Session Abstract: This session explores lessons from the planning, missteps, and pivot points of a security policy stack transformation. Attendees will journey through the pain-points of an outdated, patchwork policy stack developed with little attention to industry standard. They will learn tactics to engage their community.. Attendees will learn: - How to identify industry frameworks to inform policy development. - How to structure and conduct a policy review working group to validate content. - How to coordinate document vetting at all staging of community and governance review. - How to use the policy stack to transition their organization to a risk-aware mindset.Summary: The State of Washington engaged its business and security leaders to forge a risk-driven security policy stack. This session details the planning, missteps, pivot points, and successes of that place the state on risk-awareness culture shift.Additional Information: