Washington County cybersecurity officer urges vigilance, schedules staff and public trainings
February 25, 2026 | Washington County, New York
This article was created by AI summarizing key points discussed. AI makes mistakes, so for full details and context, please refer to the video of the full meeting. Please report any errors so we can fix them. Report an error »
Ryan Myla, Washington County’s cybersecurity officer, told the county IT committee on Feb. 24 that phishing and social-engineering remain the primary means attackers use to breach local-government networks and urged staff to report suspicious messages promptly.
Myla reviewed the county’s security monitoring, saying the SIEM service logs alerts for six months and that most months show about 20 or fewer incidents. He described a single outlier of more than 60 incidents tied to a coordinated penetration test conducted with the state Division of Homeland Security and Emergency Services and said the test produced remediation projects the county is now addressing. "Our goal is to change the cybersecurity culture at Washington County," Myla said.
On phishing, Myla described an automated training program that sends one simulated phishing email per mailbox each month and tracks who clicks. Washington County’s click rate is "slightly below the phish-prone average in [the] government industry," he said, and he emphasized that clicking or reporting affects how the program measures susceptibility. "The faster it’s reported, the better the chances are," he said when asked about a recent incident in neighboring Warren County.
Myla recounted the Warren County incident as a social-engineering breach and said rapid reporting aided recovery: "It looks like about three quarters of it’s been recovered." He also cited a state presenter who warned officials that failing to report fraud within seven days can make recovery unlikely.
Myla announced county outreach and a free staff-and-stakeholder training titled "Back to Basics" from 6–8 p.m. March 19 in the county building basement (DSS training rooms). He said the session will be interactive, streamed via Teams, recorded, and will demonstrate enabling multifactor authentication and managing account sessions on common platforms such as Microsoft, Google and Apple.
He also said the county will publish an AI-usage policy this year, developed with the county attorney and administration, to clarify what types of information may not be put into AI tools (personal identifiable and health information among them). Myla said he will present the detailed penetration-test findings and the resulting projects later this year.
Next steps: county staff and town/village personnel were invited to the March 19 training; Myla encouraged employees to use the phishing-report button and to complete monthly training assignments.
Myla reviewed the county’s security monitoring, saying the SIEM service logs alerts for six months and that most months show about 20 or fewer incidents. He described a single outlier of more than 60 incidents tied to a coordinated penetration test conducted with the state Division of Homeland Security and Emergency Services and said the test produced remediation projects the county is now addressing. "Our goal is to change the cybersecurity culture at Washington County," Myla said.
On phishing, Myla described an automated training program that sends one simulated phishing email per mailbox each month and tracks who clicks. Washington County’s click rate is "slightly below the phish-prone average in [the] government industry," he said, and he emphasized that clicking or reporting affects how the program measures susceptibility. "The faster it’s reported, the better the chances are," he said when asked about a recent incident in neighboring Warren County.
Myla recounted the Warren County incident as a social-engineering breach and said rapid reporting aided recovery: "It looks like about three quarters of it’s been recovered." He also cited a state presenter who warned officials that failing to report fraud within seven days can make recovery unlikely.
Myla announced county outreach and a free staff-and-stakeholder training titled "Back to Basics" from 6–8 p.m. March 19 in the county building basement (DSS training rooms). He said the session will be interactive, streamed via Teams, recorded, and will demonstrate enabling multifactor authentication and managing account sessions on common platforms such as Microsoft, Google and Apple.
He also said the county will publish an AI-usage policy this year, developed with the county attorney and administration, to clarify what types of information may not be put into AI tools (personal identifiable and health information among them). Myla said he will present the detailed penetration-test findings and the resulting projects later this year.
Next steps: county staff and town/village personnel were invited to the March 19 training; Myla encouraged employees to use the phishing-report button and to complete monthly training assignments.
Don't Miss a Word: See the Full Meeting!
Go beyond summaries. Unlock every video, transcript, and key insight with a Founder Membership.
✓
Get instant access to full meeting videos
✓
Search and clip any phrase from complete transcripts
✓
Receive AI-powered summaries & custom alerts
✓
Enjoy lifetime, unrestricted access to government data
30-day money-back guarantee
