2025DPSS

Dr Patrick Kiley-Rendon, Technology Director of West Islip will discuss his district's experience working with CISA and their free Incident Response Tabletop service and will share the good work his team is doing around cybersecurity and data privacy.

Discover how the Data Protection Officer at Honeoye Central School District is working to create a culture of data privacy and security through fun and engaging professional development. Toss out that boring computerized training and discover interactive, gamified approaches that make learning about data privacy both enjoyable and effective. From team challenges to scenario-based simulations, we’ll explore creative ways to keep staff engaged while reinforcing critical privacy practices. Join us to learn how to build a proactive, security-conscious environment where data protection is a shared responsibility and staff is motivated to play their part.

Just like in the gym, building strong cybersecurity practices requires consistent training, accountability, and the right workout partners. In this session, we’ll break down how our district approaches data privacy as a team effort—leveraging NIST gap analysis, staff training, incident response planning, and cybersecurity tabletops to build resilience. Learn how to spot risks before they become breaches, develop a training regimen that keeps staff engaged, and flex your security muscles with real-world exercises that strengthen data protection across schools.

The DPO as a Cyber Guardian defends organizations against cyber threats using the NIST Cybersecurity Framework and zero-trust principles. They combat phishing attacks, enforce MFA, and promote continuous monitoring to safeguard sensitive data. Beyond compliance with Ed Law 2d, FERPA, and COPPA, they foster a culture of cybersecurity awareness, ensuring resilience in an evolving threat landscape.

In an effort to integrate security and privacy-focused thought processes throughout everything we do, we introduced a focused "Executive Cybersecurity Tabletop Exercise" format in our Data Protection Officer training sessions this year, which were also presented to district superintendents.  We have found these sessions a great way to fast-track collaborative problem-solving sessions around cybersecurity with experienced IT and leadership professionals.  In this session we will talk about the need for executive tabletop exercises, the protocol for conducting the exercise, and walk the audience through a sample tabletop cybersecurity exercise.

Learn about the partnership between Nassau RIC and three local school districts, Plainview-Old Bethpage CSD, Jericho UFSD and Franklin Square UFSD, to implement encrypted email solutions. This presentation showcases how our collaborative approach led to the successful adoption of secure communication tools that protect sensitive data while meeting the needs of all stakeholders.

Once your district has developed a New Software Request Protocol or Process, what are positive and effective strategies for integrating the A4L SDPC Resource Registry into the workflow? Holland Patent Central School District has worked with MORIC to develop and implement a process that leverages the new registry to benefit the requester and the review committee. The process allows for a more efficient and timely turnaround of requests that answer the key questions we all must ask:

- What is the educational value of this resource?
- Who will be the primary users and how will it impact them?
- How will the resource be effectively supported by and for our staff?
- How is this software unique to district-approved software that may have similar functionality?
- What are the procurement options?

The latest version of the NIST CSF--NIST CSF 2.0--was released last year. This presentation will cover all of the changes in the NIST CSF 2.0 and how school leaders can use the framework to make improvements to their cybersecurity programs.

Join us for a deep dive into a recent real-world cyber incident where attackers methodically infiltrated a network, established persistence, exfiltrated data, and actively attempted to lock administrators out of their own systems in an attempt to take over an entire network. Join Joshua Becker, Assistant Director at the Central New York Regional Information Center and Paul Marco, Co-Founder TALAS Security for an eye-opening session, tailored for K-12 technology leaders, as we will walk through each phase of the attack, from the initial social engineering scheme to the final extortion attempt, demand and negotiation. Learn critical indicators of compromise related to this particular attack, response actions, and proactive strategies to fortify your district's cybersecurity posture. Don't miss this opportunity to gain firsthand insights from a live breach and actionable steps to protect your network.