The Public Sector Podcast: Strengthening Cyber Resilience in Tennessee: What’s Next for 2026

Episode Overview

In this episode, Aimé Nsengiyumva, Deputy-Chief Information Security Officer, Department of Finance and Administration, State of Tennessee, shares how Tennessee is strengthening cyber resilience across state government while lifting local partners at the same time. Emme sets the context with the scale of the mission: supporting services that touch 7M+ residents and protecting the tools used by 40,000+ state employees, all while aligning to state statutes, federal requirements, and guidance from advisory councils.

The keynote focuses on practical, statewide momentum: celebrating measurable progress, outlining how Tennessee supports cities, counties, school districts, and other local entities, and highlighting the mindset that “cybersecurity must be in sync with the business.” From awareness and Zero Trust to workforce development and incident support, the throughline is clear: resilience is continuous, shared, and built through partnerships.

Key Themes

This session centres on whole-of-state cyber resilience, combining statewide programs with direct support for local government organisations. Emme emphasises the human element, shared ownership of risk, and the importance of aligning cybersecurity with business outcomes and citizen service delivery.

The talk also highlights how federal grant frameworks and external resources (like CISA and the Center for Internet Security) can accelerate progress, but only if organisations have the awareness and capability to take advantage of what is available.

What You’ll Learn

1) Tennessee’s Cyber Mission at Scale

How the state thinks about protecting citizen data, statewide services, and employee tools, and why cybersecurity must align with day-to-day business operations.

2) Statewide Achievements and Cyber Maturity Progress

How Tennessee conducted a large-scale cybersecurity maturity assessment effort, reaching 1,500+ local entities and completing assessments with 500+ organisations using a NIST-based review approach.

3) Whole-of-State Support for Local Government

How Tennessee applies a “whole-of-state” approach, including advisory and ad hoc support even when formal agreements are not in place.

4) Top Priorities for Cyber Resilience

Why cybersecurity awareness is foundational, and how modern approaches like Zero Trust, secure AI use, supply chain risk management, and post-quantum cryptography fit into the evolving landscape.

5) Governance That Works with the Business

How cyber risk communication and shared accountability help ensure security is not seen as “owned by the security team,” but jointly owned with business leaders.

6) Workforce Readiness and Pipeline Building

How Tennessee is investing in workforce development through internships and apprenticeships, including an internship program that has supported 30+ interns, while navigating the realities of hiring constraints in state government.

7) Actionable Insights for Agencies Starting (or Scaling) Transformation

Why many organisations miss funding or support opportunities due to capability gaps, and how awareness, networking, and leveraging proven programs can create a clear roadmap forward.

Key Takeaways

• Cyber resilience is a shared responsibility across users, leaders, and security teams
• State and local systems are interconnected, lifting local capability strengthens statewide security
• Awareness and ownership are prerequisites for meaningful progress
• Modern resilience requires updated architectures (including Zero Trust) and forward-looking planning
• Workforce development is essential, but hiring pathways must keep pace
• Resilience is continuous: assume incidents will happen and plan to recover quickly

Why You Should Listen

This episode is valuable for state and local government leaders, CISOs and security teams, IT and risk leaders, and public sector executives working to strengthen cyber resilience. It offers a practical look at what statewide programs can achieve, how to support local partners, and how to build sustainable capability across governance, technology, and people.

Memorable Line of Thinking

Cyber resilience is not preventing every breach. It is building the capability to manage risk end-to-end, and bounce back when threats inevitably get through.