Tag: Journal

TEISS European Information Security Summit

I try to step outside education at least once each year, looking at the bigger technology world by attending an industry event.  The most recent of these ways the TEISS European Information Security Summit on 23rd Feb in London.    I feel it is important to keep up to date with the wider technology world to sense check my thoughts and ideas and to benchmark technology in education against technology in other sectors.    During the course of the event it was interesting to have discussions from a diverse range of industries including highly regulated industries like banking.   Hearing that they suffer similar issues to education, such as shadow IT or issues identifying responsibility for data, but at a much larger scale was reassuring.

Given below are some of my takeaways and thoughts from the various sessions and discussions I had throughout the course of the conference.

Budgets and Cyber

One of the first takeaways from the event related to cyber security and budgets.    It was presented that cyber budgets and cyber spending has been on the increase for a number of years.   It was also however indicated that the volume of attacks and the size of attacks continue to increase.    For me this suggests that more budget, including more staffing associated with additional budget, does not necessarily solve or improve the situation in relation to cyber.   From the point of view of schools and colleges this is important given the limited budgets available.    I think this highlights the need to start approaching cyber and cyber risk a little differently including possibly being more accepting of the fact we will never reach 100% secure and therefore accepting cyber as a journey and simply trying to focus on our key “business” assets and on continual improvement in relation to cyber security in whatever form this may take, including where this may be simple and small improvements.

Gamification

User awareness and cyber security culture was one of the three main streams offered at the conference with one session looking specifically at the potential use of gamification in relation to cyber security awarenss training.   It is true that often cyber security and other online training can be a boring process of reading a screen of text and clicking next repeatedly before completing a test at the end.   Clearly not an engaging experience and therefore possibly an experience  where little long term or deep learning takes place;  We may remember for long enough to answer the test at the end, but ask the same questions a week later and I suspect the retention of the content will have dropped to very low indeed.   So this is where gamification comes in.    The presenters identified two types of gamification, being content or structure based.   In content based gamification the content is presented as a game.  In structured based gamification the content is the same but includes some sort of leader board, prize of other enticement to engage users.   As the session was presented I was thinking of the potential of doing a Kahoot quiz with heads of department where they need to identify whether emails are trustworthy or not for example.     I also thought about some sort of competition between departments so maybe a quiz or phishing test which results in a cyber score which can be reported and compared with other departments.   This is one area I will certainly be looking into in the short term to see how I can try to gamify user awareness materials and processes, and to see what impact that has.

Civic duty rather than organisational cyber security awareness

Another point that was made during the conference was to engage people on security awareness beyond simply keep the organisations data secure but to accept that we can also deliver a civic benefit in making users more secure, both personally and also professionally.   Where we seek to do this we are more likely to engage users and have them learn from awareness programmes plus additionally we address the risk of a personal cyber incident potentially impacting on the school or other organisation anyway.  Take for example the compromised personal mobile phone:  It may have organisational email on it or info about the individual which could be used in crafting attack against them in their professional context, among other data which could pose a risk to the organisation.

Regulation as a change agent

One of the panel sessions I attended involved discussion of change and of compliance with security standards, change processes, etc.     From a school and college point of view this can be difficult as although policies are in place sometimes these will be overlooked and busy staff, both teachers and support staff, as well as students, may fail to engage with requirements or training around cyber security.    One of the panellists in the session highlighted that this wasn’t an issue in financial technology (FinTech) due to the nature of the business being heavily regulated meaning the penalties for non-compliance, for both the individual and the organisation, can be quite extreme.   Taking this insight and applying it to education got me thinking of the potential for the DfE to set requirements and of ISI and Ofsted to then include this within the inspection requirements.   Now the release of the DfE standards is a small step towards this however I suspect that is about as far as things will progress, which without any monitoring or penalties for non-compliance, is very limited in terms of impact.

Cyber insurance

There was a good session discussing cyber insurance with a very clear take away.  The session talked about how the cyber insurance market has seen policy costs increase along with greater requirements to get insured.   The questionnaires which you need to complete were a particular focus of discussion in that some of the questions are not easy to answer or not appropriate in a given context.   I have never really thought about this however the panel highlighted that the purpose of these questionnaires is for the underwriters to get a view of the risk in order to provide their proposal.   As such if the questions don’t make sense, it is the underwriters which we need to discuss this with to find out what it was they were hoping to find out from a given question.   Apparently the underwriters often don’t have access to client information, with this handled by the broker, so it is for the client, the school or college, to request a discussion with the underwriter and to initiate dialogue.

Conclusion

Cyber security seems to me to very much be a business risk, including where that business is the education of students.    As such it impacts all organisations albeit the scope of impact and the scope of risk varies.    This means there is a lot to gain from sharing experiences and ideas across sectors rather than just within sectors.    Having attended this industry focused information security event, where I think I may have been one of very few from the education sector, I came away with a fairly long list of ideas and things to try.    

