February 28, 2026 • 37 mins
Live from the K12 SIX National Cybersecurity Leadership Conference in Albuquerque, Chris goes solo and interviews several attendees and leaders about practical K12 cybersecurity.
Guests include Cory Rankin, a K12SIX member, who talks about community and membership benefits, Dr. Tim Tillman on building governance and board-level engagement, Doug Levin on the importance of in-person trust and fundamentals, David Waugh of ManageMethods on cloud visibility and content filtering, and Oliver Page of CyberNut on K12-focused phishing and student training.
The conversation emphasizes actionable steps schools can take without big budgets: tighten authentication and account hygiene, audit cloud settings, work with vendors on security, engage school boards to establish policy, and provide realistic staff and student training.
K12 SIX: https://k12six.org/compromise
————
Sponsored by:
Eaton - Indulge yourselves in this chocolate-inspired infographic from Eaton to discover “a flavor” of cloud-based battery backup for every location, including K-12 education, with their cloud-connected UPS line. Reliable power backup has never been so sweet – with 16 cloud-connected UPS models for various workloads and budgets, always free monitoring software for an unlimited number of devices, NFC tap-to-configure setup and controllable outlets (13 models) – now you can finally enjoy your Saturdays in peace without the looming fear of a 3 am wakeup call to reboot a UPS. Learn more about the cloud UPS in Eaton’s Uptime Sampler Box infographic. Managed Methods————
Join the K12TechPro Community (exclusively for K12 Tech professionals)
Buy some swag (tech dept gift boxes, shirts, hoodies...)!!!
Email us at k12techtalk@gmail.com
OR our "professional" email addy is info@k12techtalkpodcast.com
Visit our LinkedIn
Music by Colt Ball
Disclaimer: The views and work done by Josh, Chris, and Mark are solely their own and do not reflect the opinions or positions of sponsors or any respective employers or organizations associated with the guys. K12 Tech Talk itself does not endorse or validate the ideas, views, or statements expressed by Josh, Chris, and Mark's individual views and opinions are not representative of K12 Tech Talk. Furthermore, any references or mention of products, services, organizations, or individuals on K12 Tech Talk should not be considered as endorsements related to any employer or organization associated with the guys.
Listen
Watch
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:00):
Live from Albuquerque, New Mexico, this is the K12 Tech Talk podcast and I'm at the 2026
(00:10):
K12 Six National K12 Cybersecurity Leadership Conference hanging out with Josh and Mark.
Just kidding.
Josh didn't show, we're used to that.
But Mark was going to come and Boston, Massachusetts, whatever, New England is supposedly getting
a lot of snow.
So Mark's flight got canceled and it's just me here.
(00:30):
But I am excited to be here.
I just spent the last two hours talking about passwords.
Mark had signed us up to do a two-hour workshop to discuss student passwords, the future of
student passwords.
And then, of course, he bailed, like I said.
So it was just me with a room full of folks excited to talk about passwords, said no one
(00:51):
ever.
But we spent two hours talking about passwords, talking about the future, had a great time.
And that kind of just, for me, sets the tone of what I think this conference is going to
be about.
It's all about cybersecurity.
So I'm hanging out here for the next couple days in Albuquerque, New Mexico, with K12
Six.
I see some Managed Methods David down the way.
We'll talk to him, a proud sponsor of the K12 Tech Talk podcast.
(01:12):
I've seen a couple friends from New Hampshire here, a couple friends from K12 Tech Pro here.
So I'm excited for this event and happy that they're having us here.
Doug was walking around earlier, excited to talk to him at some point as well.
So hang out with me, again, at K12 Six, the cybersecurity conference.
(01:33):
We'll do several interviews.
That's what this episode, special episode, is all about.
All right, I'm hanging out with Corey Rankin.
Corey, you came up to the booth.
We started talking about K12 Six admin, the subreddit.
You're on there.
But I was looking at your lanyard, too, and you're a K12 Six member.
So I want to unpack all of that with you just for a couple minutes.
So how's it going today?
Yeah, absolutely.
(01:54):
Good to meet you.
And I'm just, you know, excited to be part of the community.
And that's why I came over.
Is this your first K12 Six conference?
Yes, it is.
I've always wanted to come, but I haven't had the ability to do so in the past.
Really wanted to connect.
Cool.
So let's talk about your past.
So I guess, who are you, give me your quick K12 Tech story, where you're at today, where
(02:15):
you've been.
Sure.
So my first life started in sales, funny enough, retail sales.
Did that for 10 years, hated it.
But learned a lot of good things about connecting to people and talking.
Was convinced to join the K12 IT community.
And I thought, well, I can't do this.
I'm the neighborhood IT guy, right?
(02:37):
But was convinced, came on to a school district as a technician, worked my way up to engineer,
assistant admin, managing the engineer, assistant director, and then director most recently.
So that was a 12-year stint in a school district of 24,000.
Cool.
And then in the last month, pivoted over to running the cybersecurity program for the
(02:58):
North Carolina Department of Public Instruction.
Nice.
So you are here with that department, and then is that what you're a K126 member of?
Yes.
And then I think you said you're new to being a member.
Can you unpack that a little bit?
There's a lot of people here that aren't members.
You can see that on their lanyards, but you are.
Can you just unpack, and I know it's year one for you, but what is the benefit of that
(03:20):
membership?
Sure.
You know, I really just wanted to be a part of the community, to be able to contribute,
to be able to access some of the resources that you have to do so, but really be part
of the bigger picture.
You know, I believe cybersecurity is a team sport, and this is the entity who is doing
it across the nation, instead of the silos that we all in.
(03:42):
Yeah.
Yeah, there's some great information sharing that goes on with K126, and even with the
keynote today, they were mentioning these resources that they created for members,
but they just put it out there because of the good of the cause for the K126.
Absolutely.
Very cool.
All right.
Well, Corey, nice to meet you, and I'm glad you stopped by for a few minutes.
Yeah, I appreciate it.
Just want to give a quick shout out to Eaton.
You can check out eaton at eaton.com.
(04:04):
They make what matters work.
They can help you out with your power management solutions, your UPSs, your battery backups
and all that good stuff.
We're going to be hanging out with Eaton for the next few weeks.
That's eaton.com.
They make the podcast episode and trips like this possible for us as well, so check out
Eaton.
All right.
I'm hanging out with Dr. Tim Tillman.
(04:25):
Tim, how's it going?
Good.
How are you?
So, we were just talking about cybersecurity because we're at the K126 conference.
That makes sense.
It does.
So, would you tell me about yourself, give me a little bit of background, and then what
brings you to K126?
Sure.
So, I have been in academic technology for 32 years.
(04:47):
Started at the actual school system that I graduated from because they needed somebody
to come in and fix all the mistakes that I made as a student, so I learned how to hack
in the mid-90s on a Novell network that wasn't well-protected.
Novell was great.
Novell, I love networks so much, and token ring networks.
(05:09):
I've spent most of my career trying to be an evangelist for cybersecurity while also
being a tech director, while also learning all of the ins and outs of running an IT department.
From being a tech to a manager and everything else, I've spent time at the state level working
for the Virginia Department of Education as their CISO.
(05:33):
I teach adjunct college courses in cybersecurity.
Right now, I am the director of technology for Richmond City Public Schools in Virginia.
How big is that school district?
So, there's about 25,000 kids, and it's an urban district facing urban problems.
So anything from chronic attendance problems to, you know, there was a murder last night
(05:57):
and kids are affected by that, to an ever-decreasing budget and ever-decreasing tax base as well.
And when we were small-talking, you mentioned that first school, it was like 3,000 kids?
Yeah, so I really, I got my first directorship in a large, or excuse me, in a small district.
Five kids, 2,800 kids, or five schools, 2,800 kids, and gosh, that was a lot.
(06:21):
I love the small district.
I love being the person who had to wear all the hats.
I think without even knowing you well, I'm going to guess that you would agree with this.
The small school district problems and the large school district problems, they're the
same, right?
Yeah, it scales.
It scales, that's all it is, right?
When I first went to a larger district, everything just had an extra zero on the end, right?
(06:45):
And it was, the small districts use the exact same software, they have the exact same problems,
they have the exact same concerns, it's just everything is on a smaller scale.
Let's talk about cybersecurity then.
What is on your heart today with cybersecurity?
If I'm a tech and I'm listening, and maybe cybersecurity is not my major focus, and it
(07:09):
should be, what would you say?
