This article provides guidance for state and local governments implementing whole-of-state (WOS) cybersecurity programs using federal SLCGP funding ($374.9M available in FY23).

• Establish governance model: choose bottom-up, top-down, or hybrid approach based on organizational needs
• Bottom-up offers flexibility but risks security blind spots; top-down provides standardization and enterprise visibility
• Use federal funds strategically for high-impact capabilities: EDR, cyber awareness, identity management, incident response
• Plan phased approach with buffer time before contracts expire and budget requests needed
• Engage state leadership and legislature early to secure long-term recurring funding
• Build public-private partnerships with flexible vendors for proof-of-value and cost optimization
• Align with NIST Cybersecurity Framework or CIS Critical Security Controls
• Implement centralized security log aggregation and SOC for visibility and threat detection
• Consider cloud-based solutions for scalability, compliance, and cost-effective data storage
• Modernize procurement using digital marketplaces like AWS Marketplace for efficiency
• Track key metrics: license utilization, cost management, deployment progress for leadership reporting

Success requires visibility, governance, cross-sector collaboration, and continuous optimization beyond the four-year federal funding period.