2020-012-April Mardock, Nathan McNulty, Jared Folkins, school security, ransomware attacks
Published March 29, 2020
|
48 min
    Download
    Add to queue
    Copy URL
    Show notes

    April Mardock - CISO - Seattle Public Schools

    Jared Folkins - IT Engineer - Bend La Pine Schools

    Nathan McNulty - Information Security Architect - Beaverton School District

     

    OpSecEdu - https://www.opsecedu.com/

    Slack

     

    https://www.a4l.org/default.aspx 

     

    https://clever.com/ 

     

    BEC - https://www.trendmicro.com/vinfo/us/security/definition/business-email-compromise-(bec) 

     

    https://www.k12cybersecurityconference.org/ 

     

    https://acpenw.sched.com/ 



    Bypassing security controls - https://www.goguardian.com/blog/technology/how-students-bypass-school-web-filters-and-how-to-stop-them/ 

     

    https://community.spiceworks.com/topic/2077711-chromebook-google-docs-bypassing-filters 

    https://www.mobicip.com/blog/here%E2%80%99s-how-kids-bypass-apple%E2%80%99s-parental-control-tools 

     

    https://www.phantomts.com/2020/01/11/kids-can-bypass-communication-limit-feature-on-ios-13-3/ 

     

    https://www.ocregister.com/2009/02/17/students-accused-of-changing-grades-using-teachers-password/ 

     

    Security persons at education institutions of varying sizes.

     

    https://www.darkreading.com/threat-intelligence/ransomware-crisis-in-us-schools-more-than-1000-hit-so-far-in-2019/d/d-id/1336634

    https://www.forbes.com/sites/leemathews/2019/09/25/yet-another-u-s-school-district-has-been-ravaged-by-malware/ 

     

    https://www.zdnet.com/article/texas-school-district-falls-for-scam-email-hands-over-2-3-million/



    Why are schools soft targets?

    Is money/budget the reason schools get the raw deal here?

    Why is ransomware such an appealing attack?

     

    How complex is the school environment?
        Mobile, tablets, hostile users, hostile external forces

     

    Adding technology too quickly? Outpacing the infrastructure in schools?







    Just ideas for some questions. - Jared

     

    Do you find vendors are very responsive in the education space when receiving a vulnerability report?

    https://www.edweek.org/ew/articles/2019/09/10/parent-who-criticized-his-sons-math-program.html

    When students, who you are trying to educate, when they are found doing something inappropriate, how do Districts handle it?

    https://ktvz.com/news/2017/11/08/mtn-view-hs-bomb-threat-traced-to-eugene-14-year-old/

    What challenges do Security people in education face when partnering with their user base?

    Unlike a corporate setting, many educators and students need to install different software throughout the year, how is that handled?

    How did April, Nathan, and Jared meet?



    Is the technology stack in your various school systems changed much in the last 10 years? Have you moved to cloud based, or do you still have an IT shack at the school systems with physical machines? 

     

    Localadmins are not granted… (excellent!)

     

    Check out our Store on Teepub! https://brakesec.com/store

    Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com

    #Brakesec Store!:https://www.teepublic.com/user/bdspodcast

    #Spotifyhttps://brakesec.com/spotifyBDS

    #Pandora: https://pandora.app.link/p9AvwdTpT3

    #RSShttps://brakesec.com/BrakesecRSS

    #Youtube Channel:  http://www.youtube.com/c/BDSPodcast

    #iTunes Store Link: https://brakesec.com/BDSiTunes

    #Google Play Store: https://brakesec.com/BDS-GooglePlay

    Our main site:  https://brakesec.com/bdswebsite

    #iHeartRadio App:  https://brakesec.com/iHeartBrakesec

    #SoundCloudhttps://brakesec.com/SoundcloudBrakesec

    Comments, Questions, Feedback: bds.podcast@gmail.com

    Support Brakeing Down Security Podcast by using our #Paypalhttps://brakesec.com/PaypalBDS OR our #Patreon

    https://brakesec.com/BDSPatreon

    #Twitter@brakesec @boettcherpwned @bryanbrake @infosystir

    #Player.FM : https://brakesec.com/BDS-PlayerFM

    #Stitcher Network: https://brakesec.com/BrakeSecStitcher

    #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

      15
      15
        0:00:00 / 0:00:00