I've been coming to K-12-6 since the first conference, and Doug and I have known each
other since before K-12-6, when it was just the cybersecurity map and those kinds of things.
I had a conversation with him sometime last year, and I said, you know, it feels like
(07:29):
10, 15 years later, we're still preaching the same message.
And that message is, you have to take cybersecurity seriously.
You have to build the artifacts that are necessary in your district.
You have to have the tools in place, you have to have the governance structure, you have
to have the stakeholders who are helping you on your mission.
(07:53):
There are still people in the room this morning who fight me on that.
Well, I don't need that.
I don't know why I need that.
Or we don't have the money, we don't have the time, the talent, all those things.
Yes, you do.
You do.
You can stand up an entire cybersecurity program for free.
Most of a cybersecurity program is policy and existing people.
(08:17):
You don't have to spend millions of dollars on an MSSP or MDR or any of these things.
You can be better all the time.
And cybersecurity is not an endpoint.
It's an ever-moving goal.
And every day that goes by, you get further behind.
Yeah.
(08:37):
Yeah.
Yeah.
I can think back Missouri way, for years, there was a group that I felt was preaching
SPF and DCAM and DMARC for email security.
And we felt like that session at those conferences was getting exhausted because we're just saying
the same stuff again and again.
But there were always people that didn't have that stuff going.
(08:58):
Like these things are not optional anymore.
This is basic configuration.
Yeah.
Right.
And even back then, we would say, you're not doing it necessarily for yourself.
You're doing it because you want to be a good neighbor.
So whatever, if you think it's not going to happen to you, it's going to happen to your
neighbor.
Yeah.
So how can you be a good neighbor?
And, you know, I'm speaking today, I'm going to be talking about school boards and their
(09:19):
responsibilities in the cybersecurity program.
And I have met with a lot of board members all across the nation, even, that still feel
like cybersecurity is just about password changes and, you know, making sure the kids
don't hack.
And we have to change the feelings that we have to change what people think this is.
(09:42):
Yeah.
So to not spoil your speaking, what would be that advice that you give to the tech that
he knows, she knows that school board is just talking about password?
So one of the concepts that I talk about is, is the, I guess, get some movement here.
(10:03):
I'll throw in some noise that help it kind of.
That was awesome.
You do that all with your mouth.
That was fantastic.
No.
So I'm speaking today to talk about this, this loop of, you know, right now, most tech
directors go to the board, they say, Hey, I want to spend this money on this tool.
(10:27):
And the board says, I don't know what that is.
And we have other priorities and they don't fund it.
I'm trying to teach this, this loop of going to the board and saying, I want you to establish
policy that says we have to have a cybersecurity program, right?
So that the next time you go to the board, you get to say, Hey, this is your program
(10:47):
that you asked me to establish.
Now you need to fund it.
And that creates enough awareness with, with board members or, you know, whatever your,
your governance structure is that they remember why they did that in the first place.
And they see you implementing their governance request and you're going to, you're going
to get approved for that.
(11:08):
Yeah.
That's going to feel correct.
Yeah.
So when it's a top down initiative, even if you're helping them develop the top down initiative,
it works.
If you're always going up and begging and always saying, I need more money, always going
up and saying, well, I need people to do this.
The board doesn't understand that they don't, they don't get it.
Right.
Well, Jim, thanks for hanging out with me for a few minutes.
(11:28):
I hope you have a great conference.
You too.
All right.
I'm hanging out with the Doug Levin of K-126.
Doug, how's it going?
Good.
Good.
How are you, Chris?
Good.
Things have been great.
It looks like the conference is going well.
I've experienced the conference going well.
So congratulations to that.
Yeah.
Thanks.
It's, it's off and running.
It started yesterday.
(11:50):
The official opening is this morning, going all day today and then tomorrow.
So great group.
Everybody's excited to see everybody.
A lot of people have been in the past, some new faces as well.
So yeah, really excited about it.
It's a great community here.
And it's a great cybersecurity minded community here, which is needed in K-12 tech and let's
talk about that.
(12:10):
No, a hundred percent.
Like, that's why I'm like excited by the work you do to bring your community together.
Or a similar community, maybe a little bit narrower focus than yours, but overlap.
You know, these gatherings, whether they're national or they're regional or within a state,
I mean, whether they're large or small, they're just, it's the only way we're going to get
better.
(12:30):
It's where we learn stuff.
It's where we share.
It's just so hard to do it if you don't like, I would say the face to face is also really
critical.
It creates that trust so you can have those conversations in between meetings and events
and stuff like that.
I was talking to someone today.
So yesterday I did that because Mark bailed.
(12:50):
I solo did a two hour workshop on passwords.
And that's a lot.
That's two hours of the word password, but I was talking to someone that did the session
today.
She was saying a quick appreciation for it, but we talked about the appreciation is in
the room when we would do like the question, like to discuss how many, like, here's the
(13:11):
best practice.
And then what are you guys doing as boots on the ground and to be open and honest.
And then you start to realize that your neighbor is going through the same thing, what's your
school culture look like and all, and that's needed with the in-person event and the sharing
that takes place with that.
I mean, totally.
And that's actually a reason why we don't allow media.
Yes.
(13:32):
You guys accepted, I guess.
We don't allow media at the event.
Like we make sure to screen who comes to the event because if you don't have that trust
on who's in the room, that stuff's going to stay in the room.
Like those conversations are dead in the water.
Yes.
And I think when I first started getting into this, like almost a decade ago, the sector
almost felt like, or this, this subject kind of felt almost like fight club.
(13:56):
Everybody kind of knew about it, but nobody wanted to talk about it out loud because you
weren't supposed to, right.
Maybe at the bar late at night, you could say, you know, we had this incident thing
and it was really not great.
And I wish I'd done this, or if I'd only done that, or I asked to get funded the thing that
would have stopped it, but it didn't get funded and I can't tell anybody, you know, or I let
(14:19):
people down and I feel so bad.
Like it was almost like everybody was afraid to have that conversation.
And I think that one thing that has definitely changed over the last few years is there's
more people who are more comfortable in talking about it.
They realize it's not some personal failing of theirs.
It's not that their school system is somehow unique.
Like we're seeing schools, large and small, all across the country every week battling
(14:44):
this sort of stuff.
Sometimes it's the kiddos.
Sometimes it's actually a professional cyber group, quote unquote, professional cyber group
based overseas, just looking to turn a quick buck and take advantage of it.
So you know, it's just great to get everybody together and kind of proverbially let our
hair down and have some of these, you know, really important conversations.
(15:05):
Yes, that are absolutely needed.
So let's talk about during the opening, you discussed several things.
I guess just to pick it, what do you think the focus needs to be in a school district?
If the federal government money is not going to be there?
What are just some things that you could quick take for our listeners?
(15:30):
You know, so this is the thing.
I think there's some sense that there's some magic tool or AI or something that somebody
else is doing that's some magical thing.
But even as we have been tracking this for so long and seeing the recent trends, basically
the fundamentals matter more than, matter the most of all, right?
(15:54):
So it's stuff like securing your user authentication process, passwords, right?
Where else can you come talk about passwords for two hours?
But you know, you've got to have, you know, insight and visibility into, you know, what's
on your network, have those conversations with facilities, with food service, with transportation,
(16:18):
with HR.
Shadow IT is always going to be a problem, right?
You've got to know what you have to support it.
I think, you know, the way we see school systems compromised most frequently are those reused
credentials, default creds, vendor like accounts, subs are a problem.
(16:38):
Unfortunately, we started to see student accounts getting abused, which I'm sure you talked
about.
But the other thing is services that are exposed to the internet that are not patched or are
not otherwise protected, right?
So the quote-unquote edge devices, the firewalls have been just getting hammered over the last
(16:59):
two years.
And I don't care what vendor, literally all of them, anything with an exposed management
port to the internet is getting targeted, right?
So I think that's something that we need to lock down.
And the other thing that we've been talking a lot about is getting your cloud configurations
and shoring that up, whether you're running Google or Microsoft, or you're self-hosting
(17:20):
something up in AWS or Azure or whatever, like they give you enough rope to hang yourself.
And also, like, I don't care what the service, the settings are constantly changing, right?
So you need to go through and audit that stuff.
Yeah, and we can banter a lot about secure by design, secure by default would be sure
(17:40):
nice.
I mean, the next thing I was going to say, yeah, third party risk in vendors, like how
do we figure out who's good to work with before?
