[0:55]Transforming EdTech and Education in the Age of Cyber Attackers

Rachael: I'm so excited about today's podcast, Audra, we were just talking about this. We've never had a conversation on EdTech in the almost 300 episodes of this podcast. So I am so excited to welcome Julia Fallon. She's the executive director of the nonprofit SETDA, which is the State Educational Technology Directors Association. 

She works with US state and territorial digital learning leaders to empower the education community to leverage technology for learning, teaching, and school operations. And I also want to mention she's a self-described technology learning alchemist, which I'm hoping you'll give us a little more background on as well. So welcome Julia.

Julia: Thank you for having me today.

Rachael: I know. So I would love to start at the top because I love Alchemy anyway, this whole idea of how you got started, and I think our listeners would love that as well.

Julia: Sure. So I'll say it, I'm a self-proclaimed Gen Xer, so those folks can kind of put me in their mind where I am. And we grew up with game consoles and then eventually arcade games I guess were a big thing as well. But no, in college, and I think it's the same case now where we talk about hot jobs, what are the hot jobs? 

Where are the jobs where you can get a high wage, high skill kind of things? System analysis was sort of the big thing when I was in college looking for a major after discovering that maybe physical therapy and four years of math and science in high school were not where I should probably be. 

 

Navigating the Frontlines Against Cyber Attackers in Education

Julia: I had some courses at New York University, which is where I did my undergrad, where we learned word perfect 5.1, which I have to tell you, this is a complete aside that I love that program to this day, and I wish we still had it back because it was so versatile in the ability to be able to manipulate text. DB four, Lotus 1, 2, 3. So these are the precursors to the suites and all of that good stuff. And learned that and realized why I could have been at the beach for three days. 

I was on an old brother's word processor. I could have learned the word perfect and done this. But the teacher saw sort of a curiosity and aptitude, and I think I've always had that in my entire life, spending lots of time at a science center during the summer and just being able to manipulate things. So the idea is alchemy to me. Also for those of you that World of Warcraft fans, I was an arcane mage. That was my main character. And the idea of being able to just kind of connect dots and put things together and it becomes something is sort of where I got that thought about being a learning and technology alchemist. 

Because that's in essence what EdTech is. It's really trying to empower teachers to use technology for learning and students to be able to expand and create. So that's kind of the origin story of that technology Alchemist, learning Alchemist kind of thing. And here I am in technology because of those experiences in college.

Rachael: That's fantastic. I remember the word perfect.

Audra: No, so do I.

Rachael: Word? Yes, if you think about it.

Audra: Notes.

 

From Dotcom Boom to Cyber Attackersn

Julia: Reveal codes in HTML. I mean if you really were in Word Perfect and revealed codes, you probably went off and started doing your own webpage. It was the same concepts and everything else. At least initially right now we're into all craziness of whatever to try to make a data website, but back in the day, it was easier. So anyway. That's my origin story for ed tech and academic computing as they called it back in the day. 

And I could tell you a little bit about how I ended up in K-12 because I worked both at New York University and at the University of Michigan. I worked for a nonprofit there called Merit Network, which connected schools and libraries in the 90s, like the mid-90s to 2000, which is when the internet really came online here in the United States and connecting schools and libraries to those networks and offering them services like email and web stuff. Just kind of as a communication mechanism, not as necessarily as a learning tool.

And then I went off to sort of join the dot-com boom. I went to go work for a company called Global Crossing, and I know that's all over the place. I remember that they had their demise during the dotcom bust, but part of that movie back to Washington State, which is my home state. And I got the attention of some folks in the county to help them create IT programs for high schools. They had those programs where you could get credit for courses in high school and in college. And of course, it was at the time in the early 2000 and very high school, high wage sort of career area. 

 

Battling Cyber Attackers and Promoting Inclusivity in EdTechn

Julia: And then that work got the attention of folks at the department, what we call the department. It's called the Office of Superintendent of Public Instruction here in Washington State. It's the department of Ed K 12. And I got their attention and they said, Hey, come help other high schools and other districts develop programs for this high-skill, high-wage type of jobs. Also to focus on also non-traditional. As a woman in the field, you don't see, at the time you didn't see a lot of us. 

It was important to actually encourage more women to enter the field and what kind of strategies could be for recruitment and retention in the space. So that's how I started. To be honest, I didn't think I would be in the department for more than five years. I'm like K12, why would I want to do this? And I ended up being there for 17 and a half years. So that is the kind of crazy thing. But when I started at the department, I actually became a member of SETDA, Washington State was a member.

I became part of the team that utilized the membership because I was in a career in tech ed and that was related to technology in those kinds of career pathways areas. And then I got the attention of the folks at Ed Tech who said, come down and work with our folks. I talked about how everybody, regardless of career pathway needs, skills. Needs, digital skills, needs technology, and literacy skills. It doesn't matter if you're a farmer using GIS to plot your fields to all of the career pathways, but if you want to become a producer of it.

