Cyber Savvy: Securing the Education Sector from the CTO of New Trier Township HS District 203

We are excited to introduce Cyber Savvy, a brand-new blog series that dives deep into the minds of renowned cybersecurity experts. Through a series of questions posed to these information security leaders, we’ll hear new perspectives on the evolving threat landscape and get a firsthand account of their unique challenges and triumphs throughout their careers.

With each installment, we aim to foster an environment for learning, sharing, and engaging in meaningful conversations related to cybersecurity. Whether you're a seasoned CISO, an aspiring security analyst, or simply looking to hear from others in the industry, this series is for you.

For this first article, we spoke with Michael Marassa, Chief Technical Officer (CTO) of New Trier Township High School District 203 in Illinois. Michael is a seasoned technology leader with a wealth of expertise in computer science and extensive experience in the public sector. He has been instrumental in modernizing New Trier Township's technology infrastructure, providing robust cybersecurity measures, and harnessing emerging technologies to address evolving needs. As CTO, Michael remains committed to driving technological excellence and fostering digital resilience in an ever-changing landscape.

Here’s what he had to share about his experience.

What are your biggest concerns or challenges as a CTO?

A: As the CTO of a large school system, the risk of external and internal threats is 24/7, and an ongoing challenge to keep our organization protected from bad actors. We are also a flagship district, and so any cybersecurity incident would bring not only ‌national attention, but also cause distrust of a high-performing school system.

What new challenges do you anticipate in the coming year?

A: I feel the new challenges will be integrating new systems as they develop and continuing to leverage SSO and best-practice expectations with so many users. I would love to move to an environment where high school students are using MFA and SSO for their primary applications so that we can better secure the entire district environment.

How is your team adapting to the evolving threat landscape?

A: As an educational institution ourselves, we see the value in continuing education and are committing to it as a security organization. This starts first with ongoing learning through our vCISO partnership as well as knowledge gathering from peer CTOs. As the landscape evolves, knowing what other leaders are facing and how they’re responding is incredibly important to creating our own strategy.

What are your biggest goals for the coming year?

A: I’m aiming to move to an AI model for quarterly pen testing, and table-top exercises for my technical and leadership team. By harnessing the power of artificial intelligence, we can streamline the identification of vulnerabilities, ensuring that our systems are rigorously tested and fortified against potential breaches on a regular basis.

What new trends in cybersecurity excite you right now?

A: I’m excited by the responsiveness of AI and its ability to recognize threat patterns, typical communication styles, and recipients. This combats bad actors using AI to carry out their attacks.

Editor’s Note: We’re talking a lot about this in our Convergence of Cybersecurity + AI limited web series. Check it out here to see how bad actors are using AI, what types of AI is needed in response, and how leading CISOs are using AI to secure their organizations.

What advice do you have for other CISOs or aspiring CISOs?

A: Training your staff is crucial. Ensure you have a cybersecurity incident response plan in place, regularly practice it, adopt a zero-trust model, and implement business-class security standards in K-20 education.

Want to learn more from Michael? You can connect with him here, or learn more about his work for New Trier Township High School District on their website.

In the next installment of Cyber Savvy, we will chat with Alex Green, Chief Information Security Officer (CISO) of Delta Dental Plans Association, to learn more about his experience leading security strategy for a huge dental insurance provider in the United States, where he protects the data of more than 80 million members.