Jul 09 2026

ISTELive 26: Cybersecurity Is Everybody’s Job – How K-12 Districts Are Building a Culture of Shared Responsibility

One of the greatest group project collaborations in K–12 right now has nothing to do with social studies or science projects. 

The IT leaders who understand the risk tend to speak in technical language, while the administrators and educators who control the budget speak in outcomes. Finding a shared vocabulary helps them fight — and ultimately fund a defense to — the K–12 cybersecurity crisis

The school year ended with a historic cybersecurity attack across K–12 and higher education, punctuating a point that teachers, IT leaders and school districts have been very aware of, with schools experiencing an average of five cybersecurity incidents per week

DIVE DEEPER: Tom Ashley shares more on what it takes to be cybersecurity-ready in K–12.

At ISTELive 26, Suzan Brandt, director of technology at Mountain Brook Schools, talked cybersecurity leadership and other topics at her session, “The Great AI Debate: Provocations for the Future of K–12.” 

She shared what she’s learned about making cybersecurity legible to the people who need to understand it most — board members, community stakeholders and the teachers who are, whether they know it or not, the district’s first line of defense. For districts just starting to assess their posture, she points to a free, K–12-specific resource built on National Institute of Standards and Technology standards that helps teams find out where they are, identify gaps and build a roadmap without needing a room full of security professionals to interpret the results.

EXPLORE: Check out more ISTELive 26 coverage for insights on how to support student learning.

At their session, “Leading Cyber-Resilient Schools: Turning Digital Risk Into Leadership Strength,” Jessica Hammond and Todd Hammond of Ascend Teaching and Learning brought the argument to life from two angles: she from the education leadership side, he from the security practice side. Together, they make the case that cybersecurity’s most powerful lever isn’t a tool or a policy – it’s culture. 

“When we connect cybersecurity to those responsibilities,” said Jessica Hammond, founder of Ascend Teaching and Learning. “It moves from a technical issue to an executive priority.” 

Tom Ashley, national K–12 cybersecurity strategist for CDW, who helmed the session “From Gaps to Gains - Advancing K12 Cybersecurity,” offers the practical thread that ties it together: what CTOs in reactive mode can actually do right now to start shifting the conversation where it needs to go.

Click the banner below to discover how K–12 IT leaders are prioritizing cybersecurity.

Participants

    Suzan Brandt, Director of Technology, Mountain Brook Schools

    Jessica Hammond, Founder, Ascend Teaching and Learning

    Todd Hammond, Security & Risk Officer, Ascend Teaching and Learning

    Tom Ashley, Education Strategist, CDW Education

Video Highlights

  • Board members don’t just need to understand cybersecurity, they need to be able to explain it to the community. Framing security investments in plain language gives them the vocabulary to carry that message beyond the boardroom.
  • A cybersecurity-aware school culture doesn’t require everyone to think about security all day. It requires every staff member to know what to do in the moment so the security team can do the rest.
  • CTOs in reactive mode can shift the conversation by leading with outcomes rather than tools: how a breach impacts instructional time, the district budget and community trust are the arguments that move superintendents and school boards.