Research

Practitioner‑driven cybersecurity research and institutional publications.

---

---

SDSUG Research Series — Institutional Publications

---

Introduction

Sonoran Desert Security (SDSUG) publishes practitioner‑authored analysis across the cybersecurity ecosystem, governance landscape, critical‑infrastructure risks, and emerging technology domains. Our work is grounded in operational experience, institutional memory, and vendor‑neutral governance, providing clear, accessible intelligence for practitioners, policymakers, and organizations across the Southwest.

SDSUG research is authored by experienced practitioners and reflects more than 25 years of continuous community operation, institutional memory, and vendor‑neutral governance.

---

What is Unique About SDSUG Research

SDSUG research is unique because it is authored by practitioners with deep, verifiable experience in cybersecurity, governance, and critical‑infrastructure operations. Author identity and schema markup are included to ensure transparency, credibility, and alignment with modern Experience, Expertise, Authoritativeness, and Trustworthiness (EEAT) standards.

This is not a claim of superiority — it is a recognition that cybersecurity research is most valuable when authored by individuals with direct operational experience.

---

About the SDSUG Research Series

The SDSUG Research encompasses independent, practitioner‑authored analysis across Arizona’s critical infrastructure, cross‑border risk, cybersecurity posture, governance and institutional resilience, operational intelligence, research ecosystems, and workforce development. These reports are designed to support government agencies, critical‑infrastructure operators, private‑sector organizations, academic institutions, and practitioners with clear, accessible insight into the evolving landscape of regional, state, national, and global risk. All reports are versioned and maintained as living documents.

---

Research Focus Areas

• Arizona’s cybersecurity posture and statewide risks
• Critical‑infrastructure resilience and sector dependencies
• Governance, statutory alignment, and institutional maturity
• Workforce, education, and capability development
• Cross‑border and geopolitical risk
• Research ecosystems and innovation mapping

---

Purpose and Scope

SDSUG’s research program exists to:

• provide clear, specific cybersecurity intelligence
• support practitioners, leaders, and policymakers
• document institutional memory across the Southwest
• strengthen cross‑sector collaboration
• elevate practitioner voices
• create a durable, authoritative reference library for Arizona

Our research is updated regularly and expanded as new member contributions are accepted.

---

Methodology Overview

SDSUG research is grounded in:

• practitioner experience
• community intelligence
• publicly available data
• threat monitoring
• cross‑sector collaboration
• institutional continuity

Full methodology details are included within each individual publication.

---

SDSUG Research Domains

• Critical Infrastructure & Sector Resilience
• Cross‑Border & Geopolitical Risk
• Cybersecurity & Digital Threat Landscapes
• Governance, Policy & Institutional Resilience
• Operational Intelligence & Field Analysis
• Research Ecosystems & Innovation Mapping
• Workforce, Education & Capability Development

---

Flagship Research Artifacts

State of Cybersecurity in Arizona — 2026 Annual Report

SDSUG Research — Cybersecurity & Digital Threat Landscapes —Cybersecurity 2026 Collection — Report No. 1

A comprehensive, practitioner‑driven analysis of Arizona’s cybersecurity landscape, including regional threats, workforce trends, governance maturity, and critical‑infrastructure exposure. Published annually to provide a consistent, practitioner‑driven assessment of Arizona’s cybersecurity posture, statewide risks, and ecosystem maturity.

Read the report → State of Cybersecurity in Arizona — 2026 Annual Report

---

Arizona Cybersecurity Ecosystem Map — 2026 Edition

SDSUG Research — Cybersecurity & Digital Threat Landscapes —Cybersecurity 2026 Collection — Report No. 2

A structured map of the institutions, communities, conferences, academic programs, and public‑sector partners that shape Arizona’s cybersecurity ecosystem. Published periodically as a new edition to reflect changes in Arizona’s cybersecurity institutions, communities, academic programs, and public‑sector partnerships.

View the ecosystem map → Arizona Cybersecurity Ecosystem Map — 2026 Edition

---

Arizona Cybersecurity Material Weaknesses Audit — 2026

SDSUG Research — Cybersecurity & Digital Threat Landscapes —Cybersecurity 2026 Collection — Report No. 3

A statewide, practitioner‑authored audit identifying the most significant systemic cybersecurity weaknesses impacting Arizona’s public, private, and critical‑infrastructure sectors. Published biennially to provide a stable, practitioner‑authored baseline for identifying Arizona’s most significant systemic cybersecurity weaknesses.

View the audit → Arizona Cybersecurity Material Weaknesses Audit — 2026

---

Recommendations and Roadmap — Arizona Cybersecurity Material Weaknesses Audit 2026

SDSUG Research — Cybersecurity & Digital Threat Landscapes —Cybersecurity 2026 Collection — Report No. 4

A strategic, practitioner‑driven roadmap outlining the statewide actions required to remediate Arizona’s most significant cybersecurity material weaknesses and strengthen long‑term resilience. Published biennially to provide clear, practitioner‑driven guidance for remediating Arizona’s most significant cybersecurity material weaknesses.

View the roadmap → Recommendations and Roadmap — Arizona Cybersecurity Material Weaknesses Audit 2026

---

Statewide Action Plan — Arizona Cybersecurity Material Weaknesses Audit 2026

SDSUG Research — Cybersecurity & Digital Threat Landscapes —Cybersecurity 2026 Collection — Report No. 5

A unified, statewide strategy outlining the structural reforms, governance model, and cross‑sector actions required to address Arizona’s cybersecurity material weaknesses and prepare the state for global‑scale threats. Published annually to outline the statewide actions, governance structures, and cross‑sector priorities required to strengthen Arizona’s cybersecurity resilience.

