Month: December 2021

A [honest] reflection on 2021

Firstly, let me say I am glad to see the back of 2021.   The end of the year has been very challenging, and not in a good way, including significant family health problems in December and a bout of Covid over Xmas.  Looking back at the year in general I find it difficult to actually find much positive to reflect on.   As such will just be glad to see 2021 draw to close and will have my fingers firmly crossed that 2022 will be a better year.

Beer anyone?

So, reflecting on my pledges seems like a good place to start in reviewing 2021.   Back in Jan 2021 I suggested having a dry January or at least 1 dry month, free of alcohol at some point during 2021.   I will admit I never got close to this and as the year draws to a close am drinking more.   I put some of this down to stress however also admit that a beer is one of the few vices I have so think it is fair to have at least some, hopefully balanced, drink based enjoyment and relaxation.   This, however, is something I want to address in 2022 although am not sure a dry January is possible.

Time for a book

My reading in 2021 continued with more than 12 books read across the year.   This has been a pattern now for a couple of years and I do wonder if now I am reading just to meet the target rather than for the enjoyment or to gain new insight or knowledge.   My reading has very much been non-fiction so this is something I need to consider.   I think maybe adding some fiction to my reading list, just to mix things up might be a good way forward.

Running man

If there was one area where I think I did reasonably well in 2021 it was in my running.   By the end of the year I had run over 750km during the year, way more than the 500km I predicted.   I think I am healthier for it.   I will admit my runs lacked much consistency although I did achieve consistency where it counted in simply getting out and running in the morning throughout most of 2021.   Going forward I may need to find some new running routes possibly or some other way to keep my running fresh and interesting rather than just a chore.

In need of a holiday

Again, the pandemic put paid to any breaks or holidays away so when I look back the year seems to have gone reasonably quickly.  I suspect this is largely due to everything becoming routine so lacking in any significant memorable moments in order to mark the passage of time throughout the year.   I suspect this further adds to my feeling of 2021 as a bad year for me as there is simply little to look back on where I am happy to have achieved something or have enjoyed a specific event, break or holiday.

Connecting and contributing

This year saw me start sharing some little 10min podcast episodes in addition to my usual blogging.   I had been considering doing this for some time but never got around to it until late on in 2021.  This is something I want to continue to produce and hopefully build on in future.     I also finally got back to a face to face conference, in the schools and academies show, where I presented an EdTech focussed session.   The other face to face conference I was due to be involved in, was sadly cancelled due to the ongoing pandemic.     

2021 also saw a lost family contact reach out to me.   I had held off reaching out myself for reasons which are my own, however for them to reach out allowed contact to be established and hopefully this is something which can be slowly developed and worked on in 20222.

Take notice

I kept a journal over the course of 2021 and this is something I may reflect on in more detail in future.   I think if there is anything consistent that can be taken from my notes it’s a sense of frustration and a lack of progress.   I note I even mentioned feeling depressed with things on a number of occasions.   I think this about typifies the year as I see it.

Mental Health

This links to the point above.   A lot of 2021 felt like simply going through the motions.   It was busy.  Things got done.  But did I draw much enjoyment from things?   I think generally I didn’t.   It was generally “run of the mill” processes.   I wonder though whether the ongoing news broadcasting regarding the pandemic and the restrictive measures being put in place, and generally depressing news played into this, making me feel more depressed than I maybe had done in previous, non-pandemic, years.    I also wonder whether a certain amount of isolation on my part, with a limited friends group unlike when I lived in the UAE and had a large friends group, also plays its part here, only added to by the isolating impact of the pandemic.    I will admit that I need to consider my own mental health;   My exercising is part of it, however generating positive memorable moments, having enjoyable activities planned, and much more also goes into establishing positive mental health.   It may just be that doing this, in the current context of the UK and the world may just be that little bit more difficult.

