Everything We Discussed at the 2024 StateRAMP Cyber Summit – A Recap

Industry leaders, cybersecurity experts, and government officials were front row to groundbreaking discussions at the 2024 inaugural StateRAMP Cyber Summit in Indianapolis. With over 300 attendees and 30 sponsors, the event set the stage for critical conversations around safeguarding our nation’s digital infrastructure. From eye-opening keynotes to collaborative sessions, the Summit delivered actionable insights and revealed innovative solutions that will shape the future of public sector cybersecurity.

We are incredibly grateful to all our sponsors, speakers, and attendees for contributing to this milestone event. Together, we are forging a more secure, resilient future.

Key Announcements at the Summit

This year’s Summit saw the launch of several key initiatives designed to support our members and the broader cybersecurity community:

• RAMPxchange Launch as Member Benefit: At the Summit, StateRAMP announced its partnership with RAMPxchange, a trusted marketplace designed to help cloud service providers (CSPs) find the specific services they need to improve their StateRAMP progressing snapshot score. While StateRAMP does not endorse one company over another, this partnership simplifies the process by offering access to a secure, reliable community. Whether you're seeking specialized services to enhance your compliance or advance your security posture, RAMPxchange connects you with the right resources to support your StateRAMP journey. As a benefit, StateRAMP members will enjoy free access and waived fees until May 2026.
• Founders Award Winners: We recognized outstanding contributions to cybersecurity through the Founders Award, presented to StateRAMP co-founders, Joe Bielawski and J.R.Sloan, for their leadership and commitment to advancing StateRAMP's mission.
• Procurement Cloud Security Resource Tool: Launched by the NASPO/StateRAMP Procurement Task Force, this new tool offers SLED officials' comprehensive guidance on aligning procurement practices with cybersecurity standards. The resource is designed to streamline compliance and improve collaboration between procurement, IT, and risk management teams. View here for more information.

Session Highlights 

Each session at the Summit provided critical insights into the most pressing issues facing public sector cybersecurity. Here are the key takeaways from the sessions:

Welcome Keynote: Dignitary

Nicholas Leiserson, Assistant National Cyber Director for Cyber Policy and Programs at the Office of National Cyber Director (ONCD), opened the StateRAMP Cyber Summit with a powerful keynote. Drawing from his extensive experience in shaping national cybersecurity policy, Nicholas underscored the critical need for a unified approach to addressing cyber threats nationwide, emphasizing the importance of collaboration between the public and private sectors. His message set the tone for the event, highlighting how strategic partnerships can help us stay ahead of evolving threats. collaboration and a strategic, forward-thinking approach to cybersecurity.

Fireside Chat: National Cyber Strategy & Framework Harmonization

Leiserson, participating in the first fireside chat, emphasized the importance of aligning cybersecurity frameworks as a priority for the Office of the National Cyber Director (ONCD). He noted that achieving this will require collaboration among a wide range of stakeholders. The speakers encouraged attendees to prioritize educating local representatives on the significance of this alignment, particularly focusing on its benefits. Currently, the lack of consistency across federal frameworks hinders state and local cybersecurity efforts, leading to unnecessary resource drain and higher costs. Leiserson highlighted how StateRAMP’s baseline requirements, which integrate NIST and the CJIS-Aligned Task Force, offer a path forward for state and local governments. In order for these efforts to be successful, there needs to be active cooperation between government leaders and industry partners.

Panel: Framework Harmonization

A distinguished panel discussed the need for harmonizing cybersecurity frameworks across all levels of government. The session explored how discrepancies in frameworks not only affect the flow of regulations from federal to state and local levels but also create challenges for providers navigating varying standards across jurisdictions. The StateRAMP CJIS-Aligned Task Force shared their ongoing efforts and recommendations aimed at streamlining these processes. This conversation reinforced the importance of a unified approach to ensuring effective and consistent cybersecurity practices nationwide.

Tenets of a Strong Cyber Risk Management Program

Experts emphasized the increasing complexity of cyber threats, particularly in cloud environments. As governments increasingly migrate to the cloud, the threat landscape has shifted—malicious actors are now targeting cloud service providers to compromise multiple organizations at once, rather than focusing on one-by-one attacks.  The panel urged governments and providers to adopt proactive strategies to mitigate these emerging risks.

Addressing Whole of State for Cybersecurity

Panelists discussed the growing momentum behind the Whole of State approach to cybersecurity, which encourages collaboration among state, local, and educational leaders. The session emphasized the need for coordinated policies, frameworks, and procedures to maximize the impact of federal grants and create sustainable improvements in state cybersecurity efforts.

Important Role Procurement Plays in Protecting Citizens

As part of this session, procurement was highlighted as one of the most crucial elements of citizen data security. Early collaboration is key—engaging attorneys and risk teams before the process begins ensures a clear understanding of the data involved and its classification. Panelists highlighted the importance of providing cloud service providers (CSPs) with a pathway to compliance, helping grow the secure marketplace. The session served as a reminder that protecting citizen data is a shared responsibility between procurement and IT, underscoring the need for cross-functional collaboration. Attendees were also introduced to the new procurement toolkit, with upcoming training opportunities to support these efforts.

Keynote Session: Remembering Our Why

Jim Corns, Executive Director, Department of Enterprise Solutions for Baltimore County Public Schools delivered an inspiring keynote that recounted his experience as a victim of a cyber-attack and the impact that it had on the district. Through this story, attendees were reminded that security is a shared responsibility—protecting citizens and their data requires collaboration across an organization. Security is not just an option; it is a requirement. Corns urged leaders to keep security at the forefront of their decisions, ensuring that it becomes an ingrained priority in all areas of operation.

Roundtable Discussions

In addition to the keynotes and sessions, roundtable discussions allowed attendees to engage directly with experts on emerging trends:

Ethics & Privacy Considerations in AI/ML and Emerging Trends

This roundtable delved into the ethical challenges and privacy concerns surrounding the rapid development of AI and machine learning. The discussion was led by moderators Brian O’Connor, Director of Global Security & Compliance Office and Mark Dellavalle, Vice President of Global Systems Engineering at Extreme Networks, embracing the need for robust frameworks that ensure privacy while fostering technological innovation.

Leveraging StateRAMP in Risk Management for Government

Our moderator Fadi Fadhil, SLED Field CTO at Palo Alto Networks shared practical insights on how StateRAMP can be leveraged to strengthen risk management practices across government entities. The conversation focused on integrating StateRAMP guidelines into compliance strategies to enhance cybersecurity resilience.

Looking Ahead 

The 2024 StateRAMP Cyber Summit was a powerful testament to the importance of collaboration, innovation, and proactive measures in the ongoing effort to protect our public sector systems. We are grateful to everyone who contributed to its success and look forward to continuing these important conversations in the year ahead.

As we reflect on the key takeaways from this year’s Summit, we are excited to build on the momentum generated and invite you to stay engaged with the StateRAMP community. Mark your calendars for the 2025 StateRAMP Cyber Summit, where we will continue advancing the future of public sector cybersecurity.