Redefining Society Podcast

Why cybersecurity threats on schools have become more frequent in the past five years? | A Conversation With David Waugh | Redefining Society Podcast with Marco Ciappelli

Episode Summary

This Redefining Society Episode podcast explores the impact of cybersecurity threats on schools which have become more frequent in the past five years, mostly because they are understaffed and underfunded when it comes to cybersecurity, making them an easy target for hackers.

Episode Notes

Guest: David Waugh, VP and CRO at ManagedMethods [@managedmethods]

On LinkedIn |

Host: Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine |

This Episode’s Sponsors

Bugcrowd ūüĎČ

BlackCloak ūüĎČ


Episode Introduction

"This Redefining Society Episode podcast explores the impact of cybersecurity threats on schools which have become more frequent in the past five years, mostly because they are understaffed and underfunded when it comes to cybersecurity, making them an easy target for hackers."

In this episode of Redefining Society, the conversation centers around how cybersecurity is affecting education and schools. The podcast starts with an introduction by Marco Ciappelli, who sets the stage for the conversation about how technology is affecting society, and specifically, education. He highlights how cultural changes are driving technological changes, and how education is an important part of our society. David Waugh, the Chief Revenue Officer of Managed Methods, a cybersecurity company dedicated to K-12 educational organizations, then introduces himself and why he is passionate about the topic. David discusses how schools are under threat from cyber attacks, which have become more frequent in the past five years. He explains that schools are a target because of the sensitive personal information of students and staff that can be stolen and sold on the dark web. In addition, schools are understaffed and underfunded when it comes to cybersecurity, making them an easy target for hackers.

Marco and David discuss the K-12 Cybersecurity Act of 2021, which was passed by the US Congress, and how the cybersecurity insurance industry has started to crack down on schools that are not taking basic measures to safeguard themselves. David highlights how the Cybersecurity and Infrastructure Security Agency (CISA) has published a guide on partnering to safeguard K-12 organizations in the US, which provides guidelines for schools to follow to protect themselves.

The podcast ends with a discussion on what needs to be done to safeguard schools against cyber attacks. David stresses the importance of education and awareness in cybersecurity, as well as having a solid cybersecurity plan in place.  The conversation ends with a call to action for schools to take cybersecurity seriously and to take the necessary steps to protect themselves from cyber threats.

Listen to the full conversation to learn more about the topic and be sure to share this episode and subscribe to Redefining Society Podcast for more on this subject and the many other ways that technology is affecting our modern societies. 

Knowledge is power, now more than ever! 




To see and hear more Redefining Society stories on ITSPmagazine, visit:

Watch the webcast version on-demand on YouTube:

Are you interested in sponsoring an ITSPmagazine Channel?

Episode Transcription

Please note that this transcript was created using AI technology and may contain inaccuracies or deviations from the original audio file. The transcript is provided for informational purposes only and should not be relied upon as a substitute for the original recording as errors may exist. At this time we provide it ‚Äúas it is‚ÄĚ and we hope it can be useful for our audience.



Marco Ciappelli, David Waugh


Marco Ciappelli  00:02

All right, we are we're on redefining society. And for the people who are watching the video, you'll see there is two people here. And it's not just me and Sean as often happen. It's actually a guest, David wall. Join me, how are you doing, David?


David Waugh  00:18

I'm doing well. Thanks for having me, Marco.


Marco Ciappelli  00:21

Very good, very good, just want to, we want to make people listening to audio only that, that you're here. So a little introduction about what we're going to talk about. So he's redefining society, where we look at how technology is affecting society in the good and the bad, and how maybe cultural changes are driving technological changes, or as many times happen is the other way around. And often we talk about education, it's a big part of our society is a big part of, you know, of course, educating the next generation and an often time technology. It's part of the conversation and when technology is part of the conversation, I think David will agree with me, cybersecurity is going to take a slice of, of the picture of the action. So I'm gonna start to introduce David on actually, I'm gonna let David introduce himself and, and tell us what he does, why he's the good person to have this kind of conversation. And we'll dig in about this relationship between education, schools, technology, cybersecurity, with a focus on cybersecurity and why school had become maybe a target maybe a little too much. There it up to you.