Can we shift some more of that responsibility onto them?
I mean, should we really be being asked to pay a lot more for security that kind of should
have been baked in?
I mean, these are core things, unfortunately, those haven't changed.
(18:03):
But I think what's exciting about here and about the work you're doing and other similar
work is, you know, if we can get to some consensus, we can make this change.
Well, a lot of what you just said, and this is the point of why you said it, I think.
It was said during the panel, we can assume that help isn't coming.
There isn't the magic tool.
There isn't the magic pot of money.
(18:23):
A lot of the quick things that you just said are things that we can do with what we have.
So look at your systems and lock them down without spending money, without adding another
tool.
Look at the standards that are available.
Talk to your community members and see what they're doing to match those standards and
just do it.
Yeah, no, completely.
(18:44):
And that, you know, so I said two things.
One is the goal should just try to be get a little bit better tomorrow.
Don't let perfect, perfect, there's no perfect.
And there's no end to this race, right?
So you just always want to be doing continuous improvement and just get a little bit better
every day.
There's always more to do.
Just don't get discouraged.
Just keep, keep going.
(19:05):
Number one, but number two, while we may have the ability and our tools to like turn on
a setting, it would dramatically, you know, reduce the risk of the school community.
It may affect people's workflows, like it's going to affect a teacher or the superintendent
or something.
And so this is where it gets hard.
It's not a money thing.
(19:26):
It's not like a capacity or technical knowledge thing.
It's actually an internal politics kind of thing.
And I think in particular for our community, that's just a real challenge.
We're not always at the table with leadership for this.
And then we're used to talking tech and not like change management in a school district
(19:47):
and you know, working with the teachers union or whoever else we need to work with.
You know, the first time the superintendent needs to log into something that doesn't work
and they call their secretary and their secretary's like, well, I, you know, like we got a call
down to IT or whatever, you know, like they're not following the process that you set up,
like stuff breaks and you're back to square one.
So that's the challenge.
(20:07):
We actually have a breakout session going on right now, somebody who's sharing wisdom
and lessons learned and trying to sell that.
But that's, you know, that's something I think as a community, we all need to work with.
And it's always a challenge for us to get that leadership at the table with us.
And we know we don't have them for very long and we know they don't understand the technical
side, but we don't want to scare them too much.
We got to get their attention.
(20:28):
So it's a challenge.
I don't have any secret sauce or magic for it.
I think we're all trying to figure it out, you know, so, um, but yeah, awesome.
Well, Doug, we appreciate you.
We appreciate K-12 VI, this conference, but just the big picture K-12 VI, the community
here as well.
So thank you very much.
Well, thanks to you guys.
Thanks, Josh.
(20:49):
Thanks, Mark.
You know, I don't know.
Mark couldn't get out or something.
It's unbelievable, really.
You know, you're here.
I know.
We made it.
There's lots of people who made it.
Lots of people, Mark, who made it out.
I think he's the only one that didn't come.
I'm just saying.
Michael Klein, those two guys.
Yeah.
All right.
Love it.
Okay.
Thank you, sir.
Yep.
All right.
(21:09):
Anyway, David, this is David Wall with Manage Methods, a proud sponsor of the K-12 Tech Talk
podcast.
Yes.
Yes.
You've come to the Midwest Tech Talk conferences with us.
You're on K-12 Tech Pro with us.
I feel like I've known you for some years now, actually.
Yeah.
It has been.
I mean, we've been involved from the beginning, I think, as a sponsor.
And you're like in the conference circuit.
(21:30):
You're like everywhere.
You say circuit.
I say circus.
Yeah.
It's definitely the conference traveling circus.
In fact, even here at the conference at the K-12 Six National Cybersecurity Conference,
live from Albuquerque.
I should do my best Josh impersonation.
You should.
Let's go ahead and do it.
Live from Albuquerque.
That's not too bad.
Yeah.
No.
He's actually got it dialed in.
(21:51):
But no, it's so funny because like last week, I saw Mark at Cali in Colorado.
And Mark, you're not here.
Loser.
Loser.
Wait.
Yeah.
There it is.
Here.
Let's try that again.
Mark, loser.
I felt like there was a bit.
Dude.
This is what happens when you have all these.
Yeah.
I can't get it turned off.
Okay.
Here we go.
(22:11):
Loser Mark.
Your days as a radio DJ are over now.
No.
But it is.
We kind of all joke around the traveling circus, but it is almost like a traveling brotherhood.
Yeah.
And sisterhood.
It's that, you know, there was already this, you know, last night, this morning, I had
(22:33):
several vendors.
We just come around the corner.
We laugh because we see each other like, Hey, you know, because we just saw each other last
week at, you know, Cali, Colorado, or the week before that at IdeaCon in Chicago, or
next week, I'll be in Raleigh, North Carolina, and some ties.
And then the week after that, I'll be in California for AriesCon.
And then you are not coming to our Midwest Tech Talk security symposium because someone
else is.
(22:53):
Yes, exactly.
So Skip will be there, who you know, part of our Missouri team.
So we will be there.
I'll be there in spirit.
Yeah.
Yeah.
So I, I reserve my, my, I have to, you know, save up all year long, my energy for July
or your, you know, summer extravaganza.
That's the big deal.
Yes.
So enough about me, David, let's talk about managed methods.
So managed methods is at a cybersecurity conference, correct?
(23:17):
That must mean that managed methods, the cybersecurity, and I know the answer to this, but I'm going
to do this anyway.
The audience.
Yes.
Tell us about managed methods, because we mentioned managed methods all the time.
And I always feel like we probably fumbled the ball.
It's good every once in a while to have someone actually knows what they're talking about,
they come on and talk about it.
So, so here you are.
Yeah.
We're here.
Yeah.
(23:38):
So at the core of it, what we do at managed methods is we provide tools to help school
districts gain greater visibility and control into specifically their Google workspace,
Microsoft 365 environments, you obviously did Google school.
We're the only purpose built cloud application security platform that was designed for K-12
specifically with out of the box pre-packaged, fully configurable, but out of the box risk
(24:03):
scans and monitoring capabilities that are meant for what a K-12 track tech director
has to do teams.
You know, obviously the, the vast majority of school districts in the United States,
with exception, and even here in this, this audience are smaller.
And I think one of the keynote speakers made a comment earlier this morning that, Hey,
nobody's coming to help.
Yes.
(24:24):
You know, this is up to us.
And so we designed a platform that was enabled right out of the box for school districts
to not only first and foremost, get a free risk assessment about their Google workspace
environment and the content and not traditional risk assessments where people are looking
at the, the dials and the settings and the, you know, the knobs and whatnot there.
This is looking at what's going on inside the box.
(24:46):
So we, we are monitoring 24 seven, a school district's entire domain inside of Google
workspace or Microsoft 365 or both, where we look at all staff and student accounts
from the Gmail box to the browser and everything in between.
So you want to understand, Hey, I need to see what kind of data is at rest in my environment
that may present some potential risk or what kind of data is here from a compliance data
(25:11):
protection standpoint to say, okay, how many IEP files are being shared out of Google drive
with just a global link share, or how many files are being sent out the door, you know,
that are just willy nilly being floating around out there that are something we may need to
have better data governance on.
But then it's also flip it around to keeping the bad guys out.
(25:32):
So we have advanced threat detection capabilities, scanning all inbound emails for phishing,
malicious attachments, you name it, scanning all files that get uploaded.
So it's a, it's a comprehensive visibility and control standpoint.
And all that you just said is the bread and butter, right?
That's our core brand.
What people have known us for, for the better part of a decade, usually a half a dozen or
(25:55):
so customers roaming around in here today at the conference in your home state of Missouri,
we have a fairly large and growing footprint, uh, 48 out of 50 states now, I think.
Awesome.
I think.
Um, so we also have some others.
I was going to say, tell me about the content filter because that's, that's newer to me
to know about.
That's the newer piece.
Um, and everybody's going, what, you know, um, we decided, you know, due to popular demand
(26:16):
and requests from our customer base, they loved our technology for student safety and
scanning capabilities inside of Google workspace or Microsoft 365.
So they said, can you take that same technology to the browser, to the edge?
So we said, sure.
So we introduced a content filter, um, web filter, you know, what you want to call it.
(26:37):
Some people say SIPA compliant filter.
So we ha it's a browser extension based technology focused on, um, not the device per se it's
at the browser level, which gives us lots of flexibility and ease of configuration.
