Skip to main content
CyManII News

Quiet Heroes: How a small cybersecurity team is strengthening Texas critical infrastructure

Quiet Heroes: How a small cybersecurity team is strengthening Texas critical infrastructure

By Ed McCormick, Regional Innovation Officer, CyManII

“Should we wait for the rest of the IT team?” I asked the two gentlemen sitting across from me.

“Don’t bother,” one of them replied. “The team is us — we are it.”

“How about the cybersecurity team?”

“Still just us.”

I was shocked. But I shouldn’t have been. That was exactly why we were there.
The story begins with the discovery that the water treatment plant in Mission — a small town deep in South Texas — had been compromised by a foreign adversary. What had quietly hummed in the background for decades, the pumps, the chemicals, the monitoring systems, suddenly became the community’s most vulnerable lifeline.

Every home, every school, every business depended on that water system. If it failed, the consequences would ripple through every corner of the town: hospitals, schools, emergency centers, chemical plants, manufacturers. Local leaders urgently sought help. Resources were scarce. Expertise was limited. Requests for support went unanswered.

There was no hope on the horizon.

So, we decided to show up.

We had no convoy, no large emergency response force, and no sprawling operations command center. It was just three of us, rolling down the highway in our navy-colored mobile training vehicle — the one that most school-age kids mistook for the neighborhood ice cream truck.

After two days in Mission, the three of us knew we had something. Our two initial students felt genuinely more prepared to cyber-harden their town’s infrastructure. The city’s leadership was ready to weather the next cyber storm. After sitting down with the Mayor, City Manager, and Emergency Response staff, we helped them build their own cyber response playbook — a living document that would let them act purposefully when the next incident came.

And most importantly, both the technical and leadership teams had reclaimed something intangible but essential: hope. The belief that they could protect their friends and neighbors.

“This is the first comprehensive exercise we did in emergency management specifically focused on cybersecurity. It allows you to take your disaster recovery plan and put it to use.” — Andy Garcia, Assistant City Manager, Mission TX

As the three of us drove back to San Antonio that evening, we were already planning our next move. We wouldn’t have to wait long.

Who We Are — and Why It Matters

The Cybersecurity Manufacturing Innovation Institute (CyManII) is a Department of Energy-funded national hub headquartered in San Antonio, Texas. Our mission is both sweeping and precise: secure American manufacturing against cyber threats while building the workforce capable of defending it. We operate at the intersection of physical systems, cyber layers, and energy-efficient manufacturing — what we call the intelligent transformation of the nation’s industrial backbone.

Three pillars define our approach. The first is securing the digital thread — protecting intellectual property and critical processes across the entire manufacturing lifecycle, from design to delivery. In practice, that means tools like the Cyber-Physical Passport, which creates a verifiable chain of custody so that every step in a supply chain is accountable and traceable. The second is creating a cyber-informed workforce. You can’t defend what you don’t understand.

We train workers at every level — from floor operators to C-suite executives — in both cybersecurity fundamentals and operational technology defense. Our CyManII SEALED Training program and that navy-blue Mobile Training Vehicle bring those capabilities directly to manufacturers and infrastructure operators who can’t afford to send their teams elsewhere. The third pillar is what we call Secure.TOGETHER.

No organization is an island, and no firewall is ever good enough alone. We build bridges — between federal agencies, across supply chains, between sectors that rarely speak to each other. That collaborative model isn’t a nice-to-have. It is the entire point.

From 2 in Mission to 360 Heroes Across Texas

That initial trip to Mission in September 2025 was our first critical infrastructure cyber exercise, and it set a template we would follow across the state. From Mission, we moved to Eagle Pass, where we conducted a community-wide training that pulled together multiple agencies and put all three pillars to work simultaneously.

Securing the digital thread meant ensuring agencies understood their operational technology exposure. Creating a cyber-informed workforce meant bringing city employees, utility managers, and law enforcement into the same room to run the same exercise. Secure.TOGETHER meant making that happen across departments that had never once collaborated on cybersecurity before.

Next came San Antonio, where we opened CyManII’s own cyber range for our inaugural OT Cybersecurity for Critical Infrastructure training — the first event of its kind in the region. Participants from multiple sectors worked through operational technology attack scenarios in a live, simulated environment. Then came Corpus Christi, and then the live cyberattack job-readiness exercises that bridged workforce training with critical infrastructure defense.

On May 20, 2026, we concluded our fifth exercise in El Paso, engaging more than 60 critical infrastructure leaders and operators in a city of over 700,000 people sitting at a major international border crossing.

Nine months. Five exercises. Seven counties. Over 360 critical infrastructure personnel trained.

What 360 People Actually Means

It would be easy to stop at the headline number and declare victory. I won’t, because the real story is what those 360 people represent.

The organizations they work for collectively span 12 of the 16 critical infrastructure sectors recognized by CISA — the Cybersecurity and Infrastructure Security Agency, the federal body responsible for protecting the systems Americans rely on every single day. We’re talking water and wastewater, energy, transportation, healthcare, emergency services, government facilities, and more. These aren’t hypothetical sectors. They are the pipes, the wires, the roads, and the institutions that over five million Texans depend on to keep the lights on, the water running, and their communities safe.

When those 360 people return to their organizations, better equipped, more practiced, and more connected to each other, five million people are safer. That’s the math.

The Economics of Not Getting Hacked

I know some of you are reading this and thinking: “Sounds compelling—but what does training actually buy you?”

Fair question. IBM’s 2024 Cost of a Data Breach Report found that organizations facing severe cybersecurity staffing shortages incurred $1.76 million more per breach than adequately staffed peers. On the other side of that ledger, organizations with extensively trained, AI-assisted security operations saw breach costs reduced by an average of $2.2 million compared to those with no security automation or training investment.

Our exercises are designed to close exactly that gap. We bring together both technical operations teams and executive decision-makers in the same room, at the same time — because a breach doesn’t wait for the C-suite to catch up to IT. More critically, each trained facility that avoids even a single multi-day recovery event sidesteps what IBM benchmarks at $125,000 per hour in active industrial downtime recovery.

Across the seven counties we’ve served, the near-term economic protection our training program has enabled exceeds $31.4 million. That’s not a marketing figure. It’s avoided breach costs, reduced incident response fees, and resilience built into communities that simply cannot afford to go dark.

A Small Team. A Great Purpose.

I’ll be honest — there were days over these past nine months when the scope of what we were attempting felt almost idealistic. A small team, operating on the belief that hands-on exercises in small towns cities could meaningfully bend the curve on national cybersecurity risk.

Then I think back to that two-person team in Mission, running through a cyberattack scenario for the first time and suddenly understanding exactly what was at stake — and exactly what they could do about it. I think about the emergency manager in Eagle Pass who returned to his city with a revised response plan and a network of colleagues who now had each other’s phone numbers. I think about the 60 leaders in El Paso who carved out two days from their crowded schedules to learn how to defend their community.

The adversaries we face are sophisticated, well-funded, and patient. They are methodically mapping our critical infrastructure, probing for the greatest operational disruption. They are playing a long game.

So are we. And we’re just getting started.

Ready to Connect?

We invite you to join our mission and become a part of this groundbreaking initiative. Whether you are a manufacturer looking to enhance your cybersecurity posture, a technology provider with innovative solutions, or an academic institution preparing the next generation of skilled workers, your participation is crucial to our success. 

JOIN NOW
CYMANII SECURE TOGETHER

In Partnership With:

utsa
Department of Energy

CONNECT WITH US

Cymanii LinkedIn page
Cymanii Youtube Page

© Copyright 2025 CyManII. All Rights Reserved Worldwide.