David Waugh  01:45

Thanks, Marco. Pleasure to be here this afternoon. Again, my name is David wall. I am one of the founding team members and the chief revenue officer of a company called Managed methods Inc. Managed methods is a company that's dedicated to cybersecurity data protection and student safety, specifically for K 12 educational organizations around the world. We're based just outside of Denver, Colorado, in the foothills of the Rocky Mountains at a place called Boulder, Colorado, home of the University of Colorado Boulder. And we've, we've been in the market, you know, going on six years now. And again, we're focused on this topic, cybersecurity, and student safety and data protection for our school systems. public, private, you know, we work with them all, big, small, everybody's impacted by and so that's why I'm happy to have this conversation about this topic. Because it's very near and dear to me, not only for my day to day business, but in my personal life. You know, I have children, like many of the audience members, I'm sure to my wife works in elementary education, I have a high school boy and a middle school or junior high, depending on what part of the country you are. But she's, she's, you know, she's in the system as well. And you know, between the two of them, I see technology in action nonstop. You know, and so it's it is a very, very important topic. And like you said, Marco, yes, you cannot have a conversation about anything technology related these days without bringing in the conversation of the cybersecurity angle.


Marco Ciappelli  03:24

Yeah, as a matter of fact, when when we started ITSPmagazine, it was the relationship intersection between society and cybersecurity. And we added technology in general, at that point, said, we can talk about anything, I mean, literally anything at this point, because every company is a technology company, nowadays in a way or another. And again, if you're in technology, there is a cybersecurity now, I'm wondering if, if a lot of people listening they're not in the cybersecurity industry may be wondering why it's such a big issue that there are company like yours, they're specializing in this and, and why maybe I'm saying, you know, reading the news and everything, you don't really hear much, unless something really bad happened. And so how, how much is this relevant topic in for schools and institutions? Versus the what could be the impression and the overall feeling of the regular people, even if they have kids in school? I mean, do they? Why don't we talk about is more and why do we need to talk about it more?


David Waugh  04:38

Well, I think the first way to position this as why it's relevant to everyone in society is, you know, at least here in the US. Everybody pays taxes and tax dollars go to fund our public schools and in some cases, that money trickles down into the private sector and private schools and other areas. You know, I think that a lot of people take for granted if they don't have children, like, they don't pay attention to the topic of schools, but in some way or form, it always comes back to impact our society. Second is parents, so many of your audience are people like me, they have school aged children. And, you know, not only am I concerned about the well being of my children in their social emotional aspect, and in school, and how the school and the technology and the curriculum play a part of that, but then protecting my children. You know, the conversations, when we talk about schools and school protection, the obviously the sad one that gets front and center is the physical security because of violence and other things. But technology is front and center with everyone today, you and I ever everybody technologies in their life, and it's in front of them. But it is come front and center in the education world, especially within the past five plus years. And then during the impacts of the global pandemic. That's the only way schools were able to continue on was through advancements in technology. So I think that, you know, a lot of people maybe are not aware of how big a problem it is. And when I say problem, the threat to the global K 12 system. And simply because if you just look at a market, and you're a technology guy, and you get it, when you look at the landscape of technology, I spent my first 25 years of my career working with Fortune 1000 companies and commercial data centers and enterprise technology, where they have a focal point and a view on technology and in budgets and expenditures, and then protecting that technology. Education was a was kind of a laggard, in not only adopting technology, but then of course, as they adopt a technology, just due to ratios of funding and resources available. They don't have, you know, vast IT departments that have maybe the pedigree, you know, when it comes down to things like cybersecurity, a lot of times within school districts, you know, around the world, they're just trying to keep the lights on, keep the network connected, and make sure that the classroom day to day flow happens. And so over the last, you know, five years or more, the K 12 education market, if you would, has moved into the top five most targeted for cyber attacks. And this is according to annual studies put out by like Verizon, IBM, and others. And there's an organization out there that even tracks it. In Oregon organization called the K 12. Six is a nonprofit that tracks these things. And as an information exchange, specifically around cybersecurity for K 12. And since 2016, there's been, you know, in excess of 1300, publicly disclosed cyber incidents involving K 12 public school systems in the United States. So, Marco, that's why this conversation is one that I think is becoming a little bit more mainstream. You know, when I present at conferences around the country, I've actually got a slide that I put up, that is a slide that just builds it's all of these media stories that have been ripped from the headlines over the past 12 months, and it fills the screen. Because a lot of people just maybe they don't see it, because they're not following it in their blog, or their you know, whatever their their their Twitter feed.