Um, and then of course we have a companion classroom management classroom engagement
solution as well.
And it's, um, you know, part of the advantage of being newer into a very crowded space,
(27:01):
because there's obviously a lot of vendors out there and a lot of good vendors.
Um, but being the newer new kids on the block, if you would, we have the new toys, the new
tech.
So our AI detection capabilities, um, the input, that's obviously one of the big, big
things, you know, Mark and I talked about that last week at Calais, that was all the
rage of the topic was the new playing field or the new wild, wild West for filtering.
(27:23):
Kids are no longer going into just Google and searching and then hitting a website.
They're just interacting within the model.
Yes.
Whether it's Gemini, Claude, um, you know, open it, you know, even GBT if this wasn't
banned it, why not?
And our, our stance on it is don't try and ban it or block it.
Kids are just going to find ways around it and make more nightmares for you as tech directors.
Ours is embrace it, but have technology that has guardrails and you can analyze the input
(27:47):
that is happening inside that large language model.
So then you set rules and policies to say, okay, you can use these things freely, but
then if we see abuse or inappropriate usage, then we're going to take action.
So that's the approach we've taken from the filtering perspective.
And you think about it too.
What is, uh, you know, what is a tech director's worst nightmare is, you know, educators go
off to conferences and they come back and the good old days it was, they still had to
(28:10):
bring software back and install it or ask for permission.
Nowadays it's like, Hey, look at this extension we just installed, you know, we're like, okay,
here you go.
So embrace, embrace.
Awesome.
Well, good talking to you, David.
So check out managed methods at managed methods.com.
And I know that they can also sign up for a free audit to get started with that, to
see if it's going to be any good for them or not.
Absolutely.
We, we firmly believe in that, you know, take it for a test drive, put it into your environment.
(28:34):
It's look, but don't touch.
It doesn't impact anybody's, um, there's no latency.
It's not impacting anybody's environment because it's just 100% API connected into the cloud.
And we give a tech director, um, you know, a bigger picture than what they've already
even seen.
Even if they have the paid tools that come from Google or Microsoft, which are good products,
this just takes it to a whole nother level in terms of visibility and control.
(28:55):
Yeah.
I know for me, I've heard great about, you already have, cause maybe you're listening,
you have other things in place and you want to do a comparison, we'll do the free audit.
That's how you can compare.
Absolutely.
Go to managed methods.com, click on the free trial and we go from there.
Awesome.
Thank you, sir.
Hey, it's good to see you again, buddy.
You too.
I'm hanging out with Oliver Page with CyberNut.
Oliver, how's it going?
It's going well.
Thanks.
(29:15):
How you doing?
I'm Oliver Page.
I'm the co-founder and co-sponsor of K-12 Tech Bro.
I think you guys are coming to Midwest Tech Talk and doing the podcast with us as well.
We appreciate that support.
But you're at a cybersecurity conference, which means that you have a cybersecurity
product and service.
So I guess give me elevator pitch for the listeners that don't know, what is CyberNut?
Absolutely.
So for those of you who have never heard of CyberNut, we're the first K-12 focused cybersecurity
(29:40):
and phishing training platform built exclusively for K-12 schools.
So really focused on developing a solution that allows districts to run really effective
and gamified training to help your users learn how to spot and identify phishing.
Been in the market just over three years, grown like a weed.
(30:00):
Just over 350 school districts in the US partnered with us.
And yeah, really excited to be making a dent in K-12 cybersecurity, which as we all know,
is a very, very hot button topic right now.
It appears to be a real thing because there's a lot of people.
I can speak to CyberNut being different than the others because it's so K-12 focused.
(30:21):
Our teachers get an email and it looks like a product that we're using in K-12, where
a lot of the other solutions that are out there, yeah, it's phishing campaigns, but
they kind of stick out because it's talking about some product that the teacher doesn't
use.
So it's absolutely K-12 minded.
Exactly.
No, no.
We're very proud to have you as one of our partners, a user of the platform.
(30:45):
And like you said, the school districts, the faculty and staff need to be trained with
content that they're familiar with, right?
That is something that is a top priority.
And also meeting users where they're at from an experience level.
Training everyone at the same difficulty level doesn't make sense in this day.
Phishing emails are getting more and more sophisticated.
(31:06):
So one of the aspects of the platform is we can actually personalize the training so that
every individual user is trained at their own pace and level up in difficulty over the
course of the school year.
So we're not, you know, the traditional gotcha trainings usually have that doesn't really
work that well.
And that's why we have this person.
And I think I'd like you to speak to, I think we think about solutions like this for faculty
(31:32):
and staff. But I know that you guys have the student component as well.
If I'm a tech and I'm listening, I'm like, yeah, I already do stuff with my staff, but not
my students. What would you say to that tech?
Yeah, I would say, look, I think it's critical to have the staff protected because they're
obviously the vulnerability from an actual cybersecurity standpoint for the district.
You know, a student email inbox that gets taken over is going to be less, you know, less
(31:56):
impactful from an infrastructure perspective for the district.
But it is, I think, the duty of school districts to now think about how they can better
equip students with the real world.
And when they enter the real world, they're going to get hit.
They're going to be targeted just like everybody.
So CyberNet's approach of student training is really trying to get in on the ground level,
(32:18):
helping students learn how to spot phishing emails, identify the patterns, identify the
trends of different attack modality.
You know, we're talking about sending a student a phishing email that looks like a TikTok
meme, right? Something that they're already familiar with and that they can relate to.
And so that's really been a fun way to get people engaged and much more aware of security
(32:39):
importance. In addition to trainings of emulations, we also have videos that are also
effective for more traditional environments as well.
And that's effective on AI security.
Yeah. Yeah. I think years ago or a year ago, and a lot of a lot of tech still will say,
well, my student accounts, my email accounts are locked down or they don't receive
outside email. But you just said a thing there where it's still our responsibility to
(33:04):
train it anyway. Exactly.
So whether or not they're receiving outside emails, how great for us to still go ahead
and train them on what that email is going to look like for when the bad thing does
happen. And then unfortunately, a lot of the partners that we partner with who have
purchased the cybersecurity student product is they're also running into situations
where compromised faculty emails are utilized to target students as well.
(33:29):
And so, you know, your free Xbox giveaway email that gets sent to a teacher, you know,
gets clicks. People actually engage with that.
They do take a photo of the QR code with their phones and take it home with them.
And now all of a sudden, you've endangered a student that just didn't know better
because they've never come into contact with this sort of email before.
So I think it's not as common yet.
(33:49):
But if we look to the next several years with the advancements of AI and the things
that are starting to arise, a matter of time before every state has some level of
compliance requirement.
Awesome. Well, Oliver, good to meet you in person.
Great meeting you.
Check out CyberNut. How can we check out CyberNut?
You can check us out at CyberNut.com spelled like CyberNut.
(34:10):
That's it. And you can also book a demo or a free security assessment, too.
We have a couple of cool different ones.
Awesome. Thank you, sir.
Thank you. Well, Josh, what'd you think?
What about you, Mark? What'd you think?
(34:34):
Oh, just me here? That's OK.
Let's let's give me a round of applause.
I need a good pat on the back.
Once again, here at the K-6 conference, it's been a great event and still going strong.
Several days of focus on cybersecurity.
It's good to kind of catch your breath and think about your password policy.
Think about your cybersecurity posture just in general to talk to those that are in
(34:58):
school districts the same size as you, as well as those in different sizes and realize
that you all have this common thing going on.
You're all in this thing together trying to figure out how to keep students learning,
how to keep teachers teaching while facing off against the bad guys.
Sometimes that's little Johnny sitting in that classroom trying to figure out how to
get around your content filter and your firewall, or he breaks up with his girlfriend and
(35:23):
he had given his password, that kind of a bit.
Sometimes it's the bad guy externally trying to get into your systems.
Funding is an issue.
Staffing is an issue.
But we're in this thing together and we can do some practical things to try to take on
cybersecurity. So if you haven't already, check out K-12-6.
(35:43):
I'm going to put a link into the podcast description of several of the things that they
have available for free.
If you're going through an account compromise, there's this resource that they have
available of here's the checklist of things to go through.
So I'll put a link to that in the podcast description.
Once again, thank you to Doug.
Thank you to the K-12-6 staff.
K-12-6 is not just a conference.
They do their membership thing as well.
(36:04):
So check out K-12-6, all their resources.
But it's been a great conference here in Albuquerque, New Mexico.
