SANS 2026 Government Security Forum

Wed, Jul 22, 2026
10:00AM - 3:15PM EDT
English
Matt Bromiley, Rob T. Lee, Dean Parsons + 13 more
Solutions Forum

In Partnership With Carahsoft. Thank You To Our Sponsors

The SANS Government Forum 2026, presented in partnership with Carahsoft, brings together Federal, State and Local cybersecurity leaders to address today’s most pressing security challenges. This forum is designed to help agencies strengthen mission readiness, modernize infrastructure, and improve cyber resilience through expert-led insights and real-world strategies.

Key Focus Areas

AI and Agentic AI

Explore how AI-driven and autonomous systems are transforming threat detection, response and decision-making
Learn how agencies can safely operationalize AI to enhance security outcomes

Critical Infrastructure: IT/OT

Address the convergence of IT and operational technology environments
Gain strategies to defend essential services against ransomware and nation-state threats

Zero Trust and Identity Security

Understand identity-first security architectures for hybrid and cloud environments
Learn how to enforce least privilege and reduce identity-based risk

Exposure Management: Threat and Attack Surface

Discover approaches to continuously identify, prioritize and reduce cyber risk
Improve visibility across expanding attack surfaces and complex ecosystems

Why Attend

Gain actionable, practitioner-led insights from SANS experts and industry leaders
Engage in real-world discussions around current government cybersecurity challenges
Identify proven solutions to accelerate secure adoption of emerging technologies
Walk away with strategies to defend today’s missions and prepare for evolving threats

Schedule

Showing 12 of 12

Filter by:

Select day:

Welcome & Opening Remarks

10:00AM - 10:10AM EDT

Virtual

Presented by

Matt Bromiley

Security R&D at Prophet Security

TBD

10:10AM - 10:40AM EDT

Virtual

Presented by

Rob T. Lee

Chief AI Officer and Chief of Research at SANS Institute

TBD

10:40AM - 11:20AM EDT

Virtual

Panelists

Andy Hanks

Chief Government Strategist at Tanium

Chris Saunders

Public Sector Solution Engineering Leader at Wiz

Moderated by

Matt Bromiley

Security R&D at Prophet Security

A few other items for the website: 100% of Missions Depend on OT; Too Few Cyber Defenders Are Skilled and Ready – Here’s How We Get Them.

Every military mission depends on operational technology (OT). Fuel, power, water, airfield lighting, and life safety systems are not support functions; they are mission prerequisites. Any asset that monitors, secures, engineers, or drives those control systems, and whose loss or exploitation would result in physical damage, safety hazards, or service outages—not just data loss. IT training often focuses on data integrity and confidentiality, while OT training emphasizes process safety, equipment protection, and operational continuity. Routine classroom and virtualized OT environments won’t enable skilled and ready cyber defenders – something new is needed now.

Keynote provides 3 successes to achieve and 3 pitfalls to avoid in developing the new OT cyber work role, Control Systems Security Specialist (Work Role 462): “Responsible for device, equipment, and system-level cybersecurity configuration and day-to-day security operations of control systems, including security monitoring and maintenance along with stakeholder coordination to ensure the system and its interconnections are secure in support of mission operations.” Session will confront questions no one has answered. How many of these defenders are needed to conduct operational testing? What is the right balance of OT knowledge and cyber response? How many to defend against a determined OT adversary? And is current training anywhere near sufficient?

OT is not IT. Its focus, priorities, metrics, and underlying systems differ, and so must its defenders. will show how clearly defined roles and mission-relevant training are what operationalize the Five ICS Cybersecurity Critical Controls, and what the DAF is building to close the gap between mission dependence and workforce readiness.