 

[7:19]Exploring the EdTech Landscape and Fortifying Defenses Against Cyber Attackers

Julia: Like an actual computer scientist or a database administrator or web developer, then you'd go on to those courses and there's a way in high school to send you off to down the certification track or even down the degree track to get those skills. But then started to work in K8, K12 for digital literacy.

And then I ended up in a federal program room called Title Two Part A, which is part of the federal education law here in the United States. That is around professional learning. And they had a strand called Effective Use of Technology in Integration. And that's helping people understand how that really looks. Sometimes going to a conference and learning about 50 websites and math is not really sustainable professional learning. It's more like, how do you learn math concepts and how's technology then maybe bring that to the student's learning and everything else. 

And then about two and a half years ago, I made the jump and became the staff of SETDA. So I've been actually with the organization for 19 years working in the state space. So these are all folks that are representing their state departments of education or we call them SCAs state education agencies. And it's not just states, it's US territories. We also represent the DOA, which is the Department of Defense Schools. And we're a small and mighty little group of folks and we're really passionate about what we do. So I have that experience being a state leader and then obviously now being staff and leading the organization.

 

Why School Systems Are Prime Targets for Cyber Attackers

Audra: Excellent. So shall we jump off into cybersecurity? I'll say one thing that makes the newspaper columns don't tend to be cybersecurity in schools. Maybe they should. But it would be great if you could kind of educate our listeners a bit more about why school systems or prime targets for cybersecurity attacks. What kind of information are these hackers trying to obtain? And if there are any kind of breaches or examples you could share with us and what the impacts of those were.

Julia: Sure. So people don't often think of K12 school systems as well. One, we're not super modern in the sense that businesses and other industry sectors where they're constantly upgrading and issuing out devices and software and all of that good stuff. So in terms of the industry sector, we're sort of lagging behind in the technology adoption and use. 

We also tend to use our technology really long time until it's pretty much not working anymore. It's one of those really long tails in the space. And what makes school systems a prime target, which is I think surprising to people when they think about it is they're like, why would you have kids' information? Why would that be a prime target? Well, just imagine if you have enough information to open a credit card or a mortgage and no one's monitoring typically a student, you know what I mean?

 

School Systems Under Siege: Why Cyber Attackers Target Education

Julia: A young student's credit history, right? Because they're not running around opening up credit cards themselves or buying houses that are buying cars. And then what happens is a student goes to apply for colleges and financial aid and then realizes they have all of this debt or it identity theft, they're using it for another kind of documents. So part of the issue is as a system, we're not staffed as a technology, especially with the smaller districts. 

A third of the districts in the United States are under 2,000 kids. So you wouldn't have maybe a full-time IT person. You might have, and it used to be the math or science teacher. Sometimes the gym teacher would then be the technology director, halftime. And then they were just kind of doing some software and everything else. And we're talking like this is the two thousand. Well now, I mean we just had a pandemic and we realized of course, how important it was for students to be connected.

And thankfully we had the technologies for that to happen. I think of the days when we used to schedule video calls and it was like a production to get into the room with the video equipment to talk to somebody on the cameras and everything else. But it was much easier when the pandemic hit for students and teachers to be connected to one another. But often we have IT departments that are thin or maybe non-existent. I mean in really small districts. And here is an example in Washington, we have some that have 32 kids have a hundred kids. 

 

Cyber Attackers Exploit Vulnerabilities in Understaffed School IT Departments

Julia: You're not going to have a full-time IT person or a tech-savvy staff. It might be staffed by four people, a main people, and that sort of thing. And a lot of them don't have cybersecurity training. I mean, it depends on the IT person that you are. If you're a networking person and you're running things, think about it, you're not really getting that cybersecurity updating that you always need. And then tech changes. I mean, it really has changed in the years, especially in the last 10 years. 

What we know and what we've talked about, especially with the federal level folks, is that unpatched outdated software is typically how hackers are accessing the data. And when you have a three-person IT department in those larger districts serving thousands of students, how do you stay up on top of all the updating and all of the management and that sort of thing? I think some of the contributing factors between why cybersecurity is starting to pop out. So we had a breach in, I believe Minnesota just had a state breach. There was some information and it was a backdoor sort of thing as well.

We had some, I'm trying to think of some specific examples. Recently. I do think of some back where somebody accidentally sends, they fell a victim to a phishing attempt. They thought the superintendent was asking them for all the social security numbers of all their teachers to send off a spreadsheet, Don't think about those sorts of things. But I believe New York City had a breach recently, of course, LAUSD, who was very open about what happened. And they were actually at the White House event that happened last week focused on K-12 cybersecurity. 

 

[13:40]Cyber Attackers Targeting Sensitive School Data

Julia: That happened a year ago in September. And that was ransomware starting to happen, but they were able to call for help and get it controlled, which is good. But it's really becoming more of a front office thing, more of a risk. And I think the reason why it's being talked about in schools is, believe it or not, it's insurance initially insurance, This is a couple of years ago when we started really thinking about cybersecurity in schools.

