This year’s 3rd Annual Billington State & Local Cyber Security Summit brought together government officials, technology leaders, and industry experts for three days of discussion on protecting public-sector systems at every level of government. Below is a summary of the key themes that emerged across the summit, along with how ISEC7's products and services are positioned to directly support each area.

Connecting and Sharing Information Across All Levels of Government

​

The summit's central message was that state and local governments are frontline operators in national cybersecurity, not peripheral players. Conversations consistently reinforced that a cyber incident at the local level can have cascading national consequences and that coordination across federal, state, local, and tribal entities is not optional. Government entities at all levels must work together to share threat and vulnerability information.

ISEC7 CLASSIFY directly supports this evolving model of cybersecurity collaboration by ensuring that information can be securely and appropriately shared across jurisdictions without slowing down response efforts. As state and local governments operate as frontline defenders, the ability to quickly disseminate threat intelligence, incident details, and operational updates is critical, but only if that data is properly marked and handled. CLASSIFY enables automated, policy-driven data classification at the point of creation or sharing, ensuring that sensitive information (such as CUI or other regulated data) is clearly labeled and protected as it moves between federal, state, local, and tribal partners. This reduces ambiguity, minimizes the risk of over- or under-sharing, and allows organizations to confidently participate in cross-agency collaboration, ultimately strengthening collective cyber resilience while maintaining compliance.

AI Adoption & Data Readiness

​

A consistent message across sessions: meaningful AI integration requires foundational data preparation and governance work that is often skipped. Speakers addressed AI- driven threat detection and the risks of deploying AI in systems that touch critical services and citizen data.

Data readiness starts with knowing what data you have and ensuring it is properly
classified. ISEC7 CLASSIFY is a data classification and marking platform that ensures
organization data is correctly labeled and disseminated in compliance with applicable
laws and regulations—on any device. By establishing clean, well-governed data
hygiene at the endpoint level, ISEC7 helps agencies build the data governance
foundation that responsible AI adoption requires. ISEC7 has invested significant
resources in building AI capabilities into our own products as well. For example, ISEC7
CLASSIFY’s AI engine detects sensitive information such as PII, PHI and CUI for our
government partners

 

Critical Infrastructure Resilience

 

Water utilities, transportation systems, hospitals, and public schools all surfaced
repeatedly as sectors where a successful cyberattack can cascade into public health
and emergency response consequences. The conversation moved beyond whether
these systems are at risk to what resilience actually looks like when budgets are
constrained and legacy systems are widespread.

ISEC7's continuous monitoring capabilities—delivered through ISEC7 SPHERE—give
critical infrastructure operators real-time visibility into endpoint health, compliance
status, and emerging vulnerabilities. SPHERE's CVE monitoring pulls directly from CISA's National Vulnerability Database to surface and track known vulnerabilities across monitored systems, enabling teams to prioritize patching and risk mitigation before an incident occurs.

Evolving Threat Landscape

​

Ransomware campaigns, supply-chain vulnerabilities, and the lingering impact of
nation-state intrusions like Salt Typhoon and Volt Typhoon shaped much of the threat discussion. State and local agencies were highlighted as attractive targets precisely because of resource and visibility gaps along with their role in protecting critical infrastructure.

ISEC7 SEVENCEES is designed to help close these gaps by providing specialized
expertise in securing and managing mobile and endpoint ecosystems, where many of
These threats gain a foothold. Through proactive monitoring, configuration hardening  and alignment with frameworks like Zero Trust and CSfC, SEVENCEES enhances visibility into device posture and user activity while reducing attack surface. Additionally, its ability to operationalize best practices and augment internal teams allows agencies to respond more effectively to emerging threats, strengthening their resilience against both opportunistic ransomware actors and more advanced, persistent adversaries targeting critical infrastructure. Combined with ISEC7 CLASSIFY's controls on data dissemination and ISEC7 MAIL's encrypted, certificate-based secure communications, ISEC7 provides layered defenses that directly address the attack surfaces adversaries are exploiting.

Workforce & Procurement Challenges

​

Staffing shortfalls and procurement complexity were recurring pain points. Leaders
consistently raised the tension between growing cyber responsibilities and the limited hiring pipelines and acquisition tools available to public-sector teams.

ISEC7 SPHERE is built to help lean teams manage their Digital Workplace more
efficiently. By combining information from a multitude of technology platforms, ISEC7

SPHERE enables administrators to better manage what has become a complex
environment. ISEC7 SPHERE's self-service module allows mobile users to self-
provision, manage, and troubleshoot their own devices—reducing helpdesk burden and freeing up limited staff for higher-priority work. ISEC7 also offers managed services allowing agencies to outsource challenging endpoint lifecycle management to a trusted partner and experienced partner.

The themes from this year's summit closely mirror what ISEC7 has been building toward: resilient, compliant, and manageable digital workplaces for government at every level. We would welcome the opportunity to discuss how any of these capabilities map to your specific agency's needs or current priorities.