But if I am to leave this post with one thought it is that maybe we need to get past the doom and gloom of cyber and become more accepting of doing what we reasonably can and of seeking to constantly improve, even where these improvements might only be small and minor;   It is about risk management.Any progress in the right direction is progress after all.

Day in the life: Half term edition

Last week was half term and from an IT Services point of view this represents an opportunity to catch up on things and to do maintenance and other works while the teaching staff and students are no longer on site.   As such I thought I would share another “day in the life” similar to my post from January 2022 (A day in the life of a Director of IT).

Start of Day

Have set myself a target of running 65km each month in 2023, trying to build some consistency into my health and fitness efforts.  As such it was up and out at 6am for a run.  On this occasion my run was cut short at around 3.5km out of my planned 6km due to not feeling 100%, however its still progress considering I lost a weeks worth of running at the start of February due to a heavy cold.

8:30am

In work for around 8:30 which is slightly later than normal, with this being the result of some ongoing roadworks which have now been ongoing for what feels like years.   I need to get sorted back in my office following the whole IT department including myself being relocated to the DT department to allow some essential power works to be done on our offices.   The first part of the day is quickly catching up on social media posts and looking at my calendar for the day to check what I have on.  As its half term the calendar isnt that busy although I have plenty of tasks to work on, so this means my time is very much self-directed rather than directed by meetings and appointments.   As we are in the middle of the week, Wednesday, I spend a little bit of time looking towards next week and allocating time for various meetings, preparation and planning and other tasks.   This is a weekly task I do to ensure I am always looking ahead and trying to be proactive in my planning as opposed to have to be forever reactive.   I have a number of 1:1 meetings planned with various staff so it is at this point

It isnt however long before an impromptu meeting arises to look at events management and how technology can be used in helping plan events in what is a very busy school with lots of things going on, whether its sporting, academic, music, drama, art or other events.   This meeting is followed by another meeting looking at inspection compliance and data requirements.   In both cases my focus is on trying to identify and simplify processes first before looking at how technology can be used.    Applying technology to overly complex processes in the hope of improving things is something I seek to involve as I feel it just created complex technology solutions which in turn tend to be expensive in terms of total cost to support, manage and maintain, but also tend to be fragile and more prone to fail.  

11:00am

One of the projects I am working on currently relates to using PowerBi to analyse academic results data.   As lunch is approaching I spend a little bit of time playing with my data model to see if I can get the outputs I would like.   It becomes clear that some of the data needs to be reprocessed into a slightly different form in order to facilitate the outcomes I am looking for.  

Lunch

When working on data exercises or little programming problems time can just disappear so before I know it lunchtime arrives and it is a quick visit to the canteen for some food with this then being eaten at my desk due to the main canteen undergoing some maintenance works.   The canteen staff as always do a fantastic job.  I particularly enjoy the Tunnocks Caramel Wafers which were on offer.   As I have my lunch a bang out a couple of emails in relation to the podcast, “In our humble opinion”, I am working on with Ian Stockbridge ahead of a recording session planned for this evening.

1:00pm

After lunch and I have two main tasks on my to-do list, being continuing working on the PowerBI data analysis and also working on an initial draft of a proposal looking at moving school servers to the cloud.  

Within the PowerBI project I find a lovely visual to present value added data comparing students actual grades with predicted grades based on standardised testing.   I then however hit a challenge in relation to looking at individual classes in terms of how to model the data.  This is something I will need to come back to.   And its important to note here that my belief is that data always has context so therefore the data in itself is of limited use without someone able to add the detail in terms of the individual students involved, events which have occurred, etc.

The proposal for a move to the cloud comes together quite well as I look to present the positives and the risks of such a move.  It is my firm view that most services will move to the cloud however I recognise that cloud hosting will be more expensive than locally hosting, when viewed over the longer term, however with that come some advantages such as improved scalability and better security functionality.    The proposal isnt at this point ready to be presented but it should be ready following a number of revisions and adjustments planned in the weeks and months ahead.   This, in my eyes, is a long but important project.

5:00pm

The end of the day has arrived and it is shortly after 5pm I leave for the carpark before driving to the car park which is my route home, inclusive of the ongoing road works.    Arriving home and the house is empty as kids are out so it is a couple of quick household chores and some reheated Pizza ahead of jumping on Teams at 8pm to record what will be episode 6 of the “in our humble opinion” podcast with Ian.   The episode seems to go quite well and we ended up having a further chat post ending the episode.   Following ended the call I quickly upload episode 2 and release it via our website and also via Spotify and other podcast channels.

9:00pm

Finally, the end of the day and a little bit of time watching TV before bed.    Currently this involves a number of “classic” 1980’s movies however it isnt long before I am too tired and the TV gets turned off before the movie ends.

