February 15, 2023 • 36 mins
In an ever-growing connected world, cybersecurity is a growing issue that often gets overlooked. From financial risks to personal information risks, cybersecurity risks have changed the landscape of K12 and higher education. Despite the growing risks, we have yet to see a hyper-awareness of school and community leaders of the landscape of cybersecurity impact.
In the first part of this three-part K-12 Education and Cybersecurity series, our guests discuss why cybersecurity is so important, current risks, often overlooked struggles, the significance of collaboration, and more. This conversation aims to address the issues at hand and improve awareness of cybersecurity strategies.
Today’s guests are Mitrankur Majumdar and Lenny J. Schad.
Mitrankur Majumdar is a passionate, innovative, and strategic business leader with 23 years of experience specializing in executing business transformation through technology and process intervention. At Infosys, Mit is responsible for positioning the company as a global systems integrator across Information Services, Publishing, professional services, education, travel, hospitality, and EPC companies. Apart from helping his customers with their IT or BPO landscape.
Lenny Schad, Chief Information & Innovation Officer for District Administration, has worked in K-12 since 2003, successfully leading the implementations of BYOD and 1:1 in Katy ISD and Houston ISD, respectively, as the CIO. Lenny has served as a board member for CoSN and is a published author. His book “Bring Your Own Learning: Transform Instruction with any Device” has helped many organizations implement digital transformation initiatives.
This episode of The CoSN Podcast is supported by Infosys. Learn more at https://www.infosys.com/
Engage further in the discussion on Twitter. Follow: @CoSN, @edCircuit, @Infosys, @mitrankurm, @Lschad
The CoSN Podcast is produced in partnership with edCircuit. To learn more about CoSN, visit www.cosn.org. Learn more about edCircuit, visit www.edcircuit.com
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:03):
Welcome to the coast and podcast.
Produced in partnership with Ed circuit media.
In organization focused entirelyon the K20, Ed tech industry and
empowering the voices that can provide guidance and expertise
in facilitating. The appropriate usage of
digital, technology in education, Ed circuit Elevate,
the voices of today's Innovativethought, leaders and experts
(00:27):
kosan represents over 13 million.
Ants in districts and educational institutions,
Nationwide and continues to growas a powerful and influential
voice in K-12 education, this high-profile series showcases
industry, thought leaders and Executives who provide timely
Market insights and critical guidance, on various educational
(00:50):
technology. Strategies, hello.
My name is Jeff angle and on behalf of cozen and today's
sponsor emphasis, we are excitedto bring you part.
One of a Part series on K-12 education and cyber security.
In this episode, we will discusssetting the broad context and
democratizing cybersecurity joining me.
Today, are mid wrong, Kerr, majumdar and Lenny shod.
(01:15):
Let me tell you a little bit about MIT.
It is a passionate Innovative and strategic business leader
with 23 years of experience specializing in executing
business transformation to technology and process
intervention. At Infosys MIT is responsible
for positioning the company. As a Global Systems integrator
across Information Services, publishing Professional Services
(01:35):
education, travel hospitality and EPC companies apart from
helping his customers leverage robotic process automation, to
generate efficiency artificial intelligence to solve complex
business problems, benefit from digital transformation, big data
to get insights and complete their Cloud transformation
journey, and much more, welcome to the podcast and hit.
(01:57):
Thank you so much for having me Jeff.
Clever also, joining us is Lennyshod Chief Information and
Innovation officer for District administration.
He has worked in the K-12 education space.
Since 2003 successfully, leadingimplementations of BYOD
one-to-one, Computing in the Katy ISD and Houston is D
(02:20):
respectively as their Chief Information officer Lenny's
recognitions include National School Board.
Association is 22 watch Texas CIA.
Oh the year. Education weeks leader to learn
from and Houston CIO of the yearor be award for nonprofit and
public sector. Lenny has served as a board
(02:41):
member for kosan and is a published author.
His book, bringing your own learning transformation
instruction with any device has helped many organizations
Implement digital transformationinitiatives lay, welcome to the
podcast. Thank you.
I'm excited to be here and really anxious to get into this.
Really important topic. Thanks again.
(03:02):
Yeah. It's an interesting space and I
know can with cybersecurity specifically very important to
the education sector, both k12 and higher education and to kick
this off mid I'd like to ask youto share more about yourself and
tell our listeners why cybersecurity is essential and
why you think it's mainstream? Jeff.
(03:22):
Thank you so much for your question.
Let me just quickly introduce myself.
My name is min tranquil majumdar.
As I said I'm a senior vice president and global Head of
services at Infosys. Today's topic of discussion
cyber security is very important.
We live in a world that is, you know, hyper connected by the
digital technology, you know starting from electricity that
(03:43):
powers our living rooms and boardrooms to paying utility
bills and school fees online digital is the common thread all
across. And especially when it comes to
school cyber security becomes very important and as we all
know school districts, pivoted to on Land Learning during
covid-19 pandemic. And that has made the situation
(04:03):
more complicated. Unfortunately, with all this
cloud based learning platforms and BYOD policies and has kind
of magnified. The, it security risks, and they
were quite a lot of breaches that happened at K-12 schools
public colleges private universities.
So, we really need to take this issue very seriously because
(04:26):
this whole infiltration of it systems.
Eames sometimes remains undetected for decades as it
happened in case of Australian National University for for
various reasons, you know, from Financial risks to personal risk
to economic this, I think cyber security has taken a center
stage nowadays. Jeff, thank you for that.
(04:49):
And what would you like to add to that?
Well, you know, I think, I thinkthe pandemic really changed the
landscape and you know, while were were really excited about
This new opportunity that it presented us with multiple
devices, and every student potentially having a device to
take home, unfortunately, the Bad actors out there.
(05:12):
Also saw this as an opportunity and as MIT said, you know, K12
is under attack and you know, they are one of the highest
business sectors for cyber breaches.
And you know, while it's been documented and put into the
Papers. The unfortunate thing is, we're
(05:32):
still not seeing this hyper awareness among the senior
leaders of school systems to recognize this isn't enough.
Something that you you can take haphazardly or you don't have to
worry about this. Is this is something that should
be the Forefront of every schoolsystem out there.
(05:52):
And so that's why conversations like this are so important
because the, the heightened awareness Earnest isn't going to
happen unless we keep talking about it.
Yeah, most definitely and let meto that in that Arena especially
with the, you know, BYOD or bring your own device.
This next question is for you because we often hear about
(06:15):
cyber risks in education, or health care in different areas.
How significant are those risks?And how do you think it's
affecting the current state of affairs in education?
The landscape is huge, you know,it comes from it can extend to
the the data breaches. It can go to ransomware to
fishing, you know, the social media.