Insurance companies were saying, Hey, if you don't put in two-factor authentication and you don't put in X, Y, Z, we're going to raise your rates really high because if we're ending up paying for this stuff. That got the attention of course of superintendents in school boards, but it really is no longer an IT function alone. It is a front office sort of thing. But school networks contain really sensitive personal information for teachers and students. 

Names, addresses social security numbers, and health details. I know at the cybersecurity event last week at the White House, mental health was big. That is also in their income. Other personal information. I'll give you an example of my own. My daughter just started high school this fall, actually doing freshman orientation this morning. They asked for a copy of this, and a registrar asked for a copy of her birth certificate. 

And of course, I'm one of those very hypersensitive to this type of like it's PI. And I said, how would you like that? Would you like me to upload it to a portal? Can I bring a buy for you to look at? And she goes, can't you just scan it and send it to me by email? And I'm like, I'm sorry what?

 

Unmasking the Cyber Attackers: Schools' Vulnerabilities and Urgent Need for Cybersecurity Investment

Audra: Like, no.

Rachael: Absolutely no.

Julia: No. That has a lot of information that initially people would use to open an account my maiden name where she was born, a whole bunch of stuff. So there's some stuff is the patching, some stuff is just the human part of it. But I think we're getting better at fishing. I think people are getting more savvy around the fishing stuff just because of all the efforts of trying to help everybody understand that it's everybody's responsibility. 

But it's still understaffed and under-resourced and underfunded, to be frank. So I think we did our first annual state EdTech trends survey last year. Cybersecurity was the number one priority in terms of technology for their state departments of education, obviously helping to work with their LEAS. At the time, only 6% of the respondents said that they provided ample funding for cybersecurity. Spoiler alert. 

Audra: That's the number one item.

Julia: Number one, no money. The good news is we have our 23 reports coming out here in a couple of weeks, probably I think about four weeks. The good news is the funding has gone up. Cybersecurity is still number one. I'm going to give you a little spoiler alert, but there has been a shift in the funding amount, not by what you think it is, but at least there's a positive reaction and response to that for sure.

Rachael: I was surprised, Julia, on the 22 reports that 70% of what agency, or at least one school district had been victim to a cyber attack. And it would shut down learning for three days to three weeks. That's bananas.

 

The Rising Threat of Cyber Attackers: Impact on Communities and Schools

Julia: Yes, it is. And I think when people don't think about the impact on the community. We saw that during the, I mean the pandemic was a prime example of when you shut a community down, you impact, I mean, shut a school down, you impact a lot of things. People can't go to work because they're looking for childcare. Just a lot of things happen. So you don't want to shut a school down from a technology perspective, nor do we want to necessarily dissuade the use of technology. 

We live in an increasingly digital and connected world. We want students to have those experiences so they're prepared when they leave our systems to be productive and successful citizens. They're going to be using it in their careers. I mean, I'm using chatGPT all the time now and that sort of thing. So we want them to have those experiences. So we don't want to take the technology away, but we also don't want to put everybody at risk as well.

Rachael: I was reading about the, I guess the attack in New Haven, Connecticut that happened recently, I think. And it was 6 million that they had to pay out. And I think also people don't think about where the money comes from if schools don't have a lot of funding to begin with. I think they got some of it back, but they took I think 5 million from the school buses for the public schools on how they, I mean of all the places, but it's got to come from somewhere. And I think that's the other part that they don't think about kind of healthcare. 

 

Fighting Back Against Cyber Attackers

Rachael: I mean the budgets are already stretched pretty thin. Where do you find the dollars? Because insurance companies nowadays, they're not really interested in paying out or they don't want to offer insurance anymore at all. Exactly. And it's terrible. I just dunno what I was to say. It's so terrible. 

And I guess it's promising when you see things like the Biden administration last week, I think AWS made a 20 million commitment to fund the CYBERGRANT program. It looks like there are activities happening with the Universal Service Fund. I mean, I guess it's encouraging to see some movements at the federal level as well.

Julia: That trickles down and seed and myself and another organization called Cosen, we've advocated for the FCC to modernize the definition of firewalls. So right now they're eligible under E-rate. What people don't understand about the E-rate program, one, that it's been highly successful, but it's also the largest amount of money for technology for schools that's not appropriated by Congress. It's not subject to the winds of Congress and what's happening. 

It's literally money that schools and libraries can get. The higher poverty and need you are the bigger the discount you get on your services and everything else. But then that allows you to spend money somewhere else. So if you're using E-rate dollars for X, then you can spend your regular K 12 budget for other things for the business of school in a, and so we've always been advocating for that sort of thing because it hasn't been updated in a long time and technology has changed.

 

[20:06]Tackling Cyber Attackers and Expanding Connectivity

Julia: But I think we're trying to find that sweet spot where we can find money. So one of the things that I'm hoping to advocate for is a little bit of having schools actually collect home access data to maybe triangulate what the FCC and everybody else is reporting. One is that we can start to see where there are pockets where people are still not connected. 