Overall

When I look back to January 2021 I mentioned that I suspected 2021 was “Likely to start of[sic] challenging”.   I think the reality is that it didn’t merely start off challenging but continued to be challenging throughout the year, ending on a month of very significant challenges.   Am I happy on reflection with 2021?   Sadly, I think the answer is no.   It seemed to pass quickly which I believe suggests it was devoid of many memorable, positive moments.   If I was trying to sum it up in a phrase it might be that 2021 “wasn’t anything to write home about”.   I also acknowledge I considered myself depressed at various points in the year and this might colour my reflection.   I will also admit there were some positives, its just that they were subsumed in the general negativity of the year in general.

2022 is a new year.   It’s an opportunity to start afresh.   So with that, I will shortly close the door on 2021 and hopefully move forward into 2022 with an aim to make the year a better one.

Happy new year to all when it arrives and may you all have a great year, stay safe and remain well.

End of term 1, 2021/22

And so the first term of 2021/22 has came to a close.   As such I thought I would share some short reflections on the term.   I am also going to share some reflections on the year as a whole in a later post, but for now I would like to focus on the term.

The first thing I will admit is that time has flown by.  I can’t quite believe it is now the 19th December as I sit and write this, and that the first term of 2021/22 has already came to an end.

September 2021

As the start of the new academic year approached, the pandemic impacted on my IT services team, with a bit of a “pingdemic” resulting in a number of staff self-isolating, awaiting PCR tests.   Thankfully everyone came back clear and this happened before the year began.    This year saw me join the school Executive Group meetings.    This should therefore help me in the ability to see what strategic decisions are being taken at an early stage.   It will also help in giving me a forum to raise cyber security concerns at a senior staff level.    I also contributed to The Access Group’s Access All Areas programme, delivering a talk on cyber security in schools.

September saw the first of the schools IT Management Group meetings, a meeting which I chair.   The first meeting quickly showed how busy the start of term was, as I repeatedly called a member of staff the wrong name during the meeting.  Clearly my head was a little bit turned.   I was so embarrassed by this, and disappointed in myself.

October 2021

Stepped in to run one of the schools esports sessions given the normal staff member was self isolating.   Had significant help from the technician on my team who has been great in getting everything setup and in supporting our esports provision.   It was nice to once again get in amongst students playing competitive games, something I used to do some years ago when I worked in colleges.  Following the session I have decided to explore running further sessions as part of the schools activities programme to try and support and grow our esports provision, with this hopefully starting in the new term, in January.

I also spent a reasonable amount of time this month discussing with individuals I wanted to join me on a conference panel session focussing on cyber security in schools.  This included an ethical hacker, a representative from the NCSC and also a representative from the ICO among others.   Sadly, the conference was later cancelled due to the ongoing challenges of the pandemic.

Related to the above I also spent time generating some short 4 or 5 minute videos focussing on Digital Citizenship and cyber security for use with staff and students.   I have finally learned not to spend too much time getting videos perfect and not accepting minor errors or “ums” and “ahs”;   The video just needs to be good enough.    By accepting this I am now able to produce the required videos much quicker.

November 2021

Intermittent issues with the schools core network switches were a growing issue in November.  The issue had started towards the end of September however progress to identify the issue and resolve had been slow, largely due to wanting to avoid downtime associated with more aggressive investigation of the issue.   By November, the fact that the issue hadnt been resolved, may having been starting to give some people questions as to my competence, and I will admit I was beginning to worry too, however towards the end of the month this issue was considered resolved and I think the decision making, to avoid any more substantial downtime was proven to be the correct one.    Often the only way we will know if IT decisions are correct is in the future when we look back, so decision making in the moment can be difficult and unclear.

For a while now we have been hearing of Wi-Fi issues in some school locations however the info which comes to us largely lacks the detail to allow us to investigate and diagnose the issue.   As such I decided to take a different approach and started pulling data from our Wi-Fi solution on a hourly basis, to get a more general picture of its health.   By the end of the month, we had significant volumes of data where the results, although not eliminating the existence of issues specific to a small minority of students, highlight that Wi-Fi generally functions well for the majority of students.

