Month: June 2022

A day in the life – Wellbeing

I wrote a day in the life blog piece some month back, focussed very much on my work day as a Director of IT, however given the ongoing discussions of wellbeing I thought I would share another day in the life, but this time focussed on the wellbeing side of my daily routine.

6am and the day begins;   Am currently trying to achieve 100km of running in June, having completed the same distance in May.   This will be the first time I have managed it in 2 consecutive months.    Running gets the blood flowing and sets me up for the day, while also allowing me to clear the often busy thoughts in my head, instead simply focussing on putting one foot in front of the other, keeping a reasonable pace and managing my breathing.    This morning though I am cutting my run short to around 5.75km to allow me to head into work a little earlier due to concerns I have in relation to traffic.   It is the first day of Glastonbury so I am worried that traffic around Somerset might be a total nightmare.

By 8am I am in work as the traffic was a little heavier than normal but otherwise not too bad.     I have my usual morning routine to work through including looking at my online ToDo list where tasks are split between low and high priority items.   I also have listed personal items to consider at lunch or failing that at the end of the day;  The ToDo list is a holistic list rather than a work only list.    For me the ToDo list is very important as ticking items off gives a sense of achievement, and the morning review of the items gives me a sense of how much flexibility I have in being able to address any unexpected tasks or requirements which might arise during the day.    I do sometimes wonder if I have become a little too focussed on my ToDo list leading me to chase the completion of X tasks each day rather than focussing on doing the things that really matter.

Around halfway through the morning and its time to stop briefly and munch down a packet of crips and drink the all important Irn-Bru.   There are plenty of healthier snacks I could have but I enjoy a packet of crisps and a Bru, so in the interest of balance and having engaged in physical exercise in the morning, I don’t think there’s any harm in a packet of crisps.    Now at this point in the day I have already ticked off 4 of the 6 items I target myself with completing each day.     This target helps me assess how I am doing versus what I consider to be a minimum expectation.    I note that I include some thinking time and prep time on my ToDo list as these equally take time and it is important to allocate space and time as otherwise, other often less important but more immediate issues will take over.

Before I know it lunch time arrives and a opportunity to go to lunch with some of my team and decompress a little with discussions of sport and also some IT discussions;  Is always the case that discussion may tend towards whatever you do for a living as this is an easy topic to discuss however key is that it isnt within the context of the school or teaching and learning, etc.    I also try to make some time to scribble down some blog thoughts over the lunch period and also do a little bit of news and current affairs reading via the web.

My afternoon passes reasonably quickly due to a number of meetings so before I know it 5pm has been and gone and the work day is done.   It is as I leave work that I notice what a nice day it is which is enhanced further by the drive home through Somerset.   As I take in the weather and the scenic drive which is my normal route home I note that I feel just that little bit happier and more relaxed, albeit also a bit tired.  It is amazing how nice weather, a look around the lovely somerset scenery and a drive home with the windows down can positively impact on your wellbeing.   Sometimes it is the little things which make all the difference.       Upon arriving home I stick some retro TV on in the background, a bit of Farscape and Space 1999, while I sort dinner and do a couple of other jobs around the house, with some of these jobs being listed on my ToDo list.

7pm and the dog is fed and wants attention so it’s a bit of time with the dog in the garden.   Now will admit I was not keen on getting a dog but note that, although she is in the process of methodically destroying the house and all furniture she can get to, she also makes me smile at times.  And maybe this highlights the impact that a smile can have on our wellbeing so maybe a part of wellbeing is on finding or creating as many opportunities to smile as possible in your day.

As the evening progresses there are a couple more things to do around the house before settling down to watch a bit of TV and I my case, rewatching Homeland.    It is at this point I decide that rounding the evening off with a couple of beers would be appropriate.    Again, not exactly the most healthy option however in everything, balance, so a couple of beers after a busy day seems perfectly acceptable.

My day was a busy one but I think it had some balance.   It had the less than healthy packet of crisps and Irn-Bru but balanced out against a run in the morning.   It had immediate tasks balanced against some time to plan and think ahead.    It had some quiet and relaxing in front of the TV but also a number of items ticked of a ToDo list both at work and at home.     Now every day cannot be a balanced as this one, with some days feeling like my hair is on fire and nothing can go right but again this is balanced out by other days when everything seems to simply fall into place.

Personal wellbeing, and in particular mental health isnt an easy thing but for me I think one of the critical factors is building routine and making time for the various aspects of life to be fulfilled whether that is the need for feelings of accomplishment, the need for challenge, the need for time to reflect or the need to relax and decompress.     I also think we need to always seek to achieve balance and with that comes the acceptance that some days wont go well, but that it will then be ok to seek to balance this out through whatever works for you being it a few beers, some exercise, a trip to the cinema, a good book, etc.

Am not sure how much use there is in me sharing the above, however I hope that maybe someone finds it helpful, or failing that I suspect it will simply help me in rebalancing when things go badly and I cant see the light at the end of the tunnel, on the next day when things just don’t seem to be able to go right for me.

