L.A. County’s Email Security Deployment Sees Big Returns

As the last few years have demonstrated, email security is a zig-zagging target. Between advanced phishing techniques and misuse of the technology such as artificial intelligence, the deck seems perpetually stacked against resource-constrained governments.

Beyond the often-outdated security layers, staff of varying technical sophistication are also having to parse through legitimate and potentially dangerous emails armed with only the best training program their organizations can offer.

In Los Angeles County, a series of successful phishing attacks in 2023 opened a conversation about how to prevent future intrusions across the county’s 40 departments and more than 135,000 email account holders. The outcome was a move away from the big-name legacy security solution and to an automated solution from Abnormal AI.

The move showed immediate benefits, explained Kanlue Zhang, operations manager with the Information Services Department’s Cyber Governance and Operations (CGO) branch, and quickly cut the roughly 75,000 annual tickets down to about 2,000 — only around 200 of which were malicious.

“In the span of about 12 months, we had seven successful phishing attacks, two of which became reportable,” CGO Acting Deputy General Manager Dan Herlache said. “So, at that point, we just knew that email security was a weakness of ours and we had to do something to strengthen it up.

Zhang said the new solution can monitor and understand user behavior and new threats while also keeping humans in the loop to verify the actions it takes. The double layer of protection has helped in a threat environment where generative AI is being used to launch faster and more sophisticated attack campaigns.

“That's why we do need to have this kind of AI against AI — that kind of mindset, to utilize AI to protect, to improve our defense,” Zhang said.

What’s more, the team of ITS employees tasked with validating phishing threat tickets could focus on more critical work, rather than “chasing their tail with false positives.” Herlache said that the cybersecurity team’s efficiency rate went from about 13 percent to more than 90 percent after the implementation, resulting in an estimated $4 million in time savings.

Tekistry, the technology and business consultant on the project, helped to guide the collaborative work between Abnormal and the county. Managing partner Bryan Cameron explained that this required a measured and programmatic approach, carefully aligning the departments and vendors for optimal performance.

“If you just pass the paper or just work with the customer, and don't spend the detailed time to kind of track things, make sure things are finished, have a clear idea what the next actions are, then the chances of the probability of success in technology projects goes way, way, way down, and then in two years, they bring in another product,” he said.

Part of that effort to maintain accountability and long-term success came down to dashboards for each of the county’s initial 37 departments included in the project. The District Attorney’s Office, Sheriff’s Office and Board of Supervisors would adopt the Abnormal AI solution afterward.

“We realized that what we're doing foundationally was solid, but what became apparent throughout this entire project is that you have to constantly refine what you're doing, how you're doing it, and make it better each time you work with customers,” Cameron said of Tekistry’s partnering approach.

Cameron also acknowledged that high-profile events looming on the horizon — the 2026 FIFA World Cup, the 2028 Olympics and the upcoming elections — and constantly evolving technologies make the need for a cybersecurity mindset more critical than ever.

“In cybersecurity, you can never be naive and think that you have arrived,” he said. “Continual diligence, tracking and refinement is required for the life of the engagement.”

The dramatic success of the project led to a 2025 National Association of Counties Achievement Award.