Author: Gary Henderson

Gary Henderson is currently the Director of IT in an Independent school in the UK.Prior to this he worked as the Head of Learning Technologies working with public and private schools across the Middle East.This includes leading the planning and development of IT within a number of new schools opening in the UAE.As a trained teacher with over 15 years working in education his experience includes UK state secondary schools, further education and higher education, as well as experience of various international schools teaching various curricula. This has led him to present at a number of educational conferences in the UK and Middle East.

Automation but at what cost?

While driving into work the other day there was some heavy fog in places and I noticed cars driving without their lights on.  It was at this point I realised my own headlights weren’t on, so quickly turned then on.   I found myself wondering why I hadn’t turned them on in the first place?    The answer is that I had become a little bit complacent of the automatic lighting function in my car which turns on my lights as and when needed, making life so much more convenient and less effort for me.   This got me thinking about what the drawbacks might be for where automation is used, particularly in relation to software based automation solutions such as PowerAutomate.  I suspect the use of automation in schools, especially given new AI advances, will become all the more common as we seek to try to address workload challenges, so what are the possible drawbacks or challenges:

Initial costs:

Implementing automation comes with a cost.   This might be in terms of infrastructure, software licensing or simply in terms of the time taken to design and implement an automation solution.    There will also be costs ensuring the creation of appropriate documentation for the solution where documentation is important but also something which is often overlooked.   We need to be aware of these costs although generally they are outweighed by the longer term gain.

Maintenance:

There may also be costs associated with the maintenance of an automation solution.   This will be reliant on appropriate documentation and staff with the appropriate skill level to understand and maintain the automation solution.   This may also be quite difficult as sometimes an automation solution may be running for a significant period of time, possibly years, before any issues arise, where, when they do arise, staff involved in the solution may no longer easily recollect how the solution was designed thereby making it all the more difficult to resolve the issues. 

Lack of flexibility:

Automated systems are designed to perform specific tasks and may not be easily adaptable to changes such as changes in school processes or the required outcomes.   There is also a challenge that as we seek to improve we may increasingly complicate the automation solution which in turn may make it more fragile and likely to fail plus more difficult to maintain.   I note complexity is a current concern of mine in that this complexity, although allowing us to achieve more or be more efficient, often leads to more moving parts, more complex processes, etc which therefore mean there are more opportunities for things to go wrong.   Continually increasing complexity must at some point reach a threshold at which it becomes unsustainable and my view is that we need to consider this in advance of this point, and therefore need to seek to identify and focus on what matters and attempt to simplify things.

Dependence on technology:

This is the issue which started this post, my complacency or dependency on the automation to turn my headlights on.   Due to the availability of automation I had stopped checking my lights.    In schools we may implement automation solutions to notify staff on specific events, etc, however we need to be careful that we don’t become reliant on this automation.    In the event an issue occurs and automation fails we still need to operate.    We also need to be able to identify when the automation has failed and this might not be as easy to identify is it was in relation to the lights on my car.   This for me is one of the main issues in establishing a balance between improved ease and convenience through automation, and increased reliance on, and therefore reduced ability to work without, automation.

Decreased human interaction:

Automation can lead to a decrease in human interaction and communication, which can have negative effects on workplace culture and employee morale.  So, although there may be efficiency benefits it will likely reduce the need to talk to, email or otherwise communicate with others where we are social animals and rely on social interaction.   At a time when wellbeing is such a key factor in education, and where social interaction with other human beings is a critical part of our wellbeing as social animals, we need to carefully consider the balance here.

Conclusion

While automation can bring many benefits such as increased convenience, ease, efficiency, reduced long term costs, and improved quality control, there are also potential drawbacks.    We therefore need to be careful of the balance between the positives and the potential drawbacks of automation.    As my car journey proved, automation isn’t without its potential issues, with over reliance being only one of these.

End to end encryption: Ensuring privacy or increasing the risk of harm?

There have been some recent calls for Meta to refrain from adding end to end encryption to the messaging functionality in some of their apps, in relation to safeguarding.    It makes initial sense to consider the potential risk of harm to children and others through harmful online content or contact.   How can agencies, schools and individuals protect people, including the young, from harmful content or contact when they are unable to identify the content due to encryption?   How can criminal individuals be prosecuted when key evidence is inaccessible due to being encrypted?   The challenge here however is establishing some of the possible implications of either weakening or removing encryption as like most things there is a balance and improvements in monitoring and detection through removed or weakened encryption will result in other less positive counter implications.   I note that sticking with the current level of encryption, where technology moves on and where criminal skills and approaches continue to develop likely equates to a weakening over time meaning we can either continue to strengthen our approach or, by doing anything else, reducing or doing nothing, choose to effectively weaken encryption. So, what are the general implications should we choose to reduce or remove encryption, rather than seeking to strengthen it?