Globalisation and Localisation

The pandemic, in my eyes, has very much helped globalisation in relation to education.   We particularly saw teacher influencers or teacher content creators, etc sharing their ideas and resources with large numbers of teachers and even larger numbers of students.    Their resources helped many continue teaching and learning through the lockdown periods while face to face teaching and learning was impossible.    They represented the opportunity for a few people to put together resources and lessons which could then be consumed by the masses across the world.

But, if we accept most things work in balance, what might we be losing out on where we push more towards this globalised approach?

The thing about the content being pushed out is that it had to be able to be used across the world, and in doing so it needed to be independent of the differing contexts in different parts of the world.   If we accept that the best learning experiences don’t exist in a vacuum, and that they need some context, something in the real world to link them to, we realise that something designed for a school in the UAE would be different to something in the UK which in turn would be different to something designed with China in mind.    And this challenge isnt limited to national level, it also exists more locally at regional level or even smaller.    I remember as a young teacher seeing differences in language and viewpoints when moving between teaching in a school on the outskirts of Glasgow and one in Stirling, approx. 25 miles away.

So, these global resources either must relate to universal truths which are true across contexts, need to include their own context, or involve abstraction of the concepts being covered to a point where context is less consequential.    

What we are losing here, is the local learning and the local context.    The things that make us a Glaswegian in my case, as things are not being taught within the local context, within the framework of the local community, habits, traditions, etc.    The learning is not being linked to my local community.  Now this might be a good thing as more and more people migrate away from where they are born, including emigrating to work in other countries however I believe it also could have a negative impact on students as they may not develop their individual identity in the way they might have in the past.   

This also links nicely to educational research.   Where we look for generalisable, global solutions which have the research backing to show they tend to work anywhere and have a replicable impact, are we losing out on solutions and approaches which might simply work in our local context, in our school or even in our own classroom?

If I am being honest, we cannot approach this problem as a binary.   Although my discussion has approached the issue as a binary, globalisation or localisation, you will notice my title is “globalisation AND localisation.”    We need to have a balance of both, making use of resources, ideas, etc which work at a high level, on the global education stage, while also making use of things, or customising things to fit with our local context. 

If anything, I worry that maybe we are increasingly focussing less on the local context, local solutions, at a time where maybe there are solutions to some of our global problems to be found there.

AI in schools

I recently read an article discussing how AI might be used in schools from 2025 onwards.   This seems like a reasonably logical bit of future prediction but on reflection I quickly came to identify some concerns.

Firstly, AI can cover a very broad range of activities.   Is it AI designed to interpret natural language such as your Alexa can identify and then respond to you verbal queries, or are we talking about a more general AI solution more akin to Commander Data in Star Trek?    There is quite a gulf between these two extremes, with the 2nd of them likely to be some time off before it is achievable.

If we therefore accept we are looking at using specific focussed AI solutions in schools by 2025 I think they have clearly got the year wrong as we are already doing it now, in 2022.    We have our spell checker and grammar checker in Word, we also now have our transcription tools in Teams and PowerPoint including the ability to offer real time, or near real time, translation of spoken content.  These are all AI or maybe machine learning based solutions being used in schools and colleges, being used by teachers today.   Not 3 years away in 2025, but today.

So, the headline seems on initial inspection to be quite aspirational and inspirational, for teachers to be using artificial intelligence in their classrooms in only 3 years time.   But a more detailed look and we find it isnt so inspirational as we are pretty much already there.   Maybe the headline hints to a greater use of AI or more advanced AIs being used more often and to greater effect but that’s not the way the headline comes across.   Maybe we will use more AI based platforms, such as learning platforms which direct students through personalised learning programmes, although I have some concerns about this too.  Or maybe there will be greater use of AI and machine learning in the setting and marking of both summative and formative assessments.

I suspect AI use in schools will grow between now and 2025.    I suspect it will grow to be more common in general so wont be a school centric thing, however I suspect that a teacher will still be a teacher and the key to teaching and learning, and the use of AI tools, like the current EdTech tools, will be skilled teachers to wield them as and when appropriate in crafting the best possible learning experience for their students.

EdExec Live

Yesterday I presented at the EdExec Live event in London where I discussed cyber security with a session purposely mis-titled as “Preventing cyber attacks: is your cyber security up to scratch”.    The reason the sessions title didn’t really reflect the content of the session is my belief that cyber attacks are now inevitable and that the thinking behind trying to be “secure” or “up to scratch” involves a mental model which doesn’t fit our current reality and especially the reality in busy schools with limited IT resources, and even lesser resources to focus on cyber security or cyber resiliency.   As such the session was aimed at trying to highlight this belief.

Now at this point you might be thinking I am showing some nihilist tendencies in the face of the growing cyber security threats and risks, however I am certainly now advocating that we consider incidents inevitable and therefore simply down tools and don’t bpther with any cyber mitigation, prevention or preparation activities.

