Agenda

New federal mandates have reshaped the rules of cybersecurity, but meeting them in real-world environments is proving far from simple. From FISMA modernization and CISA Binding Operational Directives to software bill of materials (SBOM) requirements, compliance expectations are growing more complex and more urgent. This session will examine what federal cyber compliance looks like in 2025 and how agencies are working to turn policy into practice. Speakers will discuss the realities of operationalizing executive orders and aligning with evolving frameworks while managing risk and resource constraints. The conversation will also highlight what’s still unclear, what’s coming next, and how agencies can stay on track without compromising mission or security.

Keeping pace with the rapid changes in the Federal government is critical for government contractors. GovExec’s intelligence efforts help public sector marketers, sales, and business development leaders capture market share. Aaron will share updates on new activities in cyber, AI, Cloud and digital transition efforts throughout the federal market and provide a point of view on what you need to know and what to do about it.

The rapid shift to hybrid and multicloud environments has transformed how federal agencies operate and manage risk. With every new platform and provider, the security landscape becomes more complex. Teams are tasked with protecting sensitive data and systems while navigating evolving compliance requirements, such as FedRAMP, and coordinating across multiple internal and external stakeholders. This session will explore how agencies are approaching cloud security at scale by balancing shared responsibility models, building resilience into distributed architectures, and adapting strategies to keep pace with changing threats and technologies. Through real-world examples, speakers will highlight practical approaches for securing modernization efforts in large, interconnected environments, building defenses that evolve alongside mission needs.

As federal agencies confront increasingly sophisticated adversaries and the rapid rise of AI-driven attacks, the mission of cyber defense is more complex than ever. Legacy systems must be modernized, defenders must be empowered, and adversaries must be anticipated—not just detected. In this fireside chat, CrowdStrike’s Clark Dudley will join GovExec to explore the vital role of threat hunting in strengthening federal cybersecurity strategies.

Together, they will discuss how proactive hunting differs from traditional monitoring, why it has become essential in an era of AI-enabled threats, and how it can serve as both a defensive force multiplier and a training ground for the next generation of cyber defenders. Drawing on fresh insights from the newly released Threat Hunting Report, this conversation will highlight emerging adversary tradecraft and provide actionable guidance for federal leaders seeking to embed proactive defense into their long-term strategies.

Attendees will leave with a clearer understanding of how threat hunting not only unearths the unseen but also equips federal defenders to stay ahead of the threat curve in today’s dynamic cyber landscape.

The Common Vulnerabilities and Exposures (CVE) program is more than a catalog of vulnerabilities, it’s a cornerstone of the global cybersecurity ecosystem. It is the definitive and trusted resource on software vulnerabilities, guiding users toward safer practices. The CVE program has experienced unprecedented growth characterized by the extensive worldwide network of more than 460 CVE Numbering Authorities (CNAs). This network has expanded the cybersecurity community’s capacity to identify, define, and catalog hundreds of thousands of vulnerabilities. As the CVE Program continues to meet the needs of this global cybersecurity community, it must transition into a new era focused above all on trust, responsiveness, and vulnerability data quality. In this session, the Cybersecurity and Infrastructure Security Agency’s (CISA) Executive Assistant Director for Cybersecurity, Nick Andersen, will discuss the future of the CVE program – including its challenges and opportunities for modernization.

Government leaders are facing significant changes. Demands for enterprise-wide reorganization and incorporating cutting edge AI are just the start; there’s never been a stronger message for structural overhaul. This session will explore what the rapid change of personnel, policy and information technology means for federal cyber defenders and policymakers as they seek new approaches to digital infrastructure defense that meet the demands of this new era.

Artificial intelligence is reshaping how cybersecurity teams operate, offering powerful tools to automate security operations and improve threat detection. At the same time, AI is equipping adversaries with new ways to conduct sophisticated attacks, including deepfakes, large language model- enabled phishing campaigns, and adversarial machine learning. As federal agencies explore AI’s potential, understanding the risks is critical. This session will dive into the dual role AI plays in cybersecurity, including insights on the forthcoming NIST AI risk profile and its implications for federal cyber strategy. Given the accelerating adoption of AI across government, this conversation is timely for agencies aiming to responsibly harness AI while protecting against increasingly complex threats.

In this session, Google Public Sector’s Ed Murphy will discuss the top cybersecurity challenges facing the public sector, common misconceptions about AI, and how AI can help agencies defend against emerging threats.

As government services become more digital and interconnected, protecting both systems and the personal data they handle is essential to maintaining public trust and meeting legal obligations. Cybersecurity and privacy teams must work closely to align security controls with compliance requirements, from data classification and access management to federal privacy laws and executive orders. This session will highlight how agencies are integrating privacy protections into cybersecurity planning, helping them reduce risk while enabling digital transformation. In an era of expanding digital services and evolving regulations, this conversation is especially relevant for agencies seeking to balance innovation with responsibility.