Even with the pandemic and the huge investment that was made by the federal government to connect everybody, we still have pockets and communities that are not connected. Some telcos are not running, or ISPs are not running fiber through a mountain. It's cost-prohibitive for a small community of 56 that live there. So what I'm hoping to do is, if we could, there are four data elements that C C S S O, which is the chief, oh my gosh, council of chief school chiefs, I think I got that right.

They put out four elements, and we are hoping that school districts will actually collect on that so that we have common data elements between states. But we can maybe find, which is, I'm hoping, this is my theory, that the hills of West Virginia are probably the same. Those people in those communities are the same as the hills in western eastern Washington. 

And then maybe we can actually target some policy to help those communities where maybe satellite or microwave or something else would be more appropriate, but it's cost prohibitive and not accessible with a $40 a month through the ACP program, which is the program that they have out there to help low-income households get connected. 

 

Cyber Attackers: Battling Geographical Challenges and Expanding State Initiatives

Julia: So from a policy perspective, we're trying to figure out if there are different ways to make the case for X, Y, Z so that we can serve those communities that are really either rural or remote or underserved or they're just geographically challenged. I mean, there's no way to go around that when you have a big mountain in the way or you're in a deep valley. So yes, trying to figure out that sort of thing. 

There are other things that we've been doing as an organization because we're states and they like to talk to each other and because often they're the only one or two people in their buildings that are job alike. And we're talking about how we help small and rural and under-sourced districts, maybe through state-sponsored programs. For example, Connecticut as a state has purchased DDoS software for all schools and libraries in the state, which helps mitigate right off the network that they're all running on some of that initial protection. 

And then that doesn't come out of a small school or library's budget. So that's a state-sponsored program, or are there examples of cooperative service models where we have something called educational service districts, they serve maybe a number of smaller districts and maybe there's somebody there that could be the cybersecurity professional that helps monitor or respond or report incidents and then they can share in that cost versus having to have a full-time cybersecurity professional.

We worked with Cosen. We have a collaborative, it's sort of a professional learning community amongst our state members and our corporate members and our affiliate members just to share resources and to create resources for themselves. 

 

Equipping Schools for a Digital Defense

Julia: And we worked with Cosen last year to create sort of a staffing. A lot of the questions that we would get at the state level was, I need to hire somebody that has cybersecurity. Do you have any job descriptions? I'm like, well, what do you need them to do? Do you need a full-blown person? Do you need just somebody that has some certifications? That sort of thing. And we put that out as a resource. 

It was under our direction, but they produced a resource around staffing and what looks like so that from a budgetary and sort of job description kind of lens, you can figure out what you might need and what you can budget for. So there are ways that we come together to leverage those experiences and states like to learn from each other. If one state's already going out and doing it, then maybe they can modify it and do it for themselves as well.

Rachael: So do you want to go to Audra? 

Audra: That's alright. The question is, what are you doing to actually help schools understand, that even though it's the number one priority, they don't have the skills often within them to do this themselves. How are you actually helping to up their skills so that they get it a bit more on how it's important and the things that they need to be aware of? Previously, I was involved in another company. We used to do a lot of corporate social responsibility kind of stuff. And some of it was business skills mentoring to actually help people get what they needed to consider, even if they were a charity and running a charity. 

 

Empowering Schools Against Cyber Attackers

Audra: It's like, well, cybersecurity is still important and what they need to be aware of and how they need to manage those sorts of things. Are they doing anything around that in terms of whether are there programs to help raise their knowledge?

Julia: Their level of everything? So as states, we are really trying to figure out how we help resource our local education agencies, also known as school districts. And we work closely with those organizations that may have those types of programs. So as I mentioned Cosin and I work closely with them. They typically represent all of the local district CIOs or CTOs and that sort of thing. 

And we work in conjunction because we represent the state level and they represent the local level. So what can we do as a state? What's our role as state leaders in helping upskill resources? Is there a way to sort of mitigate things, right? So is there a mitigation layer that the state can take on the DDoS example from Connecticut? I do know that there are other examples, and I can pull 'em up into just a second here. But that's where the state is training those folks to have those skills, and I believe it's like Missouri or Minnesota.

My brain is escaping me at the moment and everything else. But the idea is to figure out how you can cooperatively and collaboratively offer those types of services to support your LEAs. Again, 2000, well, I want to say a third of the schools in the country are under 2000, which is its own set of resource challenges. 

 

[26:44]Uniting Against Cyber Attackers

Julia: Then you have your really big districts where an L A U S D or a New York City or you know what I mean, Chicago and all of them. They actually have teams of cybersecurity professionals on staff. And that's a difference of mean just being resourced properly and everything else. But now that people are talking a little bit more about it, it is a hot topic. No one wants to get hit and we're getting better at the human stuff. People are not clicking on links or thinking twice though.