What I am however advocating is that we accept that we can never do enough, never be up to scratch, so all we can do is to do what we can.    The approach to cyber in schools needs to be to seek to take little steps rather than seeking to reach an imagined point of being cyber secure, a point that is both likely to be unreachable and also a point which is likely to constantly shift in response to new technologies, new vulnerabilities, new threat actors and new methods of attack.

I concluded the session with 6 recommendations which are outlined below:

There is no enough so do what you can

As mentioned above there is no “enough” so this kind of thinking is no longer appropriate.

Carry out regular risk assessments

We need to treat cyber like health and safety and try to identify the risks and then decide on mitigation measures where possible.    If we explore and think about the risks which impact on use we are likely to be able to better prepare and respond.

Carry out a desktop exercise or “war game”

Our plans and processes often include assumptions.   We need to challenge these assumptions with staff from across the school involved in desktop exercises playing out an example cyber scenario.   By playing such incidents through we are likely to be better prepared when incidents happen for real.

Deliver ongoing user awareness

Users continue to be one of the most common factors in cyber incidents so the more training we can provide the better, but such training needs to be dynamic and ongoing rather than an annual refresher presentation at the start of the year.    Cyber needs to come up in meetings, in briefings, it needs to be part of the schools culture and a constant point for discussion.

Address the cyber security basics

Cyber criminals will take the easy opportunities where they can and therefore it is important to cover the basics such as patching servers, keeping backups, etc.   This is about increasing the friction an attacker might feel in the hope that they will move on to a easier organisation to attach.

Reach out

Schools and colleges are all in this together, suffering similar challenges and issues in relation to cyber, so collectively we are so much stronger.   As such, share with other schools, use groups like the ANME, and let’s make a collective effort to protect our schools from attacks and prepare for the inevitable incident.

Conclusion

At the end of the session, I concluded with a little question in relation to terminology.   Cyber security as a term is now out of fashion due to suggesting that being “secure” is possible when most now acknowledge this is no longer possible.   Cyber resiliency is now the term of choice however I feel, although better, it still suggests a “resilient” final state is possible where I believe it is now.   My suggestion, which doesn’t have the same ring to it of the above, was continuous cyber improvement, however my request was for someone to come up with a better alternative that wasn’t quite so much of a mouthful.

Is your cyber up to scratch?    If you think it is, I suspect you are up for a fall at some point in the future or at least that’s what probability would suggest.   Are your efforts continuous, regularly reviewed and involve repeated incremental improvements?    If so, I think you are most likely going about things the right way, so well done, keep at it, and try not to worry too much!

You can view the slide deck from my session here.

And for those who have followed my usual travel woes, this time I managed to get to London and back with only a 20min train delay, so unusually uneventful by my standards.

Going phishing?

Phishing emails continue to be one of the most common attack vectors used by cyber criminals, in attacking individual and organisations, and in attacking schools colleges and other educational organisations.   In schools, where things are increasingly busy, it is important that staff and students have had appropriate training and other resources provided in order to build their awareness and hopefully make them better at identifying such phishing emails.   The challenge though is how do we know if our phishing awareness programme is actually working?

I was originally very reluctant to make use of phishing awareness tests, where a fake phishing email is sent out to assess how many staff would fall for a phishing email plus how many staff might report receipt of a phishing email.    I felt at the time that it was a little unethical in trying to entrap people who work for my school.    I was also worried people would feel it unfair and adding to workload at a time when everyone is already busy.      It wasn’t until an IT conference event where I got discussing the issue with someone working within the police force that my view changed.    The catalyst for this change being this point; would I rather identify how susceptible the school is to phishing emails and how good individuals are in relation to reporting malicious emails due to a real phishing email, and the likely compromise of user accounts, or would I prefer to gain this information through a safe test where I would be able to respond and do something about the findings.It didnt take me long to realise I was better off testing awareness on my own terms rather than waiting for a cyber criminal.

Since this change of views I have set about regular phishing awareness tests on small groups of users, refining the approach and the follow up messaging and training materials as a result of the findings.    Tests might be targeted on certain areas or departments based on recent events or based on trends we are seeing in the types of phishing emails being seen or reported.    Follow up training might focus on the users who were tested or might take the data from a test and share it with all staff to highlight specific concerns or areas for improvement.   In some cases individuals have felt unfairly treated or “entrapped” however generally have been more understanding when my changed reasoning has been explained to them.  The main aim is for the testing and the related awareness development programme to be dynamic in nature, constantly changing in response to the external context and the internal awareness levels and habits as identified from the test data.

Phishing awareness testing doesn’t improve cyber security or users phishing awareness however it can provide a snapshot of where we are at a particular moment of time and in relation to a specific style or type of phishing email.   This, when used in combination with dynamic training materials, can be powerful in building up user awareness of phishing emails, of how to identify them and of what to do when things go wrong and you fall for a phish.   Where phishing tests are conducted regularly, with the appropriate follow up training, communication and awareness development, it can also go to help develop a culture of cyber security and this, ultimately, is what we really need to achieve.