Reflections

Half terms seem to go quickly but it is only when you stop and take note of what has been done, as I have done above, that you truly appreciate what is achieved.   Normally you simply get to the end of half term, wonder what has been achieved and then are drawn to things yet to do or the tasks which we be required come Monday when the term restarts.    But stopping and taking note requires time and when things are busy we often don’t allow ourselves that time.   Although reflection is important it is seldom urgent.    Maybe this has to change!And it is also worth noting that not all half terms or holiday periods are as busy as this one…..sometimes they are busier.

Jan 2023: a quick review

It’s been a busy January and I can’t believe how quickly time has flown.  As such I thought it might be a good opportunity to take stock and do a little bit of reflection using my 2023 pledges as a starting point.

Podcast

I set a plan for releasing a podcast of at least 6 to 8 episodes at some point in 2023.   This has led to a discussion with a colleague, Ian Stockbridge, where we have been discussing some sort of collaboration for a while now however never managed to actually put aside time and make anything happen.   In January however we both have put time aside and started a little Podcast project with 5 episodes already recorded and a few more planned.   As such it looks like my plan to get a podcast released is well on its way and likely to see fruition and the release of episodes in Feb/Mar this year.

Time Management

Am not sure much has changed on the time management front as January has certainly flown by.   I do however hope I have started to build some new more effective time management habits however only time will tell.

Running

It was a ropey start to January with no running at all done in the first week however I picked up in week 2 and by the end of the month had managed 12 runs and 65km.   The 65km mark is higher than the 50km per month I planned, but would see me again break the 750km mark as I did in 2021 and 2022.  As such this is progressing well.

Reading

Managed one book so far in January, mainly due to a train journey which allowed me to get a significant amount of reading in.   Continuing to read will be very much dependent on my finding the relevant opportunities and time in my day as we progress through the remainder of the year.   I suspect this is one pledge which I may fall short on.

Big Picture

I have already taken the step to roll smaller tasks together however I still think I am being drawn to more operational rather than strategic matters.  I suspect this is something I will need to continue to work on during the course of the year.

Holidays and Experiences

January hasn’t provided too many opportunities however I already have a couple of plans which I am looking to put in place in relation to building experiences and arranging holidays.   I am also trying to ensure I note any achievements so I am better able to reflect when, in the future, I look back on 2023.

Contributions to Edu and Tech

I have already had a few opportunities including a podcast, a webinar and also some guides I have been involved in producing.  In terms of the remainder of the year there are a few events I hope to be involved in plus a number of different ideas and projects I am actively seeking to explore.   I have also enjoyed contributing to discussion in relation to Artificial Intelligence such as ChatGPT as I see such potential for the use of AI solutions like this however I also see significant risks which we need to consider and seek to mitigate.  January has also furnished me the opportunity to attend my first face to face conference of the year in a Microsoft and ANME event at which I was an attendee, finding it to be useful and interesting.    Overall, I hope that when I look back, 2023 will have been a good year in terms of my contributions to education and technology in education.

Work

I have enjoyed spending a bit of time discussing digital citizenship with various year group assemblies both in December but continuing into January.   This is definitely something I want to build on going forward.   Equally enjoyable have been the esports groups I have been involved in who have positively took on competition among themselves, and who hopefully may consider moving on to compete with other schools/colleges in the 2024 season.

Conclusion

I have achieved more in January than I thought I would have done, albeit this means I have been very busy indeed at times.   In turn this has meant time has flown by, however it has also meant I have not had the reflective time I would have liked but sadly you cant have it both ways.    If I had more time stopping and thinking, I doubt I would have had the time to achieve as much.   As such I will need to keep an eye on this balance and check it continues to be at a point I am happy with.  I note as I write this that the start of feb saw me fall ill with a cold;  Was this just due to weather or maybe just trying to do a little too much;  I am not sure.

In terms of new opportunities and experiences I think I can already identify three in my collaborative podcast, a little consultative work and also in the initial discussions regarding a conference in Europe at which I will hopefully contribute later in the year.  Given only one month gone, I think this is good progress and something I can continue to build on.

So, 1 month down, 11 months to go……..onwards to the rest of 2023!

Reflections on 2022

We are at the end of yet another year, and this time, the end of 2022 so its time to briefly blog a bit of a reflection on my year. The easiest place to start in reviewing the year is the pledges I made at the beginning of 2022.

Exercise and Health

2022 saw me once again reach 750km of running for the year however it saw me much more inconsistent than I had been in 2021.   Although I managed to run over 100km in each of 4 months, more than I had managed before, I also had some months where I achieved very little distance at all.   In terms of distance, I did finally manage to achieve a couple of 10km runs although these runs were rather broken and slow.     My speed over the whole period continued to be rather slow, being on average 6:21 min/km whereas I would have very much likely to have been closer to the 6-minute mark.  That said, throughout my years running my focus was always on achieving the distances regularly rather than on building up my speed.    Towards the end of the year, I did start to suffer some joint and muscle pains so decided to rest from mid-December onwards to allow me to then look to restart in 2023.