(06:38):
So, the landscape is very big and then when we start thinking
about ramifications, you know, for school systems, especially
school board's superintendents, the trust of the community is
really affected when there's a breach, because personal data is
that, Risk. So when you think in terms of a
(06:59):
superintendent and School Board Trust of their of their
Community, from a financial perspective, aside from the
unbudgeted dollars that will have to be allocated to the
remediation. This can impact your bond
rating. So if you're a district who is
going after Bond elections or Bond levies, a cyber incident,
(07:21):
can can really impact your ratings so that you can't get as
many bonds. That you were that you were
anticipating. So the ramifications go Way
Beyond just the immediate, you know, dollars that you have to
put out for the remediation and I think that's what we have to
get people to understand. There's the loss of
(07:41):
instructional time. You know, some of these
incidents there, they're broad enough and deep enough where
instructional time is impacted because the internet has to get
shut down and resources have to get taken away.
And I think that's what our goalhere is to Today is to start
talking about the landscape of impact and how do we start
(08:03):
making it real for everybody outthere?
Just Not it. That is a great point and I
don't think, you know, being an educator myself.
I don't think it's a, whether itbe a university or School
District. Do not really think about the
downstream impact of a breach. That's a great point.
(08:25):
Do you know Says cyber next. Can defend you against lethal
cyberattacks and keep you hyper connected at the same time.
Our platform provides a comprehensive cybersecurity
solution to Enterprises that otherwise need to invest in
dozens of security Technologies,to attain Swift security
maturity. This is provided by highly
(08:46):
skilled security analysts in ourspecialized globally.
Distributed network of cyber Defence Centre.
For more information, please visit You .i nf0 sys.com or
right to MIT r. A n, KU r, m @i, n fo sys.com in
(09:11):
admit from this overview. I'd like to get your point of
view. On why cyber security is
important for any institution, any entity school districts
corporations? I think, I think, see and
schools are as vulnerable to cyber breaches.
As any Fortune 500 corporations,you know, if you remember
covid-19 relief funds that was distributed by US, Department of
(09:34):
Education, through community colleges.
Those also resulted in to cyberattacks.
So malicious actors. Are, you know, launched actually
fishing campaigns with covid-19 stimulus in the subject line of
their emails? And that resulted in two
significant issues for students as well as the, you know, the
(09:54):
schools in Fact, as early as the2017, the Internal Revenue
Service IRS, want the hackers that, you know, they would
Target schools after corporates for confidential and tax data.
So, you know, school districts should ensure that the that
they, you know, build robust security around the right
(10:16):
assistance. They need to incorporate
security mechanisms that Safeguard Legacy, as well as the
new and emerging systems. Another, another key imperative
is this whole implementation of Chair proof, secure
cybersecurity linked with secureby Design concept.
So, you know, as digitization oflearning Source, resources and
administration skills up exponentially schools need to
(10:38):
adopt in automation to red flag and address potential threats,
and security issues in advance and Jeff.
That's a fantastic point of view.
So we're gonna keep on service security but talk about the
challenges in the in the education sector specifically.
So what according to your the significant prominent struggles
(11:00):
that that can't be overlooked byschool districts.
Yes. These are.
There are quite a few Jeff. Actually as Lenny mentioned,
they are schools are under attack, right?
And there are, I will just, you know, endless them in different
numbers. So first, first and foremost is
(11:20):
the whole policy and governance piece managing compliance at a
lower cost. A to streamline processes is a
challenge and in a continuous compliance monitoring managing
compliance requirement. And then, you know, rigorous
regulation, environment is putting a great pressure on
school districts. According to me, a
(11:41):
comprehensive, you know, governance risk and compliance
program will help in envisioninga cybersecurity roadmap for
school districts. And, you know, the key to
success of an effective GRC program GRCC As in governance
risk and compliance is to have atwo-tiered approach, one would
be a strategic level where GRC should be a continuous process
(12:04):
embedded into a culture whereas at an operational level it
should eliminate silos 20 / /. So the first thing is policy
governance, the next thing I think Lenny also alluded to that
is this whole proliferation of devices and endpoints and that
gets you know that gives access to a wider audience like you
know, multiple devices, multipleapplications.
(12:26):
Multiple stakeholders like a faculty, parents students
administrators, and so on. So massive number of devices
that creates more endpoints. That is one, there is a second
one. Third thing is around this whole
wire, wireless connections that are unsecured and then, the
wireless routers that are without firewalls.
(12:47):
If we do a root cause analysis, when then we find that the
primary reason why they were breached or attack was because
they had all, you know, Poor admin, privileges Access Control
poor management of grade of their operating systems and poor
management of patching and keeping the systems up to date.
(13:07):
This is the third point and thenseveral schools have not
replaced. There are Legacy it tools and
digital interfaces, due to financial constraints.
And, you know, we spoke about that a little bit earlier and
then faculty and administrators are using their own devices.
And they often disregard Security updates, and Os,
(13:28):
patching. And finally, this whole video
streaming and chat programs, as well as the whole online
proctoring services for pedagogical support in virtual
classrooms, create entry points for another unauthorized access
into Learning Network. So, there are quite a few.
I would say challenges that the education sector is facing today
(13:51):
from the cyber security point ofview.
Yeah, that's great. I don't think, I don't think.
The schools were the audience understands the complexity of
that landscape from a technologystandpoint and Lenny, you know,
from your standpoint. You know, I read in a couple of
different journals, the average breach data breach in 2022 cost
(14:14):
a company about four point two to four point four million
dollars. So from a district standpoint,
how can L strengthen their defense given the the financial
ramifications that you'd mentioned before.
Yeah, you know I think I think the the issue and met I think
you did a great job of talking about the the governance and the
(14:36):
Tactical structures and processes that really have to be
put in place in sustained and that is one of the things that
really isn't understood, but I want to Bubble it up even higher
to say. I think the fundamental
challenge with K12 right now is cybersecurity is still viewed.
(14:56):
As an IT problem, and until districts embrace, the reality
that it is an Enterprise problem.
They're going to be solving, youknow, bits and pieces.
It's almost like an olive cart strategy.
And in fact, when you look at cyber security, it really is a
three legged milk stool. You have one of the legs is
(15:18):
technology. One of the legs is people and
one of the legs is process and you have to attack cyber
security on all All three of those levels.
If you want to be successful in addressing it.
Unfortunately, most school systems out there are doing the,
a la carte method and they're looking at.
I'm just going to talk technology and they feel like
(15:38):
that's good enough. So, from my perspective and what
I'm really hoping out of conversations like this is
administrators out there recognize that the people side
of cyber security and the process side of cyber security
is the Enterprise. And when I'm talking about,
About the, the people side this is all about awareness.
(16:00):
How are we educating our staff, our students, our parents on
what cybersecurity is and makingthem good digital citizens, good
aware digital citizens on what to do and what not to do.
And are we putting in the appropriate consequences and
management and monitoring of these awareness programs to
(16:23):
ensure that we're getting betterover time?
It's one thing to put I'm processing or an awareness
program in and just hope that people get better.
But what we need to do is put a plan into say we're going to
measure this on the process side, this is where mitt was
coming in. We need to put governance
processes and procedures in place that we can actively show
(16:46):
what we're doing and have an Enterprise cybersecurity
Community out there. Governance community that
understands what their roles andresponsibilities are.
So that we have incident incident response, plans that go
all the way up to the school board.
