Skip to main content

Service and leadership that maximize the success of all students

Feb 28
Christy Johnston: Internet of Things in the K-12 Ecosystem
small2.png When thinking about internet-of-things (IoT) devices, one often imagines the stuff of sci-fi such as driverless cars, camera-mounted drones, and talking teddy bears. However, many connected K-12 schools are finding themselves already in the future by leveraging smart thermometers to regulate the HVAC system, buses that act as mobile hotspots, and wireless probeware suitable for any STEM classroom environment. With these conveniences, it is even more imperative to be mindful of the baseline cybersecurity measures that should be in place to protect organizational data. 

A quick win whenever adopting IoT devices is to immediately change all appropriate default passwords for the routers to which these devices may connect. Someone can quickly and easily locate this information online with sites such as 

Another important action is ensuring that all software (either on the device or used to interact with the device) is kept current. Most updates contain some level of protection against recently discovered vulnerabilities. 

Being dependent on the manufacturers of IoT devices to ensure they are impenetrable against the latest cyberthreat is not the safest approach to take given their objective is often profit over safety. As such, ensuring that the K-12 infrastructure is providing a protective barrier is critical to any organization leveraging IoT technologies. This includes, but is not limited to, use of firewalls and intrusion detection/prevention systems, implementation of segregated network segments (such as secure and guest), and finally ensuring that physical security is accounted for as well. 

Living in the future is exactly what K-12 organizations should be providing to their students. To not do that safely is simply not an option.
Jan 31
Ali Maroufi: Meltdown & Spectre

Severe design flaws in modern CPUs including Intel, Qualcomm, AMD, and ARM processers were recently disclosed, triggering a wave of urgent security advisories and patches.

The problem lies in the way these processors have been designed to rely on a technique called speculative execution to optimize performance. Optimization is done by predicting the instructions they are going to be executing next.

Exploiting these vulnerabilities – Meltdown and Spectre are very challenging and in some attacks a physical access is required. This means that a hacker has to spend a lot of time and effort to access an average user’s machine where it would be much easier to get the access via phishing which is a lot easier. On the other hand, for high value targets like financial and educational institutions, Meltdown and Spectre vulnerabilities are a cause to be of concern.

Companies are working to apply available patches while dealing with the performance hit as a result of Meltdown and Specter patches. The average user should not see a major performance changes from these vulnerabilities. Process intensive tasks like video editing and some gaming programs will notice the slowdown. 

Nov 30
Ali Maroufi : Safe Shopping Practices


The shopping season is upon us and with the growth in the popularity of online shopping, the SDCOE Cybersecurity team recognizes the need to talk about e-commerce and what we should be aware of while shopping online. If you are going to get the best out of your online shopping activities without falling prey to criminals, you will need to take a few precautions.

The common security features of an e-commerce site are: the inclusion of SSL certificates which is indicated by a closed lock on your browser near the address bar and a URL which starts with HTTPS.  In addition, the website should comply with Payment Card Industry Data Security Standards.

Criminals often create sites that are the exact duplicates of your favorite ecommerce sites and use SEO tricks and techniques to get you to their site where you will type your username and password to purchase items. Even though search engines are very useful when you are looking for products, there is always the risk of clicking on a malicious site. Instead of just clicking a link to your selected retailer's website, it is much safer to type the URL into the address bar of your browser. Lots of credit card companies will issue a temporary credit card number for their customers.  These cards can be useful for a one-time purchase. Finally, it is best to use a dedicated computer system for online banking and shopping when possible.

Oct 31
Ali Maroufi: SDCOE Cybersecurity Reaches A Major Milestone


Karen Connaghan, Assistant Superintendent and CTO of San Diego County Office of Education, started talking about cybersecurity almost three years ago. I began researching and familiarizing myself with cybersecurity, especially related to coding practices.

In October 2016, Karen was given the approval to create a Cybersecurity team and we used National Cybersecurity Aware Month to kick-off the formation of the team. Since then, we have created many services for all districts to use.

A short list of the services that we provide are as follows:

Awareness: At the heart of our awareness outreach are the presentations and demos that we provide on topics such as cybersecurity, data privacy, and even social media safety. To keep the message going, we create monthly flyers and articles which are available to the districts for their own awareness campaigns.

Procedures: Through our own implementation process at SDCOE, we've been able to craft procedures that are readable and informative to those who are asked to follow them. By offering these procedures to other educational organizations in the county, we are hopeful that they will be able to customize and implement their own versions in a shorter duration.

Training: By providing informative "How-To" resource documentation, we're working to empower those that we support to further share the CyberAware message. At this point, we are also working towards more training opportunities such as a Train-the-Trainer Program for our End-User Awareness Presentations as well as a catalog of technical training events.

Vulnerability Assessment: The Cybersecurity Analysts on our team, Ed Kipp and Vong Sopha, support SDCOE through our Vulnerability Management Program. They've taken their technical knowledge and practice experience and we now offering their assessment services to districts within San Diego County.

We are very excited about the services already in place as well as those that are coming in the year ahead. Stay connected through the Cyber Guru eNewsletter to hear how our program continues to grow.