Increased vulnerability to cyber attacks

Encryption is a key tool used to protect data and information from unauthorized access. Weakening or removing encryption makes it easier for cybercriminals to break into systems and gain access to sensitive information which in turn puts individuals, including children, more at risk.  At a time when individual privacy is such a hot topic anything which may reduce or put at risk this privacy is of concern.

Increased surveillance

Weakening encryption can also make it easier for governments and other organizations to monitor online activities and communications.  Now it may be that this monitoring is done in our interests, in the interests of safeguarding for example, but there is the potential for data or monitoring solutions to be mis-used.   It could be used for invasive monitoring and surveillance, to identify individuals based on beliefs or political beliefs for example.   It may be used to challenge or silence views counter to the government or intelligence agencies.   It may be that the data gathered allows for other data to be inferred where this then violates individual privacy and freedom of speech.  Or it may be that these systems used correctly and ethically suffer data breaches resulting in the data or systems being misused for criminal or unethical purposes.   Increased surveillance capability thorough weakened encryption has significant potential as a risk to individual privacy.

Loss of trust

Weakening encryption can erode public trust in online communication and commerce. This in turn can lead users to be less likely to trust systems the digital systems which we increasingly require in our day to day lives.    The potential impact should we no longer be able to trust our online communications and collaboration platforms, our online banking, online shopping, etc would be very significant indeed.    It may also lead individuals to seek to use systems in the darker recesses of the internet where these systems may be perceived as more secure and outside government monitoring or surveillance, but where other implications or risks may exist.

Negative impact on businesses

Related to the above, weakening encryption could also have a negative impact on businesses that rely on secure online communication and transactions. This includes e-commerce sites, financial institutions, and healthcare providers.    If encryption is weakened or removed then users of online services are more at risk, plus the services themselves are also more at risk.   Individual users may lose data and become subject to fraud or other cyber crimes while the breached organisation suffers reputational damage, legal claims for compensation plus the overall cost of recovery following a cyber incident.    Basically, no-one wins, other than the cyber criminals that is. 

Conclusion

The issue here is one of balance, the balance between individual privacy and protecting individuals from harm online, where providing privacy will provide the individuals who may cause harm with protection which means that harm is more likely.   But where providing protection against online harm will weaken an individual’s privacy even where their motivations and actions are honest and good.    Sadly, we cannot provide privacy online for some but not for others.   Either privacy and security it built into systems, or it is not, as we have no way of identifying those who may or may not cause harm.   

There is also an issue of pragmatism.   If we reduce the privacy level of some services by not enabling end to end encryption for example, then users, and particularly those seeking to do harm, will simply move to those services which provide more security and provide end to end encryption.    I have seen it myself in the unknown user who DMs an individual on a major social media platform, before, after a short series of messages, suggesting moving to an alternative “better” platform as they know this is better suited to protecting their privacy as the seek to go about their likely malicious aims.    

Overall, there is no perfect answer here.    I think technical security and privacy is key to the digital world we live in but also we need to keep individuals safe online.   Sadly, these two requirements are largely at opposite ends of a continuum.   I suspect a reduction in technical security would have wider implications on the world than increased security although I note it isn’t a zero-sum game.  Personally, I think we need to err-towards greater encryption but while seeking to mitigate the safeguarding risk as much as reasonably possible by increased discussions, training and education regarding safety and risk online.    Not a perfect answer, I know, but as I said, there is no perfect answer and anyway, we don’t live in a perfect world.  

A difficult month

It’s been a bit of a difficult last month or so, so thought I would share some brief thoughts in the hope that writing things down and sharing may help.     First of all there was BETT-lag.   The end of March included the BETT conference which for me was a very busy series of days, of attending panel discussions, visiting stands, meetings and catching up with many EdTech friends.   So, it was useful and enjoyable but also very tiring especially when you factor in the long travel times from Somerset to the Excel in London.   Thankfully the end of BETT coincided with the end of term so I had high hopes for being able to recover over the Easter break.

Around the same time my fitness efforts and running had hit a bit of a roadblock with limited distance covered in both March and April.   The fact I couldn’t get into a routine and regular running habit was depressing and with each opportunity for running missed it made me feel all the more negative.     Additionally, my reading habit had also taken a nosedive partially through a lack of motivation, similar to my running, but also through a lack of interest in the book I am currently reading but combined with a reluctance to just put the book down, to give up, and move on to another book.

March had also seen me take on a number of projects including creating some webinar content and recording a regular weekly podcast among other things.   It was good to be busy and led me to feeling a sense of achievement, however it meant that by the end of the month, and the BETT conference, I was already tired and the event, plus the post-event BETT-Lag were still to come.   And then there was the void left once the activities had been concluded and no longer occupied my time.

And next was the kicker, when initially I started feeling a bit of a cold part way through the Easter break, the time I planned to use to try and relax and recover.  Getting hold of a covid test, I decided to test and low and behold it came back positive.    What followed wasn’t that much worse than a cold however I found myself lacking in any real energy which led me to achieving very little in terms of the long list of things I wanted to get done.     The tiredness, lack of achievement, lack of running or reading, all left me feeling negative and downright depressed at times.