Marco Ciappelli  08:34

Or maybe unless it happens to the school where you're either teaching or your partner kids, or your kids go there. So for those who may be lucky enough that they didn't get directly involved in this. Can you give us some of the example of what kind of attack are we talking about here? We're talking about ransomware data breach, or the above?


David Waugh  08:57

Exactly. I mean, well, you know, what, this past school year, at the start of this past school year, what was the one that probably made the biggest national headlines, and that was LA Unified. You know, LA Unified, one of the biggest school districts in the United States was crippled as a result of a cyber attack. And, you know, you asked good questions. Well, what are these attacks? And why are these threat actors coming after school systems? You know, you're talking everything from ransomware attacks to phishing scams, account takeovers, malware injections, third party applications that get installed that have maybe inappropriate content and access into the systems. In a lot of it comes into even just when we talk about cybersecurity incidents, sometimes internal data breaches that are, you know, maybe not intentional, but it's so easy today in the world of cloud based computing to overshare information. So, you know, when I talked about, you know, that organization that was tracking these things, People ask well, why is it that, you know, cyber attackers are going after schools? Well, there's kind of two landscapes, one ransomware money, and two is data. So the median amount of money stolen from school districts during phishing attacks between 2016 and 2020 was $2 million, according to published studies from the K 12, six research organization, so that the cost of one incident, you know, in one case was in excess of $10 million. So, it goes back to what I was talking about earlier, why should people care about these things, because it's, it's kind of like protecting the infrastructure of the power grid, and because it'll impact us ultimately, in our daily lives. And as a taxpayer, you know, if a school district is dealing with theft, and loss of money, and ransomware, not only does it stop that school from being able to operate, but then it just, it's costing all of us money, you know, it eventually is going to come back to impact this. The other side of that coin is what are they after Marco is there after the data? How many children in the United States under the age of 18, have used their personally identifiable information, first name, last name, date of birth, social security number, to apply for a credit card, or a car loan, or, you know, a bank loan, whatever it may be. That's the ultimate goal, that threat actors, why they're targeting the education community, is because it's a treasure trove of data. So not only can they, Hey, as long as we're in here, and we have the data, we're going to, we're going to hold you for ransom, because we want to get money up front. Might as well get anything we can while we're here. But the reality is, what they're after is the sensitive personal information behind the scenes, and other information from the school. So first and foremost, school districts. kiddos are a treasure trove of personally identifiable information that can be sold on the dark web and use for everything else. And you know, I can point to countless situations of identity theft, where school aged children didn't know their identity had been stolen until they graduated. And we're applying for like college loans and other things.


Marco Ciappelli  12:11

So long a long term investment. Oh, yes. Yeah,


David Waugh  12:15

absolutely. So it's the gift that keeps on giving. But, but they also while they're in there, they can go after the staff data. So credit card information, financial information, bank accounts, you name it. So to answer your question, Marco is it's a, it's a bigger picture. And when you sit down and explain it to people, you can see that light bulb go off and like, Ah, okay, especially a lot of people that may be in this audience, IT professionals are probably all nodding their head and going oh, yeah, I guess. Yeah. And last, but not least, they're just, you know, they're, they're understaffed. So I mean, this is a longer, obviously a longer conversation. But that that's, that's the issue is they were, they were kind of defenseless,


Marco Ciappelli  12:55

let's go there. Because that many time, I don't want to think of this system, the school system, like similar to when I talk about small business and cybersecurity, they're not going to come after me. I'm not the big company. But you are an easy target. Because you don't have it cybersecurity team, you don't have everything in place, maybe you don't even have the latest patch on whatever even old system you're using. And so they don't understand that it's actually a number game this many times, right. So is this a typical excuse that you'll find in school as well like we understaffed under budget? Nothing we can do about it? Or who isn't going to pay for this? Right? Or if something happened? Who is going to cover the cost of the rebuilding? So let's get to the next like, stuff happen. Now, what now? Does it really at that point, somebody does something and by somebody I'm thinking government State School Board, who is taking action at that point?