11:20AM - 11:50AM EDT

Virtual

Presented by

Daryl Haegley

DAF Control Systems Cyber Resiliency, Pentagon at Technical Director

Break

11:50AM - 12:00PM EDT

Virtual

AI, Adversaries, and Critical Infrastructure: A Practical ICS/OT Defense Discussion

This fireside chat will focus on strengthening public sector cyber resilience as adversaries have moved beyond data theft and disruption toward impactful ransomware and bolder attacks with potential safety consequences in critical infrastructure including damage and destruction of engineering equipment. This session will highlight practical approaches for securing ICS/OT environments across all industrial sectors by leveraging the SANS Five ICS Cybersecurity Critical Controls, improving ICS/OT network visibility, industrial-grade incident response readiness and tabletop exercises, defensible control system network architecture, secure remote access, and risk-based control system vulnerability management. It will also address the cautious use of AI in government and critical infrastructure defense — recognizing AI’s value while managing its risks, limitations, and potential misuse by adversaries.

12:00PM - 12:40PM EDT

Virtual

Panelists

Sarah Cleveland

Senior Director of Federal Strategy at ExtraHop

Jen Sovada

General Manager for Public Sector at Claroty

Moderated by

Dean Parsons

CEO and Principal Consultant at ICS Defense Force, Inc.

Threat Management in the Age of the Machine

As nation-state adversaries, cybercriminals, and AI-powered threats continue to evolve, government agencies must modernize their approach to threat management, balancing mission assurance, resilience, and security at machine speed. This presentation will cover:

The End of Human Speed
A Defense That Learns
Know Thy Enemy
The Threat in the Mirror
The Boardroom

12:40PM - 01:10PM EDT

Virtual

Presented by

Bryan Vorndran

Vice President and Deputy Chief Information Security Officer (CISO) for Supply Chain & Third-Party Security at Microsoft

Identity at Machine Speed: Zero Trust When Attackers, Agents, and Defenders All Move Faster Than Humans

Join Ismael Valenzuela, SANS author and Senior Instructor, alongside Jon Clay, VP of Threat Intelligence at Trend AI, and Brian “Stretch” Meyer, Federal Field CTO at Axonius, for a fast-paced conversation on the identity battleground of 2026.

Zero Trust assumes you can verify every principal before granting access. In 2026 that assumption is under pressure from three directions at once. Attackers are weaponizing stolen identities and AI-driven tradecraft faster than human-paced response can keep up. Agentic AI is flooding the enterprise with non-human principals that authenticate cleanly but act autonomously. And government teams are still working to see, inventory, and govern the identities they already have.

This panel brings together threat intelligence and identity practitioners to examine where Zero Trust holds and where its operational model strains under machine-speed conditions. We will work through what changes when identity becomes the primary battleground: how attackers are exploiting the trust we extend to valid credentials, why visibility into every asset and identity is the prerequisite for every control that follows, and what defenders should prioritize when verification has to happen faster than a human can review it. Attendees will leave with a practical view of identity-centric Zero Trust built for the threats and the architectures of 2026.

01:10PM - 01:50PM EDT

Virtual

Panelists

Jon Clay

Vice President, Threat Intelligence at TrendAI

Brian Meyer

Federal Field CTO at Axonius

Moderated by

Ismael Valenzuela

Vice President Threat Research & Intelligence at Arctic Wolf

Break

01:50PM - 02:00PM EDT

TBD

02:00PM - 02:30PM EDT

Virtual

Presented by

General Paul M. Nakasone

Founding Director at Institute of National Security, Vanderbilt University

From Directive to Done: Operationalizing Exposure Management

Organizations face growing pressure to move beyond vulnerability discovery and into genuine risk reduction. Regulatory expectations like CISA's Binding Operational Directive BOD 26-04, which mandates risk-based prioritization and sets aggressive remediation timelines of three days for the highest-risk findings, are making one thing clear: the technology to support exposure management exists. The program’s maturity to sustain itself often does not.

This fireside chat explores what it actually takes to operationalize exposure management: moving from discovery to risk-informed decisions, closing the gap between prioritization and remediation, and the program capabilities organizations need to meet current and future requirements. Drawing on the Continuous Threat Exposure Management lifecycle and real-world implementation experience, this conversation gives security leaders a practical framework for turning compliance obligations and regulatory pressure into genuine, measurable risk reduction.

