top of page

California's cyber elephant in the classroom

Updated: Aug 25, 2021

In my interview last week with international cybersecurity expert, Dan Lohrmann, I sought to expand my current understanding of the potential security vulnerability inherent in distance learning for K-12 students. Lohrmann confirmed that K-12 public education is indeed one of many sectors where the full scope of security vulnerability is underestimated by those outside of the cybersecurity expertise sphere he has inhabited for more than thirty years.

One of the key statements Lohrmann made during our first conversation was that there is a critical need for transparent discussions regarding cybersecurity issues amongst all stakeholders within K-12 public education in the US. He emphasized the dynamic nature of the cybersecurity threats which all school districts face,`and the continuing evolution of nefarious cyber players who are constantly upping their game to circumvent the existing security measures inherent within digital applications used for online instruction. The magnitude of the overall security exposure in public schools has increased exponentially since the widespread implementation of digital distance learning, nearly one year ago, but the core issue already existed prior to the Covid-19 pandemic.

He further explains that the role of Chief Information Security Officers ("CISO"), and the effectiveness of their security practices and governance, is more crucial than ever for public school districts, just as they will be for any organization conducting an ever-increasing amount of its operations via digital platforms. President Biden's renewed emphasis upon the urgency of cybersecurity vigilance is a hopeful sign, according to Lohrmann, that government will model the requisite transparency and vigilance over the next few years, which information security warrants. The blueprint for how such vigilance will trickle down to digital classrooms is, however, still a work in progress.

For more information regarding Dan Lohrmann:


For me, as a doctoral student and learning technologist, it is a very small cognitive leap to conclude that public school districts are among the institutions least prepared to create a sophisticated, coordinated response to information/privacy breaches during digital instruction. California public schools are not known for innovative practices or state of the art technological initiatives. Public education in California, on the contrary, is known for its poor performance as measured by virtually any metric for measuring administrative successes or student outcomes.

What remains unclear as I research this issue, is how cybersecurity leadership will manifest itself within the domain of public education. Since public school districts in California, for instance, do not currently prioritize cybersecurity policies for students, students' families or for the thousands of public school teachers relentlessly ploughing ahead within the digital domain, how will such critical oversight be managed? In the public school contexts within which I work, the institutional role of CISO at either the school or district level is unheard of.

Will the only answer be for the federal government to ensure that public education adheres to nationally defined standards, similar to those it promulgated for students with disabilities through the federally legislated requirement of FAPE?

And how can we trust that a plan for cyber resiliency might be introduced into public educational practices, when the very subject of digital security breaches remains taboo for teachers to broach within their individual schools or district setting?

Today, there are more unanswered questions than concrete plans being proffered by public school districts. They are tasked with the solemn duty of supplying a safe space for millions of underserved students. If districts are asking these uncomfortable questions, they are doing so clandestinely, which does not build public confidence that comprehensive action is imminent.

But In order to tackle the monolithic undertaking highlighted in this post, i.e. to pre-empt and adapt to increasing threats, public education leaders will be forced to come clean regarding the clear risks to students and teachers, and which school systems demonstrate glaring levels of unpreparedness.

This will require breaking with historical traditions of sweeping difficult systemic issues under the proverbial bureaucratic rug that plagues and diminishes public education in California.

37 views3 comments

Recent Posts

See All


Matilde Gonzalez
Matilde Gonzalez
Mar 01, 2021

Something that stood out to me from your post is how you mentioned that public schools do not exactly know for innovation (or encouraging and supporting such, in my opinion). Another point that needs highlight is that this pandemic exposes many of the cracks in the “system.” A significant part of knowing what the future will look like is analyzing how we address these deficiencies as a community. How we are addressing this situation within the school system is honestly distressing. Many educators have buried their heads in the heads, further complicating the situation through no fault of theirs. Many educators want to return to the “old normal,” understandably because this “new normal” is not working out very well. Ideally,…


Brittney Johnson
Brittney Johnson
Feb 24, 2021


This is a huge conversation currently, especially as we have transitioned to distance learning and I myself have been working to figure out how to add elements of new apps into my classroom without compromising the privacy of my students, their families and my school community. Its so cool that you were able to interview an international cybersecurity expert and thank you for sharing their thoughts on this issue!


Brittney Johnson

Replying to

Thanks Brittney for your thoughts. Dan was incredibly kind to take the time to share a small part of his broad scope of cybersecurity insight. I am grateful for the fact that he recognizes that discussion at all levels, including the scholarly research level, is key to expanding the dialogue on this severely under-addressed issue which impacts us individually and globally, in all industries and spheres of endeavor.

Post: Blog2_Post
bottom of page