So that we're actively followingsome tabletop exercises as an
Enterprise. So you know, Jeff I think it's
(17:09):
really understanding that cybersecurity.
Is this Enterprise level? It's not an IT problem.
There's three legs to this milk stool, people process and
technology and we have to attackthem all at the same time.
Yeah, that's a great point. I did read also that from a,
from a technology standpoint that the single greatest point
of failures people that these, you know, Bad actors usually get
(17:33):
access into into their Network. It anything you'd like to add to
and that topic. Yes, the one thing I wanted to
share and and this is just some ideas and thoughts, right?
So and there are, there are somebasic concepts that can be
followed. And when it comes to protecting
(17:56):
these institutions, right? And, and the concepts, in, my
opinion, are threefold, right? So, first being start with
secure by Design, right? So, you know, design of security
principles should be put in place review of the, all the
iits architecture. The iot architecture, the OT and
(18:16):
the operational technology. Part which Lenny spoke about
that. We should not just focus on I.T.
Hassan the iot part focus on theOT part em, with the various
principles of cybersecurity and design into the total digital
Journey at the time of building a project.
So anytime it should cyber security should not be an
afterthought. It should be starting from the
(18:37):
design starting from the conception of the ideas of any
project for an institution that you are doing.
I think that is that is one important thing so that, you
know, we should be able to address the cost of the be Is on
the cost of non-compliance, to audit requirement.
Making sure the cybersecurity doesn't become an afterthought.
So, that is One secured by Design, right?
(19:00):
Second is secure by scale and there are ways to achieve this
through. You know, why either use
platforms, you use accelerators,use automation.
So there are many ways by which you can do it.
But the main important messages secure by scale and not for just
point activity, right there is asecond one.
And third thing, very important is secured.
(19:21):
The future because we have to keep Pace with, with the
sophisticated and and persistentcyber threats and that are
coming up and that needs new age, cyber Security Solutions
that are multi-layered that havea multi-layered threat defense,
right? And and we have to leverage
Advanced threat intelligence. We have to use probably deep
(19:44):
analytics and correlation orchestration automation.
There's so many things basicallyuse all these methods and
techniques. So that we can prepare
Enterprises for any eventuality and then that will help them in
staying, you know, relevant and then secured the future.
So, three concepts, very important in my opinion.
Secure, the design is secured byDesign, secured by scale, and
(20:08):
then secure the future movement.And so it's in for you, you what
our samples are insights on how these cyber Bad.
Actors are using different, patterns, different types.
It's of breaches to Target educational institutions for
financial gain. Yes, a very, very important
(20:28):
question here. I will give you some statistics
enduring 2021 and the whole K12.As cyber incident map.
Documented, sixty, two instancesof US public K12 school
districts being victimized by ransomware a very highly
disruptive cyberattack tactic employed by all these online
criminals to extort money from victims.
(20:51):
And and incidents where geographically dispersed
actually with reports of school and somewhere emerging from
districts of varying sizes, across 24, different states.
And this was that was the third straight year and 2022 will make
it four years in a row that there have been more than 50
(21:13):
publicly disclosed k12, and somewhere.
So it's a, the numbers are just staggering.
And I will give you one example without naming the school.
Rick in 2022 itself. This happened that there was a
cyber intrusion that Force, the whole school district.
And to take this extraordinary measure of shutting down most of
its computer systems, and it impacted millions of users,
(21:36):
which included students, facultyand staff, and the district
actually had to finally contact,you know, Federal officials
White House. Got involved US Department of
Education, but in FBI got involved.
Fortunately, they did not negotiate with the cyber.
Stand. They were Academy attempting to
extract. Education dollars from the kids
and teachers and staff, which was not a just a very
(21:59):
justifiable option. And they refused to pay the
ransom and and they were able torestore but significant amount
of time and resources and money went in in making this happen.
So, the problem is grave, and a lot has to be done and Lenny is
right, you know, Administration has to get involved states, have
(22:20):
to get involved. The federal government has to
get involved and to make sure that you know, such things don't
get repeated. So given that the school
districts can do it alone. And let me this question is for
you, how can districts work withexternal technology providers to
strengthen security? Yeah, this is, I think this is a
great question because, you know, when I when I talked to
(22:41):
school systems out there about making this an Enterprise
initiative, the, the question I always get is, well, how do I do
this? How do I, how do I get my
Superintendent in my school board, you know aware of this
not just aware, but actually buying into their their part of
the ownership. And for me, it's a pretty simple
(23:02):
step. And that is you've got to get an
external, cyber risk, assessmentdone.
And so this is a great way to engage with a third party
external third-party expert in cybersecurity.
And these organizations, there'smany of them out there.
They come in and do this comprehensive.
Civ risk, assessment of your district.
(23:25):
And they look at the people, theprocess, the technology and they
will identify all of these areasof weakness and they basically
give you a report back that thenyou can sit down with the
cabinet with the school board and say, here is our is.
Here's our risk assessment, and here's our landscape and here's
(23:45):
what we can fix. Here's what we need to fix.
Here's the priority of how we want to attack this.
At that point you have ownershipat the cabinet level, right?
Because you now are sharing withthem what the risk landscape
looks like. And as an organization, they are
going to make the decision of what they're going to fund and
(24:07):
what they aren't going to fund. But the most important part of
it is they're doing it as a group right too often.
What I hear when there are cyberincidents and I go in and I talk
to people is school boards and superintendents.
You know, they're there in the dark so their comment is if we
would have known, we would have fixed this, right?
But we just didn't know. So having this comprehensive
(24:30):
risk assessment and sharing thiswith the cabinet, sharing it,
with the school board, really takes that, that Darkness away,
and puts everybody in on the same page and then you move
forward. And then, now you have this
multi-year cyber plan and I would get this risk assessment
done every single year and I would certainly Have it done by
(24:52):
an external company. The good part about this too.
Is, if you have an incident or when you have an incident, this
third party has a deep understanding of your
organization, right? So, you can engage this third
party right away, and they basically can come on site and
begin remediation versus going out and contacting somebody
(25:15):
who's never worked with the organization.
It could take them up to two days to get an understanding of
your organization before. They Even start remediating.
So engaging with this third party to come in and do a risk
assessment. Kind of gives you two Avenues of
this cyber security landscape. That's really important and it
gives you that opportunity to share with your cabinet.
(25:37):
Those great insights and we'll get to the funding component
here, just a second before we get that Lenny, our district
future-proofing, their, it ecosystems to incorporate
security threat, perception, Advanced cyber intelligence and
ultimately Take a preventive action.
That is the cusp that we're looking at.
(25:57):
My worry is that these are conversations?
That should be going on in school systems but until we get
this at the Enterprise level anduntil cybersecurity has a
sustained funding strategy and it is viewed as something that
(26:19):
we have to invest in every single.
Year. It departments are going to be
left to fight for for the scrapsand that's that's why this
conversation is so critical. I don't think we can start
having those conversations that you just mentioned until it's
adopted at the Enterprise level and we're on the cusp of that.
(26:41):
Now as you start looking at Ai and Predictive Analytics coming
in and all of these very robust technology, Is that are coming
in, they inherently bring cyber risk with them.
