-making, how automation can enable faster remediation and reduce operational friction, and strategies for aligning Zero Trust with federal mandates while improving security outcomes. Join us to gain a deeper understanding of Zero Trust in practice and learn how agencies can modernize security architectures while reducing risk and strengthening resilience.
Operationalizing Zero Trust is transforming federal cybersecurity, requiring agencies to reevaluate how they quantify asset risk with the speed and agility needed to make real-time enforcement decisions. But Zero Trust goes beyond simply granting or denying access — it also demands the ability to rapidly remediate risk so assets can securely regain access, as delays in identifying and mitigating risk factors can lead to operational slowdowns and security gaps. In this fireside chat, we’ll explore the improvements needed to quickly and effectively quantify risk for just-in-time decision-making, how automation can enable faster remediation and reduce operational friction, and strategies for aligning Zero Trust with federal mandates while improving security outcomes. Join us to gain a deeper understanding of Zero Trust in practice and learn how agencies can modernize security architectures while reducing risk and strengthening resilience.

Daryl Haegley
Technical Director, Control Systems Cyber ResilienceU.S. Air Force
Securing the Supply Chain: DevSecOps and SBOM Implementation
Securing the federal software supply chain is a growing priority as agencies work to mitigate vulnerabilities and prevent cyber disruptions. This fireside chat will focus on the role of DevSecOps in strengthening supply chain security and the importance of Software Bill of Materials (SBOM) in maintaining software integrity. The discussion will explore how agencies can integrate security throughout the development lifecycle and ensure compliance with federal supply chain security guidelines.
Securing the federal software supply chain is a growing priority as agencies work to mitigate vulnerabilities and prevent cyber disruptions. This fireside chat will focus on the role of DevSecOps in strengthening supply chain security and the importance of Software Bill of Materials (SBOM) in maintaining software integrity. The discussion will explore how agencies can integrate security throughout the development lifecycle and ensure compliance with federal supply chain security guidelines.
Federated Visibility Challenges: Bridging the Gaps in Cyber Oversight
Achieving comprehensive cybersecurity visibility across federal agencies remains a significant challenge, requiring seamless coordination and information sharing. This panel will bring together experts to examine the complexities of federated visibility, explore technical solutions, and discuss strategies for breaking down silos. Panelists will highlight real-world examples of cross-agency collaboration and the latest capabilities for enhancing threat detection and response.
Achieving comprehensive cybersecurity visibility across federal agencies remains a significant challenge, requiring seamless coordination and information sharing. This panel will bring together experts to examine the complexities of federated visibility, explore technical solutions, and discuss strategies for breaking down silos. Panelists will highlight real-world examples of cross-agency collaboration and the latest capabilities for enhancing threat detection and response.

Jessie Posilkin
Acting Executive DirectorTechnology Modernization Fund, GSA

Heather Kuldell-Ware
Former Editor-in-ChiefGovExec
Threats in Cyber Intelligence: Staying Ahead of Emerging Risks
As cyber threats grow more sophisticated, intelligence-driven security is essential for proactive defense. This keynote will examine the latest trends in cyber intelligence, including threat actor tactics, nation-state threats, and the role of AI in predictive analytics. The speaker will discuss strategies for leveraging cyber intelligence to strengthen threat detection, improve incident response, and enhance national security.
As cyber threats grow more sophisticated, intelligence-driven security is essential for proactive defense. This keynote will examine the latest trends in cyber intelligence, including threat actor tactics, nation-state threats, and the role of AI in predictive analytics. The speaker will discuss strategies for leveraging cyber intelligence to strengthen threat detection, improve incident response, and enhance national security.

Daniel Joyner
DirectorCGI

Heather Kuldell-Ware
Former Editor-in-ChiefGovExec
Cloud Security Efficiency: Strengthening Resilience in a Multi-Cloud Environment
As federal agencies expand their cloud infrastructure, securing these environments while maintaining operational efficiency is critical. This panel will examine strategies for managing cloud security at scale, optimizing threat detection, and ensuring compliance with federal mandates. Cloud security topics will include zero trust, as well as DevSecOps and container security. Panelists will discuss best practices for reducing cyber risk, enhancing visibility across hybrid and multi-cloud systems, and aligning with evolving government security frameworks.
As federal agencies expand their cloud infrastructure, securing these environments while maintaining operational efficiency is critical. This panel will examine strategies for managing cloud security at scale, optimizing threat detection, and ensuring compliance with federal mandates. Cloud security topics will include zero trust, as well as DevSecOps and container security. Panelists will discuss best practices for reducing cyber risk, enhancing visibility across hybrid and multi-cloud systems, and aligning with evolving government security frameworks.

David McKeown
Deputy CIO, Cybersecurity & Senior Information Security OfficerDepartment of Defense