Mental health isn’t a simple thing.   It isn’t something which can be solved by a simple “wellbeing activity”.   It is about physical fitness and activity, about mental activity, about feeling a sense of achievement, feeling well, feeling suitably challenged but not feeling stressed or over worked or overly tired.   It’s a delicate balance and one which I don’t think I have sufficiently managed over the last few months.    My hope is I can use the new term as a new start and better address the need for balance.  But for now am just going to relax and enjoy the weekend before the new term begins.

Originality

Producing original content is a fundamental aspect of creating meaningful and valuable information for audiences across various mediums. In terms of assessment within schools, colleges and universities, students are expected to produce “original” work to evidence their learning.

So, what does it mean to produce original content? At its core, originality means creating something that is entirely your own. This could be a new idea, a fresh perspective on a familiar topic, or a unique approach to storytelling. Whatever the case may be, originality is about bringing something new and valuable to the table that hasn’t been seen before.

But lets flip that premise;  There are a limited number of words available and these words are shared with all writers for all time, so as people continue to write the probability of two people writing the same thing can only increase.   It’s a bit like buying a lottery ticket.   The more tickets you buy and the longer period over which you buy them, the more likely you will hit the winning numbers.   And that analogy may fit in other ways in that the probabilities of a winning lottery ticket and an exact match of wording and phraseology may be similarly unlikely.    And the longer the piece of writing the less likely whereas for shorter pieces of text, the probability is greater.   But either way it isn’t impossible!   

Let’s step back for a moment and look at an academic concern, that of plagiarism. Plagiarism is the act of taking someone else’s work, ideas, or words and presenting them as your own. It’s a form of intellectual theft and can have serious consequences, including invalidating qualifications or exam results for students who are caught.   “Taking someone else’s work” and “presenting as your own”;  But if I read something, agree with it, and then present it as my viewpoint haven’t I just taken someone else’s work and presented as my own?    Does writing it in my own words make it original and my own contribution and at what point?    How many words do you need to change before it becomes my original contribution as opposed to plagiarism?   I note that the plagiarism detection services I have used in the past present a plagiarism score which tries to quantify how similar a piece of work is to other pieces of student work on file.  And if I combine with readings from other sources is this better or just plagiarising from a number of sources?     And what if I get AI to write the first draft of the content, then I refine it?    Is this plagiarising from the multiple sources the AI used as training data or simply plagiarising from the AI, or maybe it isn’t plagiarism at all? Considering art work rather than writing, if I get an AI to produce a self portrait of Van Gogh but painted in the style of Monet, who have I plagiarised?

I don’t believe the concept of originality and of plagiarism, beyond plagiarism of a paragraph of cut and paste text, was ever an easy issue in schools albeit we have treated it as easy in the past.   With AI this issue becomes that bit more complex and difficult to traverse.    We may present our students with the assessment and with a marks scheme, but do we need to start providing more discussion in relation to originality, and what acceptable use of AI platforms might look like?    I suppose the challenge here is do we know what this might look like.    

But a bigger question may be why we ask for these written assessments to be completed in the first place;   Is the written work a proxy for evidence of learning and understanding, where this is easier, and possibly more reliable, than actually having a discussion with each and every student to check their understanding?   And if we can no longer rely to the same extent on the piece of extended written work do we need to move to more student/teacher discussions, but if so, how will we address bias and other factors impacting on individual teacher assessment of students?

Conclusion?

Am not sure the above has presented any answers beyond presenting some of my musings and more questions.    But for now that maybe enough, to try and add to the discussion in relation to education and how it may look in the future given effective AI solutions are already available to our students.

References

Written with the help of ChatGPT (OpenAI)

BETT 2023: Some reflections

BETT 2023 has been and gone so thought I would write my usual reflections piece.   I think this was my sixth BETT conference since returning back to the UK, a figure that pales into insignificance when compared to some of my friends and colleagues, however now exceeds my visits to the UAE GESS/GEF event.     It was a busy few days with lots of walking, lots of talking and a fair amount of listening too.  So what did I learn and how did it go?

Networking

The key reason I continue to attend BETT is the networking side of things, to meet up with friends and colleagues and share thoughts and ideas in relation to the use of technology in education.    Am not going to try and list those I met up with this year through fear of missing people out.   This year didn’t fail to deliver on this front although, as has been the case in the past, there were many people at the event who I failed to meet or catch up with.   I suspect this will always be the case given the importance of planning your trip ahead of time, meaning that there is only so much time available for those impromptu and unplanned meetups or for reaching out via social media to try and locate and meet up.    I will note that my selfie collection this year is once again a poor comparison to others often due to being too engaged in discussion to even think about getting the phone out for a quick selfie.  Maybe a note-to-self for next year is needed here.     On a more positive note it was great to hear from a few people who had read some of my previous blog posts or had listened to the “In our humble opinion” podcast which myself and Ian Stockbridge have been producing recently. It always great to hear that there is an audience although, as I have noted in the past, I find the process of blogging and podcasting useful in itself even if no-one reads or listens.