I suggested at the start of 2022 that another health related plan was to reduce my alcohol intake.  Sadly, this didn’t really happen and the idea of a “dry” month certainly never looked like happening.   Now, I enjoy a beer especially when watching the football or a good film, plus it is one of the few vices I believe I have so I am not too disappointed on failing to meet this pledge.   It is important to balance trying to achieve things, to work hard, etc, with also having a bit of fun.  I suspect my alcohol intake is overall slightly less than in 2021 although I don’t have any really evidence to support this, so this may simply be me justifying not doing more.

Another area of health which didn’t work out in 2022 related to dental accidents with a number of accidents during 2022 resulting in dental treatment which I find difficult, and that’s even before, as a Scotsman, I get to having to pay for it!

I also note that as I finished work in December I fell ill with a bit of a flu (not covid!).  Upon looking back to 2021 the same issue had occurred with illness in December.   I wonder if this is me simply pushing too hard and failing to consider my health, then as the term and year ends and I relax, the strain on my body catches up with me, manifesting in illness.  Maybe something to think about next year in ensuring I take care of myself as term ends in order to hopefully avoid a period of illness over the festive season.

Wellbeing /Happy memories

Sitting here writing this things don’t quickly come to mind although a family holiday abroad, our first since the pandemic does come to mind and was enjoyable.  I also thoroughly enjoyed a trip with my wife as part of our anniversary which saw us spend a few days in London together, even taking in a stage show and seeing a number of historic sites around London.   There are also a number of other significant memories created during the course of 2022 however I will not go on to list these here.  So this is all positive.

I think part of the issue here is that I maybe don’t have a great long term memory and therefore find it difficult to quickly reflect.   To that end I started noting things, achievements, etc, starting in March 2022 to help me with this.    Reviewing this it seems clear a vast majority of the notable things from 2022 relate to either my job or to the wider education and technology sectors in which I work rather than to personal or family related things.  This is something I need to think a bit more on in terms of my work/life balance and whether it is a balance I am happy with.

One memory I will have for 2022 will definitely be turning up to the Houses of Parliament to attend a morning meeting, but sadly attending on the wrong day, a day to early, followed by feeling ill and not being able to attend the event on the correct day.  Ooops.

Reading

I didn’t read quite as much as intended or would have liked during the course of the year.   I think I maybe managed 6 or 7 books rather than my normal 12 books although I did start to read some fiction in addition to my non-fiction, enjoying re-reading Frank Herbert’s Dune and also a number of HP Lovecraft short stories.    The issue was generally one of time and priorities with reading sitting with a reasonably low priority.  This was however helped by the various conference and other events I attended which required train travel, thereby providing me with an opportunity to catch up on reading.

Contributing

This is likely the area where I think I did best during 2022.   I had opportunities to contribute to several different education and technology conferences or other events as a speaker, panellist, or guest while also developing a number of different bits of content for various organisations.   There were also many brilliant opportunities to network and catch up with colleagues from across the UK including the ANME ambassadors, Bukky Yusuf, Mark Anderson, Al Kingsley, Olly Lewis, Abid Patel and Emma Darcy to name but a few.  The fact that Abid Patel presented me with a can of my favourite Bru (intentional spelling) at an event being a particular highlight.   I was also both surprised but also very pleased to be nominated for Network Manager of the Year as part of the EduFuturist awards for 2022.  This was definitely not something I had expected or even hoped for.    As such am not sure I could have achieved much more that I did in 2022.    Here’s hoping for the same kind of opportunities in 2023.

Work

I think the year in work went well with the fact I have began to take notes of achievements being a useful aide-mémoire to help in assessing this.   When I addressed my team before the school broke up for Christmas it was good to be able to go back to the summer holidays and the beginning of term and list off some of the many things we have done, introduced or changed during the course of a single term, where had I not noted these down they may have simply slipped from memory.  

Other achievements

2022 once again saw me take on an external accreditation in ISC2s Certified in Cybersecurity.   It had been a number of years since I had last needed to take on a proper exam so I was a little nervous.   As it turned out a lot of the content overlapped with some of the other accreditations I already held and as such I didn’t find the exam to be that challenging but was still happy to achieve confirmation of my achievement of the certification.

Conclusion

2022 was a busy year and I think I crammed quite a bit into it.   I think one of my issues is that I seek that single highly significant and memorable event where this just didn’t happen in 2022, or indeed in a number of the preceding years.    This may detract from the many lesser events and achievements I did reach in 2022 and hence leave me feeling a little depressed or under appreciative of what I did achieve.   For 2023 I need to get passed this and be more positive and appreciative of that which I can and do achieve.

And so with my quick review of 2022 out of the way, it is onwards to 2023.   I want to try and treat 2023 as a fresh start and new year so hopefully be able to look back, around a year from now, and find my reflections on 2023 are not merely a repeat of those from 2022.    My next blog post will therefore focus on pledges for 2023 and how I might bring about the change I would like to see.