I visited the Schools and Academies Show in order to present at the co-located EdTech Summit event.   The show itself was a little bit like a small version of BETT.   The main benefit of the event for me was simply the ability to once again meet people in person, so gave me an opportunity to touch base with a number of ANME members among others.    Sadly, as normal, my journey wasn’t without drama as I managed to get on the wrong train at one point!   Normal service was resumed.

December 2021

A family issue took a fair part of…..no, actually, all of my focus, through a good part of December.   This included a trip to A&E followed by 8 hours there including attempting to get some sleep while sat upright on a stool.   Not the best experience.

Had also been exploring a possible Board level advisory position alongside my Director of IT position.   The university concerned was looking for someone with a focus on cyber security so this seemed like an ideal opportunity for me however upon review they sadly decided that I wasn’t quite what they were looking for.   I will admit that this disappointed me as the opportunity looked like it would be an ideal and slightly different challenge for me.   As such I need to continue looking for whatever my next challenge might be.

Conclusions

It has been a busy and challenging first term.    Combined with this I have had personal challenges to deal with plus some disappointment.    I feel this has left me feeling a bit drained and down at times with Xmas music on the radio being the last thing I needed to be hearing, despite the fact it is now almost Xmas.   Looking back, despite the challenges I have managed to progress through them and to achieve a number of things which I should be happy or even proud of.    I think I need a break and to decompress, and that will be the main focus for the Xmas period.    After this I should be ready to begin again, to begin afresh, when the spring term begins in January.

And so to all I wish a very Merry Xmas and all the best for the new year!

A cyber framework for schools

Over the last couple of years in particular I have been thinking about cyber security in schools and what schools need to be doing in relation to keeping their users, systems and data secure.   The issue I come up against is that there are a number of key variables which play on decisions reached in this area.  

Context

First there is the context a school operates in.   The available budget for example will have a significant impact on what is or is not possible in terms of cyber security.   And before anyone says it, I know money isnt the most important thing here, it should be student and staff online safety and the safety of their data.   That said, a school is a place for learning, and would we do less learning in order to be more secure?   This leads me on to my later point on risk appetite.    Also, within the context will be the number of students and staff, the volume and type of data being stored, the schools approach to technology (BYOD, School issued devices or limited IT labs), etc.   Each piece of the content impacts on the decisions which need to be made regarding cyber security.

Risk Appetite

This is key and I think something all schools need to discuss at a senior leadership level, with a clear statement as to risk appetite being established.   Basically, this is acceptance of benefit vs. risk in terms of technology use.    We might choose to allow BYOD due to it being more flexible for users and cheaper than school owned devices however it introduces lots of devices not managed by the school which comes with a cyber risk.    We might choose to allow users to be able to create their own Microsoft Teams to support flexibility versus locking this down and centrally creating everything, which is less flexible but more secure.   Time and time again we come up against decisions which balance benefits and risks, and our risk appetite will dictate how much risk we are generally willing to accept.   A greater risk appetite will generally result in greater flexibility and agility, therefore greater ability to respond to change, whereas a lesser risk appetite will likely limit flexibility and agility, but also limit risk.

Cyber Framework

Given the above and how this impacts each school differently I decided that my approach should be to create a rough framework focusing on the things I believe all schools should do in relation to cyber security.   Additionally, I also created an additional section for those schools where additional resources are available or for where additional risk factors may exist.

You can view the framework below:

Some additional points

Now since creating the framework I have had some feedback online which I thought I would address.    One point raised with me was the exclusion of web filtering for safeguarding from my framework.   I considered this but excluded as my focus was on cyber security and I deemed web filtering to sit better under safeguarding.   That said web filtering which filters out dubious sites offering illegal streaming of sports events or movies would have a positive cyber security impact in protecting users from potential malicious code which may exist on such sites. 

Change management was also raised with me;  This could possibly sit under the process or document headings in that there should be a documented and auditable change management process to prevent unauthorised changes which may introduce additional risk from occurring.   Such a process is very important indeed however is often lost in the need to solve problems and quickly adapt to changing situations in schools.

