NY IT forum talked secure ops for agencies

A New York government technology forum put the gap between cybersecurity rules and day-to-day practice at the center of its agency playbook. The New York IT Leadership Forum held its 2024 state event in Albany on April 16, with New York State Chief Information Officer Dru Rai listed among the speakers and cybersecurity named as one of the main topics. (events.govtech.com) The session highlighted a problem many city and state technology teams face: mandates arrive as policies, but agencies still have to turn them into patching, offboarding, remote access controls, and data access rules that staff can follow every day. (its.ny.gov) New York’s Office of Information Technology Services maintains statewide technology policies for agencies, including standards for remote access, mobile device security, patch management, sanitization, and offboarding. Those controls are the operational layer that sits under broad compliance requirements. (its.ny.gov) The state has also built a larger cybersecurity structure around those agency controls. The Chief Information Security Office says it coordinates statewide policies, standards, programs, incident reporting, training, advisories, and local government resources. (its.ny.gov) That matters for local agencies because New York has expanded its “whole-of-state” cyber model beyond state offices alone. The Joint Security Operations Center, launched in February 2022, links federal, state, city, and county governments with utilities and transit agencies for data sharing and cyber coordination. (its.ny.gov) Money has followed that structure. In February 2024, Governor Kathy Hochul released a cybersecurity grant plan using nearly $6 million in federal funding to help local governments build baseline defenses, including multi-factor authentication, training resources, and scholarships. (governor.ny.gov) The state expanded that push again in October 2025, when officials opened applications tied to more than $13.9 million in available federal State and Local Cybersecurity Grant Program funding. The program said New York would directly procure multi-factor authentication tokens and support services for approved public entities. (governor.ny.gov) New proposals have added more pressure on local governments to operationalize those requirements. Governor Hochul’s 2025 State of the State agenda called for mandatory cyber incident reporting by municipalities and annual cybersecurity awareness training for local government employees. (rbtcpas.com) By early 2026, the state said $9 million in federal grant money would fund multi-factor authentication hard tokens for 161 counties, municipalities, school districts, and public authorities. The forum’s focus on secure operations landed as New York was already paying agencies to make compliance visible in everyday systems. (governor.ny.gov)