colleenmcneil.net

The Human Element of Cybersecurity

Scary stat: 75%+ of intrusion vectors target human behavior, not machines.

Think about this: What’s more likely – that your network will be hacked, or that an employee will accidentally compromise the security of their own account?

For most, the human element is the most challenging and the highest risk factor in that equation. Yet we spend a much larger percentage of our cybersecurity budget in terms of dollars and effort on hardware and software protection instead of doing more to secure our people.

Does your school have a digital security awareness program?

Water Leak vs. Server Rack

What happens when an air conditioner water leak meets a server rack? The water leak wins, by a landslide.

It started with a very early morning call. One campus had a server down, but checking remotely nothing seemed to be out of the ordinary.

Unfortunately, that was just the tip of the iceberg. A wall mounted air conditioner had sprung a leak, and the water had dripped down perfectly to just hit the edge of a loop of the cable beneath that was connected the monitor on the rack. The water dripped down that cable into the first server, filled it, and then over flowed down to the next server, a wireless controller, etc. and so on down the rack.

The good news… some really expensive switches were on the top of the rack, and they weren’t affected. But the router, wireless controllers, servers and the UPS were toward the bottom, and they all were exposed to the water leak. This is how most racks are organized, with the heavier stuff on the bottom, because it’s a pain to lift those things up over your head to mount them.

The first step was to immediately disconnect everything on the rack from power, and then remove it all for inspection to a safe and dry location. Then we communicated with school administration about what had happened, that we were working on an assessment for time to recovery, but that it wasn’t likely to happen in under 24 hours. This allowed them to make some informed, executive decisions about events that were planned for the next day.

The equipment was then opened up and laid out to dry to the best of our ability with large fans. We had some backup equipment we were able to repurpose, and were able to get Internet access back up by the end of the following day.

The complex question was what to do about the equipment that, once fully dried, we were able to boot back up. It held up through the weekend, and this started some heavy internal debate. We considered water remediation repair service providers, but in our own experience that is rarely as successful as you’d hope. We consulted with other tech directors (super helpful to get a second opinion) and other tech consultants, and the interesting thing about that is how often this kind of thing has happened.

In the end, we decided that it wasn’t a responsible path to have our core network rely on components that had been exposed to water damage.

The scenario that clinched it: Imagine hundreds of students poised to start taking an online standardized test. They’ve spent weeks preparing, and their anxiety levels (despite our teachers’ best efforts to the contrary) are high. The students start taking the test, and the network drops. Repeatedly. Imagine their frustration, tension, and likelihood of success in this endeavor.

In explaining this to the business office, I estimated the costs at around $100k. That ended up being higher than the end result, as some of the items we were able to combine. For example, we had slowly added multiple smaller UPS units over the years, and were replacing those on a schedule. Instead we purchased one larger UPS unit for less cost.

Lessons Learned

The thing I wish I’d known earlier, aside from the obvious, was to take photos and document every step of the way. Actually the first thing I was told was that we didn’t have flood insurance, but this was classified as an equipment failure (on the part of our air conditioning unit) and so it was covered by our policy.

The thing I am extremely grateful for is a dedicated and tireless tech team who worked late nights and weekends to get that campus back in action, and that we have a thorough backup system in place so all of our data was restored in no time.

Yes, the leak was repaired, and there’s now a chute add-on to prevent any water leaking from that AC unit from reaching the server rack again. (Fingers crossed.)

Recommended!

Take a look around your server closets and other tech related spaces. Look for any physical dangers that are present, that you may have become immune to noticing over time. What’s in the ceiling over head? What can you do to better protect the hardware that you’ve spent countless hours researching, selecting, installing and configuring?

Video Conferencing Rock Star: Zoom

Zoom is a powerful and user-friendly video conferencing system that I’ve used off and on for a couple of years. A couple of things happened recently that inspired me to write this review about it.

First, I’ve been working recently with some consultants on a website redesign project. We were using their video conferencing system, one of the big names in the business, and it was horrible. It was like living through every joke about how video conferences can go poorly, only no one was laughing.