That example that I personally experienced, I'm like, oh, maybe there's a role for the Department of Homeland Security CISA to maybe do some canned training for school registrars because they're on the front lines of that I, and if they're not thinking through the ramifications, who is, you know what I mean? Are they protecting it from the get-go versus it's the school secretary by accident or something that happens. 

But helping everybody really understand that it's everybody's responsibility. It's not just your IT guy. It's moving the conversation to the superintendent and the school board conversation that this is a function and a risk. Right? It's a risk and a function of school operations. And if you want to have a modern school system, you have to have staffing and resources to actually provide that infrastructure, especially when kids are out of school too in some ways. So the idea is kids now have devices.

 

Educating Students Against Cyber Attackers

Julia: We don't want them to be locked in a closet when they leave, they're doing homework, they're doing projects within Google Docs or in the Google classroom or teams or however, the school is set up. We want them to be able to have that access at home to still connect to their classmates and their teacher and their classrooms and the content and high-quality instructional materials. 

So there's a way to extend those networks, you know what I mean, to make sure they're secure as well. But again, it's really making sure that everybody's aware that there's an issue. Of course, we have. I think about all the things that you see on Facebook and everything else. You have generations that you have to teach about. I think there's some, I feel like the younger generation is really cognizant and they're getting a little bit more savvy about not putting everything out there. 

Whereas there are other generations where it's a little bit more, they click on it going, oh, I'm going to win a prize. And then they've given away all their things and then you have to work with your older parent and wonder why their credit card got compromised. So just sorts of, but that's stuff we're getting better at. I think people are getting better at it. It is really making sure that we don't shut down networks at the end of the day.

Audra: How is some of that kind of education being trickled down into students? Because it's not just making teachers and school districts and things like that aware, but in a previous life, again, we did a lot of stuff on employability skills with a local university in London. 

 

Empowering Students in the Age of Cyber Attackers

Audra: When we talked to students about their digital footprint, they were surprised that potential employers were Googling them before interviews and things like that and weren't really thinking about some of the things that we're putting out there. And the fact that a lot of this stuff doesn't go away. And so how is a lot of the work that you do beyond enabling the school districts, how are you focusing on the students themselves and educating them on their online journey?

Julia: A lot of schools and states have adopted the ISTI, which is the International Society for Technology Education Standards for Students and Administrators. It's in the digital literacy or the I C T space around how you use technology responsibly, which is also about how you protect your own data, making sure that you're not compromising yourself. It's really around that digital citizenship. I mean, there are some great resources out there through common sense and digital responsibility, who's one of our corporate members and everything else. 

Just helping them understand just like your front door, you can't just let it out there. But I have to tell you, and this is probably a controversial, maybe this is a little controversial. I really hope that employers also don't necessarily encourage this scrubbed kind of persona for folks what I did at 20. I hope that people, if I'm doing it at 40 or 50, then perhaps you might want to think that I have a problem. But you know what I mean? 

There are moments when people need to be really cognizant about what they post, but they really should try to be as authentic as possible. 

 

Authenticity and Responsibility in the Age of Cyber Attackers

Julia: It'd be who they are and express themselves. I mean, I know there are some examples where it's like, yes, you shouldn't put that online and now you're going to live with it forever. But we hope that people do learn from these types of experiences and everything else that we have. But also, schools should be able to offer those types of experiences so that they can learn in a safe place.

Audra: Absolutely.

Julia: Before it becomes a meme or something else and goes viral and whatnot.

Audra: I try to help my godsons who are both late teens at the moment and in educating, we had a bet with them that if they didn't smoke before they were 21 or whatever, we'd give them a thousand pounds and they couldn't work out how I realized that they had smoked. And I was like, that's hilarious. You posted on Instagram smoking a hookah while on holiday in Turkey. And I'm like, so I have photographic evidence because I was like, how do you know?

Julia: But I think we're all in the age where we had photographic evidence too. It just wasn't digital and went made 50 copies of Right. I'm pretty sure if the

Audra: Hallelujah. Exactly. Or it got burnt.

Julia: Or it got burnt. To think twice. I mean, I often try to tell my own kid, just think twice before you post something. If you could not say it to your grandmother or if you could not live with it if it got out. Because a lot of times people are doing things thinking it's in a private space and it's not. If you can still stand by it, then by all means do it. 

 

[33:14]Navigating the Fine Line in the Age of Cyber Attackers

Julia: I just worry about it, I was thinking about those poor teachers who are on summer holiday and they're at the beach and they have a margarita in their hand on Facebook, and then they don't get hired as a teacher because they have an alcoholic beverage. And I'm like, but they're old enough. That's hard for me to say, well, they're an adult. They should be able, yes, they may be working with children. It doesn't mean they have a margarine in their hand when they're standing in front of them through a great class.

Audra: Exactly.

Julia: And that sort of thing. So Yes, that's an interesting thing there. But I really want people to be who they are, you know what I mean? Be able to express themselves without it. Definitely. We were all 21 at one point.

Audra: Oh absolutely.