JISC Security Conference Day 2

It’s been a few days since the JISC Security Conference however I am only now seeing light at the end of the tunnel, having spent the last few days catching up following my two days out at the event.   As such I thought I would share some thoughts following Day 2 of the conference.

Defend as one

During the course of the 2nd day of the conference I attended a number of sessions where various educational institutions shared their experiences of cyber incidents.   I will admit it was good to hear their experiences as generally all we get to hear of in relation to cyber incidents in schools, colleges, and universities, is the news posts which lack any of the detail as to the cause and impact of the incident, or of the resulting recovery operations.   It would be good to hear more of the details around cyber incidents in schools, etc, as there is a great opportunity for use to learn from the experiences and collectively seek to be more secure, with this being summed up by the JISC conference tag line, “Defend as one”.    I will however note the challenges in relation to this due to the sometimes sensitive nature of such information.

Cyber:  An IT issue?

Now the event itself was very useful for me as a Director of IT, being surrounded by others in similar roles however, as identified by one of the speakers, this also represents a challenge.    Technology security is not solely the responsibility of IT.    It is the responsibility of all those who use technology, who manage or are the owners of data, who lead departments and who lead or govern within educational institutions.      Equally all these people need to be onboard and considering what they might be doing in the event of a critical technology incident where they will need to try to keep operations going while the IT team focusses on the technical issue.     Yet the JISC security conference was mainly attended by IT people.   Clearly there is need for others to be more engaged, and I will certainly be looking to try and encourage other non-IT senior staff to attend events like this in the future.

Third Parties and supply chain risk

As the second day proceeded, I started to see some key themes and messages coming out, some of which aligned with some of my thinking, with one of these being the risk associated with third parties and the supply chain.   Increasingly we are using more external solutions, either online based solutions, or solutions where we have technology solutions from a third party running on our networks.   Examples might include a third party hosted web-site solution, a CCTV solution hosted on site, or a visitor management solution hosted on site.    These solutions have access to school data or may be on the school network, and as such may either represent a risk to the data should they suffer a cyber incident or could represent a risk to the school network.   If on the school network, they might introduce vulnerabilities, which we are unable to address and where instead we must wait for the supplier to identify and resolve by developing and deploying an update or patch.   So this risk highlights the need for due diligence before introducing new solutions.  This didn’t really happen during the pandemic, as we sought to act quickly to address the challenges so there is work to do in carry out the due diligence for systems now in use.   Also, due diligence at the point of purchase represents a snapshot;  Most technology solutions evolve over time, with new functionality being added or existing functionality adjusted and changed, meaning the due diligence which was originally conducted is now out of date and inaccurate.  This highlights the need for periodic review, but this is then yet another task or piece of work which needs doing, and who does this due diligence where departments across a school, college or university as sourcing their own solutions?  For me the key here is we need to look to do more in relation to examining the cyber resiliency and disaster recovery plans of the third parties we use.

Prioritisation

Another theme which came across was the extent of the cyber incidents described.   Basically, in some cases it meant going back to scratch, turning everything off and rebuilding.   But this takes significant time running into weeks and months.    This means it is key to identify the priorities for the recovery.  What systems and processes need to be recovered first?    If we don’t stop and consider this now, when things are running, we will likely find ourselves in the middle of an incident with every department and users screaming that they system or process is most important, and we will then waste significant time trying to debate and decide.    Clearly there is need to examine all the systems and technology in use and then identify a clear and documented priority order for these systems such that when an incident occurs there is a clear priority order with which to work with.

Data Governance

The issue of data governance was particularly notable in discussions related to HE, to universities and this is likely due to their size and scope when compared with schools and colleges.   That however is not to say that the same challenges don’t also exist in schools and colleges.   The key question here is about the basics of data management and knowing what data we have, why we have it, where it is and likely most importantly who is responsible for it.   And in terms of responsibility, I am not referring to IT teams being responsible as they run the systems the data is stored on, but who the owner of the data is.  For example, admissions data doesn’t belong to IT, it belongs to the admissions team, while pastoral data belongs to the pastoral team.    IT can never know the processes and uses of all the data stored by different depts on IT solutions, therefore they cannot therefore be responsible for the data management side of such data.   It is the data owners that are responsible for what data they gather, how it is stored, how long they keep it, etc.    It was key from some of the discussions that greater effort needs to be made to ensure all understand who is responsible for what data. 

Conclusion

There was a lot to think about on Day 2 and to be honest I havent as yet had a sufficient amount of time to properly stop and reflect on the day or on the wider conference as a whole.   And I suspect it will be a few weeks and maybe the end of term before this will properly happen.

That said the above represents some of my initial thoughts based on some of the copious notes I took during the course of day 2.

I will end on an important message as I see it; This can all seem like doom and gloom.  The “when” rather than “if” of a cyber incident, the size and impact of such an incident and the multiple things we need to be doing to prevent and prepare, but against the backdrop that no matter what we do it may still happen.    We cannot allow it to be all doom and gloom.   My view is therefore that we need to simply seek to continually improve, to not try and do everything, but to try and seek to be more secure today than we were yesterday.