Second, I got sick. “Kill me now” sick. Anyone in an education related field reading this is now nodding their heads and thinking ‘occupational hazard.’ Being in education has an unfortunate side effect of exposure to a lot of virulent kid germs.

So I was home sick, and trying to participate as much as I could reasonably manage from home, and I was using Zoom to join in a bunch of meetings. And Zoom was rock solid.

When you’re talking about putting technology into a classroom environment, you want it to be super reliable. I often think of the classroom like a crucible for technology. As a teacher you’re in a constant battle to maintain the limited attention span of children, which is no easy feat. There’s that moment that every teacher has been through, where you are expecting technology to work, and it doesn’t. You are clicking, checking cables or refreshing a page in vain, and the time ticks away. You lose that teachable moment, and that’s one of the most painful experiences for a teacher. So if you’re talking about putting a technology like video conferencing tools into a classroom, you want something reliable and relatively easy to use.

There are other video conferencing tools out there like Zoom, that have a bigger name and are more commonly known. I’ve used them, and I’m sure I’ll be stuck using them again when working with vendors who are committed to them because that’s all they know. I’m telling you – they don’t work as well.

Zoom is super easy to use, it has an intuitive interface, and it just works.

Zoom also has some features that are particularly well suited to education – like the ability to break up the participants in a meeting into smaller groups for discussion, and then to pull everyone back together, all without massive trauma or setup hassles.

The Zoom interface – very intuitive, easy to use.

Another feature that I wanted to mention is the simple and user friendly ability to screen share, and share control of a screen, for all participants in the video conference. It works so well, everyone just fluidly shares and switches over to show how to do something. And you can really see their screen, not a tiny version which makes me want to break out a magnifying glass. You can also easily record your session, and then share that video with people who couldn’t make it so they can watch later and keep up with what the group is doing.

When you’re using Zoom it has that ability to almost dissolve into the background, so you forget that you’re video conferencing, and you’re just getting about the business of doing what you’re doing with the people you’re meeting with. That’s the whole point, really. It’s magical.

I hope that I’ve convinced you to give it a try! There’s a free version, so you can sign up for your own account and start demo-ing it yourself without a lot of hassle. Then when you’ve seen what it can do and you’re ready to implement a bit wider, you can sign up for an educational licensing plan for your school.

Increase Email Efficiency with Canned Responses

Are you suffering from email overload? Does your inbox look like it was just hit by a tidal wave? Try Gmail’s Canned Responses. It allows you to create some generic responses for things you send frequently, and then you can just insert them over and over again instead of having to retype. For example, I have one Canned Responses message on how to reset your password that I use a LOT.

How do you enable Canned Responses?

Log in to your Gmail account.
In the upper right corner click on the gear icon and select Settings.
Under the Labs tab scroll down to the Canned Responses section, and click Enable.
Now scroll down to the very bottom of the page and click Save changes.

Once you have enabled Canned Responses go back to your gmail inbox and start a new email message. You’ll see a little triangle pull down menu in the very bottom right corner of your message composition box. This is where the Canned Responses application lives.

Useful tip! Think about a naming convention for the types of email templates you’ll be creating, and try to stick to that. The organization of the templates leaves a lot to be desired, so that anything you can do to help make it easier to find the template in your list will be appreciated later. I wish I’d done this. Now I do a lot of scrolling around because my list of templates has gotten pretty lengthy, and some of the names are not as clear as they should be.

Technology Directors Secret Weapon: Setting Replacement Policies

Technology Directors today face an ever increasing universe of technology related devices and systems, and an exponentially growing dependence on their use. At the same time, technical support staff and budgets for support systems are NOT growing exponentially (if at all). Directors are asked to do more with less.

One way to combat the hungry gaping maw that is user support is to reduce the strain on tech staff by setting standard devices and a corresponding replacement rate policy. This has key operational and financial benefits.