Julia: I'm worried if that same picture shows up when you're 50, right? That's like, okay, is there a pattern here? Maybe that's the case that we should be worried about, but a little grace. I think for some folks, some stuff is truly not good, but some other stuff is like, well, you know what? I remember being 20 and my full brain was not always there in the front lobe wasn't quite developing.

Audra: It's not attached yet.

Julia: The logic map is definitely still being mapped out there and everything else. That's hilarious. But no, in terms of digital citizenship is a big thing and we should still be thinking about that and everything. And it's not just the technology teacher's responsibility. 

 

Preparing Future Defenders Against Cyber Attackers

Julia: It literally is everybody's responsibility in school. So you know what I mean? And I'm not saying that a science teacher needs to be a technology teacher. They need to understand how that plays into what they're doing. And especially social studies, right? You're doing research. I mean chatGPT is a big conversation. If we're not talking about cybersecurity, we're talking about AI. 

And for me it's like, well, I'd rather you be focused on the process than not the output of a final paper. What kind of queries were they asking? Were they able to triangulate the data, the skills that we want somebody to have to be successful at the end of the day? And are you getting misinformation? Can you tell that sort of stuff?

Audra: And have they read it after it was written for them? That's one thing ChatGPT people are like, Yes, I asked it to do this. And I'm like, but did you read it? You have to read it. Read it after you get it done.

Julia: Have you noticed it's.

Rachael: Accurate?

Julia: It sounds very 1930s in language too, which I don't understand if that's the collection from 2000 to 2021. It sounds very 1930s language about proper and everything else. But Yes, It's not, I have to change it.

Rachael: I do want to go back to kids getting phones and iPads when they're three now. It seems like, there's your future hackers that maybe could help secure schools. But it also makes me think at what age should we start trying to get them into the cybersecurity world? 

 

Nurturing Tomorrow's Cybersecurity Experts

Rachael: We have this huge talent gap in security that we've been talking about for years. We've all heard about it, but it's always like, at what age can you start introducing these kinds of things? I mean, if you're K through 12, are we talking kindergarten? We start introducing these concepts. I mean, they're already configuring iPads at that age is what I'm hearing right now.

Julia: I think it's looking for certain characteristics. You're looking for kids who are always curious, tinkerers. Or maybe they can look at something differently. And I remember when I was working with high schools when I first started at the state office, your CSS people are a little bit different than your database people. Even though they program, does it make sense? 

They both learn how to program, but how they come at the data or how they come at the problem is a little bit different. So if you can try to figure out those characteristics. I wish that I had taken four years of math and science in high school, and spent every summer at the science center. That was my thing, just manipulating and being curious. No one thought engineering. And I love logic math in ninth grade. 

I still use it to this day, I feel like if then L statements, which is computational thinking, and I mean I use it not even in a programming sense. I use it in a business model sense. Or we're putting together registration for an event, trying to figure out how if then else thinks. But how do we help teachers recognize sort of some of the characteristics of folks in the field and then be able to talk to them about that?

 

Fostering Cybersecurity Enthusiasts

Julia: It could be cybersecurity in the field that you love. So I think of myself as an IT professional in education. I have to know all the things I need to know about it in some ways to be successful. But I also need to know the industry sector that I'm in. If I'm in healthcare, I'm still an IT professional, but I need to understand a little bit about the characteristics of the healthcare industry or manufacturing or whatever space you're in. 

Not everybody's going to go work at Microsoft in an IT space that is not necessarily, they're not going to go work for that true technology industry kind of thing. They are working as an IT professional in the military across the thing. So they could still have almost a love of two things I think for me I've always loved school and I just happened to be in that space and I'm an IT person in that space versus maybe somebody is interested there.

But I think there are some characteristics of cybersecurity. There's a wanting to take things apart. It's tinkering, it's curiosity. We encourage schools to have tech school tech teams and to encourage, obviously, both girls and boys to be in that space working on those things. So it becomes normalized. We do have to look at other things though too, because being a woman in the field, regardless of what industry sector you're in as an IT professional how do you then recruit and retain? So there are lots of groups that are doing lots of good work in the space. 

 

[39:21]Guarding Against Cyber Attackers: Strategies for Digital Security

Julia: And all of those tenets, I believe still hold true. But I would like us to think about it, and this is an example that I use often when we talk about employers requiring them to be back in the office, no more remote work and not thinking about how you could do some hybrid work. I have a perfect example of where we had a really successful computer science program for girls in central North, central Washington. And this is typically an area of the state where migrants are working, right? 

They're working the fields in a backward sea in our state. They start off with fruit, basically apples and whatnot. And then they kind of make this backward sea and they end up in the south part of the state and everything else. But this is a huge Latino population of folks that are living there. And we had girls that were really doing well. 

They were knocking out of the park and when we started to talk to them about degrees and going to college and then maybe getting a job in the field, they didn't want to leave their family in that culture. The family is the core of the culture and their thinking of going off to a university and then having to move to Seattle means that they would leave their family.