Presentations

I attended a number of the presentations during the course of BETT with those I attended mainly taking the form of panel style discussions.    I think this worked very well when compared with the “sage on the stage” style presentations which were more common in the past.   It allowed for a number of panellists to put across their views and approaches in relation to the given topic while highlighting that there is seldom a single solution and the important need to consider school context.     It also highlighted for me the importance of discussions, including discussions like those of the panellists, to help us share practice and improved collectively as educational professionals.

It was nice to hear panellists present thoughts which agreed with my own such as the importance of considering context when looking at data, the importance of culture and the need to accept technology advancement, and then identify how best to make use of it and best manage any risks.    One particular session which touched on Artificial Intelligence provided some of the standout comments in relation to technology being neither good or bad, but simply being “here” and also the risk associated with AI in regarding its potential for “automating inequalities”.  I also particularly enjoyed the esports discussion I attended which once again highlighted for me the potential which esports has within the education space.

Stands

As I pointed out last year I no longer go to BETT to visit the various stands although I will note I did visit a number of stands for quick discussions and to touch base with companies which I am either using or likely to be using in the near future.   I therefore avoided my usual frustrations with the number of interactive panels, floor and wall solutions as are normally on show, although my sense is they were, as always, dominant at the event despite representing a technology which must now be approaching 30yr old.   It was Dave Leonard who pointed out the BETT futures area as a specific area of the BETT conference to visit focussed on the new startups and the new solutions, and I will admit it was here that I had the most interesting and useful stand based discussions.    Data analytics and the use of the block chain to store certificates or identification documents being two of the more interesting topic discussions I engaged in.

Themes

Across the BETT event I believe there were a couple of themes which stood out for me.    These were:

  • Artificial Intelligence: this has the potential be a significant catalyst for change in the world of education representing many potentials and also a number of risks and challenges, and it is here, now!   We need to seek to adapt to this new normal and to use this new tool in the best, most effective and safest way possible to support our learners.
  • Digital Citizenship:  I use the term very loosely to including cyber security, data protection, online safety and digital safety, however in an increasingly digital world this continues to be increasingly more and more importance yet the resources to address the challenges, principally time to discuss and educate students, teachers and parents, isn’t currently there.
  • Culture: The often used quote of “culture beats [or eats] strategy” is true in the importance of culture, but what does this actually mean?   It makes for a nice one-liner when asked what the solution to the EdTech, or any other, challenge is, or what we need to focus on, but how do we seek to action “culture” and develop it across the board, in all our schools?   This was a question well raised by Al Kingsley in a session he chaired and a question I think we all need to consider.

The mishap

OK so I have shared my reflections but as always BETT had to come with a mishap and it would be wrong of me not to share.   This years mishap was a wardrobe issue in deciding to wear my new suit to the event.  It hadn’t been out of its suit carrier since purchase and I thought a nice new suit was perfect for BETT;  Remember I am rarely seen out of a suit when on school business even if it means a trip to Blackpool zoo with students or on a history field trip.     So as I headed out of the hotel room in the morning for BETT and just as I went for the door my wife noticed the back of the suit jacket still had a security tag on it, and it wasn’t for budging.    So no suit jacket for the duration of BETT. Doh!

And possibly more importantly I only brought a couple of cans of Irn-Bru so found myself having to drink Fanta instead;  The BETT organisers had failed to ensure that there were vendors selling Irn-Bru on site. The horror of it!!   Such a failure in their consideration of equality and diversity!

Conclusion

BETT 2023 was another useful event.   Lots of walking, listening and talking.   I do as always wonder if it delivers on the time and expense of attending especially given 3 or 4 hours on a train in each direction, plus hotel accommodation, but then this might be me just having unrealistic expectations of what the event can deliver.   I know others that are far more positive of the event than I am so wonder if maybe I am doing something wrong or not making the most of the event?   Flipping it on its head, if I didn’t go, would I achieve similar value, and save money, in just attending school over the days of the conference?    I suspect the answer to this flipped question is clearly no and therefore BETT continues to be the place to be.    And maybe its as simple as that, that if you are involved in Technology in Education then for the duration of the BETT conference you simply have to be there, at least for some of it.   As such I suspect 2024 will once again see me at BETT with a detailed plan in hand, still failing to adhere to the advice re: comfy footwear and clothes, but with more Irn-Bru to hand this time!

Technology and Exam boards: Time to modernise?