Standard user devices are easier to support. Imagine 2 mechanics in a garage, and the number of oil changes they can manage each day in a shop that only serves 2-3 different models of cars vs. one that serves 10 different models or more. Limiting the possible variations of hardware makes your technical support staff much more efficient. They will quickly develop a depth of knowledge about the hardware in your school, and you won’t have to spend a fortune on replacement parts or training for a lot of different possible models.

This goes hand in hand with setting a replacement policy, where each of the standard devices you selected has a predicted lifespan for optimum functionality.

For example, imagine a school with 100 employees, and each has a school-provided laptop. In one scenario, the laptops of a quarter of the employees are replaced every year. This results in a 4 year, 25% replacement rate policy. Once a year a quarter of the employees have a scheduled replacement of their laptops, which everyone can plan for in advance.

Now imagine scenario #2. In this scenario, the school waits to replace the laptops until A) they all start breaking down, or B) they are suddenly no longer able to run software that is critical to the operations of the school. Now a much larger percentage of employees are struggling through the transition to a new device, and the technical support team is overwhelmed with trying to manage this experience for a large number of users.

The second scenario isn’t just an organizational drain on your general employees and your technical staff, it’s also problematic financially. From a budgeting perspective, it’s difficult to manage a budget that jumps up and down from year to year. It’s smarter to balance out your technology related expenses over time.

What are the drawbacks? Well, in any organization there are some users who use the heck out of that device, and others who do not. Projectors are a good example of this. You can look at bulb life and see that in one classroom it might have been used every day, and in other rooms barely at all. It’s tempting to fall into the trap of making a decision based on the particular user at that moment in time, but it can backfire. In some cases the person the exception is being made for then departs the position, and this leaves the incoming employee with an additional hurdle to struggle through. Making exceptions can also set a precedent that will then be questioned by every other person in a similar situation, which can quickly put you right back into the mess you started with.

Now what to do with that old equipment? Find an asset recovery company in your area, and sell the items in bulk for resale. Secure data destruction is part of the package, and you can feel good knowing that while you’re generating some income for your school you’re also giving these older devices a good, new home in a less demanding environment.

Cybersecurity in the K12 Classroom: A Delicate Balance

The start of the school year means a flurry of account creation, as new students and employees are brought on board and added to the variety of systems we’re using for educational or organizational purposes. A recent tech blog post I read about cybersecurity in schools stated that regardless of the inconvenience, we really should be changing passwords every month or so. Every other month! Ha! In 20+ years in education I’ve never heard of a school policy requiring changing passwords on a bimonthly basis.

This also relates to a story a parent recently told me about their child’s first cell phone.

When this family leerily gave their oldest child their first cell phone, the parents wrote out a detailed contract with a very extensive list of restrictions and stipulations. The daughter carefully read through all of it, then took the new phone out of her pocket and put it on the table and said “I’m out.” Basically all of the restrictions rendered the phone essentially useless to their daughter. (They later came to a mutually satisfying agreement.)

Being in the field of educational technology is often like being a technology counselor. A fair portion of time is spent convincing people to try new technologies (or old technologies in new ways) to enrich the curriculum, streamline operations, or improve communication. Too often cybersecurity makes that difficult, and the net result of enforcing security policies that fit the business world but don’t make sense in a K12 environment is that the technology doesn’t get used.

For example, students learning typing need accounts in a wonderful typing program that has games and fun experiences for the child as well as monitoring and tracking information for the teacher to keep an eye on their progress. These are students who are just learning how to make a capital letter with the shift key, for whom simply typing in their username (their own name!) is a challenge. Asking them to type in a securely complex password seems like punishment. If we create a system where the teacher has to log each child in to the typing program, because the account is too complex for a K student to manage themselves, these students will miss out on a great learning experience.

So where does the delicate balance fall between security and functionality? Those in the educational technology field need to make concerted efforts to keep private information about our students safe and secure, but we also need to keep an eye to what is a reasonable expectation for members of our community, particularly the youngest. We need to be aware of the risks and work to educate our community about digital citizenship best practices to limit them.

Luckily, we are part of institutions that are great at educating people about new things, even cybersecurity.