Just the internet of things and how many new Internet of Things
arse. Now, starting to hit our
districts. These are the conversations that
(27:02):
we should be having on building up on our cyber Foundation.
But unfortunately a lot of our school systems out there, don't
even have the foundation to build upon, that's a very
fuckable Q thought. So to say when you've been with
some fairly large school districts, Is there CIO, you
(27:23):
know and those districts always have people funding for Content,
professional development. But what are your thoughts on
sustained funding around cybersecurity?
Yeah, you know, and the Beautiful part about
cybersecurity is it doesn't matter what size school system
you are. In fact, when you look at the
data out there, smaller school systems, are much more likely to
(27:47):
be attacked than the larger school systems because of what
you just said, Jeff there. The assumption is the smaller
school systems don't have the dollars, don't have the people
to build these robust infrastructures and protective
layers. So they're easy targets.
So, you know, first off, I want to take this, this inclination
that if I'm a small school system, people are going to
(28:08):
ignore me you're actually more more under attack.
So when we level the playing field like that and say, look,
everybody needs to be facing this.
I think number one, we have to approach cybersecurity as it
can't be viewed as other do. Duties as assigned somebody in
your school system, no matter what size system you are, their
primary job has to be cybersecurity, right?
(28:31):
And it's a sign of the times andthey they have to have their
focus on the monitoring, the managing, the daily care and
feeding of the cybersecurity activities.
For the cios, the it leaders outthere their challenges working
with their Administration to help them understand funding for
this. Isn't a one-time funding funding
(28:54):
for cyber security needs to be viewed, almost like fuel for the
buses. This is an expense, this is a
cost of doing business. This is something that we have
to have in the budget every single year.
It's likely going to increase over time, but it is something
that should be never up for cut,just like, fuel for buses.
(29:15):
And I think until we get that mentality, I don't think we'll
ever be able to say so Cybersecurity has a sustained
funding strategy, right? Most of the district's out there
when you talk to their it leaders about cybersecurity two
things, come up, we need more people and we need more money.
And so I think that need more people angle again.
(29:38):
If you go back and look at, we need to have dedicated resources
and maybe repurpose some functions.
And so, you know, I'm not necessary, I haven't bought in
necessarily to this whole idea that it's more people.
I think it As a whole need to look at repurposing roles and
responsibilities. Because I think that there are
some things they're doing now that they don't need to be doing
(30:00):
again. It goes back to this this idea
of somebody dedicated to cybersecurity full-time and then
from a funding source we have e-rate out there and and word on
the street is that e-rate is going to make some changes that
will make some of the elements of cybersecurity eligible.
So we need to look at all of these different funding sources.
Take Image of that. But it needs to be something
(30:24):
that's dedicated every single year and non-negotiable it's an
expected cost of business. As a great point is it is a and
I don't think, you know, the audience or the district's fully
understand this. But it's a, it's a persistent
threat and it's an ever-evolvingthreat.
The and that's why I like to that's why I like to compare it
(30:44):
to like fuel for buses, right? But you never have a
conversation around. We're going to cut the fuel
budget, right? I mean it's a Assume that the
fuel for the buses is an ongoingexpense that we're going to
have, and that's what we need toview cybersecurity.
As it's an ongoing cost. It's a, it's a bucket set aside,
that's never up for the cut conversation.
(31:05):
That's great point. I mean, if it was a couple years
ago, everybody thought blockchain was very secure.
Yeah, until it wasn't exactly. Coaster is the Premier
membership organization designedto meet the needs of K-12
education, technology leaders their resources, support the
entire it infrastructure of the school system, kosan offers
members, access to their thought, leaders across the
(31:27):
country, and the ability to actively participate, in local
codes and chapters. Join the network today, by
visiting coast and dot-org and become another influential voice
in K-12 education. So in one of you mentioned about
working with external Partners since we were talking about that
admitted like you to share your insights on that external
(31:48):
partner, emphasis is cybersecurity framework and
capabilities and how emphasis ishelping in the K-12 sector and
yet as I was mentioning earlier,right?
So, there are three principles that we follow in a holistic
manner to make sure that the cyber security solution that we
are talking about. Addressing everything from the
(32:11):
very beginning. So first, as I mentioned, it has
to be secured by Design. You check your information, I.T,
I.T architecture, your check here, Internet of Things
architecture, you check your OT architecture, you check all
those things and make sure that cybersecurity is embedded in in
all of them. And basically, every time you're
designing a solution, every time, you're designing a
(32:32):
project, you make sure that cybersecurity is embedded in it
and it's not an afterthought, itdoesn't come.
Um, as the last thing in your mind, it comes as one of the
first things and in your mind. So you secure by design your
secure early. Second thing is that, with the
whole, we spoke about devices, proliferation of devices, and so
(32:52):
many end points and so on, and so on, so many stakeholders, and
so many applications and so on. So you have to secure by scale
and you have to secure for massive amounts of end points
and so on. So you know, there you can use
And, you know, I don't want to get into a lot of details in
terms of what kind of platforms do we have?
(33:14):
But basically, you have to make sure that you have platforms,
you have accelerators, you have mechanisms for automation,
managed Security Services, and so on and so forth.
So you have to secure by scale. And then of course, secure the
future by using AI analytics Advanced threat, intelligence
and so on and so forth. So make sure that because what
(33:37):
is happening is that this is a ever Our changing field and and
the technology is changing the threat actors are constantly
acting on it. And they are, they are creating
new ways to penetrate and, and we have to be ahead of them.
And that's where you need to make sure that you look at it
futuristically and don't solve it for now, right?
(33:57):
So, these three principles if wehave to follow and in so this is
we call it as a holistic cybersecurity program, right?
So that is first thing. And then the approach that we
take And I, basically talked something that Lenny already
spoke about, right? So first thing is about
diagnosing, right? So first thing is about
assessment and diagnosing, the current state of affairs, what
(34:19):
is the status of your cyber security posture, right?
So how strong your defenses are?So first, you diagnose, the
situation, assess the situation,and then, and then you design
the solution, based on the threeprinciples that I spoke about
your design and the solution. And then obviously, you know,
you delivered through any kind. He's of platforms are Infosys
(34:40):
obviously has its own set of platforms and we don't have time
to go into details of that, but we have our own set of platforms
to take care of it. But there are many others in the
market. So it's most important is to
make sure that you deliver on that design solution.
And finally you constantly keep defending.
This is, this is not once you'vedesigned for it and you're done
(35:00):
with it. You're not you have to
constantly keep checking and that is what secure by Future
is. You have to constantly keep
monitoring and keep Sending yourpremises in, keep defending your
device's defending, your applications and systems.
So, and that is the fourth principle.
So, you know, diagnose design deliver and defend.
(35:22):
So once we are able to and I have kept it more holistic,
sorry, so that people can understand it without getting
into a lot of technical details.But that is the philosophy that
we adopt and so far, it has worked well for us as fantastic.