We might not be the same, but you share the same pain that I do.
We pray for someone we love in the rain, and darkness is falling with the light shining
(36:25):
through. I seek for hope in you, self-assurance, I learn to speak of my point of view.
We were buying words about the phrase of the beat, and selling songs just to stand the
cue. So in the morning time, don't hesitate, unwind, reflect, create, even if it takes
(36:49):
all night. What if your feet don't feel like dancing?
What if your mind wasn't quite sure how to let this go?
I'm asking. Your body's a hill full of ego's mansion.
Now we're making room for the soul.
Said, are we making room?
(37:13):
Making room for the soul.
Live from Albuquerque, New Mexico, this is the K12 Tech Talk podcast and I'm at the 2026
(00:10):
K12 Six National K12 Cybersecurity Leadership Conference hanging out with Josh and Mark.
Just kidding.
Josh didn't show, we're used to that.
But Mark was going to come and Boston, Massachusetts, whatever, New England is supposedly getting
a lot of snow.
So Mark's flight got canceled and it's just me here.
(00:30):
But I am excited to be here.
I just spent the last two hours talking about passwords.
Mark had signed us up to do a two-hour workshop to discuss student passwords, the future of
student passwords.
And then, of course, he bailed, like I said.
So it was just me with a room full of folks excited to talk about passwords, said no one
(00:51):
ever.
But we spent two hours talking about passwords, talking about the future, had a great time.
And that kind of just, for me, sets the tone of what I think this conference is going to
be about.
It's all about cybersecurity.
So I'm hanging out here for the next couple days in Albuquerque, New Mexico, with K12
Six.
I see some Managed Methods David down the way.
We'll talk to him, a proud sponsor of the K12 Tech Talk podcast.
(01:12):
I've seen a couple friends from New Hampshire here, a couple friends from K12 Tech Pro here.
So I'm excited for this event and happy that they're having us here.
Doug was walking around earlier, excited to talk to him at some point as well.
So hang out with me, again, at K12 Six, the cybersecurity conference.
(01:33):
We'll do several interviews.
That's what this episode, special episode, is all about.
All right, I'm hanging out with Corey Rankin.
Corey, you came up to the booth.
We started talking about K12 Six admin, the subreddit.
You're on there.
But I was looking at your lanyard, too, and you're a K12 Six member.
So I want to unpack all of that with you just for a couple minutes.
So how's it going today?
Yeah, absolutely.
(01:54):
Good to meet you.
And I'm just, you know, excited to be part of the community.
And that's why I came over.
Is this your first K12 Six conference?
Yes, it is.
I've always wanted to come, but I haven't had the ability to do so in the past.
Really wanted to connect.
Cool.
So let's talk about your past.
So I guess, who are you, give me your quick K12 Tech story, where you're at today, where
(02:15):
you've been.
Sure.
So my first life started in sales, funny enough, retail sales.
Did that for 10 years, hated it.
But learned a lot of good things about connecting to people and talking.
Was convinced to join the K12 IT community.
And I thought, well, I can't do this.
I'm the neighborhood IT guy, right?
(02:37):
But was convinced, came on to a school district as a technician, worked my way up to engineer,
assistant admin, managing the engineer, assistant director, and then director most recently.
So that was a 12-year stint in a school district of 24,000.
Cool.
And then in the last month, pivoted over to running the cybersecurity program for the
(02:58):
North Carolina Department of Public Instruction.
Nice.
So you are here with that department, and then is that what you're a K126 member of?
Yes.
And then I think you said you're new to being a member.
Can you unpack that a little bit?
There's a lot of people here that aren't members.
You can see that on their lanyards, but you are.
Can you just unpack, and I know it's year one for you, but what is the benefit of that
(03:20):
membership?
Sure.
You know, I really just wanted to be a part of the community, to be able to contribute,
to be able to access some of the resources that you have to do so, but really be part
of the bigger picture.
You know, I believe cybersecurity is a team sport, and this is the entity who is doing
it across the nation, instead of the silos that we all in.
(03:42):
Yeah.
Yeah, there's some great information sharing that goes on with K126, and even with the
keynote today, they were mentioning these resources that they created for members,
but they just put it out there because of the good of the cause for the K126.
Absolutely.
Very cool.
All right.
Well, Corey, nice to meet you, and I'm glad you stopped by for a few minutes.
Yeah, I appreciate it.
Just want to give a quick shout out to Eaton.
You can check out eaton at eaton.com.
(04:04):
They make what matters work.
They can help you out with your power management solutions, your UPSs, your battery backups
and all that good stuff.
We're going to be hanging out with Eaton for the next few weeks.
That's eaton.com.
They make the podcast episode and trips like this possible for us as well, so check out
Eaton.
All right.
I'm hanging out with Dr. Tim Tillman.
(04:25):
Tim, how's it going?
Good.
How are you?
So, we were just talking about cybersecurity because we're at the K126 conference.
That makes sense.
It does.
So, would you tell me about yourself, give me a little bit of background, and then what
brings you to K126?
Sure.
So, I have been in academic technology for 32 years.
(04:47):
Started at the actual school system that I graduated from because they needed somebody
to come in and fix all the mistakes that I made as a student, so I learned how to hack
in the mid-90s on a Novell network that wasn't well-protected.
Novell was great.
Novell, I love networks so much, and token ring networks.
(05:09):
I've spent most of my career trying to be an evangelist for cybersecurity while also
being a tech director, while also learning all of the ins and outs of running an IT department.
From being a tech to a manager and everything else, I've spent time at the state level working
for the Virginia Department of Education as their CISO.
(05:33):
I teach adjunct college courses in cybersecurity.
Right now, I am the director of technology for Richmond City Public Schools in Virginia.
How big is that school district?
So, there's about 25,000 kids, and it's an urban district facing urban problems.
So anything from chronic attendance problems to, you know, there was a murder last night
(05:57):
and kids are affected by that, to an ever-decreasing budget and ever-decreasing tax base as well.
And when we were small-talking, you mentioned that first school, it was like 3,000 kids?
Yeah, so I really, I got my first directorship in a large, or excuse me, in a small district.
Five kids, 2,800 kids, or five schools, 2,800 kids, and gosh, that was a lot.
(06:21):
I love the small district.
I love being the person who had to wear all the hats.
I think without even knowing you well, I'm going to guess that you would agree with this.
The small school district problems and the large school district problems, they're the
same, right?
Yeah, it scales.
It scales, that's all it is, right?
When I first went to a larger district, everything just had an extra zero on the end, right?
(06:45):
And it was, the small districts use the exact same software, they have the exact same problems,
they have the exact same concerns, it's just everything is on a smaller scale.
Let's talk about cybersecurity then.
What is on your heart today with cybersecurity?
If I'm a tech and I'm listening, and maybe cybersecurity is not my major focus, and it
(07:09):
should be, what would you say?
I've been coming to K-12-6 since the first conference, and Doug and I have known each
other since before K-12-6, when it was just the cybersecurity map and those kinds of things.
I had a conversation with him sometime last year, and I said, you know, it feels like
(07:29):
10, 15 years later, we're still preaching the same message.
And that message is, you have to take cybersecurity seriously.
You have to build the artifacts that are necessary in your district.
You have to have the tools in place, you have to have the governance structure, you have
to have the stakeholders who are helping you on your mission.
(07:53):
There are still people in the room this morning who fight me on that.
Well, I don't need that.
I don't know why I need that.
Or we don't have the money, we don't have the time, the talent, all those things.
Yes, you do.
You do.
You can stand up an entire cybersecurity program for free.
Most of a cybersecurity program is policy and existing people.
(08:17):
You don't have to spend millions of dollars on an MSSP or MDR or any of these things.
You can be better all the time.
And cybersecurity is not an endpoint.
It's an ever-moving goal.
And every day that goes by, you get further behind.
Yeah.
(08:37):
Yeah.
Yeah.
I can think back Missouri way, for years, there was a group that I felt was preaching
SPF and DCAM and DMARC for email security.
And we felt like that session at those conferences was getting exhausted because we're just saying
the same stuff again and again.
But there were always people that didn't have that stuff going.
(08:58):
Like these things are not optional anymore.
This is basic configuration.
Yeah.
Right.
And even back then, we would say, you're not doing it necessarily for yourself.
You're doing it because you want to be a good neighbor.
So whatever, if you think it's not going to happen to you, it's going to happen to your
neighbor.