David Waugh  14:08

Well, and that's been that's been the challenge over the past, you know, 510 years. In the past, you know, five years is really in the past three years. This has become a front and center conversation in Washington, DC and in every state capitol around the United States, which led to the US Congress passing the K 12 Cybersecurity Act of 2021, which then has led to a recent publication last month where the cysa the cybersecurity and infrastructure security agency, published a long awaited guide on partnering to safeguard K 12 organizations in the United States and so they put forth a guide guideline in the pub, the report is publicly available to anyone out there. It's called K 12, protecting our future report. And they set forth guidelines. Marco, for that. Comment, you know that question you kind of asked, because, number one, it's about first and foremost, you asked the question about who's paying for this. And what happens? Well, of course, just like in the business world, in the education world, there is things like cybersecurity insurance available. But in the last five years, the cyber security insurance companies have started to crack down more to say, look, if you're not taking basic measures to try and safeguard yourself, then we're either not going to insure you and underwrite it, or we're not going to, you know, or your premiums are going to be sky sky high. And so, you know, it always boils back to funding budget money, that's always the first thing. You know, unlike in the commercial world, where, you know, large banks and financial institutions and manufacturing companies, they're, they're making a profit. So it's, you know, they're their business, they kind of have to do those things, you know, they have to reinvest in the business to safeguard their business. But in the education world, you know, it's, you know, it's, we're still operating on 2030 year old models of how schools get funded by taxpayers, federal government, state governments. Because, you know, when I was a kid in school, we didn't have the computers, we had a computer lab, and there was no such thing as cybersecurity was it was like, what, who's gonna steal?


Marco Ciappelli  16:27

It wasn't even connected to the Yeah, it was. Somebody's called what?


David Waugh  16:34

Exactly cyber security was somebody running out of the school physically carrying the computer in their hands. But it is, so again, the first and foremost, it's everything's out of date, all the laws, all the how you fun things. And so and so, you know, a lot of times, you know, our conversations with schools Exactly. Like you said, Marco, it's kind of like, well, who's gonna pay for this? Or how do we, how do we pay for this, because in a lot of places in the United States, both on federal and state laws, money that gets raised by taxpayers through elections, bonds, mill levies, you name it, you know, in some places, they have rules of like, 8020, where 80% of the money that gets raised by taxpayers has to go directly towards the classroom, in teaching the children. That's, that's what it's for, it's for school. And it's not, you know, it's not earmarked to say, oh, no, this is gonna go towards safeguarding the school, when we're trying to either build new schools or improve physical safety, you know, there's all these challenges. So this report that sister put out on Cato protecting our future, they, they, they basically have found some key findings where they're trying to set forth and say, Okay, we need to stop and at least have a narrative now, where everybody in the United States in K 12, in government is at least aware of this, and is now talking about it. And there's a priority of investments on basic safeguards. So they're trying to put some protocols in place now to say, okay, look, we're not sure how we're going to get the funding. But we're going to put legislative policy in place that ensure that funding can then be done in some way, shape, or form, whether it's from the federal government, state government, taxpayers elections, you name it. And then they're laying out rules to say, Okay, we have to put basic things in place like multi factor authentication. You know, implement testing and backups regularly regular Incident Response exercises, threat prevention, things that a lot of times, most school districts out there don't have, and in a lot of cases is because they don't even know it exists. Because Marco, if you go into some schools in the United States, you know, 80% of all school districts in the United States are less than 5000 enrollment. Many of those in a lot of rural places, Marco, they're less than 2000 enrollment. And you go into their IT departments. And it might be one or two people. And that person that's in charge of it might have, they might be 18 months removed from teaching a class, or they might still be teaching the class. So what's trying to happen now is it's a cultural society thing, that that's trying to change now. And finally, the federal government and state leadership in state governments are starting to listen to education organizations, nonprofits, vendors like us. They're starting to finally listen and wake up to and say, Okay, we need to at least put some policy in place, start a narrative, make some recommendations, and then figure out where to go. Now, of course, the report that came out from CES Uh, is nearly right now a report with some key findings and some some basic recommendations. But a part of that is is they are trying to put out some free resources, like some digital toolkits and guides and things that will help people that are not necessarily trained in this at least get started. But it's still there's no funding for it. Meaning it's not like this report came with, Oh, hey, by the way, based on the size of your school, you're gonna get a grant for X amount of dollars. That's not there yet. But it will get there. Because the more the more we have these conversations, it'll eventually we'll get there. It's kind of like the conversation of, you know, helmet laws for motorcycles and seat belts for car drivers. You know, how long did that conversation happen? And ultimately, enough studies and facts and things came forth, whether you believe in an agreement that or not, doesn't matter. But eventually enough conversations happen that finally, as a society, it changed. Now again, there's still people that won't put their seatbelt on wear a helmet. But point being is that at least now, this was a major milestone to have the federal government not only pass the act, Cybersecurity Act for K 12 of 2021. It was the first of its kind, but then now for the leading agency in the United States, cybersecurity infrastructure security agency and Sissa to now say, Okay, we have a whole dedicated team to this now. And this is going to be a mission moving forward. And now it's got to trickle down to the states. society, society will change, ultimately, society will become more savvy. Because if you look at society today, you and I, you know, I, you have better hair than I do. I've got gray hair, if it's still there, but you and I were not born into the generation of this. Yeah. Yeah. As you and I were kind of talking off camera before we got started, you know, I,