So, great information. Today we very much I appreciate
it and with that, thank you mythand Lenny for your time today
(35:43):
and we look forward to the next discussion on behalf of the
leadership team at kosan. Thank you for listening to this
episode of the coast and podcastto access other podcasts in the
series, visit kosan dot org or Ed circuit.com.
We're complete lineup of engaging technology topics.
Ed circuit empowers. The voices of Education with
hundreds of trusted contributorschangemakers and Industry
(36:05):
leading education. Innovators.
I appreciate it and with that, thank you myth and Lenny for
your time today and we look forward to the next discussion
on behalf of the leadership teamat kosan.
Thank you for listening to this episode of the coast and podcast
to access other podcasts in the series, visit kosan dot org or
Ed circuit.com. We're complete lineup of
engaging technology topics. Ed circuit empowers.
The voices of Education with hundreds of trusted contributors
changemakers and Industry leading education.
Innovators.
Welcome to the coast and podcast.
Produced in partnership with Ed circuit media.
In organization focused entirelyon the K20, Ed tech industry and
empowering the voices that can provide guidance and expertise
in facilitating. The appropriate usage of
digital, technology in education, Ed circuit Elevate,
the voices of today's Innovativethought, leaders and experts
(00:27):
kosan represents over 13 million.
Ants in districts and educational institutions,
Nationwide and continues to growas a powerful and influential
voice in K-12 education, this high-profile series showcases
industry, thought leaders and Executives who provide timely
Market insights and critical guidance, on various educational
(00:50):
technology. Strategies, hello.
My name is Jeff angle and on behalf of cozen and today's
sponsor emphasis, we are excitedto bring you part.
One of a Part series on K-12 education and cyber security.
In this episode, we will discusssetting the broad context and
democratizing cybersecurity joining me.
Today, are mid wrong, Kerr, majumdar and Lenny shod.
(01:15):
Let me tell you a little bit about MIT.
It is a passionate Innovative and strategic business leader
with 23 years of experience specializing in executing
business transformation to technology and process
intervention. At Infosys MIT is responsible
for positioning the company. As a Global Systems integrator
across Information Services, publishing Professional Services
(01:35):
education, travel hospitality and EPC companies apart from
helping his customers leverage robotic process automation, to
generate efficiency artificial intelligence to solve complex
business problems, benefit from digital transformation, big data
to get insights and complete their Cloud transformation
journey, and much more, welcome to the podcast and hit.
(01:57):
Thank you so much for having me Jeff.
Clever also, joining us is Lennyshod Chief Information and
Innovation officer for District administration.
He has worked in the K-12 education space.
Since 2003 successfully, leadingimplementations of BYOD
one-to-one, Computing in the Katy ISD and Houston is D
(02:20):
respectively as their Chief Information officer Lenny's
recognitions include National School Board.
Association is 22 watch Texas CIA.
Oh the year. Education weeks leader to learn
from and Houston CIO of the yearor be award for nonprofit and
public sector. Lenny has served as a board
(02:41):
member for kosan and is a published author.
His book, bringing your own learning transformation
instruction with any device has helped many organizations
Implement digital transformationinitiatives lay, welcome to the
podcast. Thank you.
I'm excited to be here and really anxious to get into this.
Really important topic. Thanks again.
(03:02):
Yeah. It's an interesting space and I
know can with cybersecurity specifically very important to
the education sector, both k12 and higher education and to kick
this off mid I'd like to ask youto share more about yourself and
tell our listeners why cybersecurity is essential and
why you think it's mainstream? Jeff.
(03:22):
Thank you so much for your question.
Let me just quickly introduce myself.
My name is min tranquil majumdar.
As I said I'm a senior vice president and global Head of
services at Infosys. Today's topic of discussion
cyber security is very important.
We live in a world that is, you know, hyper connected by the
digital technology, you know starting from electricity that
(03:43):
powers our living rooms and boardrooms to paying utility
bills and school fees online digital is the common thread all
across. And especially when it comes to
school cyber security becomes very important and as we all
know school districts, pivoted to on Land Learning during
covid-19 pandemic. And that has made the situation
(04:03):
more complicated. Unfortunately, with all this
cloud based learning platforms and BYOD policies and has kind
of magnified. The, it security risks, and they
were quite a lot of breaches that happened at K-12 schools
public colleges private universities.
So, we really need to take this issue very seriously because
(04:26):
this whole infiltration of it systems.
Eames sometimes remains undetected for decades as it
happened in case of Australian National University for for
various reasons, you know, from Financial risks to personal risk
to economic this, I think cyber security has taken a center
stage nowadays. Jeff, thank you for that.
(04:49):
And what would you like to add to that?
Well, you know, I think, I thinkthe pandemic really changed the
landscape and you know, while were were really excited about
This new opportunity that it presented us with multiple
devices, and every student potentially having a device to
take home, unfortunately, the Bad actors out there.
(05:12):
Also saw this as an opportunity and as MIT said, you know, K12
is under attack and you know, they are one of the highest
business sectors for cyber breaches.
And you know, while it's been documented and put into the
Papers. The unfortunate thing is, we're
(05:32):
still not seeing this hyper awareness among the senior
leaders of school systems to recognize this isn't enough.
Something that you you can take haphazardly or you don't have to
worry about this. Is this is something that should
be the Forefront of every schoolsystem out there.
(05:52):
And so that's why conversations like this are so important
because the, the heightened awareness Earnest isn't going to
happen unless we keep talking about it.
Yeah, most definitely and let meto that in that Arena especially
with the, you know, BYOD or bring your own device.
This next question is for you because we often hear about
(06:15):
cyber risks in education, or health care in different areas.
How significant are those risks?And how do you think it's
affecting the current state of affairs in education?
The landscape is huge, you know,it comes from it can extend to
the the data breaches. It can go to ransomware to
fishing, you know, the social media.
(06:38):
So, the landscape is very big and then when we start thinking
about ramifications, you know, for school systems, especially
school board's superintendents, the trust of the community is
really affected when there's a breach, because personal data is
that, Risk. So when you think in terms of a
(06:59):
superintendent and School Board Trust of their of their
Community, from a financial perspective, aside from the
unbudgeted dollars that will have to be allocated to the
remediation. This can impact your bond
rating. So if you're a district who is
going after Bond elections or Bond levies, a cyber incident,
(07:21):
can can really impact your ratings so that you can't get as
many bonds. That you were that you were
anticipating. So the ramifications go Way
Beyond just the immediate, you know, dollars that you have to
put out for the remediation and I think that's what we have to
get people to understand. There's the loss of
(07:41):
instructional time. You know, some of these
incidents there, they're broad enough and deep enough where
instructional time is impacted because the internet has to get
shut down and resources have to get taken away.
And I think that's what our goalhere is to Today is to start
talking about the landscape of impact and how do we start
(08:03):
making it real for everybody outthere?
Just Not it. That is a great point and I
don't think, you know, being an educator myself.
I don't think it's a, whether itbe a university or School
District. Do not really think about the
downstream impact of a breach. That's a great point.
(08:25):
Do you know Says cyber next. Can defend you against lethal
cyberattacks and keep you hyper connected at the same time.