Yeah.
So how can you be a good neighbor?
And, you know, I'm speaking today, I'm going to be talking about school boards and their
(09:19):
responsibilities in the cybersecurity program.
And I have met with a lot of board members all across the nation, even, that still feel
like cybersecurity is just about password changes and, you know, making sure the kids
don't hack.
And we have to change the feelings that we have to change what people think this is.
(09:42):
Yeah.
So to not spoil your speaking, what would be that advice that you give to the tech that
he knows, she knows that school board is just talking about password?
So one of the concepts that I talk about is, is the, I guess, get some movement here.
(10:03):
I'll throw in some noise that help it kind of.
That was awesome.
You do that all with your mouth.
That was fantastic.
No.
So I'm speaking today to talk about this, this loop of, you know, right now, most tech
directors go to the board, they say, Hey, I want to spend this money on this tool.
(10:27):
And the board says, I don't know what that is.
And we have other priorities and they don't fund it.
I'm trying to teach this, this loop of going to the board and saying, I want you to establish
policy that says we have to have a cybersecurity program, right?
So that the next time you go to the board, you get to say, Hey, this is your program
(10:47):
that you asked me to establish.
Now you need to fund it.
And that creates enough awareness with, with board members or, you know, whatever your,
your governance structure is that they remember why they did that in the first place.
And they see you implementing their governance request and you're going to, you're going
to get approved for that.
(11:08):
Yeah.
That's going to feel correct.
Yeah.
So when it's a top down initiative, even if you're helping them develop the top down initiative,
it works.
If you're always going up and begging and always saying, I need more money, always going
up and saying, well, I need people to do this.
The board doesn't understand that they don't, they don't get it.
Right.
Well, Jim, thanks for hanging out with me for a few minutes.
(11:28):
I hope you have a great conference.
You too.
All right.
I'm hanging out with the Doug Levin of K-126.
Doug, how's it going?
Good.
Good.
How are you, Chris?
Good.
Things have been great.
It looks like the conference is going well.
I've experienced the conference going well.
So congratulations to that.
Yeah.
Thanks.
It's, it's off and running.
It started yesterday.
(11:50):
The official opening is this morning, going all day today and then tomorrow.
So great group.
Everybody's excited to see everybody.
A lot of people have been in the past, some new faces as well.
So yeah, really excited about it.
It's a great community here.
And it's a great cybersecurity minded community here, which is needed in K-12 tech and let's
talk about that.
(12:10):
No, a hundred percent.
Like, that's why I'm like excited by the work you do to bring your community together.
Or a similar community, maybe a little bit narrower focus than yours, but overlap.
You know, these gatherings, whether they're national or they're regional or within a state,
I mean, whether they're large or small, they're just, it's the only way we're going to get
better.
(12:30):
It's where we learn stuff.
It's where we share.
It's just so hard to do it if you don't like, I would say the face to face is also really
critical.
It creates that trust so you can have those conversations in between meetings and events
and stuff like that.
I was talking to someone today.
So yesterday I did that because Mark bailed.
(12:50):
I solo did a two hour workshop on passwords.
And that's a lot.
That's two hours of the word password, but I was talking to someone that did the session
today.
She was saying a quick appreciation for it, but we talked about the appreciation is in
the room when we would do like the question, like to discuss how many, like, here's the
(13:11):
best practice.
And then what are you guys doing as boots on the ground and to be open and honest.
And then you start to realize that your neighbor is going through the same thing, what's your
school culture look like and all, and that's needed with the in-person event and the sharing
that takes place with that.
I mean, totally.
And that's actually a reason why we don't allow media.
Yes.
(13:32):
You guys accepted, I guess.
We don't allow media at the event.
Like we make sure to screen who comes to the event because if you don't have that trust
on who's in the room, that stuff's going to stay in the room.
Like those conversations are dead in the water.
Yes.
And I think when I first started getting into this, like almost a decade ago, the sector
almost felt like, or this, this subject kind of felt almost like fight club.
(13:56):
Everybody kind of knew about it, but nobody wanted to talk about it out loud because you
weren't supposed to, right.
Maybe at the bar late at night, you could say, you know, we had this incident thing
and it was really not great.
And I wish I'd done this, or if I'd only done that, or I asked to get funded the thing that
would have stopped it, but it didn't get funded and I can't tell anybody, you know, or I let
(14:19):
people down and I feel so bad.
Like it was almost like everybody was afraid to have that conversation.
And I think that one thing that has definitely changed over the last few years is there's
more people who are more comfortable in talking about it.
They realize it's not some personal failing of theirs.
It's not that their school system is somehow unique.
Like we're seeing schools, large and small, all across the country every week battling
(14:44):
this sort of stuff.
Sometimes it's the kiddos.
Sometimes it's actually a professional cyber group, quote unquote, professional cyber group
based overseas, just looking to turn a quick buck and take advantage of it.
So you know, it's just great to get everybody together and kind of proverbially let our
hair down and have some of these, you know, really important conversations.
(15:05):
Yes, that are absolutely needed.
So let's talk about during the opening, you discussed several things.
I guess just to pick it, what do you think the focus needs to be in a school district?
If the federal government money is not going to be there?
What are just some things that you could quick take for our listeners?
(15:30):
You know, so this is the thing.
I think there's some sense that there's some magic tool or AI or something that somebody
else is doing that's some magical thing.
But even as we have been tracking this for so long and seeing the recent trends, basically
the fundamentals matter more than, matter the most of all, right?
(15:54):
So it's stuff like securing your user authentication process, passwords, right?
Where else can you come talk about passwords for two hours?
But you know, you've got to have, you know, insight and visibility into, you know, what's
on your network, have those conversations with facilities, with food service, with transportation,
(16:18):
with HR.
Shadow IT is always going to be a problem, right?
You've got to know what you have to support it.
I think, you know, the way we see school systems compromised most frequently are those reused
credentials, default creds, vendor like accounts, subs are a problem.
(16:38):
Unfortunately, we started to see student accounts getting abused, which I'm sure you talked
about.
But the other thing is services that are exposed to the internet that are not patched or are
not otherwise protected, right?
So the quote-unquote edge devices, the firewalls have been just getting hammered over the last
(16:59):
two years.
And I don't care what vendor, literally all of them, anything with an exposed management
port to the internet is getting targeted, right?
So I think that's something that we need to lock down.
And the other thing that we've been talking a lot about is getting your cloud configurations
and shoring that up, whether you're running Google or Microsoft, or you're self-hosting
(17:20):
something up in AWS or Azure or whatever, like they give you enough rope to hang yourself.
And also, like, I don't care what the service, the settings are constantly changing, right?
So you need to go through and audit that stuff.
Yeah, and we can banter a lot about secure by design, secure by default would be sure
(17:40):
nice.
I mean, the next thing I was going to say, yeah, third party risk in vendors, like how
do we figure out who's good to work with before?
Can we shift some more of that responsibility onto them?
I mean, should we really be being asked to pay a lot more for security that kind of should
have been baked in?
I mean, these are core things, unfortunately, those haven't changed.
(18:03):
But I think what's exciting about here and about the work you're doing and other similar
work is, you know, if we can get to some consensus, we can make this change.
Well, a lot of what you just said, and this is the point of why you said it, I think.
It was said during the panel, we can assume that help isn't coming.
There isn't the magic tool.
There isn't the magic pot of money.
(18:23):
A lot of the quick things that you just said are things that we can do with what we have.
So look at your systems and lock them down without spending money, without adding another
tool.
Look at the standards that are available.
Talk to your community members and see what they're doing to match those standards and
just do it.
Yeah, no, completely.
(18:44):
And that, you know, so I said two things.
One is the goal should just try to be get a little bit better tomorrow.
Don't let perfect, perfect, there's no perfect.
And there's no end to this race, right?
So you just always want to be doing continuous improvement and just get a little bit better
every day.
There's always more to do.
Just don't get discouraged.
Just keep, keep going.
(19:05):
Number one, but number two, while we may have the ability and our tools to like turn on
a setting, it would dramatically, you know, reduce the risk of the school community.
It may affect people's workflows, like it's going to affect a teacher or the superintendent
or something.
And so this is where it gets hard.
It's not a money thing.
(19:26):
It's not like a capacity or technical knowledge thing.
It's actually an internal politics kind of thing.
And I think in particular for our community, that's just a real challenge.
We're not always at the table with leadership for this.