Changing passwords often is less effective than educating members of your school community on how to pick a reasonably secure password, and keep it a secret. Impressing upon your faculty and students that they should never share passwords, and not use the same password for other non-school accounts, is more effecting than asking them to change their passwords every other month.

Instead, we need to work to develop a security policy that requires passwords to be changed at a reasonable pace that is developmentally appropriate, with teacher input. We also need to work to implement as many integrated and SSO systems as possible, to limit password fatigue and simplify the sign on process.

Anyone who provides faculty professional development should attend EdCamp at least once.

Yesterday I attended an EdCamp NoVA here in Arlington. What is EdCamp? It’s an informal gathering of faculty & educational professionals from your area. The first approximately 30 minutes are spent proposing topics for discussion, or voting for topics that have already been proposed by putting stars or checks on their stickies. The most popular topics are selected, and assigned a location and time slot. Participants pick the sessions they want to attend, and everyone talks about the topic.

For example, one of the sessions we discussed on Saturday was about Minecraft. There were about 10 people who showed up for that topic, and we pushed some tables together, introduced ourselves, and then asked our questions or talked about how we were using Minecraft in our schools.

The reason I call EdCamp informal is because no one is in charge of the sessions. Whoever shows up is asked to help record notes in a shared Google Doc that anyone can edit. Which is genius. Ask any teacher what inspired them to try something new in the past year. Go ahead, I dare you! I’d guess that at least a third of the responses will include something that they learned from another teacher. Which makes perfect sense. Teachers trust other teachers, and if something has already been battle tested by someone else, it’s not such a risk.

That’s the gist of EdCamp. It all began in 2010, and 7 years and over 700 EdCamps around the world later, it is very well represented by the group in our region called EdCampNoVA (northern Virginia).

The reason I would not call EdCamp informal is because this group has really perfected the system. They started with emailing a Twitter challenge in advance, to help build excitement and professional connections between participants. They solicit donations from local and national vendors (with help from EdCamp foundation) for snacks and drinks, plus donations of educational books, software, tools and resources. These are randomly raffled off at the end of the sessions, after a series of up to six 1.5 minute demo-slams (brief product/program/idea promos). There’s some good loot, and it encourages teachers to stick through to the end. Then there’s a late lunch/early happy hour at a walk-able neighborhood location.

If you’re looking for transformative learning experiences for teachers, EdCamp has this down to a science. It’s a great opportunity for faculty and administrators to learn what is new on the horizon, what teachers who are really passionate about being good at their craft are thinking about. I think EdCamp is also a key learning experience for any academic administrator that provides professional development for faculty. There’s a lot to be learned from the success of this system, there’s bound to be something that you can take away and apply to your own school setting.

3D Printing & Introduction to CAD

Haven’t posted in a while, busy with a class at UVA on Educational Technology Leadership (more on that later). I recently spent a Saturday morning at our local library, hosting a workshop called Forming the Future with 3D Printing: An introduction to 3D design and printing technology.

The workshop introduced students in grades 4-8 to 3D printing and CAD software. Which is pretty cool technology, but it was a weekend! How many kids would be interested? How many families would make it a priority to get them there? I should not have been worried about that, as we ended up with a wait list and more than capacity participation.

Which led me to many insights about educational technology. I have no illusions that it’s me… it’s this incredibly interesting and engaging technology. Kids want to learn, and it’s hard to make this topic less than something that they want to give up their Saturday to participate in.

I also want to give a shout out to the people at TinkerCAD, who have designed this powerful, user friendly, web based system, and with means for teachers to easily create student accounts that they can moderate and access. Kudos! Could not have done this without you!

Technology Talent Gap

This summer the Computer Science Education Coalition, in partnership with Code.org, posted an open letter to address the technology talent gap in the U.S. The short version: There are 10 job openings for every graduate. Competition is fierce, and salaries are rising to reflect this.