Our platform provides a comprehensive cybersecurity
solution to Enterprises that otherwise need to invest in
dozens of security Technologies,to attain Swift security
maturity. This is provided by highly
(08:46):
skilled security analysts in ourspecialized globally.
Distributed network of cyber Defence Centre.
For more information, please visit You .i nf0 sys.com or
right to MIT r. A n, KU r, m @i, n fo sys.com in
(09:11):
admit from this overview. I'd like to get your point of
view. On why cyber security is
important for any institution, any entity school districts
corporations? I think, I think, see and
schools are as vulnerable to cyber breaches.
As any Fortune 500 corporations,you know, if you remember
covid-19 relief funds that was distributed by US, Department of
(09:34):
Education, through community colleges.
Those also resulted in to cyberattacks.
So malicious actors. Are, you know, launched actually
fishing campaigns with covid-19 stimulus in the subject line of
their emails? And that resulted in two
significant issues for students as well as the, you know, the
(09:54):
schools in Fact, as early as the2017, the Internal Revenue
Service IRS, want the hackers that, you know, they would
Target schools after corporates for confidential and tax data.
So, you know, school districts should ensure that the that
they, you know, build robust security around the right
(10:16):
assistance. They need to incorporate
security mechanisms that Safeguard Legacy, as well as the
new and emerging systems. Another, another key imperative
is this whole implementation of Chair proof, secure
cybersecurity linked with secureby Design concept.
So, you know, as digitization oflearning Source, resources and
administration skills up exponentially schools need to
(10:38):
adopt in automation to red flag and address potential threats,
and security issues in advance and Jeff.
That's a fantastic point of view.
So we're gonna keep on service security but talk about the
challenges in the in the education sector specifically.
So what according to your the significant prominent struggles
(11:00):
that that can't be overlooked byschool districts.
Yes. These are.
There are quite a few Jeff. Actually as Lenny mentioned,
they are schools are under attack, right?
And there are, I will just, you know, endless them in different
numbers. So first, first and foremost is
(11:20):
the whole policy and governance piece managing compliance at a
lower cost. A to streamline processes is a
challenge and in a continuous compliance monitoring managing
compliance requirement. And then, you know, rigorous
regulation, environment is putting a great pressure on
school districts. According to me, a
(11:41):
comprehensive, you know, governance risk and compliance
program will help in envisioninga cybersecurity roadmap for
school districts. And, you know, the key to
success of an effective GRC program GRCC As in governance
risk and compliance is to have atwo-tiered approach, one would
be a strategic level where GRC should be a continuous process
(12:04):
embedded into a culture whereas at an operational level it
should eliminate silos 20 / /. So the first thing is policy
governance, the next thing I think Lenny also alluded to that
is this whole proliferation of devices and endpoints and that
gets you know that gives access to a wider audience like you
know, multiple devices, multipleapplications.
(12:26):
Multiple stakeholders like a faculty, parents students
administrators, and so on. So massive number of devices
that creates more endpoints. That is one, there is a second
one. Third thing is around this whole
wire, wireless connections that are unsecured and then, the
wireless routers that are without firewalls.
(12:47):
If we do a root cause analysis, when then we find that the
primary reason why they were breached or attack was because
they had all, you know, Poor admin, privileges Access Control
poor management of grade of their operating systems and poor
management of patching and keeping the systems up to date.
(13:07):
This is the third point and thenseveral schools have not
replaced. There are Legacy it tools and
digital interfaces, due to financial constraints.
And, you know, we spoke about that a little bit earlier and
then faculty and administrators are using their own devices.
And they often disregard Security updates, and Os,
(13:28):
patching. And finally, this whole video
streaming and chat programs, as well as the whole online
proctoring services for pedagogical support in virtual
classrooms, create entry points for another unauthorized access
into Learning Network. So, there are quite a few.
I would say challenges that the education sector is facing today
(13:51):
from the cyber security point ofview.
Yeah, that's great. I don't think, I don't think.
The schools were the audience understands the complexity of
that landscape from a technologystandpoint and Lenny, you know,
from your standpoint. You know, I read in a couple of
different journals, the average breach data breach in 2022 cost
(14:14):
a company about four point two to four point four million
dollars. So from a district standpoint,
how can L strengthen their defense given the the financial
ramifications that you'd mentioned before.
Yeah, you know I think I think the the issue and met I think
you did a great job of talking about the the governance and the
(14:36):
Tactical structures and processes that really have to be
put in place in sustained and that is one of the things that
really isn't understood, but I want to Bubble it up even higher
to say. I think the fundamental
challenge with K12 right now is cybersecurity is still viewed.
(14:56):
As an IT problem, and until districts embrace, the reality
that it is an Enterprise problem.
They're going to be solving, youknow, bits and pieces.
It's almost like an olive cart strategy.
And in fact, when you look at cyber security, it really is a
three legged milk stool. You have one of the legs is
(15:18):
technology. One of the legs is people and
one of the legs is process and you have to attack cyber
security on all All three of those levels.
If you want to be successful in addressing it.
Unfortunately, most school systems out there are doing the,
a la carte method and they're looking at.
I'm just going to talk technology and they feel like
(15:38):
that's good enough. So, from my perspective and what
I'm really hoping out of conversations like this is
administrators out there recognize that the people side
of cyber security and the process side of cyber security
is the Enterprise. And when I'm talking about,
About the, the people side this is all about awareness.
(16:00):
How are we educating our staff, our students, our parents on
what cybersecurity is and makingthem good digital citizens, good
aware digital citizens on what to do and what not to do.
And are we putting in the appropriate consequences and
management and monitoring of these awareness programs to
(16:23):
ensure that we're getting betterover time?
It's one thing to put I'm processing or an awareness
program in and just hope that people get better.
But what we need to do is put a plan into say we're going to
measure this on the process side, this is where mitt was
coming in. We need to put governance
processes and procedures in place that we can actively show
(16:46):
what we're doing and have an Enterprise cybersecurity
Community out there. Governance community that
understands what their roles andresponsibilities are.
So that we have incident incident response, plans that go
all the way up to the school board.
So that we're actively followingsome tabletop exercises as an
Enterprise. So you know, Jeff I think it's
(17:09):
really understanding that cybersecurity.
Is this Enterprise level? It's not an IT problem.
There's three legs to this milk stool, people process and
technology and we have to attackthem all at the same time.
Yeah, that's a great point. I did read also that from a,
from a technology standpoint that the single greatest point
of failures people that these, you know, Bad actors usually get
(17:33):
access into into their Network. It anything you'd like to add to
and that topic. Yes, the one thing I wanted to
share and and this is just some ideas and thoughts, right?
So and there are, there are somebasic concepts that can be
followed. And when it comes to protecting
(17:56):
these institutions, right? And, and the concepts, in, my
opinion, are threefold, right? So, first being start with
secure by Design, right? So, you know, design of security
principles should be put in place review of the, all the
iits architecture. The iot architecture, the OT and
(18:16):
the operational technology. Part which Lenny spoke about
that. We should not just focus on I.T.