JISC Security Conference Day 1

I thought it would be useful for this weeks blog to focus on the JISC Security conference in Wales, which I am attending today (Mon 7th Nov) and tomorrow, plus which includes a third day held online.

So, lets start with my usual travel difficulties.   This shouldn’t have been a difficult one as have driven to the event however my car decided to develop some engine issues, including the engine warning light deciding to stay one plus occasionally flash alarmingly at me.   I noted a reduction in engine power which meant my cheeks were firmly clenched as I crossed the Prince of Wales bridge in the wind and rain;  Not somewhere I would want to break down.   Thankfully the car got me to my destination and can now have a rest before the return leg.

So the event itself, as I write this opening part of the blog I am sat waiting for the event to begin.  I have high hopes for the conference as there are so many different talks all focussed on the very important topic of technology security in education, principally in Further Education and Higher Education.   As a topic technology or cyber security is increasingly important in schools, colleges and universities as cyber criminals seem set on targeting education.   One presenter at the JISC conference suggested education was the number 1 target for ransomware attacks.   It makes sense sadly due to the data schools, colleges and universities hold, plus due to the fact the focus is on education with cyber security relegated to a secondary or even tertiary concern, often reserved for those working in IT roles.   Given the focus of the whole conference is on security I was very hopeful that I will take away quite a bit from the two days.

One of the big take aways from Day 1 for me was a document which presented 16 questions for University Vice Chancellors to answer in relation to cyber security.   The purpose of the 16 questions being to prompt discussion in relation to cyber security at the highest levels of management in universities.  It was clear from conversations with a few people that although this document had been sent to all universities, it hadnt necessarily been disseminated and discussed.   Looking at the 16 questions I could see how they were applicable not just to universities but also to colleges and even schools.    This did make me wonder about the need to share ideas and how, at the moment, there are various organisations sharing advice on cyber security, however no-one really collating this and providing it across sectors.   For example the DFE shared guidelines for schools while JISC developed and shared guidance for universities, yet both publications contained some common themes.   Wouldn’t it be good if this was shared centrally but with all educational institutions regardless of stage/sector?

Another discussion that I found interesting related to how we know or can assess how we are doing in relation to cyber in our own organisations.   Each school/college should be doing some form of risk assessment but it would be useful to be able to take this and assess your security against other similar institutions.   In HE this could be done using the 16 questions, but would rely on universities self assessing and then sharing their findings with a body such as JISC who could then calculate the “average” preparedness for universities.  This average could then be used as a benchmark with which to compare.   For schools, rather than the JISC 16 questions, the DFE guidelines could be used in a similar fashion.

If there was one big take away from day 1 of the JISC event it was that universities, colleges and schools are all subject to similar risks in relation to cyber crime and cyber resilience, albeit with different resources available to address the challenges.    As such there is a need to collaborate more across sectors, sharing experiences and knowledge where possible.    Currently the sharing is very silo’ d, so schools and MATs share, independent schools share and universities share, but each sharing separately.   There is a need, in my view, to bring this all together.

Feeling down

Have been trying to post a blog once a week but missed out last week having found things a bit of a struggle.    The end of term was manic, as I suspect it was in many schools across the UK and across the world.    I was extremely busy finding myself trying to balance a multitude of different tasks and projects.   Additionally, I was working on my personal fitness trying to complete 100km of running during October, having failed to do so during September due to a cold which had stopped me running for most of the final week. 

And so the half term arrived and my energy levels suddenly plummeted.  Exhaustion, or at least that’s what I now believe it was, kicked in.    I managed to drag myself out for a 10km run last Saturday albeit it was very broken and particularly slow however after this my energy was spent.   I suddenly found myself with little energy and little motivation to undertake a variety of personal tasks and projects, as well as work related tasks.  In fact, I found myself with little energy to undertake much at all. 

Sunday arrived and I found myself depressed.   Part of this was due to my low energy levels, and my inability to getting moving forward on things while another part was related to the fact that Saturday, and an opportunity to undertake personal tasks and achieve something, had came and went with little to nothing achieved.  The fact I couldn’t focus sufficiently to get a blog put together only added to way I was feeling and to my worsening outlook.

Monday was little better.   I had plans for a run.   My plan revolves around 4 runs per week of 6km each if I am to achieve my 100km, with my runs normally Monday, Wednesday and then Friday and Saturday.   The Monday run never happened as I couldn’t motivate myself to get up and out in the morning, with the same issue on the Tuesday.   And this lack of progress, despite my plan, further put a dampener on my mood.   

It wasnt until mid week before I was able to work to correct my mood and pull myself out of the depressive cycle which was building.   I knuckled down despite how I felt and a number of successive work tasks completed including a couple which provided a bit of satisfaction all helped to improve how I felt and my outlook.