Not only does computer science provide every student foundational knowledge, it also leads to the highest-paying, fastest-growing jobs in the U.S. economy. There are currently over 500,000 open computing jobs, in every sector, from manufacturing to banking, from agriculture to healthcare, but only 50,000 computer science graduates a year. – Computer Science Education Coalition letter, June 2016.

The situation is particularly dire for girls. In the last two decades, the proportion of females earning Bachelor’s degrees in computer sciences has actually declined from 28% to 18%.

It’s not just about getting a job and being a good worker bee. Solving the problems of today’s society requires technical skills. We live in a complex and changing world, where students need to be able to address serious issues and use all the powerful tools technology offers to solve them.

Solving the problems of today’s society requires technical skills.

A resounding 90% of parents want their children to have access to computer science education at school, but only about a quarter of U.S. schools offer meaningful computer science courses. This is largely about the inability of the American educational system to embrace change. Classrooms in the 21st century look remarkably similar to the parents of our students, and to their parents, despite all the changes that have occurred in the world.

Luckily, a number of groups have responded with educational programs that parents and students can pursue, like Code.org, Google’s Made with Code, and Code Academy. They’ve also provided tools and resources for teachers, which are creating a groundswell of change from within the educational system.

Faculty Technology PD: Professional Development with Byte

Monday was the first of our school-wide professional days, which started with guest speaker Peggy McIntosh sharing some thought provoking ideas about Privilege Systems – particularly relevant in light of recent political events. (Also a TED Talk, if you’re interested in hearing more about this.) Great for getting back into the mindset of learning after Thanksgiving break.

The afternoon was spent in something we call an Unconference, which is a delightful mishmash of workshops, presentations, discussion groups and activities. This is our third year of hosting our own internal Unconference sessions, and the half day of peer learning & sharing has always had a strong technology presence. Which is not surprising.

Educational technology is an area that keeps evolving at an ever increasing pace, and teachers are intrinsically motivated to want to learn anything that will enrich their curriculum.

Crafting effective technology professional development for educators is a challenge. Hearing directly from a colleague about a project or program that worked well in their class combines practical information with building a support group for help, should you need it, in implementing something similar in your own classroom in the future. In our model the teachers propose topics they are willing to host/facilitate, and then we set up a registration form that allows all of our employees to pick the sessions that they want to attend. The tech session titles tend to focus on tools – like Get Organized with Google Drive – but the heart of what is shared is more about why it was useful and how it went when someone tried a learning activity with it.

kahoot — Unconference Session: Exploring School History (Kahoot!)

This approach puts the teachers themselves in a position of expertise, which gives the respect they deserve for making amazing things happen. It also builds a support network for teachers who are interested in trying something new – participant to leader and participant to participant. Invariably the focus ends up more on learning (either student learning or teacher learning), not the tool itself.

pottery — Unconference Session: Throwing a Pot on the Potters Wheel

It’s important to have a variety of professional development options, not just tech. We’re not one dimensional beings! This past professional day we tried to focus on including themes of wellness and social justice, and had sessions such as Throwing a Pot on the Potters Wheel, Relaxation & Meditation, and Understanding Transgender Identities. We’ve also tried incorporating the open space/edcamp model for discussion groups… and found it was not as consistent in terms of quality, but in some cases can be more effective depending on the topic.

The biggest challenge for technology professional development for teachers: Time.

Time to learn and experiment is the number one reason our employees give for not doing more with technology in the classroom despite expressing a desire to do so. We have the luxury of devoting half of a professional day to this process twice a year, and all administrators and faculty are required to attend. Captive audience rules! (Staff are encouraged to participate as well. Learning is for everyone!)

For every opportunity we offer, we know that format is not for everyone. Faculty have different learning styles, just like students. So we offer a variety of other professional development options as well. Topics for another day!

Collection of online Ed Tech Resources for Independent Exploration
Hands-on Summer or After School Workshops
“Appy” Hour Activities
PLN Discussion Groups
Summer Faculty IT Internships
Summer Tech Challenge

Want to learn more about Faculty Tech Professional Development programs and/or our Unconference format and sessions? Please fill out the contact form below.