So then it's not even just an issue about them having the talent, it's just, but if we were encouraging maybe remote work or that people were open to that and we had connectivity that was well enough. 

 

Strategies for Digital Security to Battle Cyber Attackers

Julia: You could actually have those women in those places still having those high-skills, high-wage jobs without having to leave their families and the communities that they love and want to be part of. And maybe they go to Seattle once or twice a month, which is easy to do, versus you having to be in here every Wednesday. This kind of mentality and this backlash that we had from the pandemic. So to be thinking about different ways to, you know what I mean?

Have the work get done and encourage that sort of thing. For me, it's across the sector, across all the sectors. I don't think it's just education. I think it's literally all of them. If you want more cybersecurity people, then you might need to be a little more flexible. Somebody might not be able to move and that sort of thing, or they just want to be with their families. But looking at those other characteristics to encourage folks, and students to enter the field, right? 

Again, we had a cohort of girls that could have gone off to have four-year degrees, you know what I mean? And had those things, but they were choosing, and I understand why I'm not going to begrudge 'em at all, but it, it's one of the things like, oh, well, we didn't think about that, and how would they get those jobs? Those companies are not moving to their backyards, so how do we still bring them into those companies and everything else? So Yes, cybersecurity. I'm trying to think. There's a curiosity. 

 

Adapting to the New Normal Post-Cyber Attackers Era

Julia: So anyway, that's something that's near and dear to my heart just because it's been, I think the gap has been closing in terms of non-trad for women in the field. But it's still something that we need to do, just being able to handle all of it.

Rachael: Absolutely. I mean, I always think of the silver lining of things, and thank goodness the pandemic happened, right? Because we saw that remote work is possible, people can be productive, businesses can thrive. And hopefully, that kind of keeps that door open ahead. I know some are trying to come back to work, but I mean personally, right? And Audra, I'm sure you've found this being the dog did too. That's right. I have two dachshunds. 

I love them. They love to bark all day long. But the access to talent, I had access to talent I never would've had access to because I was able to look out of state and the contributions, the different thinking and perspective they bring to the team just makes us better. I'm a huge advocate as well. I will always advocate for remote work. So critical.

Julia: And I think that we're going to see companies come back a little bit. I think they were very hardcore about everybody coming back in and then they realize, I think the younger generation, I'm proud of the fact that they are really trying to make it more work-life, truly make it work-life balance. You don't wait till the last minute. You don't wait till your, you're end years to enjoy your life and that sort of thing. 

 

Exploring the Impact of TikTok on School Security in the Age of Cyber Attackers

Julia: But hopefully, it'll have a more positive effect in terms of remote work and being able to be more flexible so you can allow more people to actually participate in the industry sectors that we have.

Rachael: Exactly. I will say Gen X here as well, I love that they're moving back home with their parents after college. I would love to live with my parents now. I'm just going to say that out loud. That would be wonderful. I like to reduce that stigma as well, though. I don't know if my parents want me back, but I would love to move back home.

Julia: My mom lives with me. Colorado

Rachael: Mother's amazing.

Julia: My mom lives with me, so I have that happening already. I

Rachael: Love that. I love that. The culture and the stories and the family and all the things that you get to learn anyway.

Julia: Well, it helps. My mom's actually from Europe. No, my mom's from Europe. So I think that's just part of the culture there and everything else. And for me, I'm grateful that she's got her granddaughter, they have that relationship, but she also has a mean garden outside. I would never be able to keep a garden like I do if I didn't have my mom. So it's all her that keeps her busy.

Rachael: Absolutely. So can I ask one more question? It's kind of tangential as usual, but TikTok and schools, what's the verdict with this on the security front? How do schools feel about this?

 

[45:05]Cyber Attackers and the Challenge for Schools

Julia: I don't know if I'm prepared to answer that. I think schools, I honestly don't, It's interesting because it kind of goes back and forth. And I haven't figured out where we're landing the plane yet in terms of use. I don't think that they can block it completely. Well, they probably could block it off their school networks, but kids have phones. Oh, absolutely. And that sort of thing. I don't know. The federal government is sort of trying to land a plane, so it's kind of like everybody's there still trying to figure out what's going to happen. 

So I can't really say with TikTok and things, at first I thought we were going to definitely ban stuff, and then there's nothing happened. I'm like, okay. So I guess that's such a great platform though. I think about us doing all those applications. Back in the day, if you wanted to put together a three-minute video, about how hard it was, you would be taking 14 classes in college just to produce something. 

Rachael: Exactly

Julia: That in terms of being access to the tools is so much lower that I am really excited that, not that to say that people need to not have design and everything else. Eventually, if they're going to be professional, they will get into that design space. And I think people will appreciate the design aspects that come with those types of careers and expertise. But in terms of putting together a flyer or doing something, I think it's really super creative. And I wish I had those tools when I was in college and doing other things as well.

 

How to Defend Against Cyber Attackers in the Education Sector

Rachael: We had those little Macs with the Mac, the all-in-one Mac with a little 80, 83-inch display on the fluffy disc.

