Addressing the Leadership Disconnects on Cybersecurity

1. Addressing the Leadership Disconnects
on Cybersecurity
Panel discussion participants:
▪ Dr. Greg Ottinger
▪ Dr. David Miyashori
▪ Richard Quinones
▪ Lenny Schad
▪ Marlon Shears
Panel moderated by:
Dr. Julie A. Evans, CEO, Project Tomorrow

2. Our discussion today:
▪ Let’s get real about the leadership disconnects in K-12 districts
about cybersecurity awareness and preparations
▪ Selected findings from the new Project Tomorrow – iboss
report on Key Results on K-12 cybersecurity
▪ Experiential insights and wisdom from our panel of district
leaders and national thought leaders
▪ Additional resources for you!

3. Meet our panel of district leaders
▪ Dr. Greg Ottinger, former Chief Business Officer, San Diego Unified SD
▪ Dr. David Miyashori, Superintendent, Cajon Valley Unified SD
▪ Richard Quinones, Senior Vice President, Business Development
Strategist/Thought Leadership, iboss
▪ Lenny Schad, Chief Information and Innovation Officer, District
Administration
▪ Marlon Shears, Chief Information Officer/Technology, Fort Worth
Independent SD

4. “Increasing the security posture within a school
district necessitates deliberate education of
executive leadership so that a common cultural
understanding about the importance of
cybersecurity is adopted across the organization.”
District Technology Leader
Addressing the Leadership Disconnects on Cybersecurity

5. 2021 Project Tomorrow – iboss National K-12 Education Cybersecurity Research Study
About the new research study:
o Part of the larger Speak Up Research Project
o Continuation of a focus on cybersecurity issues since 2017
o Impact of pandemic: increased dependence on technology + increased threat
environment required a deeper examination of the current attitudes and actions
o Call for feedback from K-12 district administrators and technology leaders in
January – May 2021
o 599 respondents from a diverse set of schools and districts nationwide
o Longstanding partnership with iboss

6. 2021 Project Tomorrow – iboss National K-12 Education Cybersecurity Research Study
Creating a Common Culture of
Action Around Cybersecurity
Results from the 2021 Project
Tomorrow – iboss National K-12
Education Cybersecurity Report
Release of the new national report
https://tomorrow.org/speakup/pdfs/Creating-a-Common-
Culture-of-Action-Around-Cybersecurity.pdf

7. About the Speak Up Research efforts
▪ To learn more about Speak Up
▪ To get a copy of today’s presentation
▪ To get a copy of the new report and
infographic
Please add your name and contact info to
our print sign in sheets or on this online
form.

8. 2021 Project Tomorrow – iboss National K-12 Education Cybersecurity Research Study
Three key insights from the research
1. An effective cybersecurity plan must be rooted in a shared and
realistic sense of concern, responsibility, and accountability
within the district.
2. The new technology dependence in K-12 education demands that
district leaders re-assess their approach to the management of
their technology assets, both human and digital. This has huge
implications for cybersecurity readiness and preparations.
3. Cybersecurity preparation begins with an understanding of the
need to walk the talk with increased funding to support both
readiness and mitigation efforts.

9. Insights from the new national report
1. An effective cybersecurity plan must be rooted in a shared and
realistic sense of concern, responsibility, and accountability
within the district.
We experienced a cyber event almost 2 years
ago that shut us down. As a district we all
went through the process of recovery
together. We have full support of our Cabinet
and Superintendent when it comes to keeping
our network and student data safe.
District Technology Leader

10. Insights from the new national report
1. An effective cybersecurity plan must be rooted in a shared and
realistic sense of concern, responsibility, and accountability
within the district.
What is your current level of concern regarding a potential cyber attack in your district?
13%
39%
46%
21%
44%
22%
Low concern
Moderate concern
High concern
District Administrators Technology Leaders

11. A successful cybersecurity strategy must be cross organizational
Who: All Executives and Board
IT, Operations, Facilities, Finance, Legal, Superintendent, Communications, Board
What: Proactive and Reactive
Planning, Preparation, and Incident Response
How:
Identify risk, communicate the facts, build consensus through partnership
What is job #1 to create an
effective cybersecurity strategy?
Panel discussion