I recently received a request from a teacher in relation to getting some software installed on their school device to support them in marking for an exam board.    Now I know this isn’t part of their school role however having been a standards moderator in the past, I understand the benefits to schools and colleges of having markers or moderators within teaching departments.   I am therefore eager to try and enable staff by supporting such requests however this request involved a piece of software which requires admin rights to the laptop, both for install and for the operation of the application according to the exam board.   When the concern re: cyber security was raised the exam boards final reply was that the staff member should install the software on a personal rather than school laptop.   This got me thinking about how technology has changed but how exam boards have been slow to change.   This is all the more evident currently.   Just look at the advances in Large Language Models (LLMs) with ChatGPT over the last six months.

Traditionally, examination boards have relied on paper-based tests and manual grading systems. However, these methods have several drawbacks, including the potential for errors and delays in results processing.    One way examination boards could modernize is by moving towards computer-based testing. Computer-based testing allows for faster and more accurate grading, as well as the ability to customize exams to the specific needs of each student.  I very much believe that adaptive testing is the way forward, with this also enabling students to take exams in their own time when they are ready as opposed to at a set time with all other students.   Adaptive testing also supports students taking their tests anywhere, including at home, rather than having to be crammed into a large exam hall where the conditions themselves are not exactly designed for optimum student performance.    Additionally the results would be available much quicker reducing the stress associated with a long waiting period between the exams and the results being released.   There is also the potential benefit in the reduction in the amount of paper used in exams, transporting of these papers, etc, which may help with making the exam process more environmentally friendly.

Another way examination boards can modernize is by utilizing artificial intelligence (AI) in the grading process. This appears all the more relevant at the moment with development in LLMs like Chat-GPT.   AI-powered grading systems can quickly and accurately grade exams, allowing for quicker results processing and reducing the potential for errors. AI can also analyse student performance data to provide insights into areas where students may need additional support and guidance.   Now I note here that the use of AI may introduce new errors to the marking process however I would suggest that the volume or magnitude of these errors when compared with human based marking is likely to be lower.  It isn’t “the solution” to errors but definitely a step in the correct direct.

Related to the above, exam boards need to acknowledge the existence of AI and LLMs and the fact that they will become an increasing part of life and therefore a tool which students will increasingly use in their studies be it for revision, to help in developing critical thought or for creating coursework or other learning content.   So far only IB (International Baccalaureate) have really acknowledged ChatGPT and how they see it impacting on their courses, providing at least some steer for schools on what appropriate or inappropriate usage might look like and proving at least some direction for schools and teachers for managing these new technologies.

Moreover, examination boards can use technology to improve exam security. Online proctoring tools can help ensure that students are taking exams in a secure and controlled environment, preventing cheating and other forms of academic dishonesty.    Related to this, I have seen exam boards continuing to send out resources on CDs or USB drives, or requesting student video or audio work using similar formats.   It is about time that they provided appropriate online portals to allow the quick, efficient and secure transfer of such exam and coursework data.  

Finally, examination boards can use technology to make their exams more accessible to students with disabilities or special needs. For example, screen readers, text-to-speech software, and other assistive technologies can help students with visual or hearing impairments to take exams on an equal footing with their peers.   This is already happening for a subset of students however I suspect eventually will need to acknowledge that all students are individual and having differing learning preferences including their device use and the online tools they use.  In classrooms teachers support students using a range of tools and techniques so it is only correct to seek to support the same in the final exams which are, at least for now, viewed as so critical in a students format education.   As such examination boards will need to adapt to this.

Conclusion

Technology has the potential to revolutionize the examination process, making it more efficient, accurate, and accessible. Examination boards must embrace these technological advancements to ensure that their exams are of the highest quality and that students receive accurate and timely results. By doing so, they can help prepare the next generation of students for success in a rapidly changing digital world.   

And at a time when the pace of technology, particularly in relation to Artificial Intelligence solutions, has never been faster, the exam boards will need to significantly increase their agility and their ability to adapt to and embrace change.

AI and Learning Platforms

Software learning platforms which come complete with learning content for students to work through are not new.   I remember an online Maths programme from my days as a university student as I was studying to become a teacher back in the late 90’s.   Basically, you worked through content and then were presented with different options as to how you progressed through the programme.    As a learner the individual modules of content were pretty much fixed, having been written into the software, but the path through the wider programme of learning was up to me.    I was provided options as to how I progressed from one module to the next.   Now, I was never a great fan of this as each module was presented in a given way and worked through examples in a given way, as it was programmed to do.  If you didn’t understand the way it was presented then there was no help or way to progress through this module although you could move to further modules in the hope they would provide you with insight which might eventually get you past this issue.    I liked the idea of online programmes and self paced learning however had concerns about user motivation, especially when you hit concepts which provide difficult for you to understand, and about the fixed nature of the content materials;   A great teacher adjusts and customises their learning materials and approach to their class and the individual students within it.   As such the self paced learning aspect was a step forward but this was about as far as it goes.