Julia: I learned Carol the robot on that little Mac to remember that too. Oh my gosh. That's when I learned I was not a very efficient programmer. I was very long. They talk about how I'd be doing the three rights instead of the left. And that's how I realized programming probably was not my forte. So that's okay. We're doing okay.

Rachael: So as we look at the next five to 10 years, Julia, for the education market and ed tech, what do you see happening? Where is it evolving and what opportunities should we be looking out for?

Julia: I would say one of the areas that we've been focusing on because we're trying to trend watch in some ways is research and evidence. Especially in the K-12 space, we have been trying, and in some ways, my goal is to help our members, our state members in particular, because they will in turn help their local districts become better consumers. So when they are walking a conference floor, they're talking to a potential vendor that they are saying, well, show me the research. 

Show me the learning research that was built into this, baked into this product so that I know that it might work, right? Especially when they're starting out a startup, thinking about that research and evidence. And then, of course, encouraging them also to participate in the research cycle even after they've launched. And are there ways, if you're going to say, reading scores are going up, what are you doing to engage in that research practice?

 

Navigating the Realm of Cyber Attackers and Evidence-Based Learning in Ed Tech

Julia: Because teaching and learning is really a practice. And how do we encourage more research and evidence kind of activities in our spaces? And what may work in one district may not work in another district. Those are the sorts of things that you want to fare out. But I want our members and our school districts to be better consumers. They can walk down and say, show me the research. And they're not listening to a bunch of marketing stuff. 

They can say, no, show me really where you did this. Show me your logic model. Show me the lit review, show me all the good stuff. So I'm hoping that that's where we're going to see a lot more conversation. And I think we do the Department of Education, put out some guidance around research and evidence. You can even just get started if you don't have a lit review and all that stuff. 

We'll then start with the logic model and start with a needs assessment and go from there. What research question are you answering? So that's where I'm kind of pointing some of our resources to really look at that. Of course, cybersecurity is still going to be something that is evolving. Are there ways that we can highlight those models and everything else and can we get better at it?

We're looking at AI, but we're trying to figure out if we're in a hype cycle still, is this a hype cycle or is this one of the things that, is it really transformational in the sense or is it an ed tech thing? And there are things about ed tech that we always hold true. 

 

Balancing Security, AI, and Equity in Education

Julia: Is it secure? Is it private? Is it accessible? You know what I mean? There are certain things that we kind of go through. We do that with every single sort of technology that comes at us. And we have those conversations. Those are the tenets that we hold true. So AI is one of those where I'm not sure where we've landed that plane yet, but we are definitely getting into that space as an emerging technology because there's a lot of hype about how it's going to change everything. And then there's some of us that are like, well, Yes, we've seen this before.

This happened with whiteboards, or this happened with whatever. The other area that we are really trying to focus on as well is professional learning in terms of helping teachers really understand how to design learning experiences. So we've talked about access, and I have to say before the pandemic, I was a little bit not sure that we would actually see every single home connected in this country. It was like a pipe dream. But I can actually almost see the end of the tunnel there that we're going to really work on that. It's not just an education thing. 

It's really for us to be a prosperous country, we have to have everybody connected. Telehealth happens, banking happens, applying for jobs. You have to have a connection in order to be able to do all those types of things. And then we talk about accessibility. We're getting better at accessible tech and making sure that all students' needs are being met.

 

The Role of Design and Professional Learning in EdTech Advancements

Julia: But the area that we're really seems to be in a preview for the NETP and it's public out there, so it's not like I'm saying anything that's out of line, but is that design? How do we design learning experiences with technology to really bring the learning to life or help students be creators versus consumers of technology that they're in there creating things and learning at the same time? So how do we help teachers get those types of skills? Nobody should be implementing technology without some professional learning.

There should be some professional learning for your educators on how to use it. That should be a part of it. And not just you're taking two days to learn how to open a file in the program. It's really how you use that tool in the learning environment. And again, it goes back to research and evidence. Is it really working? Is it not? How many people are actually using it? If it's not, then you can in terms of tool selection. So that's the other kind of area where I think EdTech is kind of pointing. It's North Star and everything else. 

Rachael: That's exciting. I love it.

Audra: Most definitely.

Rachael: Yes. Well, Julia, thank you so much. I am so excited. You're our first EdTech guest, and I hope not the last. And Yes, thanks for all these great insights. It is just such a wonderful opportunity and the work that you're doing is just so critical. So thank you for championing this because we got to protect these schools and we got to get teachers the right tools they need to succeed as well.

Julia: And thank you so much for having me. I really appreciate it.

 

About Our Guest

Julia Fallon is the Executive Director of the State Educational Technology Directors Association (SETDA), where she works with U.S. state and territorial digital learning leaders to empower the education community to leverage technology for learning, teaching, and school operations.

Involved with learning technologies since 1989, her professional interest lies in making the case for public school systems wherein educators are able to optimize technology-rich learning environments to equitably engage the learners who fill their classrooms.