2025 Cybersecurity Awareness Campaign

Stay Safe Online, Build a Cyber Strong Wyoming!

October is Cybersecurity Awareness Month, an international initiative supported by the National Cybersecurity Alliance (NCA) and the Cybersecurity and Infrastructure Security Agency (CISA), together with partners across government, business, and education.

ETS is proud to once again join the Governor’s Office, the Wyoming Office of Homeland Security, the National Cybersecurity Alliance (NCA), and the Cybersecurity and Infrastructure Security Agency (CISA) in this international effort to build a safer digital world.

This year’s themes — “Stay Safe Online” (NCA) and “Build a Cyber Strong America” (CISA) — remind us that cybersecurity begins with simple, everyday choices. Whether you’re securing accounts at home or logging in at work, your actions help protect your family’s data, safeguard Wyoming’s services, and strengthen our nation’s resilience.

For Wyoming’s state employees, this connection is especially important. Strong cyber habits safeguard your family’s information at home while also protecting the services that keep our state running — from public safety and transportation to schools, healthcare, and licensing.

Throughout October, ETS will share tips and resources focused on the Core 4 online safety practices:

Use strong passwords and a password manager
Turn on multifactor authentication
Update your software
Recognize & report scams

By practicing these steps every day, you can help keep yourself, your family, and your workplace safe — while also strengthening Wyoming’s role in protecting the critical services our citizens depend on.

For more information about Cybersecurity Awareness Month 2025 and campaign resources, visit StaySafeOnline.org or follow #CybersecurityAwarenessMonth throughout October.

You can also explore additional cybersecurity best practices from our federal partner, the Cybersecurity and Infrastructure Security Agency (CISA), by visiting their website or following @CISAgov on social media.

Cybersecurity Awareness Month Events at ETS

Tuesday, October 28th — Cybersecurity Q&A at the Capitol

Have questions about cybersecurity? Curious how threats impact your work — or what you can do at home? Get answers straight from the experts!

When: Tuesday, October 28, 2025
Time: 2:30-3:30 p.m.
Who: Open to all state employees

Bring your questions, your curiosity, and maybe even a coworker or two. This is your chance to hear from ETS's cybersecurity leaders in person, learn something new, and walk away more cyber-confident than ever!

Reserve Your Spot Today!

CISO Coin - Front

CISO Coin - Back

All Month Long — CISO Coin Giveaway Challenge!

Think training can't be fun? Think again.

Complete your KnowBe4 training in October and you’ll be entered to win one of 10 exclusive CISO coins — a collectible symbol of your commitment to cybersecurity.
Want better odds? Take all four trainings and your name goes in four times.
Plus, watch your inbox for a mystery challenge — three more coins will go to those who rise to the occasion.
Contest closes October 31, 2025.

When you take the KnowBe4 training during October, you'll be entered into a drawing to win one of ten limited-edition CISO coins!

Quadruple your chances and take all four trainings! These coins are a unique symbol of your commitment to cybersecurity and a great conversation starter.

These coins aren’t just cool collectibles — they’re a badge of honor and a conversation starter that shows you take cybersecurity seriously.

From the CISO's Desk — Navigating the New Frontier of Cybersecurity

A message from Chief Information Security Officer Miguel Penaranda

As the state's Chief Information Security Officer, I'm often asked about the latest cyber threats, the ones that make headlines and disrupt our daily lives. While we're all familiar with ransomware and phishing, the reality is that the most significant threats on the horizon are far more complex and insidious, leveraging cutting-edge technology in ways most people don't see coming.

This Cybersecurity Awareness Month, I want to pull back the curtain on the future of cyber threats—the ones that keep CISOs up at night—and share why they require a new mindset from all of us.

The Invisible Threats of a Connected World

The most profound challenge we face isn't just a bigger, faster virus. It's the silent, long-game threat posed by emerging technologies. The advent of quantum computing, for instance, is the single greatest long-term threat to our digital security. When fully realized, quantum computers will have the power to break the vast majority of our current encryption methods, including the ones that secure everything from our banking transactions to state secrets. This isn't science fiction; it’s a tangible threat that’s already inspiring "harvest now, decrypt later" attacks, where adversaries steal encrypted data today, betting on their ability to unlock it years from now.

But we don't need to wait for quantum leaps to see the future of cyber warfare. Artificial Intelligence (AI) is already here, and it’s a double-edged sword. While we're using AI to defend our networks, attackers are using it to supercharge their offenses. Gone are the days of misspelled phishing emails. AI can now generate hyper-realistic spear-phishing messages that are contextually aware and nearly impossible to distinguish from legitimate communication. More ominously, AI is being used to create autonomous and adaptive malware that can learn and evolve in real-time to evade traditional security defenses.

Beyond the Server Room: The Physical Threat

Another threat that many don't consider is the danger posed by the expanding Internet of Things (IoT) and the convergence of our IT and Operational Technology (OT) systems. Every connected device—from smart thermostats to industrial sensors—is a potential entry point for an attacker.

This is especially concerning because attackers are increasingly targeting our critical infrastructure. It's no longer just about stealing data; it's about causing physical damage and disrupting essential services. The systems that manage our power grids, water treatment plants, and emergency services were often designed decades ago without modern cybersecurity in mind. This makes them a vulnerable and high-value target for those who seek to cause chaos or hold entire communities hostage.

A New Mindset for a New Era

These aren't threats that can be solved with a single software update. They demand a fundamental shift in our approach to security, starting with a collective understanding of what's at stake.

As the CISO for the State of Wyoming, my team and I are already moving to address these challenges. It is our plan to start exploring quantum-safe cryptography to prepare for a post-quantum world. We are also deploying our own AI-powered defensive tools to fight fire with fire, enabling us to detect and respond to threats at machine speed - Although it has been a challenge. There are a lot of tools in the market that claim to be "AI powered". It is our job to distinguish hype from reality.

But our strongest defense remains our people. We must move beyond rote training and empower a culture of vigilance and skepticism. Every employee, every citizen, and every business is a critical component of our defense. By staying informed, challenging what looks suspicious, and understanding that cybersecurity is a shared responsibility, we can build a resilient digital infrastructure that stands strong against the threats of today and prepares for the challenges of tomorrow.

🪝Don't Get Hooked!

Phishing is the #1 way attackers strike. They don’t break in — they trick you into opening the door. The email looks like it’s from your coworker, HR, your bank, or even your favorite store. One click… and BAM! You’re on the hook.

This Cybersecurity Awareness Month, we’re upping our game — because phishing is still the #1 way attackers strike! Every week, we’ll spotlight a “Don’t Get Hooked” tip so you can spot red flags, stop scams in their tracks, and protect yourself on and off the clock!

This Week’s Spotlight: The Too-Reel Request

Phishing emails often look like legitimate requests — invoices, password resets, or HR forms. Don’t let “looks real” fool you.

At work: If an email asks for money, credentials, or sensitive data, verify through a known phone number or trusted contact. Don’t reply or click until you confirm.
At home: If Amazon, your bank, or Netflix says “fix your account now,” go to the app or type the website address yourself — never use the email link.