EDTECH: Why is it important for K–12 schools to implement more robust cybersecurity practices?
SHEARS: I think student privacy has to be at the top of everyone’s agenda. I view it as a privacy issue for any individual, not just students. You should have the ability to protect that privacy at all costs. And so, cybersecurity is a privacy issue. No one wants their data on the black web. Nobody wants their data to be stolen.
EDTECH: K–12 is notorious for its funding challenges. What’s the impact of not getting cybersecurity funding?
SHEARS: Urban school districts and rural school districts struggle with per-pupil funding and how we spend money. Most of the money should be in the classroom, supporting teachers. Unfunded cybersecurity is just taking away from them. So, many just cross their fingers and hope they don’t end up a target.
EDTECH: What is zero trust?
SHEARS: Zero trust means that you don’t trust anything that’s on your network. You don't trust anybody. You don’t trust any device. And you track everything that’s done and you monitor everything that’s done, and when something looks suspicious, it's captured, and you put it in an isolated browser.
That browser can’t touch anything on the network. It’s the next layer of security.
Zero trust is something you can do as you become a more mature organization. It’s not something you would start with; you do it after you add other security components.
EDTECH: How did your team at Fort Worth Independent School District get involved in zero trust?
SHEARS: We started with the federal government’s NIST Cybersecurity Framework. We started to implement that, while looking at zero trust as a tool in that journey.