Certified K12 leader
How do you go from a career in telecoms and airport security to chief innovation officer for one of the largest school districts in Washington state? According to Derrick Brown, the man who’s done it: Be a lifelong learner.
“For anyone in technology, or anyone really, who thrives and doesn’t like to be complacent, you have to look for opportunities to learn” Brown says.
Since joining Evergreen Public Schools four years ago, Brown has overseen implementation of a districtwide 1-to-1 program. He says continuing to seek training is crucial. Brown recently attained a cybersecurity certification from Harvard University. “Sometimes when you’re training, you’re not sure what the end result is going to be” Brown says.
“You just know you’re improving your understanding of what you’re doing and gaining the experiences that will make you a more well-rounded person.” Brown is a featured presenter for the Future of Education Technology Conference, January 27-30, 2019, in Orlando, Fla.
Why did you decide to get certified in cybersecurity and how are you using what you learned?
We’ve all read in the news about data breaches at major companies. Not many of these are happening today in K12, but they’re coming.
The certification I pursued was a challenging eight-week online course from Harvard called Cybersecurity: Managing Risk in the Information Age. It is designed for CIOs and CEOs who are making organizational governance changes, which is what we’re doing here in our district.
We have a digital instructional ecosystem with more than 350 digital resources. This training and certification cemented in my mind that it’s not a question of if a cybersecurity incident will happen here, but when.
Now, we’re looking at visibility, time to response, notification, and an incident response plan for when it does happen.
What’s next for you and your team?
Next I’m working on my Certification Information Systems Security Professional. With my superintendent, we’re working on a training boot camp for myself, our director of infrastructure and operations, and some folks from his team to prepare for the CISSP.
I’m not so concerned that everyone passes the test and gets the certification, but that everyone gets the training. In my mind, for an innovative district going down the digital instruction path, this training is a must in order to protect our infrastructure and our student data.
The CISSP certification is several hundred dollars—how do you justify the cost?
It is an investment. Some people get nervous when they invest in staff because they feel that staff may leave. But you’re better off investing in them so that they can do their jobs successfully than having them do it without that knowledge.
Does certification lend credibility to the work you’re doing in your district?
Exactly, that’s the goal. Since we are going to be the authority, we have to have the credentials for this work.
We recently completed an exercise through CoSN using its cybersecurity rubric and score card. I think it helped open the eyes of my team to some areas of improvement. We’re gaining ground, but we still need that professional training and someone certified to lead us down this path.
Right now, one of the biggest threats are insider threats with ransomware and phishing scams. We are doing all we can to educate from the C-level down to everyone who touches a computer to have that awareness, and to create that human firewall before we spend a lot of money on tools and other sophisticated technologies.
This is not just an IT or technology thing, it’s an organizational philosophy and framework that we all have to adopt. I have to be able to train and walk my leadership through this, so we own this project together.
Jennifer Herseim is an editor for LRP Publications and program chair for Inclusion and Special Education at the Future of Education Technology Conference.