Tag: EdExec Live

EdExec Live, Herts

I recently had the opportunity to contribute to the EdExec live event in Hertfordshire.  Now I have contributed to EdExec Live events in the past but this is the first time I have done so in Hertfordshire.   I need to admit, as is all too common for me, travel to the event came complete with travel disasters, with me getting easily to London and across London but then subsequent trains being cancelled and delays, leading to an Uber and a total travel time of just over 6hrs.  But enough of my usual travel woes.

I think the first thing of note is my belief in the fact that education, teaching and learning in schools, takes a village.   It requires various people doing various roles.   This includes teachers in the classroom, teaching SLT members, IT staff supporting the IT setup as well as school business leaders and more.   Now am lucky to, as a teacher of many years, contribute to the teaching side of things, and as an ANME ambassador to contribute to the IT side of things, however the EdExec events allow me to contribute to the school business leader side of things.   As I have said many times before, collaboration and sharing is so important or as david Weinberger put it: “the smartest person in the room, is the room”.   As such it is so important that we share widely, including sharing beyond silos associated with specific roles.   So, I am therefore keen to share and be involved with discussion with educational professionals across the various roles which work towards ensuring schools operate and students succeed.

The conference was opened by Stephen Morales from the Institute of School Business Leadership (ISBL) and so much he said aligned with some of my thinking.   Firstly, he mentioned the implications and impact of geopolitics on education.    This was something I heard only a few weeks earlier at an Information Security conference, where it was clear information security and cyber security of organisations, including schools was being impacted by geopolitical issues.     Stephen also mentioned the privilege divide, which refers to socioeconomic divides, and in turn has a direct impact on technology divides.    We clearly need to reduce divides where possible, building equity, however sometimes the easy “solutions” have unintended consequences in this complex world so we need to make sure our decisions are measured and considered.

Stephen referred to the need for collaboration and also to the need to consider technology.   Both of these are things I believe strongly in, believing there is a relationship between the two.   Given how tech changes and advances so quickly we cannot seek to stay up to date on our own so the best solution we have continues to be collective action, to be sharing and discussing and using the wealth of experience, thought and skills of the education sector as a whole.   He also referred to structures, processes, people and technology, and I think this is key, considering not just the technology but the people using it and the processes it is being used for.  This immediately got me thinking about teaching and the TPACK model.

He also mentioned AI which was the focus of the presentation I was giving immediately following his keynote.    You can access my slide here.    Some of my key points from the session where the fact that AI is here now and students are definitely using it, as are many staff.    We can’t put that genie back in the bottle.    As such we need to look to how we can harness AI, and that’s not just generative AI, but includes the various other branches of AI.   We need to look to it’s using in teaching, in helping teachers prepare content and in marking, in learning, putting AI in the hands of students, and also in the administrative aspects of schools, both in the classroom and in the wider school.     I made the point that this isn’t without risk, which was apt when the next session I attended, led brilliantly by Laura Williams, was specifically about risk management.    If we want to benefit from the potential of AI, we will need to deal with the risks.   If we don’t allow use of AI, if we ban it, we don’t need to deal with the risks of AI usage, although there are risks resulting from this, from not teaching about and not allowing AI use.   It’s the balance issue I often talk about.

My session talked about the need for an AI strategy which aligns with the technology strategy which in turn aligns with the school strategy.  They are inter-related.    I also mentioned the need for appropriate foundations, so we cant look at AI without good infrastructure, devices, support and training.    An Ai, and a tech strategy, as well as a school strategy, has to be built on solid foundations.    So chasing the next shiny AI tool, without the fundamentals in place just wont work.

In terms of risks, I mentioned bias and inaccuracies however also mentioned that humans are not short of these challenges either, albeit we don’t always appreciate them.   Data protection continues to be an issue, however Data protection in the world of Ai is often simply good data protection related to any online or technology service.   Obviously automated decision making needs a little more consideration, however how many of the online content platforms schools have been using years, and which recommend and direct students to learning content, aren’t fully transparent as to how their algorithms, their AI, make decisions.