02:30PM - 03:10PM EDT

Virtual

Panelists

Scott Kuffer

Co-Founder and CPO at Nucleus Security

Tim Jones

Federal Technical Director at Horizon3.ai

Moderated by

Jonathan Risto

Technical Director, Cyber Posture Management Program at Government of Canada

Closing Remarks / Summary

03:10PM - 03:15PM EDT

Virtual

Presented by

Matt Bromiley

Security R&D at Prophet Security

Meet Your Speakers

Matt Bromiley

Security R&D at Prophet Security

Matt Bromiley is a Lead Solutions Engineer at LimaCharlie and SANS Certified Instructor. He serves as a GIAC Advisory Board member, a SME for the SANS Security Awareness, and a technical writer for the SANS Analyst Program.

Learn more

Rob T. Lee

Chief AI Officer and Chief of Research at SANS Institute

Rob T. Lee is Chief AI Officer and Chief of Research at SANS Institute, where he leads research, mentors faculty, and helps cybersecurity teams and executive leaders prepare for AI and emerging threats.

Learn more

Dean Parsons

CEO and Principal Consultant at ICS Defense Force, Inc.

Dean Parsons, CEO of ICS Defense Force, teaches ICS515 and co-authors ICS418, emphasizing ICS-specific detection, incident response, and security programs that support OT operations—aligning practitioners and leaders on clear, defensible action.

Learn more

Ismael Valenzuela

Vice President Threat Research & Intelligence at Arctic Wolf

Ismael is a Senior SANS Instructor and Arctic Wolf VP. Author of SEC530 and a prestigious GSE-certified expert, he blends decades of SOC, threat research, and community contributions to equip defenders with resilient, adversary-aware strategies.

Learn more

Jonathan Risto

Technical Director, Cyber Posture Management Program at Government of Canada

Jonathan Risto is a Principal Instructor at the SANS Institute and Technical Director for the Canadian Cyber Posture Program. Co-author of LDR516: Strategic Vulnerability and Threat Management, he helps leaders turn exposure data into actionable risk programs through frameworks like VMMM and CTEMMM.

Learn more

Andy Hanks

Chief Government Strategist at Tanium

Andy Hanks is a Chief Government Strategist at Tanium with more than 30 years of experience in information technology; including 17 years focused on information security, regulatory compliance, and data privacy.

Learn more

SEC536: Adversarial AI - Penetration Testing AI Systems

SANS 2026 Government Security Forum

Share

In Partnership With Carahsoft. Thank You To Our Sponsors

Key Focus Areas

Why Attend

Schedule

Welcome & Opening Remarks

TBD

TBD

A few other items for the website: 100% of Missions Depend on OT; Too Few Cyber Defenders Are Skilled and Ready – Here’s How We Get Them.

Break

AI, Adversaries, and Critical Infrastructure: A Practical ICS/OT Defense Discussion

Threat Management in the Age of the Machine

Identity at Machine Speed: Zero Trust When Attackers, Agents, and Defenders All Move Faster Than Humans

Break

TBD

From Directive to Done: Operationalizing Exposure Management

Closing Remarks / Summary

Meet Your Speakers

Matt Bromiley

Rob T. Lee

Dean Parsons

Ismael Valenzuela

Jonathan Risto

Andy Hanks

Welcome & Opening Remarks

TBD

TBD

A few other items for the website: 100% of Missions Depend on OT; Too Few Cyber Defenders Are Skilled and Ready – Here’s How We Get Them.

Break

AI, Adversaries, and Critical Infrastructure: A Practical ICS/OT Defense Discussion

Threat Management in the Age of the Machine

Identity at Machine Speed: Zero Trust When Attackers, Agents, and Defenders All Move Faster Than Humans

Break

TBD

From Directive to Done: Operationalizing Exposure Management

Closing Remarks / Summary