Sep 17 2024
Security

Q&A: North Carolina’s Technology Leader for Schools Works to Level the Playing Field

By combining security tools and an incident task force, tech leaders can rest easier, says Vanessa Wrenn.

As CIO for the North Carolina Department of Public Instruction, Vanessa Wrenn holds a unique perspective. The former teacher, principal and district technology leader has particular insight into the challenges facing each K–12 educator and the importance of protecting student and staff data.

In an interview with EdTech Managing Editor Taashi Rowe, Wrenn discussed the importance of the state partnering with school districts to fund technology and cybersecurity and how that helps her to enable digital teaching and learning across the state.

Click the banner to learn what it takes to build a cyber resilient K–12 environment.

 

EDTECH: How does your background as an educator influence your current role as a CIO at the state level?

WRENN: I have seen what technology can do for teachers, what it can do for students and what it can do for administrators running a school. I’m motivated every day to bring the best of what I know to make school an overall better place and make teaching and learning fun. And technology can certainly provide critical tools for engagement, which can make school more fun.

EDTECH: The people using technology most in our schools are not cyber experts. How do we get the cybersecurity message across to them?

WRENN: People are our No. 1 uncontrollable variable, and that includes teachers and students. For me, getting that message across comes down to training.

It’s a balancing act. Teachers should be focused on how to best educate children. However, we must also train our teachers on how to be the first line of defense for cybersecurity and data privacy.

RELATED: Schools evaluate cybersecurity instruction under a new law.

EDTECH: How important is it that the message also extends to parents and the rest of the community?

WRENN: We say all the time that knowledge is power. It’s no different with cybersecurity. You can’t underestimate the impact of knowledge on our parents. It is also important to involve your community and parents in cybersecurity training. When parents visit campus for open houses, it’s an opportunity to show them how to use their computers safely and how to determine if an email is legitimate or not.

EDTECH: What’s the most important thing for educators to know about cybersecurity?

WRENN: We have a tremendous responsibility to protect our students’ data. We used to say that we’re digital migrants teaching digital natives. That was our age of innocence. We loved collecting free tools. We never thought at all about student data privacy, or even our own privacy.

Today, we are in the age of knowledge. Teachers and parents should know and should let students know that anything they are doing online is collecting data about you and your habits. One of the ways we can protect and empower our students is by teaching them skills for tomorrow, such as how to protect their privacy.

We also can’t have them ready for tomorrow if we’ve exposed their data. We’ve got to have a balance between the tools that are appropriate and perhaps streamlining and minimizing some other tools.

Vanessa Wrenn
In some states, the quality of resources a school gets access to depends on how wealthy the local area is. But through my office, I can level the playing field.”

Vanessa Wrenn CIO, North Carolina Department of Public Instruction

EDTECH: As a state-level CIO for public schools, tell us how your office levels the playing field for schools of all types and sizes.

WRENN: When I started out as a technology director, you had to solve for a lot of challenges on your own, such as your learning management system, online course content or security solutions.  Today, part of my role is ensuring that we’ve got the appropriate systems in place for all of our schools to safely operate in the digital space.

In some states, the quality of resources a school gets access to depends on how wealthy the local area is. But through my office, I can level the playing field for teachers, students and parents because, wherever you live in North Carolina, there is a baseline of digital tools that you are going to be provided. So, things such as the student grade book and the parent portal, we provide those things for our schools throughout the state.

Certainly, these are tools that we’ve been able to provide due to state-level funding. It’s been a game changer for our schools.

EDTECH: How does that extend to cybersecurity?

WRENN: We have also stood up some cybersecurity managed services for all of our schools at no cost to them. One of these is a cybersecurity training, and we’ve ramped it up a little bit for people who are leading technology in the schools.

Then, we provide a fully managed next-generation firewall, and that is managed 24/7, 365 days a year. We also provide advanced endpoint protection to our schools and a network asset discovery tool, so they can see what is connecting to their networks.

This comes from our state general assembly, which has provided the funding for these services to our schools.

DIVE DEEPER: Schools with small IT staffs and budgets call in backup.

EDTECH: Ransomware has become very prevalent, often forcing schools to pay to get back access to their data. How is North Carolina handling that?

WRENN: It’s been about a year since we passed a law that no school or public entity can pay out due to ransomware. We also legislated that schools have to report significant cyber incidents, and when they are reported, it triggers a joint cybersecurity task force to come in to support our schools.

EDTECH: Dealing with a cyber incident can be highly stressful to handle on your own. How does the task force operate?

WRENN: In March 2022, through an executive order, the Joint Cyber Security Task Force for North Carolina was created. One component of the task force is made up of the IT strike team, which is 100% volunteers from local government agencies who can mobilize and help a school if it does have an incident. They will be on the ground and be in the school to investigate until we have resolved the situation. They start by containing the incident, discovering what’s happening and offering remediation if needed.

That is a powerful tool we have in North Carolina, and our schools are incredibly grateful. So, it allows our folks who are leading technology in our schools to rest a little easier.

LEARN MORE: Why do schools need incident response plans today?

We don’t want them to have an incident, and we’re doing all we can to prevent it. We want to send a clear message to the nefarious actors: You can knock on our door and try us, but we’ve hardened our security and we aren’t going to pay you a ransom, and we’re going to recover that school as quickly as we can.

Photography by Charles Harris
Close

See How Your Peers Are Moving Forward in the Cloud

New research from CDW can help you build on your success and take the next step.