Marco Ciappelli  21:58

for those listening, this is smartphone.


David Waugh  22:01

Yeah, sorry. Sorry, I raised raised up.


Marco Ciappelli  22:04

Okay, I need to tell the movie. That's right. People don't.


David Waugh  22:08

But I mean, to many of the listeners, or viewers, or however they're, you know, enjoying this today's you, there's gonna be all different ages, just like it within our company. And I sit with my children. But I mean, I have staff members who, you know, weren't even born when I came out of college and had my first job. And, you know, just the societal conversations right there alone. Because, you know, I went through school, primary school in the United States and college, where this conversation didn't exist, because the problem didn't exist. And now you fast forward, and I think as our society, ages, meaning more of the younger generation that has been born into and has grown up having the internet, you know, smartphones, tablets, laptops, being able to connect from anywhere work from home, I think we'll get more advanced with our technology. Because when you talk about K 12 education, obviously, there's a younger generation, a newer generation in our society that are now educators and administrators and working in school districts. And they're just, they're more savvy to it, because they've, they've worked with it since day one. So I think, I think we're heading in the right direction. are we behind schedule? Absolutely. I think the reason K 12 hasn't gotten as much attention even though it's now in the top five most targeted of cyber attacks is just simply, it's not as glamorous in the headlines. Now, again, LA Unified. One of the top five biggest school systems in the nation, when you cripple and shut down, one of the biggest school districts in the nation, especially in a place like Los Angeles, it gets front and center media attention. So


Marco Ciappelli  23:54

we're talking about society. I mean, we always talk about there is a break a breach, and people are alarm and then we forget about it, we move on with our life. And then in the in the industry, we always say, you know, the waiting for the big event that is going to change everything. Now, my personal opinion is that big event has happened. They haven't really changed much. I mean, the and I'm going to connect with what you say, someone who does the follow up sociocracy ology and cultural changes, you said something very important AI technology is way much faster than then the societal changes even less legislator, and best practices and making regulation that are going to address that, especially when it's not a business decision. So when you go and talk to, to the school, I mean, who you're talking to, I mean, you talk to a politician. I'm assuming you're not talking with a CSO


David Waugh  25:01

So actually, actually we are well, not a CCIE.