Hassan the iot part focus on theOT part em, with the various
principles of cybersecurity and design into the total digital
Journey at the time of building a project.
So anytime it should cyber security should not be an
afterthought. It should be starting from the
(18:37):
design starting from the conception of the ideas of any
project for an institution that you are doing.
I think that is that is one important thing so that, you
know, we should be able to address the cost of the be Is on
the cost of non-compliance, to audit requirement.
Making sure the cybersecurity doesn't become an afterthought.
So, that is One secured by Design, right?
(19:00):
Second is secure by scale and there are ways to achieve this
through. You know, why either use
platforms, you use accelerators,use automation.
So there are many ways by which you can do it.
But the main important messages secure by scale and not for just
point activity, right there is asecond one.
And third thing, very important is secured.
(19:21):
The future because we have to keep Pace with, with the
sophisticated and and persistentcyber threats and that are
coming up and that needs new age, cyber Security Solutions
that are multi-layered that havea multi-layered threat defense,
right? And and we have to leverage
Advanced threat intelligence. We have to use probably deep
(19:44):
analytics and correlation orchestration automation.
There's so many things basicallyuse all these methods and
techniques. So that we can prepare
Enterprises for any eventuality and then that will help them in
staying, you know, relevant and then secured the future.
So, three concepts, very important in my opinion.
Secure, the design is secured byDesign, secured by scale, and
(20:08):
then secure the future movement.And so it's in for you, you what
our samples are insights on how these cyber Bad.
Actors are using different, patterns, different types.
It's of breaches to Target educational institutions for
financial gain. Yes, a very, very important
(20:28):
question here. I will give you some statistics
enduring 2021 and the whole K12.As cyber incident map.
Documented, sixty, two instancesof US public K12 school
districts being victimized by ransomware a very highly
disruptive cyberattack tactic employed by all these online
criminals to extort money from victims.
(20:51):
And and incidents where geographically dispersed
actually with reports of school and somewhere emerging from
districts of varying sizes, across 24, different states.
And this was that was the third straight year and 2022 will make
it four years in a row that there have been more than 50
(21:13):
publicly disclosed k12, and somewhere.
So it's a, the numbers are just staggering.
And I will give you one example without naming the school.
Rick in 2022 itself. This happened that there was a
cyber intrusion that Force, the whole school district.
And to take this extraordinary measure of shutting down most of
its computer systems, and it impacted millions of users,
(21:36):
which included students, facultyand staff, and the district
actually had to finally contact,you know, Federal officials
White House. Got involved US Department of
Education, but in FBI got involved.
Fortunately, they did not negotiate with the cyber.
Stand. They were Academy attempting to
extract. Education dollars from the kids
and teachers and staff, which was not a just a very
(21:59):
justifiable option. And they refused to pay the
ransom and and they were able torestore but significant amount
of time and resources and money went in in making this happen.
So, the problem is grave, and a lot has to be done and Lenny is
right, you know, Administration has to get involved states, have
(22:20):
to get involved. The federal government has to
get involved and to make sure that you know, such things don't
get repeated. So given that the school
districts can do it alone. And let me this question is for
you, how can districts work withexternal technology providers to
strengthen security? Yeah, this is, I think this is a
great question because, you know, when I when I talked to
(22:41):
school systems out there about making this an Enterprise
initiative, the, the question I always get is, well, how do I do
this? How do I, how do I get my
Superintendent in my school board, you know aware of this
not just aware, but actually buying into their their part of
the ownership. And for me, it's a pretty simple
(23:02):
step. And that is you've got to get an
external, cyber risk, assessmentdone.
And so this is a great way to engage with a third party
external third-party expert in cybersecurity.
And these organizations, there'smany of them out there.
They come in and do this comprehensive.
Civ risk, assessment of your district.
(23:25):
And they look at the people, theprocess, the technology and they
will identify all of these areasof weakness and they basically
give you a report back that thenyou can sit down with the
cabinet with the school board and say, here is our is.
Here's our risk assessment, and here's our landscape and here's
(23:45):
what we can fix. Here's what we need to fix.
Here's the priority of how we want to attack this.
At that point you have ownershipat the cabinet level, right?
Because you now are sharing withthem what the risk landscape
looks like. And as an organization, they are
going to make the decision of what they're going to fund and
(24:07):
what they aren't going to fund. But the most important part of
it is they're doing it as a group right too often.
What I hear when there are cyberincidents and I go in and I talk
to people is school boards and superintendents.
You know, they're there in the dark so their comment is if we
would have known, we would have fixed this, right?
But we just didn't know. So having this comprehensive
(24:30):
risk assessment and sharing thiswith the cabinet, sharing it,
with the school board, really takes that, that Darkness away,
and puts everybody in on the same page and then you move
forward. And then, now you have this
multi-year cyber plan and I would get this risk assessment
done every single year and I would certainly Have it done by
(24:52):
an external company. The good part about this too.
Is, if you have an incident or when you have an incident, this
third party has a deep understanding of your
organization, right? So, you can engage this third
party right away, and they basically can come on site and
begin remediation versus going out and contacting somebody
(25:15):
who's never worked with the organization.
It could take them up to two days to get an understanding of
your organization before. They Even start remediating.
So engaging with this third party to come in and do a risk
assessment. Kind of gives you two Avenues of
this cyber security landscape. That's really important and it
gives you that opportunity to share with your cabinet.
(25:37):
Those great insights and we'll get to the funding component
here, just a second before we get that Lenny, our district
future-proofing, their, it ecosystems to incorporate
security threat, perception, Advanced cyber intelligence and
ultimately Take a preventive action.
That is the cusp that we're looking at.
(25:57):
My worry is that these are conversations?
That should be going on in school systems but until we get
this at the Enterprise level anduntil cybersecurity has a
sustained funding strategy and it is viewed as something that
(26:19):
we have to invest in every single.
Year. It departments are going to be
left to fight for for the scrapsand that's that's why this
conversation is so critical. I don't think we can start
having those conversations that you just mentioned until it's
adopted at the Enterprise level and we're on the cusp of that.
(26:41):
Now as you start looking at Ai and Predictive Analytics coming
in and all of these very robust technology, Is that are coming
in, they inherently bring cyber risk with them.
Just the internet of things and how many new Internet of Things
arse. Now, starting to hit our
districts. These are the conversations that
(27:02):
we should be having on building up on our cyber Foundation.
But unfortunately a lot of our school systems out there, don't
even have the foundation to build upon, that's a very
fuckable Q thought. So to say when you've been with
some fairly large school districts, Is there CIO, you
(27:23):
know and those districts always have people funding for Content,
professional development. But what are your thoughts on
sustained funding around cybersecurity?
Yeah, you know, and the Beautiful part about
cybersecurity is it doesn't matter what size school system
you are. In fact, when you look at the
data out there, smaller school systems, are much more likely to
(27:47):
be attacked than the larger school systems because of what
you just said, Jeff there. The assumption is the smaller
school systems don't have the dollars, don't have the people
to build these robust infrastructures and protective
layers. So they're easy targets.