12. Insights from the new national report
2. The new technology dependence in K-12 education demands that
district leaders re-assess their approach to the management of
their technology assets, both human and digital. This has huge
implications for cybersecurity readiness and preparations.
This is what has worked in our district.
Educate: Build awareness in users of their role
in managing risks. Mitigate: Implement robust
systems to protect data and networks.
Investigate: Provide tools to monitor and
determine system breaches.
District Technology Leader

13. Insights from the new national report
2. The new technology dependence in K-12 education demands that
district leaders re-assess their approach to the management of
their technology assets, both human and digital. This has huge
implications for cybersecurity readiness and preparations.
Are IT department staffing levels adequate to support cybersecurity?
Nearly 6 in 10 technology leaders say that their current staffing
for cybersecurity is not adequate to meet the needs of their district
to protect information assets and resources.

14. Need to look in the mirror to evaluate our
current preparation state for effective
cybersecurity
Develop and execute a comprehensive assessment of operational vulnerabilities
Conduct Districtwide Risk Assessment
PEN Testing
Formal Remediation
Strategy/Plan
Financial Forecasting
Staffing
Consult Outside Experts
Legal
Technical
Communication
Board
Superintendent
Cabinet
IT Department
Panel discussion

15. Insights from the new national report
3. Cybersecurity preparation begins with an understanding of the
need to walk the talk with increased funding to support both
readiness and mitigation efforts.
To address these issues, we need sustainability in
the funding for cybersecurity. When budgets are
squeezed, operational costs like cybersecurity are
the first to be hit. Additionally, district leaders need
to enthusiastically embrace and model good
cybersecurity habits and support the technology
leaders in setting expectations for staff. It cannot
just be the technology departments' problem.
District Technology Leader

16. Insights from the new national report
3. Cybersecurity preparation begins with an understanding of the
need to walk the talk with increased funding to support both
readiness and mitigation efforts.
24%
24%
18%
47%
Anticipated budget increase in 2021-22
Anticipated no change in 2021-22 budget
Budget increased in 2020-21
No change in the 2020-21 budget
Do our district budgets for cybersecurity reflect the reality of the situation?

17. How to close the
information and urgency
gap in our district
cybersecurity outlook
Creating a common culture of action around cybersecurity requires a proactive
approach by all leaders
Incident response planning
Cross-organizational cybersecurity committees
Training - IT and all district employees
Consistent transparency and communications
Education of the executive leadership
Commitment to “walk the talk”
Panel discussion

18. National Call to Action for Greater
Awareness and Action on K-12 Cybersecurity
To develop a common language and shared cross-organizational
culture within districts:
1. Why should cybersecurity be a district wide imperative?
2. How do build a shared culture around cybersecurity?
3. What are the best practices to support a healthy cybersecurity
posture within our districts?

19. National Call to Action for Greater
Awareness and Action on K-12 Cybersecurity
Planned activities for 2022 (more to follow):
▪ Discussions, sessions and events at several national conferences
▪ Thought leader articles and blog posts in key publications
▪ Direct support for K-12 district leadership teams
▪ Recommendations on best practices
▪ 2nd annual Project Tomorrow – iboss National K-12 Education
Cybersecurity Research Study (January – May 2022)

20. Speak Up reports, infographics, briefings and data
insights for schools and districts www.tomorrow.org
https://tomorrow.org/speakup/pdfs/Creating-a-Common-
Culture-of-Action-Around-Cybersecurity.pdf

21. About the Speak Up Research efforts
▪ To learn more about Speak Up
▪ To get a copy of today’s presentation
▪ To get a copy of the new report and
infographic
Please add your name and contact info to
our print sign in sheets or on this online
form.

22. Addressing the Leadership Disconnect on Cybersecurity
Thursday, January 27, 2022
4:00 PM to 4:45 PM
C91
Your reflections and feedback are appreciated.
Submit your survey responses on the FETC Mobile App

23. Addressing the Leadership Disconnects
on Cybersecurity
Thank you for joining us
today!