And then we're used to talking tech and not like change management in a school district
(19:47):
and you know, working with the teachers union or whoever else we need to work with.
You know, the first time the superintendent needs to log into something that doesn't work
and they call their secretary and their secretary's like, well, I, you know, like we got a call
down to IT or whatever, you know, like they're not following the process that you set up,
like stuff breaks and you're back to square one.
So that's the challenge.
(20:07):
We actually have a breakout session going on right now, somebody who's sharing wisdom
and lessons learned and trying to sell that.
But that's, you know, that's something I think as a community, we all need to work with.
And it's always a challenge for us to get that leadership at the table with us.
And we know we don't have them for very long and we know they don't understand the technical
side, but we don't want to scare them too much.
We got to get their attention.
(20:28):
So it's a challenge.
I don't have any secret sauce or magic for it.
I think we're all trying to figure it out, you know, so, um, but yeah, awesome.
Well, Doug, we appreciate you.
We appreciate K-12 VI, this conference, but just the big picture K-12 VI, the community
here as well.
So thank you very much.
Well, thanks to you guys.
Thanks, Josh.
(20:49):
Thanks, Mark.
You know, I don't know.
Mark couldn't get out or something.
It's unbelievable, really.
You know, you're here.
I know.
We made it.
There's lots of people who made it.
Lots of people, Mark, who made it out.
I think he's the only one that didn't come.
I'm just saying.
Michael Klein, those two guys.
Yeah.
All right.
Love it.
Okay.
Thank you, sir.
Yep.
All right.
(21:09):
Anyway, David, this is David Wall with Manage Methods, a proud sponsor of the K-12 Tech Talk
podcast.
Yes.
Yes.
You've come to the Midwest Tech Talk conferences with us.
You're on K-12 Tech Pro with us.
I feel like I've known you for some years now, actually.
Yeah.
It has been.
I mean, we've been involved from the beginning, I think, as a sponsor.
And you're like in the conference circuit.
(21:30):
You're like everywhere.
You say circuit.
I say circus.
Yeah.
It's definitely the conference traveling circus.
In fact, even here at the conference at the K-12 Six National Cybersecurity Conference,
live from Albuquerque.
I should do my best Josh impersonation.
You should.
Let's go ahead and do it.
Live from Albuquerque.
That's not too bad.
Yeah.
No.
He's actually got it dialed in.
(21:51):
But no, it's so funny because like last week, I saw Mark at Cali in Colorado.
And Mark, you're not here.
Loser.
Loser.
Wait.
Yeah.
There it is.
Here.
Let's try that again.
Mark, loser.
I felt like there was a bit.
Dude.
This is what happens when you have all these.
Yeah.
I can't get it turned off.
Okay.
Here we go.
(22:11):
Loser Mark.
Your days as a radio DJ are over now.
No.
But it is.
We kind of all joke around the traveling circus, but it is almost like a traveling brotherhood.
Yeah.
And sisterhood.
It's that, you know, there was already this, you know, last night, this morning, I had
(22:33):
several vendors.
We just come around the corner.
We laugh because we see each other like, Hey, you know, because we just saw each other last
week at, you know, Cali, Colorado, or the week before that at IdeaCon in Chicago, or
next week, I'll be in Raleigh, North Carolina, and some ties.
And then the week after that, I'll be in California for AriesCon.
And then you are not coming to our Midwest Tech Talk security symposium because someone
else is.
(22:53):
Yes, exactly.
So Skip will be there, who you know, part of our Missouri team.
So we will be there.
I'll be there in spirit.
Yeah.
Yeah.
So I, I reserve my, my, I have to, you know, save up all year long, my energy for July
or your, you know, summer extravaganza.
That's the big deal.
Yes.
So enough about me, David, let's talk about managed methods.
So managed methods is at a cybersecurity conference, correct?
(23:17):
That must mean that managed methods, the cybersecurity, and I know the answer to this, but I'm going
to do this anyway.
The audience.
Yes.
Tell us about managed methods, because we mentioned managed methods all the time.
And I always feel like we probably fumbled the ball.
It's good every once in a while to have someone actually knows what they're talking about,
they come on and talk about it.
So, so here you are.
Yeah.
We're here.
Yeah.
(23:38):
So at the core of it, what we do at managed methods is we provide tools to help school
districts gain greater visibility and control into specifically their Google workspace,
Microsoft 365 environments, you obviously did Google school.
We're the only purpose built cloud application security platform that was designed for K-12
specifically with out of the box pre-packaged, fully configurable, but out of the box risk
(24:03):
scans and monitoring capabilities that are meant for what a K-12 track tech director
has to do teams.
You know, obviously the, the vast majority of school districts in the United States,
with exception, and even here in this, this audience are smaller.
And I think one of the keynote speakers made a comment earlier this morning that, Hey,
nobody's coming to help.
Yes.
(24:24):
You know, this is up to us.
And so we designed a platform that was enabled right out of the box for school districts
to not only first and foremost, get a free risk assessment about their Google workspace
environment and the content and not traditional risk assessments where people are looking
at the, the dials and the settings and the, you know, the knobs and whatnot there.
This is looking at what's going on inside the box.
(24:46):
So we, we are monitoring 24 seven, a school district's entire domain inside of Google
workspace or Microsoft 365 or both, where we look at all staff and student accounts
from the Gmail box to the browser and everything in between.
So you want to understand, Hey, I need to see what kind of data is at rest in my environment
that may present some potential risk or what kind of data is here from a compliance data
(25:11):
protection standpoint to say, okay, how many IEP files are being shared out of Google drive
with just a global link share, or how many files are being sent out the door, you know,
that are just willy nilly being floating around out there that are something we may need to
have better data governance on.
But then it's also flip it around to keeping the bad guys out.
(25:32):
So we have advanced threat detection capabilities, scanning all inbound emails for phishing,
malicious attachments, you name it, scanning all files that get uploaded.
So it's a, it's a comprehensive visibility and control standpoint.
And all that you just said is the bread and butter, right?
That's our core brand.
What people have known us for, for the better part of a decade, usually a half a dozen or
(25:55):
so customers roaming around in here today at the conference in your home state of Missouri,
we have a fairly large and growing footprint, uh, 48 out of 50 states now, I think.
Awesome.
I think.
Um, so we also have some others.
I was going to say, tell me about the content filter because that's, that's newer to me
to know about.
That's the newer piece.
Um, and everybody's going, what, you know, um, we decided, you know, due to popular demand
(26:16):
and requests from our customer base, they loved our technology for student safety and
scanning capabilities inside of Google workspace or Microsoft 365.
So they said, can you take that same technology to the browser, to the edge?
So we said, sure.
So we introduced a content filter, um, web filter, you know, what you want to call it.
(26:37):
Some people say SIPA compliant filter.
So we ha it's a browser extension based technology focused on, um, not the device per se it's
at the browser level, which gives us lots of flexibility and ease of configuration.
Um, and then of course we have a companion classroom management classroom engagement
solution as well.
And it's, um, you know, part of the advantage of being newer into a very crowded space,
(27:01):
because there's obviously a lot of vendors out there and a lot of good vendors.
Um, but being the newer new kids on the block, if you would, we have the new toys, the new
tech.
So our AI detection capabilities, um, the input, that's obviously one of the big, big
things, you know, Mark and I talked about that last week at Calais, that was all the
rage of the topic was the new playing field or the new wild, wild West for filtering.
(27:23):
Kids are no longer going into just Google and searching and then hitting a website.
They're just interacting within the model.
Yes.
Whether it's Gemini, Claude, um, you know, open it, you know, even GBT if this wasn't
banned it, why not?
And our, our stance on it is don't try and ban it or block it.
Kids are just going to find ways around it and make more nightmares for you as tech directors.
Ours is embrace it, but have technology that has guardrails and you can analyze the input
(27:47):
that is happening inside that large language model.
So then you set rules and policies to say, okay, you can use these things freely, but
then if we see abuse or inappropriate usage, then we're going to take action.
So that's the approach we've taken from the filtering perspective.
And you think about it too.
What is, uh, you know, what is a tech director's worst nightmare is, you know, educators go
off to conferences and they come back and the good old days it was, they still had to
(28:10):
bring software back and install it or ask for permission.
Nowadays it's like, Hey, look at this extension we just installed, you know, we're like, okay,
here you go.
So embrace, embrace.
Awesome.
Well, good talking to you, David.
So check out managed methods at managed methods.com.
