They are strengthening the county’s “cybersecurity resilience by adopting a multilayered and diversified approach,” Sindhu Menon, county CIO and executive director of Universal Services, said via email. HCUS is the centralized tech and fleet services provider and in her role, Menon serves as department director for county IT, public safety and justice technology, fleet and 311 functions.
Harris County, where the county seat is Houston, has more than 5 million residents, making it the state’s most populous county. George Reeves is the interim information security officer, overseeing the threat and vulnerability team. He’s also an adjunct cybersecurity professor and a former Cybersecurity and Infrastructure Security Agency (CISA) adviser, serving from July 2016 to June of this year, according to LinkedIn.
IT leaders collaborate with federal partners including CISA and the FBI, using the National Institute of Standards and Technology frameworks to guide improvements. As for security hardening, HCUS uses redundant systems for critical services, multifactor authentication, the Microsoft tiering model, and continuous monitoring to ensure continuity. The county is also investing in in-house cybersecurity teams and training programs to reduce reliance on external services.
“When the U.S. Department of Homeland Security ended its funding for the Multi-State Information Sharing and Analysis Center (MS-ISAC), which counties like Harris County depended on for threat intelligence and alerts, intrusion detection and vulnerability scanning, ransomware mitigation, and election infrastructure protection, we had to pivot,” Menon said.
The county plans to work with the newly formed Texas Cyber Command to strengthen state-level threat sharing and incident response while exploring additional funding through the State and Local Cybersecurity Grant Program, she said. Long term, Harris County leaders aim to modernize and secure IT infrastructure through robust security policies, data governance and strategic resource planning to ensure cybersecurity is built into every technology initiative.
Asked about cybersecurity measures and best practices for local government, Menon recommended IT shops implement multifactor authentication.
“It is one of the simplest and most effective ways to prevent unauthorized access,” she said. “Many cyberattacks, especially phishing and credential stuffing, succeed because of weak or reused passwords. Enabling multifactor authentication, even just for privileged accounts or remote access, significantly reduces risk.”