View the plan → Statewide Action Plan — Arizona Cybersecurity Material Weaknesses Audit 2026

---

Arizona HB2809 — Post‑Quantum Cybersecurity Requirements & Statewide Readiness (2026)

SDSUG Research — Governance, Policy & Institutional Resilience — Post-Quantum Cryptography (PQC) Modernization Series — Report No. 1

A comprehensive, practitioner‑driven analysis of Arizona’s HB2809 post‑quantum cybersecurity requirements, including statutory obligations, statewide readiness indicators, sector‑specific impacts, and the modernization actions required to transition Arizona’s public and private institutions toward PQC‑aligned architectures. Published periodically to reflect statutory updates, statewide implementation milestones, and changes to Arizona’s post‑quantum cybersecurity requirements.

Read the report → Arizona HB2809 — Post‑Quantum Cybersecurity Requirements & Statewide Readiness (2026)

---

National Post-Quantum Cryptography (PQC) Modernization Mandate (Dec 2025) — Arizona Alignment & Implementation Framework

SDSUG Research — Governance, Policy & Institutional Resilience — Post-Quantum Cryptography (PQC) Modernization Series — Report No. 2

A structured examination of the United States’ December 2025 national PQC modernization mandate, providing a detailed alignment and implementation framework for Arizona’s agencies, critical‑infrastructure operators, and regulated sectors. The report outlines required controls, migration pathways, governance structures, and cross‑sector coordination mechanisms. Published periodically to reflect updates to the United States’ national PQC modernization mandate, federal guidance, and implementation expectations.

View the framework → National Post-Quantum Cryptography (PQC) Modernization Mandate (Dec 2025) — Arizona Alignment & Implementation Framework

---

Post-Quantum Cryptography (PQC) Statewide Alignment Framework — HB2809 and the National PQC Mandate

SDSUG Research — Governance, Policy & Institutional Resilience — Post‑Quantum Cryptography (PQC) Modernization Series — Report No. 3

A sector‑level analysis of the national PQC modernization mandate, detailing operational requirements, risk‑based prioritization, and implementation guidance for Arizona’s financial institutions, healthcare systems, education networks, utilities, and public‑sector entities. The report provides actionable steps for accelerating PQC adoption across diverse operational environments. Published periodically to maintain alignment between Arizona’s HB2809 requirements and the national PQC modernization mandate.

Read the guidance → Post-Quantum Cryptography (PQC) Statewide Alignment Framework — HB2809 and the National PQC Mandate

---

Arizona HB2809 — Statewide Post‑Quantum Cybersecurity Requirements (2026): Executive Summary

SDSUG Research — Governance, Policy & Institutional Resilience — Post‑Quantum Cryptography (PQC) Modernization Series — Report No. 4

A practitioner‑driven analysis of Arizona’s statewide post‑quantum cybersecurity mandate, including statutory requirements, governance implications, supply‑chain restrictions, and alignment with the December 2025 federal PQC directive. Updated upon statutory revision, this report provides clear, actionable guidance for Arizona’s agencies, governance bodies, and critical‑infrastructure operators preparing for quantum‑resilient modernization.

Read the report → Arizona HB2809 — Statewide Post‑Quantum Cybersecurity Requirements (2026): Executive Summary

---

How Arizona Can Execute PQC Migration at Scale

SDSUG Research — Governance, Policy & Institutional Resilience — Post‑Quantum Cryptography (PQC) Modernization Series — Report No. 5

Arizona’s statewide blueprint for Post‑Quantum Security, a comprehensive, governance‑driven roadmap for deploying hybrid cryptography deployment, enforcing vendor compliance, and transitioning Arizona to PQC‑only infrastructure across all sectors through 2035.

Read the report → How Arizona Can Execute PQC Migration at Scale

---

SDSUG Research Library

These reports are part of the SDSUG Research Series.

• Arizona Cybersecurity Ecosystem Map — 2026 Edition
• Arizona Cybersecurity Material Weaknesses Audit — 2026
• Arizona HB2809 — Post‑Quantum Cybersecurity Requirements & Statewide Readiness (2026)
• Arizona HB2809 — Statewide Post‑Quantum Cybersecurity Requirements (2026): Executive Summary
• How Arizona Can Execute PQC Migration at Scale
• National Post-Quantum Cryptography (PQC) Modernization Mandate (Dec 2025) — Arizona Alignment & Implementation Framework
• Post-Quantum Cryptography (PQC) Statewide Alignment Framework — HB2809 and the National PQC Mandate
• Recommendations and Roadmap — Arizona Cybersecurity Material Weaknesses Audit 2026
• State of Cybersecurity in Arizona — 2026 Annual Report
• Statewide Action Plan — Arizona Cybersecurity Material Weaknesses Audit 2026

---

Citation and Usage

For full citation standards and usage permissions, see SDSUG’s Citation and Usage Policy.

---

Provenance and Authorship

SDSUG does not claim ownership of contributor work. We maintain strict provenance standards to ensure clarity, transparency, and respect for intellectual property.

• All research is authored by individual practitioners.
• Authors retain full copyright.
• Authors grant SDSUG a non‑exclusive license to publish work submitted to SDSUG for publication.
• SDSUG maintains strict provenance and Experience, Expertise, Authoritativeness, and Trustworthiness (EEAT) standards.
• Each article includes a byline and copyright notice to preserve authorship integrity and prevent misappropriation.
• Schema markup is included for transparency and credibility.

---

Contribute to SDSUG Research

Member‑Authored Research & Publications

SDSUG accepts article submissions and analysis from active members.

• Submission guidelines
• Governance standards
• Submit article

---

---

Last Updated: April 2026