And I know that they can also sign up for a free audit to get started with that, to
see if it's going to be any good for them or not.
Absolutely.
We, we firmly believe in that, you know, take it for a test drive, put it into your environment.
(28:34):
It's look, but don't touch.
It doesn't impact anybody's, um, there's no latency.
It's not impacting anybody's environment because it's just 100% API connected into the cloud.
And we give a tech director, um, you know, a bigger picture than what they've already
even seen.
Even if they have the paid tools that come from Google or Microsoft, which are good products,
this just takes it to a whole nother level in terms of visibility and control.
(28:55):
Yeah.
I know for me, I've heard great about, you already have, cause maybe you're listening,
you have other things in place and you want to do a comparison, we'll do the free audit.
That's how you can compare.
Absolutely.
Go to managed methods.com, click on the free trial and we go from there.
Awesome.
Thank you, sir.
Hey, it's good to see you again, buddy.
You too.
I'm hanging out with Oliver Page with CyberNut.
Oliver, how's it going?
It's going well.
Thanks.
(29:15):
How you doing?
I'm Oliver Page.
I'm the co-founder and co-sponsor of K-12 Tech Bro.
I think you guys are coming to Midwest Tech Talk and doing the podcast with us as well.
We appreciate that support.
But you're at a cybersecurity conference, which means that you have a cybersecurity
product and service.
So I guess give me elevator pitch for the listeners that don't know, what is CyberNut?
Absolutely.
So for those of you who have never heard of CyberNut, we're the first K-12 focused cybersecurity
(29:40):
and phishing training platform built exclusively for K-12 schools.
So really focused on developing a solution that allows districts to run really effective
and gamified training to help your users learn how to spot and identify phishing.
Been in the market just over three years, grown like a weed.
(30:00):
Just over 350 school districts in the US partnered with us.
And yeah, really excited to be making a dent in K-12 cybersecurity, which as we all know,
is a very, very hot button topic right now.
It appears to be a real thing because there's a lot of people.
I can speak to CyberNut being different than the others because it's so K-12 focused.
(30:21):
Our teachers get an email and it looks like a product that we're using in K-12, where
a lot of the other solutions that are out there, yeah, it's phishing campaigns, but
they kind of stick out because it's talking about some product that the teacher doesn't
use.
So it's absolutely K-12 minded.
Exactly.
No, no.
We're very proud to have you as one of our partners, a user of the platform.
(30:45):
And like you said, the school districts, the faculty and staff need to be trained with
content that they're familiar with, right?
That is something that is a top priority.
And also meeting users where they're at from an experience level.
Training everyone at the same difficulty level doesn't make sense in this day.
Phishing emails are getting more and more sophisticated.
(31:06):
So one of the aspects of the platform is we can actually personalize the training so that
every individual user is trained at their own pace and level up in difficulty over the
course of the school year.
So we're not, you know, the traditional gotcha trainings usually have that doesn't really
work that well.
And that's why we have this person.
And I think I'd like you to speak to, I think we think about solutions like this for faculty
(31:32):
and staff. But I know that you guys have the student component as well.
If I'm a tech and I'm listening, I'm like, yeah, I already do stuff with my staff, but not
my students. What would you say to that tech?
Yeah, I would say, look, I think it's critical to have the staff protected because they're
obviously the vulnerability from an actual cybersecurity standpoint for the district.
You know, a student email inbox that gets taken over is going to be less, you know, less
(31:56):
impactful from an infrastructure perspective for the district.
But it is, I think, the duty of school districts to now think about how they can better
equip students with the real world.
And when they enter the real world, they're going to get hit.
They're going to be targeted just like everybody.
So CyberNet's approach of student training is really trying to get in on the ground level,
(32:18):
helping students learn how to spot phishing emails, identify the patterns, identify the
trends of different attack modality.
You know, we're talking about sending a student a phishing email that looks like a TikTok
meme, right? Something that they're already familiar with and that they can relate to.
And so that's really been a fun way to get people engaged and much more aware of security
(32:39):
importance. In addition to trainings of emulations, we also have videos that are also
effective for more traditional environments as well.
And that's effective on AI security.
Yeah. Yeah. I think years ago or a year ago, and a lot of a lot of tech still will say,
well, my student accounts, my email accounts are locked down or they don't receive
outside email. But you just said a thing there where it's still our responsibility to
(33:04):
train it anyway. Exactly.
So whether or not they're receiving outside emails, how great for us to still go ahead
and train them on what that email is going to look like for when the bad thing does
happen. And then unfortunately, a lot of the partners that we partner with who have
purchased the cybersecurity student product is they're also running into situations
where compromised faculty emails are utilized to target students as well.
(33:29):
And so, you know, your free Xbox giveaway email that gets sent to a teacher, you know,
gets clicks. People actually engage with that.
They do take a photo of the QR code with their phones and take it home with them.
And now all of a sudden, you've endangered a student that just didn't know better
because they've never come into contact with this sort of email before.
So I think it's not as common yet.
(33:49):
But if we look to the next several years with the advancements of AI and the things
that are starting to arise, a matter of time before every state has some level of
compliance requirement.
Awesome. Well, Oliver, good to meet you in person.
Great meeting you.
Check out CyberNut. How can we check out CyberNut?
You can check us out at CyberNut.com spelled like CyberNut.
(34:10):
That's it. And you can also book a demo or a free security assessment, too.
We have a couple of cool different ones.
Awesome. Thank you, sir.
Thank you. Well, Josh, what'd you think?
What about you, Mark? What'd you think?
(34:34):
Oh, just me here? That's OK.
Let's let's give me a round of applause.
I need a good pat on the back.
Once again, here at the K-6 conference, it's been a great event and still going strong.
Several days of focus on cybersecurity.
It's good to kind of catch your breath and think about your password policy.
Think about your cybersecurity posture just in general to talk to those that are in
(34:58):
school districts the same size as you, as well as those in different sizes and realize
that you all have this common thing going on.
You're all in this thing together trying to figure out how to keep students learning,
how to keep teachers teaching while facing off against the bad guys.
Sometimes that's little Johnny sitting in that classroom trying to figure out how to
get around your content filter and your firewall, or he breaks up with his girlfriend and
(35:23):
he had given his password, that kind of a bit.
Sometimes it's the bad guy externally trying to get into your systems.
Funding is an issue.
Staffing is an issue.
But we're in this thing together and we can do some practical things to try to take on
cybersecurity. So if you haven't already, check out K-12-6.
(35:43):
I'm going to put a link into the podcast description of several of the things that they
have available for free.
If you're going through an account compromise, there's this resource that they have
available of here's the checklist of things to go through.
So I'll put a link to that in the podcast description.
Once again, thank you to Doug.
Thank you to the K-12-6 staff.
K-12-6 is not just a conference.
They do their membership thing as well.
(36:04):
So check out K-12-6, all their resources.
But it's been a great conference here in Albuquerque, New Mexico.
We might not be the same, but you share the same pain that I do.
We pray for someone we love in the rain, and darkness is falling with the light shining
(36:25):
through. I seek for hope in you, self-assurance, I learn to speak of my point of view.
We were buying words about the phrase of the beat, and selling songs just to stand the
cue. So in the morning time, don't hesitate, unwind, reflect, create, even if it takes
(36:49):
all night. What if your feet don't feel like dancing?
What if your mind wasn't quite sure how to let this go?
I'm asking. Your body's a hill full of ego's mansion.
Now we're making room for the soul.
Said, are we making room?
(37:13):
Making room for the soul.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
The Joe Rogan Experience
The official podcast of comedian Joe Rogan.
Betrayal Season 5
Saskia Inwood woke up one morning, knowing her life would never be the same. The night before, she learned the unimaginable – that the husband she knew in the light of day was a different person after dark. This season unpacks Saskia’s discovery of her husband’s secret life and her fight to bring him to justice. Along the way, we expose a crime that is just coming to light. This is also a story about the myth of the “perfect victim:” who gets believed, who gets doubted, and why. We follow Saskia as she works to reclaim her body, her voice, and her life. If you would like to reach out to the Betrayal Team, email us at betrayalpod@gmail.com. Follow us on Instagram @betrayalpod and @glasspodcasts. Please join our Substack for additional exclusive content, curated book recommendations, and community discussions. Sign up FREE by clicking this link Beyond Betrayal Substack. Join our community dedicated to truth, resilience, and healing. Your voice matters! Be a part of our Betrayal journey on Substack.