Its Friday now and I sit on a train on the way home from a trip to London.   I feel significantly better than I did at the start of this week, but the events of the last week highlight how variable my mood and feelings can be.   When I look back a year or more my sense is that my mood is reasonably level however this is the illusion of memory;   the reality is my mood is very variable.   The challenge for me is to find ways to manage this.   This time it was putting my head down and working but I doubt that will always work.   The question then is how can I prepare and identify coping strategies for should my motivation and outlook “tank” at some point in the future.   I also think on reflection I have grown to be good at managing lots of task and managing being busy, but not so good or happy when it comes to down time, to sitting relaxing watching TV or reading a book.   Although I know these are important acts in allowing me to decompress, relax and recover, it doesn’t feel productive and therefore leads to feelings of depression.   Thinking about it, I can see why this might happy given a normal workday might see 10 or 12 items ticked of a to do list, whereas sitting through 10 episodes of binge-watch TV does quite compare in terms of a feeling of achievement.

Am not sure if this post will resonate with others but thought I would share anyway as maybe it will help others, or maybe it will just help me at some point in the future, as a reminder that things are more chaotic and variable than we remember, but that in the end most things work out. I suspect we could all do better in being aware of our mood and feelings, and seeking to better manage them.

A new academic year

And so a new academic year begins.  The students are back and the school is once again buzzing with activity at the start of the usually hyper busy first term.  As the autumn term and the new academic year begins I thought I might share some of my plans for the weeks and months ahead.

Data

This is definitely one of my projects for the year ahead, looking at how we as a school might better store, process and present data.   The key for me is the use of Microsoft PowerBi in order to allow data to be easily explored by end users, in a way that is more user friendly and intuitive than a large complex spreadsheet.   Now a key here, and likely the hardest part of the process is ensuring the data is appropriately structured, and in the resultant need to clean up existing data ahead of then starting to analysis it.

Embedding technology

I would like to spend more time with teachers using technology in the classroom this year.   I have become a little disconnected from this in the last year as I focussed on the infrastructure, systems, cyber security, etc.   As such it would be good to spend time with those teaching diverse and different subjects, to allow me to review and evaluate my thoughts and practices in relation to teaching.    Hopefully, it will also allow me to identify areas where I can help and support technology use, especially where technology can make things easier, quicker, more effective or generally better for teachers and students.

Digital Citizenship

This is a particularly important topic in my view, in the need to discuss the risks and benefits of the internet, technology, social media, etc.    We don’t truly know the long term impact of the technologies we are using today, in particular the impact of social media, so in the absence of an answer, we need to at least promote discussion.    One of the challenges here is finding time within the busy school curriculum for this to happen in a way that goes beyond the often superficial discussions which currently happen.    It is my hope to work with students this year in discussing digital citizenship, plus also possibly to look at developing some content which can be used across schools.

Virtual Reality

Now this is a bit of an experimental project, looking at how VR kit might be used more within schools and also hopefully examining how schools can create their own VR content.    For me this ability to work within VR and to create your own VR content is key as otherwise you are reliant on the content of others, such as the VR hardware vendors.   Over the years I have seen a number of technologies fail to live up to their promises where they are reliant on content created by the vendor or third parties.

Running

I was doing well in May, June and July, managing to run 300km however this fell to near zero in August so as the new academic year begins I hope to pick up where I left up.   Given I am at 500km for the year so far, it would be good to get to at least 750km for the year so that means I have 4 months to achieve 250km, so that’s around 65km per month.

Conclusion

Now the above are only 5 areas which jump to mind for the year ahead.   The board in my office has many post-it notes relating to projects and tasks which I will be addressing in the year ahead.

I look forward to it being another busy, challenging but worthwhile academic year.    All that remains is for me to wish everyone all the very best for the 2022/23 academic year.   Onwards and upwards….

Day 1 of BETT

OK so lets start with the usual BETT mishap, and this years one is a good one.   Basically had a breakfast meeting setup for during BETT, occurring in the centre of London.    So I departed my BETT hotel and headed out early in the morning, necessitating getting up around 6am.   And so it was I arrived early, found the location and took in some views of the Thames, before presenting myself at the venues security area, an area populated by around 15 security staff and me, their first visitor of the day.    But they had no reference of the event I was attending.   A quick look at the invite and it was dated the 24th March, tomorrow, I had just somehow got it in my head it was on day 1 of BETT.   I was not just early, I was 24 hours too early!     Now am not sure how I will ever top this one.

Networking

So, onto BETT itself.    The main benefit of the event is the networking side of things, and once again it provided on this side of things.    I spent a bit of time with the Association of Network Managers in Educations (ANME), spoke with Steve Beswick from Microsoft in relation to the Microsoft Surface Devices and inking and discussed cyber security and data protection with Tony Sheppard

I also said quick hellos to Mark Anderson and Al Kingsley on the Netsupport stand and to Abdul Chohan and Aarti Malani ahead of their session plus to Tom Dore from British esports (and am being careful to ensure I write esports correctly following Toms session) and Ian Stockbridge.     And apologies to others I may have missed off, in my foggy recollection at the end of a busy first day.   I will note I need to get better with my selfies, as despite the many hellos or quick chats I came away with very few selfies.