So, you know, first off, I want to take this, this inclination
that if I'm a small school system, people are going to
(28:08):
ignore me you're actually more more under attack.
So when we level the playing field like that and say, look,
everybody needs to be facing this.
I think number one, we have to approach cybersecurity as it
can't be viewed as other do. Duties as assigned somebody in
your school system, no matter what size system you are, their
primary job has to be cybersecurity, right?
(28:31):
And it's a sign of the times andthey they have to have their
focus on the monitoring, the managing, the daily care and
feeding of the cybersecurity activities.
For the cios, the it leaders outthere their challenges working
with their Administration to help them understand funding for
this. Isn't a one-time funding funding
(28:54):
for cyber security needs to be viewed, almost like fuel for the
buses. This is an expense, this is a
cost of doing business. This is something that we have
to have in the budget every single year.
It's likely going to increase over time, but it is something
that should be never up for cut,just like, fuel for buses.
(29:15):
And I think until we get that mentality, I don't think we'll
ever be able to say so Cybersecurity has a sustained
funding strategy, right? Most of the district's out there
when you talk to their it leaders about cybersecurity two
things, come up, we need more people and we need more money.
And so I think that need more people angle again.
(29:38):
If you go back and look at, we need to have dedicated resources
and maybe repurpose some functions.
And so, you know, I'm not necessary, I haven't bought in
necessarily to this whole idea that it's more people.
I think it As a whole need to look at repurposing roles and
responsibilities. Because I think that there are
some things they're doing now that they don't need to be doing
(30:00):
again. It goes back to this this idea
of somebody dedicated to cybersecurity full-time and then
from a funding source we have e-rate out there and and word on
the street is that e-rate is going to make some changes that
will make some of the elements of cybersecurity eligible.
So we need to look at all of these different funding sources.
Take Image of that. But it needs to be something
(30:24):
that's dedicated every single year and non-negotiable it's an
expected cost of business. As a great point is it is a and
I don't think, you know, the audience or the district's fully
understand this. But it's a, it's a persistent
threat and it's an ever-evolvingthreat.
The and that's why I like to that's why I like to compare it
(30:44):
to like fuel for buses, right? But you never have a
conversation around. We're going to cut the fuel
budget, right? I mean it's a Assume that the
fuel for the buses is an ongoingexpense that we're going to
have, and that's what we need toview cybersecurity.
As it's an ongoing cost. It's a, it's a bucket set aside,
that's never up for the cut conversation.
(31:05):
That's great point. I mean, if it was a couple years
ago, everybody thought blockchain was very secure.
Yeah, until it wasn't exactly. Coaster is the Premier
membership organization designedto meet the needs of K-12
education, technology leaders their resources, support the
entire it infrastructure of the school system, kosan offers
members, access to their thought, leaders across the
(31:27):
country, and the ability to actively participate, in local
codes and chapters. Join the network today, by
visiting coast and dot-org and become another influential voice
in K-12 education. So in one of you mentioned about
working with external Partners since we were talking about that
admitted like you to share your insights on that external
(31:48):
partner, emphasis is cybersecurity framework and
capabilities and how emphasis ishelping in the K-12 sector and
yet as I was mentioning earlier,right?
So, there are three principles that we follow in a holistic
manner to make sure that the cyber security solution that we
are talking about. Addressing everything from the
(32:11):
very beginning. So first, as I mentioned, it has
to be secured by Design. You check your information, I.T,
I.T architecture, your check here, Internet of Things
architecture, you check your OT architecture, you check all
those things and make sure that cybersecurity is embedded in in
all of them. And basically, every time you're
designing a solution, every time, you're designing a
(32:32):
project, you make sure that cybersecurity is embedded in it
and it's not an afterthought, itdoesn't come.
Um, as the last thing in your mind, it comes as one of the
first things and in your mind. So you secure by design your
secure early. Second thing is that, with the
whole, we spoke about devices, proliferation of devices, and so
(32:52):
many end points and so on, and so on, so many stakeholders, and
so many applications and so on. So you have to secure by scale
and you have to secure for massive amounts of end points
and so on. So you know, there you can use
And, you know, I don't want to get into a lot of details in
terms of what kind of platforms do we have?
(33:14):
But basically, you have to make sure that you have platforms,
you have accelerators, you have mechanisms for automation,
managed Security Services, and so on and so forth.
So you have to secure by scale. And then of course, secure the
future by using AI analytics Advanced threat, intelligence
and so on and so forth. So make sure that because what
(33:37):
is happening is that this is a ever Our changing field and and
the technology is changing the threat actors are constantly
acting on it. And they are, they are creating
new ways to penetrate and, and we have to be ahead of them.
And that's where you need to make sure that you look at it
futuristically and don't solve it for now, right?
(33:57):
So, these three principles if wehave to follow and in so this is
we call it as a holistic cybersecurity program, right?
So that is first thing. And then the approach that we
take And I, basically talked something that Lenny already
spoke about, right? So first thing is about
diagnosing, right? So first thing is about
assessment and diagnosing, the current state of affairs, what
(34:19):
is the status of your cyber security posture, right?
So how strong your defenses are?So first, you diagnose, the
situation, assess the situation,and then, and then you design
the solution, based on the threeprinciples that I spoke about
your design and the solution. And then obviously, you know,
you delivered through any kind. He's of platforms are Infosys
(34:40):
obviously has its own set of platforms and we don't have time
to go into details of that, but we have our own set of platforms
to take care of it. But there are many others in the
market. So it's most important is to
make sure that you deliver on that design solution.
And finally you constantly keep defending.
This is, this is not once you'vedesigned for it and you're done
(35:00):
with it. You're not you have to
constantly keep checking and that is what secure by Future
is. You have to constantly keep
monitoring and keep Sending yourpremises in, keep defending your
device's defending, your applications and systems.
So, and that is the fourth principle.
So, you know, diagnose design deliver and defend.
(35:22):
So once we are able to and I have kept it more holistic,
sorry, so that people can understand it without getting
into a lot of technical details.But that is the philosophy that
we adopt and so far, it has worked well for us as fantastic.
So, great information. Today we very much I appreciate
it and with that, thank you mythand Lenny for your time today
(35:43):
and we look forward to the next discussion on behalf of the
leadership team at kosan. Thank you for listening to this
episode of the coast and podcastto access other podcasts in the
series, visit kosan dot org or Ed circuit.com.
We're complete lineup of engaging technology topics.
Ed circuit empowers. The voices of Education with
hundreds of trusted contributorschangemakers and Industry
(36:05):
leading education. Innovators.
I appreciate it and with that, thank you myth and Lenny for
your time today and we look forward to the next discussion
on behalf of the leadership teamat kosan.
Thank you for listening to this episode of the coast and podcast
to access other podcasts in the series, visit kosan dot org or
Ed circuit.com. We're complete lineup of
engaging technology topics. Ed circuit empowers.
The voices of Education with hundreds of trusted contributors
changemakers and Industry leading education.
Innovators.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
The Breakfast Club
The World's Most Dangerous Morning Show, The Breakfast Club, With DJ Envy, Jess Hilarious, And Charlamagne Tha God!