Marco Ciappelli  25:03

Okay, good. Yeah, very, very few say Miller's.


David Waugh  25:07

Yeah, we're, you know, every every school district out there has some form of technology leader person, you know, they may be called the director of technology technology coordinator, you get into the bigger school districts. You know, you get into bigger school districts and they operate just like a business, a corporation, you know, you've got a chief technology officer, you might have some schools, you know, you said a CISO. There are some schools, but I would say, very few, you're, you're talking only the largest school districts that have a CISO. And, you know, in fact, one of the biggest school systems in our country, you know, I won't name their name, but we work with them, we have for multiple years. This is a district that has upwards of 200,000 users in the school system between, you know, students and staff, they're, you know, they're upwards of 180,000. kiddos, and, you know, 18 to 20,000, staff members. That's like, that's like a big corporation, you're talking 200,000 users on computers and a network every day. And, and yet, their cybersecurity team consisted of three people 200,000 to three. And yet, you, you can almost have the same conversation with a rural school districts here in Colorado that has 1000 kiddos in the IT department consists of one person, you know, arguably, you could say the smaller school, the ratios are a little bit better. So when we go out and talk to folks, you know, I just came back from a big, big, big conference in the state of Texas. You know, I'm talking to the technology, leadership of schools, I'm meeting with superintendents, occasionally school board members, but in general, it's usually the heads of technology. And then their teams that deal with network computing, or operating specifically manage methods, we work with school districts, specifically to secure their core communication, which is the email and file sharing. So that's either Google workspace, which is your Gmail drive, shared drives, that kind of stuff. Or it's the Microsoft 365 world. So Exchange Online,, OneDrive, SharePoint OneNote, teams zoom. So we we get attention quickly, because that's the core communication. And in fact, a school that were a newer customer we recently bought on board, the superintendents count had been compromised. And they attackers were using the superintendents compromised account to then send targeted types of phishing emails to people insensitive parts of the of the district finance office about releasing funds or PE funds to these types of things. So we, we caught that. And we're able to isolate and understand the incident and help them thwart this attack. So when you when you get the leader of a school district, the superintendent is essentially the CEO of a school, when when that cyber incident is front and center right on their account, you usually can get their attention and have a conversation.


Marco Ciappelli  28:16

Yeah, it got a little too close. Right? Exactly. You got that tension, you get attention. Listen, I like to as we're starting to wrap up, of course, there's a large conversation that can be even brought to different aspects of it about social engineering is about training, the people having technology resolve, or the problem that technology and people created, or maybe a mix of the two, which is kind of like my, my angle, usually. I always like to end with a look at the future. I'm, you know, technology society, futurist by interest. And I'd love your opinion on how do you see things change as we move forward and not even go too far? Yeah, and 510 years from now, I mean, are you expecting some regulation to really take place and make a mandate in order to dedicate a certain budget to securing the school because the kids are involved? Do you think it's something that is going to come more from the public? The parents? I don't know. And as you're talking about that, where do you see the risk going? I mean, it's a we talking about mobile device. We talking about the structure the need for renovation of the school itself. So kind of like in general, what's your vision for for the future of cybersecurity, k 12. Oh,


David Waugh  29:49

wow, that's a that's a long conversation that


Marco Ciappelli  29:54

you have 30 seconds. Yeah, I feel like


David Waugh  29:55

we need like a bottle.