Asset and configuration management was another area that was suggested.   This highlights the need to know what assets a school has and their setup.   This is likely to be very important in the event of a cyber incident in terms of isolating the issue and in terms of the recovery process.   The more we know about a schools setup the quicker decisions regarding actions can be taken.

Physical security particularly in relation to servers and storage, but also in relation to devices was also raised.    The theft or loss of devices is something we need to increasingly consider.   In the event of loss or theft will the data contained in the device be secure and is it possible to remotely disable or even wipe devices?     Generally, though I feel this area is getting easier to address.

Conclusion

I don’t believe this framework is perfect however my hope is that it is at least a good starting point for schools to check their approach to cyber security and to decide on some next steps.   I also hope it starts discussions in school, noting that no sooner had I posted the first page, than suggestions, such as the above, arrived in terms of how it might be improved.   

I suspect I will need to revisit this framework as the cyber threats change and evolve over time but in the meantime, I think it’s a good start.

Technology and efficiency

Technology can make things easier or more efficient however as with most things, there is usually an opposing drawback or disadvantage seeking to balance things out.    

Take for example the recent plans by some Scottish schools to introduce the use of biometrics, and in particular facial recognition, to try and speed up its lunch queues (You can read more about the plan here).   Using facial recognition means that the student can be recognised as they arrive at the till allowing lunch staff to quickly scan foods items and apply to their lunch account, where the lunch account is topped up with credit by parents via an online portal.   This will likely save a few seconds in lunch staff identifying the student on their system in order to apply the costs.   A few seconds doesn’t sound like much but if you consider 600 students going to lunch each day, even a single second grows to 10mins saved per lunch period or 50mins per week or even over 3hrs per month.   The potential benefit is pretty clear, but is this enough?

Cost

The first, and likely most obvious drawback in any technology implementation is cost.  The cost of hardware, the cost of software but also the cost of planning, implementation, training and support.   In almost every technology solution there will be an additional cost to be considered and it will be necessary to examine whether this cost is worth the proposed gain of the technology solution.    And we need to be careful to ensure we look beyond the initial financial costs and consider the more long-term support, maintenance and replacement cost, the total cost of ownership.   In the case of facial recognition in school canteens, it might be easy to compare this cost against the improvements in service or even a notional cost saving in terms of time saving.

Cyber Security

The other factor which is almost always guaranteed to act in balance is that of cyber security.    Adding addition systems or solutions will likely increase the schools cyber attack surface and risk, even where appropriate risk mitigation strategies have been put into place.   It will also add complexity which again increases risk.   As such, cyber security needs to be considered in establishing whether the proposed gains are sufficient to outweigh any risks or costs.

Data Protection

Data Protection, which is linked to cyber security, is yet another factor that needs to be considered.   It is likely more data or different types of data might be stored as the result of the proposed technology change.  We need to be sure that we have processes in place for managing this, and that we continue to comply with UK GDPR or other data protection legislation.   In the case of facial recognition this is particularly important and one of the stumbling blocks impacting on the Scottish schools proposal.    We need to ensure that data gathering is proportional and reasonable to the purpose for which it is being gathered.    In the case of gathering facial recognition data of children, below the age of 18, it is questionable whether this data gathering exercise, which means gathering sensitive biometric data, plus relates to children, is proportional when the aim is to reduce queuing and waiting times at lunch.    Simply put, technology can bring about the improvement in waiting times, however in the form of facial recognition technology, it is questionable as to whether it should.

Conclusion

I often bleat on about balance.   Seldom do we make gains through technology use without there being some sort of trade off, cost or other balancing factor.    Financial cost is the most obvious of the costs however we equally need to consider the longer-term costs of support and maintenance.   Additionally, the cyber security and data protection related risks also need to be considered in detail before proceeding.   Just because technology CAN be used isnt enough;  we also need to ask whether it is right to use it, and whether it SHOULD be used.