Fast forward to more recently and little progress had been made, at least as far as I saw it.   Newer learning platforms are capable of gather much more diagnostic data and analytics which allow the developers and content writers to adjust and improve their content.   So, the content is better than the content I experienced in the 90’s but generally it still provides largely linear and fixed content and if the content, its style, etc don’t match your needs then there is little that can be done.   As so, until very recently I have had a largely negative view of learning platforms which come complete with the vendors own content which teachers cannot adjust or customise to their content.   They have their place for example supplementary to classroom teaching or self paced learning when teachers are absent but that was it.

That was until recently when I saw a video of some new developments within the Khan Academy platform including its new use of the GPT4 Large Language Model (LLM).    Still the content in terms of problems set within the platform and the way they are worked through appears very linear and fixed.  So if it is maths problems it will work through the problem in a specific way;  no change there.   The difference, and the massive leap forward in terms of learning platforms is their new chat bot style assistant.   It prompts and supports the student using the platform.   It identifies common misconceptions and provides guidance.   It acts as a coach and facilitator but customising its responses to the efforts being made by the student using the platform and this includes providing motivational “well dones” and corresponding emojis.    Watching the demo it was almost as if there was a teacher sat behind the chatbot rather than an AI solution.    Now I note that this demo was short and was for the purposes of showing off what is possible in the Khan Academy platform so may not be fully representative of how it all looks and feels in real life, however if the final product is anything close to this then it is a major shift forward.

Flipped learning has been a concept long discussed looking at releasing teachers from supporting students practice of learning concepts however maybe AI solutions like GPT4 and its use in Khan Academy will allow us to release teachers from more of the basic learning.    Maybe the AI and learning platform can be used here, allowing teachers to act more as facilitators rather than delivering new learning, and allowing them to focus much more on the high order skills of creativity, critical thinking and the like.    

AI and large language models could potentially facilitate significant shifts in what learning in our schools and colleges looks like, not in the distant future, but in the very near future indeed.

Cyber culture

The enterprise org budgets being spent in relation to cyber security have, for a number of year, seen a steep increase however at the same time the volume of attacks and size of attacks have also seen a continuing and steep increase.  From a return in investment point of view this doesn’t look good.   In how many areas of a business or school would we be willing to accept increasing spends but worsening results?

Now this isnt such a big issue for schools and colleges as the available budget which might be applied to cyber security are very small indeed however viewed from a different perspective, this might mean it is all the more important to spend that which we have carefully and correctly.  

Or maybe we need to start looking at the problem differently?   If we accept that additional money and associated spends on technology tools and more staff won’t necessarily solve the problem then what can we or should we be doing?

Culture

I suspect this is key to how we need to approach cyber security.  It needs to be “how we do things around here” rather than something which is seen as an IT issue or, where things have progressed a little further, an IT and SLT issue.   Cyber security and appropriate cyber behaviours need to permeate a school, being the responsibility of everyone in the school community.    Everyone needs to understand why it matters and what part they play in keeping users, data and systems safe.     Now building such a culture isnt a quick process however I suspect it is something we need to start developing now, as part of a longer term journey to having more cyber resilient schools.

Measurement

Another area that is important is the need to have some form of measurement.  In order to make sure our cyber efforts are effective we need to be able to measure this effectiveness.   This might relate to awareness of phishing or a multitude of other measures we might create in trying to assess our cyber security.    The key however is the need for some sort of measurement so we actually have some data as how we are doing, to help identify areas we need to focus on and to assess whether our efforts bring about the positive change we are hoping for.    This measurement could be the data from a phishing awareness exercise, from help desk calls or even from a RAG (Red/Amber/Green) rating exercise.    It needn’t be overly complex but it needs to provide some meaningful data in terms of where we are at the point the measurement is taken.

Accountability

The third area which I think is key, and which was shared at a TEISS InfoSec event I attended, is the need for accountability.   We might have data as to where we are, or where a given department is or a school within a school group, but who is responsible and accountable for moving things forward?    We need to ensure this is clearly identified and again it isnt simply an IT issue and instead should belong to the business, the school.   It may therefore be that the HR manager is responsible for the HR dept, while the academic Head is responsible in terms of academic data, processes and staff.    Whatever the accountability lines are, they need to be clear and understood.

Conclusion

On reflection, the above isnt a quick fix;  culture takes a long time to develop and even establishing accountability and measures for assessing cyber readiness will take time.  We need to ensure we are measuring the right things and that accountability is set at the correct hierarchical level, with this taking some time to get right.   That said, the current approach, and complaint regarding lack of money/resources, doesn’t work as additional  money/resources havent solved issues for those which have more of both money and resources currently.    As such I think maybe we need focus on cyber culture in the same way we have previously focussed on safeguarding culture in schools.   Maybe we all need to be focusing on cyber culture?

TEISS European Information Security Summit

I try to step outside education at least once each year, looking at the bigger technology world by attending an industry event.  The most recent of these ways the TEISS European Information Security Summit on 23rd Feb in London.    I feel it is important to keep up to date with the wider technology world to sense check my thoughts and ideas and to benchmark technology in education against technology in other sectors.    During the course of the event it was interesting to have discussions from a diverse range of industries including highly regulated industries like banking.   Hearing that they suffer similar issues to education, such as shadow IT or issues identifying responsibility for data, but at a much larger scale was reassuring.

