State of Wyoming Office of Cybersecurity

CISO's Monthly Update

April, 2025

Hello everyone,

My name is Miguel Penaranda, and I have the unique privilege of serving as the Chief Information Security Officer for the State of Wyoming. I have been in this position for two months now, and my focus and end goal is to build a robust cybersecurity framework. This involves practical, collaborative efforts to protect our digital assets and ensure the continuity of essential services.

The cyber security team's mission statement is 'To cultivate a collaborative and resilient cybersecurity ecosystem across the State of Wyoming, where we partner with each agency to empower and support them in proactively managing their unique cyber risks, contributing to a unified defense that safeguards the state's digital assets and fosters a culture of shared responsibility in securing Wyoming's future.'

We will actively partner with each agency, providing them with the necessary tools, training, and support to proactively manage their unique cyber risks and build a unified defense strategy for the state.

We will focus on establishing a strong, adaptable cybersecurity infrastructure. This includes implementing industry best practices, staying ahead of emerging threats, and investing in the necessary technology and personnel. We will also emphasize training and awareness programs to foster a culture of security throughout state government.

Our main goals for the short term are gathering information, knowing where we are at the enterprise level, ensuring that we have all the mechanisms and procedures to effectively reduce our cyber risk in State Government systems, and finally, starting to create that "security first" mindset.

Ultimately, our goal is to ensure a secure and resilient digital Wyoming. This requires a collaborative and pragmatic approach, prioritizing the protection of our critical assets and maintaining the trust of our citizens.

You may have heard me say this before, but if not, this is a true statement: We are here to serve.

Phight the Phish!

If a link looks a little off, think before you click it. That link could be an attempt to get sensitive information or install malware on your machine. Phishing is one of the most common types of malware and people often fall victim to these attacks.

If you are a state employee, you can use the orange hook at the top of your email to report suspicious information. Our team of dedicated cyber-experts can investigate and let you know if it is safe!

It could be a text message or even a phone call. They may pretend to be your email service, your boss, your bank, a friend...The message may claim it needs your information because you’ve been a victim of cybercrime.

And they may try to get you to run malicious software, also known as malware. Sadly, we are more likely to fall for phishing than we think.

If it’s a link you don’t recognize, trust your instincts and think before you click. We all need to Phight the Phish!

To learn more about avoiding phishing and social engineering attempts visit https://www.cisa.gov/uscert/ncas/tips/ST04-014.

Use MFA Today!

Even if you have a complex password, “hackers” can still use computers and other digital devices to gain unauthorized access to information or damage your computer systems.

Industry is taking a second step towards identifying yourself in your accounts. Multi-Factor Authentication (MFA) is FREE, takes a few minutes to enable, and only seconds to use. MFA uses two steps to authenticate that you are who you say you are.

Step One: They’ll ask for something you know...like a PIN number or your sister’s middle name.
Step Two: They will ask for someline like an authentication application, confirmation text, or a fingerprint or face ID.

If MFA is an option, enable it by using a trusted mobile device, such as your smartphone, an authenticator app, or a secure token—a small physical device that can hook onto your key ring.