Esports and cyber

I took in Tom Dores talk on esports, which really highlighted the potential esports has as a vehicle to engage students and to promote soft skills plus also the digital citizenship skills and knowledge increasingly needed in this technological world.    This highlights my need to continue to encourage and support esports in schools.

I also took in two cyber security discussions, with the most significant comment being the need to discuss “Cyber Resilience” of schools rather than the narrower focus of “cyber security”, looking largely only towards preventative measures.   I also liked the 10 recommendations which one of the sessions finished on which included the need to adopt a “Continuous Improvement Cycle”, with this need echoed in the 2nd of the two sessions.   The need for the wide awareness of cyber risks among staff but more particularly as something discussed at a senior level, regularly, with this referring to daily or weekly rather than an annual discussion.

Interactive Panels

I wont make much of a discussion on this as sadly there were still quite a few companies hocking their interactive panels and projectors.   Not really that much of a surprise from a business perspective as, if you take them as useful, the market comprimses of every single classroom in every school, across the world;   As such I need to get over this issue;   As long as there is a market and a profit I suspect interactive panels will continue to show up at EdTech shows.    One interesting trend though this year, was the projectors setup to create large interactive floor surfaces or walls rather than your traditional board wall space.   It’s a minor variation of the interactive panel theme and I can see some interesting use cases with younger kids, but still feels a bit like old tech, just wrapped up as something new and shiny, and I note I saw i3 doing similar things almost 10 years ago now.

AI and Machine Learning

It came up in some of my discussions especially in relation to cyber security products, but as it was quite a busy day I didn’t really push anyone in defining how AI or machine learning was utilised within their products.   Maybe something to focus on in day 2.

Conclusion

Day 1 was a busy one.    My step count by the end of the day was around 15,000 steps, and being above 6ft tall, plus tending to walk at a brisk pace, this means I covered some surface area, in and around the chats and presentations.    Although BETT this year Is smaller, it didn’t really feel smaller.

Was it worth it coming down for BETT?    I would suggest it was however at the end of day 1 I wonder in myself whether I could have made more of day 1.    But that is an issue I am more concious of in myself these days, that maybe the search for continuous improvement leaves me always feeling a little disappointed no matter how things have gone.    Maybe I need to relax a little, network, have fun and just be content with having achieved all that I could achieve.

9 Years of blogging

Feb 12th 2012 and I was sat on the bed at night, creating my new blog.   My first post was a short one, but little did I know that I would still be blogging some 9 years later.   374 posts have passed under the bridge since that evening at home in our villa in the UAE.   Now I sit at home writing this, some 1000’s of kilometres away from where my blog began, now living in Somerset rather than Al Ain.

My blog has never had a huge readership; to be honest it barely has a small readership; however, I have found the process of writing useful for myself, forcing me to order my thoughts before typing them out.  At a recent virtual event, someone commented about where I find the time to blog in addition to my normal workload as a Director of IT.   There is only a limited time in the day, and this will never change, so I try to avoid concerns about the lack of time.  Instead, I have always sought to prioritise, and that includes putting some time aside to write my blog.   Often this has involved stealing a small amount of time here and there.   As I type this, the Amazon TV series Reacher is on in the background, and I am half watching it as I type this.    Given I try to just get my thoughts down, rather than seeking to create a literary masterpiece, this works for me.   Most of my posts have been written in a single sitting rather than being reviewed and edited, which explains, and hopefully excuses, the number of typos, grammar errors and sentences which read poorly.

The other benefit I have found from blogging has been the fact it creates a record of my thinking.    As such, when I look back it provides a window into my thinking at a particular moment in time, in the past.  I have found this useful in charting how some of my views, opinions and beliefs have changed over the last 9 years.   We seldom admit or even appreciate how much our views and beliefs change, however having a written record, has helped me to realise how much and where I have changed, and where I have not.     I think in future, when I look back on the period 2020 – 2022 and the pandemic, I might find particular value in the records of my thoughts and from this there might be a number of learning points which I can take away.

I also hope that in blogging I am contributing to the wider world, to the education and technology discussion.   Ultimately is this not something we all wish for, to have achieved something and left something behind.   I hope that at least some of my thoughts have contributed something meaningful to the discussion, and I hope to continue to do so.

Blogging isnt for everyone, and to be honest I never really thought it was something I would get into.   That said, I would recommend that if you are thinking about it, just do it.  Don’t worry too much about who will read your posts, about what you will write about, etc, just be yourself and share your thoughts.   The more people sharing in my view the better, especially as we continue to work through the difficulties presented by a global pandemic.

So, with this, that’s 375 blog posts in 9 years.   Onwards to another year and I look forward to continuing to share my thoughts.