Given below are some of my takeaways and thoughts from the various sessions and discussions I had throughout the course of the conference.

Budgets and Cyber

One of the first takeaways from the event related to cyber security and budgets.    It was presented that cyber budgets and cyber spending has been on the increase for a number of years.   It was also however indicated that the volume of attacks and the size of attacks continue to increase.    For me this suggests that more budget, including more staffing associated with additional budget, does not necessarily solve or improve the situation in relation to cyber.   From the point of view of schools and colleges this is important given the limited budgets available.    I think this highlights the need to start approaching cyber and cyber risk a little differently including possibly being more accepting of the fact we will never reach 100% secure and therefore accepting cyber as a journey and simply trying to focus on our key “business” assets and on continual improvement in relation to cyber security in whatever form this may take, including where this may be simple and small improvements.

Gamification

User awareness and cyber security culture was one of the three main streams offered at the conference with one session looking specifically at the potential use of gamification in relation to cyber security awarenss training.   It is true that often cyber security and other online training can be a boring process of reading a screen of text and clicking next repeatedly before completing a test at the end.   Clearly not an engaging experience and therefore possibly an experience  where little long term or deep learning takes place;  We may remember for long enough to answer the test at the end, but ask the same questions a week later and I suspect the retention of the content will have dropped to very low indeed.   So this is where gamification comes in.    The presenters identified two types of gamification, being content or structure based.   In content based gamification the content is presented as a game.  In structured based gamification the content is the same but includes some sort of leader board, prize of other enticement to engage users.   As the session was presented I was thinking of the potential of doing a Kahoot quiz with heads of department where they need to identify whether emails are trustworthy or not for example.     I also thought about some sort of competition between departments so maybe a quiz or phishing test which results in a cyber score which can be reported and compared with other departments.   This is one area I will certainly be looking into in the short term to see how I can try to gamify user awareness materials and processes, and to see what impact that has.

Civic duty rather than organisational cyber security awareness

Another point that was made during the conference was to engage people on security awareness beyond simply keep the organisations data secure but to accept that we can also deliver a civic benefit in making users more secure, both personally and also professionally.   Where we seek to do this we are more likely to engage users and have them learn from awareness programmes plus additionally we address the risk of a personal cyber incident potentially impacting on the school or other organisation anyway.  Take for example the compromised personal mobile phone:  It may have organisational email on it or info about the individual which could be used in crafting attack against them in their professional context, among other data which could pose a risk to the organisation.

Regulation as a change agent

One of the panel sessions I attended involved discussion of change and of compliance with security standards, change processes, etc.     From a school and college point of view this can be difficult as although policies are in place sometimes these will be overlooked and busy staff, both teachers and support staff, as well as students, may fail to engage with requirements or training around cyber security.    One of the panellists in the session highlighted that this wasn’t an issue in financial technology (FinTech) due to the nature of the business being heavily regulated meaning the penalties for non-compliance, for both the individual and the organisation, can be quite extreme.   Taking this insight and applying it to education got me thinking of the potential for the DfE to set requirements and of ISI and Ofsted to then include this within the inspection requirements.   Now the release of the DfE standards is a small step towards this however I suspect that is about as far as things will progress, which without any monitoring or penalties for non-compliance, is very limited in terms of impact.

Cyber insurance

There was a good session discussing cyber insurance with a very clear take away.  The session talked about how the cyber insurance market has seen policy costs increase along with greater requirements to get insured.   The questionnaires which you need to complete were a particular focus of discussion in that some of the questions are not easy to answer or not appropriate in a given context.   I have never really thought about this however the panel highlighted that the purpose of these questionnaires is for the underwriters to get a view of the risk in order to provide their proposal.   As such if the questions don’t make sense, it is the underwriters which we need to discuss this with to find out what it was they were hoping to find out from a given question.   Apparently the underwriters often don’t have access to client information, with this handled by the broker, so it is for the client, the school or college, to request a discussion with the underwriter and to initiate dialogue.

Conclusion

Cyber security seems to me to very much be a business risk, including where that business is the education of students.    As such it impacts all organisations albeit the scope of impact and the scope of risk varies.    This means there is a lot to gain from sharing experiences and ideas across sectors rather than just within sectors.    Having attended this industry focused information security event, where I think I may have been one of very few from the education sector, I came away with a fairly long list of ideas and things to try.    

But if I am to leave this post with one thought it is that maybe we need to get past the doom and gloom of cyber and become more accepting of doing what we reasonably can and of seeking to constantly improve, even where these improvements might only be small and minor;   It is about risk management.Any progress in the right direction is progress after all.

LGfL, Lets Assemble

Friday 24th Feb marked the Lets Assemble event, the first time I had been to this event.   I was ill prepared for the high energy start to the day with the Rock Kidz team getting things off to a flying start before John Jackson took to the stage to the Rocky theme tune.    This was certainly far from the industry information security event I had attended in the same venue the day before.

