Government Technology/David Kidd
Nevada CIOTimothy Galluzi, who steered the ship in the wake of a major cyber incident earlier this year, said officials in the state will build on lessons learned during the recovery in the year ahead.
Cybersecurity was a major focus for Nevada officials in 2025, who created a new cybersecurity office in July to centralize strategy and then faced a significant cyber incident in August, in which some data was moved outside of the state’s network. Officials launched a recovery hub and made an after-action report to enhance public transparency afterward. Shortly after the incident, lawmakers passed legislation to establish a statewide security operations center (SOC).
“I think Nevada really showed up when the challenge was brought to us,” Galluzi said of the incident, which he described as “one of the largest government cyber attacks that we have ever seen in Nevada.”
Recovery, which took place over a period of about 28 days — notably, the CIO said, without paying the threat actor — was a collaborative effort between Nevada officials, state and federal agency partners, and vendors. The strategy involved bringing in as much support as possible, because this incident, as Galluzi said, had ramifications beyond the Governor’s Technology Office and the state.
Years of planning, investment and strategy helped to position the state to quickly respond to the incident when it happened. But recovery efforts went further than returning the state to its pre-incident position; officials invested time and resources into strengthening the environment, relationships and communication channels.
The SOC is one example. During the last legislative session, Galluzi said officials struggled to get the center approved. After the event, the governor called a special session for the Legislature, and the bill to create the SOC was approved unanimously, demonstrating that cybersecurity is a priority for leadership: “So, the Legislature heard us, and they gave us their full-throated support.”
Nevada state government shared lessons learned in its after-action report, to support a timely recovery in the state or outside it, should a similar event occur in the future. These lessons include determining which products are and are not working for the state. Leaders have made shifts in identity management and are moving toward zero-trust methodologies. These lessons can be shared with partners beyond the state executive branch through the SOC, Galluzi said. The SOC can act as a “vehicle” to support communities with limited resources, such as rural areas, in a whole-of-state approach.
Although the future of federal cybersecurity funding faces uncertainty, Galluzi said he views that money an accelerant, rather than a long-term, sustainable source to fund cyber work. It is supplemental, rather than foundational, he said — although additional support to help accomplish cybersecurity goals will be accepted.
NEVADA IT: BEYOND CYBERSECURITY
The other key focus area for Nevada this year was modernization, Galluzi said. Specifically, officials have been making steady progress on the enterprise resource planning (ERP) system modernization,CORE.NV. In January, they implemented the core financial module, launched in about 15 months. Payroll and human resources functionality within the ERP followed in October. For these accomplishments, Galluzi credits the CORE.NV team, led by directorBrian Bowles.
“And this isn’t just about launching new products, modernizing software; this is really driving home this vision of ‘We are one state,’” Galluzi said, echoing a common theme among Nevada leadership. “We are one executive branch, and there’s a better, more efficient, more effective way to leverage technology in how we do our business.”
Now the state is moving into the Achieve phase of the project, which involves enhancements to the ERP that will build on the legacy platform’s replacement. These will include enhanced reporting and metrics to help officials use data better.
Although this is an IT endeavor, Galluzi said it is really a business transformation project. Change management is at the forefront with an effort like this, he said, and team members will be able to do their jobs more efficiently with new tools.
This is the case with other new technology solutions, too, whether that be data dashboards or AI tools.
Galluzi said he is especially excited about seeing AI tools provide tangible efficiency gains, even 1-2 percent, for all employees: “And now they can focus their energy or efforts on the things that they really care about — or the things that make them uniquely human — like their care and empathy, or being able to do outreach to Nevadans.”
Putting AI tools in the hands of state employees can deliver quick wins for state IT and make employees’ jobs easier. For example, Galluzi’s agency — the Governor’s Technology Office — had previously outsourced custom application development because it was a heavy lift. Now, the team is “getting back into that business, and it’s because the one application developer can now do the work of three or four because of the AI-enhanced development.”
While AI regulation is a topic of much debate right now, Galluzi said his agency is focused on setting appropriate guardrails for the executive branch. This entails the state taking what he described as a “pretty pragmatic approach to AI legislation, regulation and policy,” to protect the most vulnerable communities. Officials have balanced laws that protect children and elections with a business-friendly environment, he said.
In 2026, Galluzi said he is eager to see the SOC come to fruition, a modernized content management system and work continue on the ERP.
“If 2025 was pretty busy and noteworthy for Nevada, I think 2026 is where we just continue to build off of that,” the CIO said. “And hopefully, we’re noteworthy for much bigger, better reasons.”
