Going 0-60 in a Forklift: Launching an InfoSec Program in Your District (Part I)

In today’s computing landscape, if your district doesn’t already have a person focused on cybersecurity, it probably should. If you’re not sure what’s involved in that, this talk is for you. I’ll talk about my security journey, obtaining funding for a security program, how I rewrote my own job description, and a lot of security basics, including:
• Analyzing and mitigating risk
• Determining how much your district should spend
• Resource prioritization and not biting off more than you can chew
• Choosing a cybersecurity framework and assessing baselines
• Cyber Threat Intelligence (CTI)
• Know your resources • Connecting with security communities
• Increasing visibility with network, asset, and vulnerability management
• Securing the network (RADIUS, NAC, VPNs, and the destruction of the perimeter)
• Securing endpoints, avoiding malware
• The 8th layer of the OSI model
• Incident Response and Business Continuity Plans
• Protecting sensitive data, or “Keeping your PII’s to yourself.”
• Compliance! (The other kind of “mandatory reporting.”)
• Knowing when and where to outsource
• Security tool evolution and trends
• Focusing on things that move the needle and avoiding security theater
• The top 20 most important things to start with


Presenter Bio

Eric Wacker has over three decades of experience in Information Technology, mostly because he started working in the space prior to finishing high school. He took apart his first computer at age 14 while his parents were out of town for the weekend and has been hooked ever since. He’s worked at Indiana University, Apple, various consultancies, and has almost fifteen years of experience in the K-12 technology space. Recently he’s been a panelist for K12SIX, and is volunteering as the Illinois state lead for MS-ISAC.

January 20 @ 12:00
12:00 pm — 12:50 pm (50′)

Eric Wacker