Networking

As with most events of this type the key for me was the opportunity to network and catch up with people.   I managed to have a chat with Mark Anderson, Al Kingsley, Olly Lewis, Emma Darcy, Ian Phillips, as well as Tim and Terry from the ANME, among many others.   Somehow, despite repeatedly seeing him and also seeing his excellent cyber security session, I didn’t manage to stop and catch up with Abid Patel;  we seem to be making a habit of missing each other at events!

AI and ChatGPT

One of the topics which appeared within a couple of the presentations was that of Artificial Intelligence and in particular the recent interest in Chat-GPT.    Dan Fitzpatrick delivered a great session highlighting that the current iteration of AI, such as that in ChatGPT will only get better with time.    So, where some see potential and some see challenges in relation to AI impact on education and on learning, the situation is only going to accelerate.   He also highlighted how AI technologies enable creativity showing an example of using a variety of AI tools to create a short, animated video which apparently only took him 10 minutes to produce.   Rachel Arthur, who also presented on AI suggested power in the ability to “outsource” teacher administrative tasks allowing teachers to focus on relationships. This potential reduction in administrative tasks could certainly help towards workload challenges however she also highlighted some of the potential risks in terms of bias in AI solutions and also data protection related risks where personal data is provided to an AI solution.   My view is very much that AI is here to stay and like Dan suggested, their capabilities will only improve with further and ongoing development.   And it is clear that this development will be ongoing as Microsoft have invested in OpenAI, who produced ChatGPT, while Google are introducing their own solution, Bard, and I believe Amazon may be creating their own solution, while many others will likely be putting efforts into this area and bringing solutions to market in the coming months and years.    It was good to hear from educators on this however I would be very interested in hearing what the likes of the DfE, OFSTED and the examining bodies view is, however as yet they have remained reasonably silent.

Digital Headaches

It was good to hear Ian Phillips discussing Digital Headaches and highlighting the various issues and challenges around technology adoption, implementation, change, etc.    Using technology isnt without its problems and challenges and I think the encouragement and promotion of the need to share and discuss these issues, to try and seek solutions which are then shared, is an important message.   I believe conference events, including the networking and the sessions, are key to this as are groups such as the ANME.    Its interesting that digital technologies aid communication and collaboration, yet it is communication and collaboration we likely need to do more of if we are to seek to better handle the various digital headaches which exist.

Cyber Security

Cyber security in education is such an important topic and obviously therefore had its own session delivered by Abid Patel.   I must admit to being very much on the same page as Abid in terms of his thoughts regarding the risks and also regarding the measures schools can take in relation to cyber security.   The cyber discussion in education does feel all “doom and gloom” although I note that in the industry InfoSec conference I went to the previous day it was equally bleak yet the resources at hand for organisations, such as banks, is way beyond that which schools have at their disposal.    So, more resources, more money and more technology doesn’t seem to be the answer or the silver bullet to the problem of cybercrime.  I suspect this is something we will need to consider going forward.     Abid closed his presentation with some recommendations and it was great to hear him highlighting the need to train all staff as his first recommendation, and the need to have an incident plan in place as his second.    Cyber isnt an IT issue, it’s a whole school issue so everyone’s responsibility plus like fire safety, we need to prepare for the eventuality and have a relevant plan in place.   He then went on to raise the need to minimise data which I think is an often overlooked point.  The more data, systems, etc we have the bigger the risk so if we don’t need it we should be looking to delete or remove it.   He finished on the need to avoid complacency, where I think this is the balance we need to, but are yet to find, between doom and gloom, and complacency.

EdTech on a Budget

Emma Darcys presentation on embedding technology on a budget was really interesting indeed and I loved her focus on the need to be the change in your school and to be “highly aspirational for your students” yet also to not expect it to be perfect overnight.    It was the fact she focussed very much on the students and on learning rather than on the specific technology or platform which came out most from the session.    I also liked her advice regarding the need to pilot new ideas which aligned with the fact that things may not work as you planned or may go wrong, so piloting allows you to hopefully identify the speed bumps ahead of rolling out any technology solution widely.     Her advice to get out and visit other schools was also useful as I have done this in the past however in the last few years havent been out to other schools with quite the same frequency;   something I maybe need to seek to address.

Conclusion

As a first experience of this LGfL event, it was certainly a positive one.   I would have loved to actually stay behind and network further with people at the end however had to rush to catch my train and, if you read my blog occasionally, you will know my poor track record with trains.    There were lots of great sessions and in fact a number of presenters who I was unable to see due to other sessions, including sessions by Mark and Olly, which only goes to show the quality of the sessions on offer.    The close of the event marked the end of a tiring couple of days but all in all it was worth it and this is definitely an event I would look to attend again. So with that its back to my email inbox and the 300+ emails which have landed in the two days I have been out of school!