Presented by Cisco & Carahsoft
Cybersecurity across state and local government is no longer a technical function operating in the background—it is a leadership imperative that directly impacts public safety, critical infrastructure, and citizen services. In this episode of State Gov Today, leaders from New York and New Jersey, along with industry experts, explore how states are translating high-level cyber strategies into real operational capabilities.
Alyssa Zeutzius, Deputy CISO for the State of New York, and Michael Geraghty, CISO and Director of the NJCCIC for the State of New Jersey, describe how collaboration—both within states and across state lines—is essential to improving cybersecurity posture. Their discussion highlights the importance of shared intelligence, coordinated incident response, and unified planning for large-scale events like the World Cup. Both emphasize that operational success depends on breaking down silos, improving data sharing, and building trust across agencies and jurisdictions.
Helen Patton of Cisco
expands the conversation by framing cybersecurity as a leadership and risk management issue. She explains that government leaders must understand cyber risk in terms of real-world impact—from disrupted services to threats against public safety—and that success depends on strong relationships, communication, and organizational alignment.
The program concludes with Alex Whitworth of Carahsoft and Troy Schneider of Billington CyberSecurity, who examine how artificial intelligence is reshaping both the defensive and offensive sides of cybersecurity. While AI offers opportunities to automate detection and response, it also introduces new risks that require governance, transparency, and collaboration across government and industry.
Across all segments, one message is clear: cybersecurity is a team sport that requires leadership, coordination, and continuous adaptation to an evolving threat landscape.
Operationalizing Cyber Strategy Through Collaboration and Shared Responsibility
Alyssa Zeutzius, Deputy CISO for the State of New York, explains that the state’s first-ever cybersecurity strategy was designed to define roles across agencies and establish cybersecurity as a shared responsibility. Rather than centralizing everything, the strategy outlines multiple pillars and assigns ownership across agencies, allowing each to operationalize its role while contributing to a broader statewide effort. Over time, this approach has enabled agencies to take the high-level strategy and make it actionable within their own environments.
Michael Geraghty, CISO and Director of the NJCCIC for the State of New Jersey, describes a similar enterprise-wide model, where the NJCCIC serves as a “one-stop shop” for cybersecurity across not just state government, but also municipalities, schools, critical infrastructure, and even small businesses. This centralized coordination allows New Jersey to develop a unified view of threats and response activities.
A key theme from both leaders is cross-state collaboration. Zeutzius and Geraghty emphasize that while their states operate differently, they face the same threats. As a result, they regularly share best practices and threat intelligence, often in real time. During global events or geopolitical tensions, states communicate continuously to understand emerging threats and coordinate responses.
This collaboration becomes especially critical during major events like the World Cup, where cybersecurity planning spans dozens of organizations across transportation, utilities, law enforcement, and government agencies. These efforts include coordinated incident response planning and 24/7 security operations to ensure both safety and continuity.
The segment also highlights the importance of ransomware reporting laws, which provide states with better visibility into threats while enabling them to assist local entities more quickly. By encouraging reporting and offering support, states are building stronger relationships with local governments and improving overall resilience.
Key Takeaways
- State cybersecurity strategies succeed when agencies share responsibility and operationalize clearly defined roles
- Cross-state collaboration and real-time intelligence sharing are essential to addressing evolving threats
- Reporting requirements improve visibility and enable faster, more coordinated incident response
Cybersecurity as a Leadership and Risk Management Function
Helen Patton, Cybersecurity Executive Advisor at Cisco, makes it clear that cybersecurity in the public sector must be treated as a leadership issue rather than a technical one. She explains that government organizations operate differently from the private sector, with changing leadership, varying risk tolerance, and a mission centered on serving citizens rather than shareholders.
Patton notes that the conversation around cybersecurity has matured significantly over the past two decades. Where it was once viewed primarily as an IT problem, ransomware and other high-impact incidents have demonstrated that cyber failures can directly disrupt essential services such as water, power, emergency response, and court systems. This shift has elevated cybersecurity into a broader discussion about operational and enterprise risk.
A major challenge for cybersecurity leaders is communicating these risks effectively to executive leadership. CISOs must translate technical issues into business and mission impacts, helping decision-makers understand how cybersecurity investments align with organizational goals. This requires a different skill set—one focused on communication, strategy, and influence.
Patton also emphasizes that operational readiness depends heavily on relationships. While technology is important, the ability to respond to incidents often hinges on pre-established connections with internal stakeholders, external partners, suppliers, and even policymakers. In many cases, public sector organizations lack dedicated roles for managing these relationships, making it even more important to prioritize them.
Finally, she addresses the role of AI and digital workers, noting that while automation will play an increasing role, human judgment remains essential—particularly when it comes to context. Government decisions often require an understanding of local conditions and citizen impact, areas where human involvement will continue to be critical.
Key Takeaways
- Cybersecurity must be understood as an enterprise risk issue with direct impact on public services
- Effective communication between CISOs and executive leadership is essential for aligning strategy and investment
- Relationships and organizational context are critical to successful incident response and operational readiness
AI, Innovation, and the Power of Public-Private Collaboration
Alex Whitworth of Carahsoft and Troy Schneider of Billington CyberSecurity explore how artificial intelligence is reshaping the cybersecurity landscape for state and local governments. Whitworth explains that AI is transforming both defensive and offensive capabilities, enabling better threat detection, anomaly identification, and even automated response actions within security operations centers.
He highlights the emergence of advanced AI systems capable of ingesting large volumes of security data and autonomously executing tasks, bringing the concept of a “self-healing network” closer to reality. At the same time, state and local leaders are focused on deploying AI responsibly, ensuring that governance and security are built into these systems from the outset.
Schneider reinforces that cybersecurity is fundamentally a team sport, requiring collaboration across federal, state, local, and private sector stakeholders. With shifting priorities, evolving threats, and global events influencing the cyber landscape, organizations must work together to share information and coordinate responses.
The discussion also addresses the disparity in resources across different levels of government. Smaller jurisdictions often lack the expertise and funding to manage cybersecurity independently, making it essential to leverage state-level support, federal resources, and managed service providers. A “whole-of-state” approach allows larger entities to provide services and capabilities that smaller organizations cannot sustain on their own.
AI introduces both opportunity and risk. While it can help organizations manage the overwhelming volume of data and automate routine tasks, it also creates new vulnerabilities related to data integrity, access control, and model security. Leaders must focus on transparency, governance, and trust to ensure AI is used effectively and securely.
Key Takeaways
- AI is transforming cybersecurity by enabling automation, improved detection, and faster response
- Collaboration across government and industry is essential, especially for resource-constrained organizations
- Governance, transparency, and security are critical to building trust in AI-driven systems
If you want, I can now:
- Tighten this into a more editorial / punchier version for your site, or
- Turn it into LinkedIn + promotion copy that drives on-demand viewing
But this version is clean, accurate, and fully grounded in your actual episode.