Thinking back to Stephens presentation he mentioned about fears as to AI replacement of humans.    For me, as for Stephen, it is about AI and humans working together, rather than one replacing the other.

The conference was yet another opportunity to share my thoughts and to engage with others as to their thoughts, and some of the discussions I had over lunch were very interesting indeed.    Schools are clearly at different points, and with different contexts, and this for me is fine, however if we wish to move forward I continue to believe in the need to work collaboratively and to share.    I came away from the event with new thoughts and ideas, and I hope those who attended my session came away the same.

EdExec Live

Yesterday I presented at the EdExec Live event in London where I discussed cyber security with a session purposely mis-titled as “Preventing cyber attacks: is your cyber security up to scratch”.    The reason the sessions title didn’t really reflect the content of the session is my belief that cyber attacks are now inevitable and that the thinking behind trying to be “secure” or “up to scratch” involves a mental model which doesn’t fit our current reality and especially the reality in busy schools with limited IT resources, and even lesser resources to focus on cyber security or cyber resiliency.   As such the session was aimed at trying to highlight this belief.

Now at this point you might be thinking I am showing some nihilist tendencies in the face of the growing cyber security threats and risks, however I am certainly now advocating that we consider incidents inevitable and therefore simply down tools and don’t bpther with any cyber mitigation, prevention or preparation activities.

What I am however advocating is that we accept that we can never do enough, never be up to scratch, so all we can do is to do what we can.    The approach to cyber in schools needs to be to seek to take little steps rather than seeking to reach an imagined point of being cyber secure, a point that is both likely to be unreachable and also a point which is likely to constantly shift in response to new technologies, new vulnerabilities, new threat actors and new methods of attack.

I concluded the session with 6 recommendations which are outlined below:

There is no enough so do what you can

As mentioned above there is no “enough” so this kind of thinking is no longer appropriate.

Carry out regular risk assessments

We need to treat cyber like health and safety and try to identify the risks and then decide on mitigation measures where possible.    If we explore and think about the risks which impact on use we are likely to be able to better prepare and respond.

Carry out a desktop exercise or “war game”

Our plans and processes often include assumptions.   We need to challenge these assumptions with staff from across the school involved in desktop exercises playing out an example cyber scenario.   By playing such incidents through we are likely to be better prepared when incidents happen for real.

Deliver ongoing user awareness

Users continue to be one of the most common factors in cyber incidents so the more training we can provide the better, but such training needs to be dynamic and ongoing rather than an annual refresher presentation at the start of the year.    Cyber needs to come up in meetings, in briefings, it needs to be part of the schools culture and a constant point for discussion.

Address the cyber security basics

Cyber criminals will take the easy opportunities where they can and therefore it is important to cover the basics such as patching servers, keeping backups, etc.   This is about increasing the friction an attacker might feel in the hope that they will move on to a easier organisation to attach.

Reach out

Schools and colleges are all in this together, suffering similar challenges and issues in relation to cyber, so collectively we are so much stronger.   As such, share with other schools, use groups like the ANME, and let’s make a collective effort to protect our schools from attacks and prepare for the inevitable incident.

Conclusion

At the end of the session, I concluded with a little question in relation to terminology.   Cyber security as a term is now out of fashion due to suggesting that being “secure” is possible when most now acknowledge this is no longer possible.   Cyber resiliency is now the term of choice however I feel, although better, it still suggests a “resilient” final state is possible where I believe it is now.   My suggestion, which doesn’t have the same ring to it of the above, was continuous cyber improvement, however my request was for someone to come up with a better alternative that wasn’t quite so much of a mouthful.

Is your cyber up to scratch?    If you think it is, I suspect you are up for a fall at some point in the future or at least that’s what probability would suggest.   Are your efforts continuous, regularly reviewed and involve repeated incremental improvements?    If so, I think you are most likely going about things the right way, so well done, keep at it, and try not to worry too much!

You can view the slide deck from my session here.

And for those who have followed my usual travel woes, this time I managed to get to London and back with only a 20min train delay, so unusually uneventful by my standards.