Marco Ciappelli  30:00

First, we could do that again. But just a quick thoughts of


David Waugh  30:06

I think, I think the I'm frightened that not enough will change. I think that in the, when you say like in the short term, if we talk like five years out, I don't see drastic changes happening in the next five years I see more policy. You know, I see more government talk, where you'll have the federal government putting out certain mandates, and then state governments either trying to go along with it or contradict. And a lot of that, of course, depends on the political scene of our society course, which it always does. And that's one of the big challenges, of course, with his audience of public public education. But I think we'll continue to see technology, take over the classroom more and more, we've already seen it, and a lot of that major industrial revolution type shift occurred because of the pandemic. So we saw a whole different way that a lot of schools looked at technology and how they implemented it and use technology as a result of the COVID 19 pandemic. But now, as we move forward, I think we've plateaued a little bit, I think, as a whole society, and at least education is like taking a deep breath, like, you know, like kind of just trying to catch up because there was so much that happened during the pandemic. And now, with things like this report coming from Cisco, I think that we will definitely see a lot of change in the next few years. At the federal level, when it comes to policy, and maybe suggested regulations, I think we perhaps may see an overhaul to some large national laws like CIPA, the children's internet Protection Act, which ties to E Rate funding, which is already right now being debated by the FCC. And E Rate is, you know, for those who are not familiar is money that is provided from the federal government, for schools based on telecommunications. But so I think, Marco, to your to your question, the first amount of change we're going to see is going to be I think, at the policy legislative level. And then it's going to take some time for that to trickle on down to the schools themselves. But I think we're also seeing a major societal shift right now and awakening to what we're seeing in mainstream media. And this affects all society. And that is how the government and Silicon Valley are facing off on privacy, social media, you know, what's happening right now with the big, you know, social media giants in front of, you know, you know, Washington DC right now, that is going to ultimately have an impact on how things happen in the schools. Because ultimately, what drives everything with schools is laws that are set forth by the federal government that apply to funding. And when you basically cut off the funding chain, and say, if you don't comply, you're not going to get the money, then things automatically happen. That's how it always works. So I think what we're going to see is, first and foremost, again, policy changes, some legislative legislative stuff. And then again, what will happen in society based on some of these social media battles between Tiktok, Facebook, Instagram, you know, you name it, I think that's going to ultimately play into how technology and privacy and security is impacted on kiddos in our schools, because that's what's going to drive it. So


Marco Ciappelli  33:36

it comes down to education. And I'm not just saying this, because we're talking about education, but because it is applied to everybody. Even if you're not in school, obviously, if you don't know you're not an act, absolutely. And I'm not, I'm thinking like we can just wait for the policymaker to do something. But we can actually accelerate that by using our public opinion and understanding that cybersecurity is part of our life and, and that's the big bottle that professional like yourself, and like the many that I talk with, those are the story that we have to say and we have to tell and I'm happy to know that Cseh which are doing really good things, by the way with their leadership with Jan and you know, overly in and curious grab before that. They're doing good thing. I think public opinion is important to put out these reports and really say there is a problem here and now that we found the problem, let's find the damn solution.


David Waugh  34:39

Exactly. It's it's this it's having a conversation about it. It's It's why, you know, manage methods. We go around the country and presented all these conferences about these topics. It's, you know, it's true. Sure, we want people to know who we are, but at the end of the day, it's the more conversations that like your podcasts and you know, ITSPmagazine have and the more conversations that people have in public forums with Cisco and other agencies. You're absolutely right. It's it's awareness is the first thing we have to get people to understand they have to know that there's an issue, and then know that it impacts them, whether they're working in their education community, or whether they have kiddos in it. If not, they're paying taxes to it. So there's involves everyone.


Marco Ciappelli  35:24

Absolutely. And then eventually, it's going to affect the family as well, as you say, if the data privacy, the private data of a kid, they're going to held there, I'm pretty sure that you can cross reference to parents as well. I mean, who is the one that is paying for, for the things? So if you think about it, it's everybody's problem again, right? Absolutely. No? Big, big conversation. I truly hope that people listen in, they have a lot of questions in their head, because that's what I feel like we had a successful conversation like question, maybe go in and ask to your school board. What are we doing here about this? And, you know, maybe, maybe we need more conversation about this and appreciate what you David, going around conference and talking about it and the company that is that is actually addressing the problem. So in terms of those resources, if you want to share with our audience, we'll put it into like the Sisa reports and the K 12. We can put it in the in the show notes. And that's my invitation to everybody to check the show notes to get in touch with you, David, if you want to share your social media, you're a way to get in touch with you and maybe to learn more about what you're doing for this problem. So thank you very much. I really appreciate it.


David Waugh  36:44

Marco, it's been a pleasure. I appreciate you. Thank you very much.


Marco Ciappelli  36:47

Very cool. Thank you.