Zero Breach Zone

Surviving a School District Cyberattack with Sandra Paul

Welcome to Season 2 Episode 4 of the Zero Breach Zone, where hosts Phil Hintz and Andy Lombardo sit down with the people on the front lines of K-12 cybersecurity. This week they're joined by Sandra Paul, a seasoned K-12 technology leader who takes us inside a real cyberattack on her school district. What happened, how her team responded, and what she'd do differently. Sandra brings hard-won, practical experience to a conversation every school IT leader needs to hear. She walks through the full arc of a live incident, from the moment the breach was discovered to the critical role of cyber insurance, legal counsel, and vendor relationships in getting through it. Her core message is one the whole field keeps coming back to — it's not a matter of if, but when. Schools that survive are the ones who prepared before the crisis hit. Key Takeaways: * Have an incident response plan and test it regularly with tabletop exercises * Get to know your cyber insurance provider and legal team before you ever need them * Strong vendor and partner relationships are a critical part of your defense * Communication during a crisis is just as important as the technical response Parting Tool:  * Canva for presentations  * Notebook LM for writing assistance Resources Mentioned:  * NIST Cybersecurity Framework  * CoSN (Consortium for School Networking) * Sophos Security Solutions  * NJ Edge

Building a Culture Around Cybersecurity with Andrew Marcinek

Welcome to Season 2 Episode 3 of the Zero Breach Zone, where hosts Phil Hintz and Andy Lombardo sit down with leaders shaping the future of technology and security in K-12 education. This week they're joined by Andrew Marcinek: father, author, education veteran and CTO, to dig into why building a culture around cybersecurity is the most important thing schools can do right now. Andrew shares his journey from classroom teacher to technology leader and makes a powerful case that digital safety isn't an IT issue — it's a people issue. The conversation tackles the ongoing debate around cell phone policy and screen time, with Andrew arguing that banning devices misses the point. Students need to learn to navigate technology the same way they learn to drive — with proper education and guardrails, not just restrictions. That thinking underpins his work in digital health and wellness and his widely praised book, *Teaching Digital Kindness*, which has become a go-to resource for educators looking to build empathy and accountability in digital spaces. They also explore how AI is transforming school communications and operations, and close out with a look at vibe coding — where students use AI tools to build and publish real websites with little to no traditional coding experience. Key Takeaways: * Cybersecurity in schools requires a culture, not just a tool * Students need digital literacy the way they need driver's ed — preparation, not prohibition * Digital health and wellness belongs in the classroom conversation * 'Teaching Digital Kindness' is essential reading for any educator navigating today's tech landscape along with Andrew's upcoming book (working title) 'Untangled'  * AI is streamlining how schools communicate and operate * Vibe coding is opening up real creative and technical opportunities for students Parting Tool: Try vibe coding with Claude Code or Lovable — two AI-powered tools that let students (and educators) build real websites and apps with minimal coding experience. Resources Mentioned: * Teaching Digital Kindness by Andrew Marcinek [https://www.amazon.com/Teaching-Digital-Kindness-Andrew-Marcinek/dp/1032281545] * Think Forward Solutions [https://thinkforwardsolutions.com]  * School Amplified AI [https://schoolamplified.ai]

Cybercrime at Machine Speed: Are Schools Ready?

Welcome to Season 2 Episode 2 of the Zero Breach Zone podcast, where hosts Phil Hintz and Andy Lombardo break down emerging cybersecurity threats and what they mean for K-12 schools in 2026. Drawing from recent industry predictions, they explore how cybercrime is becoming more industrialized—powered by AI, automation, and speed. Andy shares real-world examples of how quickly attackers identify and target new staff, sometimes within days, and how campaigns are expanding beyond employees to include parents and community members. The conversation dives into modern attack techniques like token theft, AI-driven reconnaissance, and ransomware-as-a-service, highlighting how attackers are operating more like businesses than ever before. Phil and Andy also discuss the growing importance of identity as the new security perimeter, reinforcing the need for MFA, zero trust strategies, and strong onboarding and offboarding processes. They wrap up with a look at EdTech trends, including shifting perspectives on student device usage, and this week's Parting Tool shared by Andy shows how to turn Google Slides into AI-narrated videos for quick and effective content delivery. Key Takeaways: * Cybercrime is evolving into a fast, AI-driven industry * Attack timelines are shrinking dramatically * New staff and even community members are becoming targets * Token theft and automated attacks are on the rise * Identity and MFA are central to modern defense * Zero trust and lifecycle management are critical * Ransomware-as-a-service continues to grow Parting Tool: Use Google Slides’ “Convert to Video” feature to create AI-narrated presentations for training and classroom content. Resources Mentioned: Fortinet 2026 Cyber Threat Predictions (White Paper) Chapters: 00:00 Introduction and 2026 Cyber Threat Predictions 03:15 The Acceleration of Cyber Attacks 06:40 Real-World Phishing Examples 10:05 Token Theft and AI Threats 14:20 Ransomware and Cybercrime Evolution 18:10 Identity and Zero Trust 22:30 EdTech Trends and Tool of the Day

Season 2 Kickoff: The ‘Hi, How Are You?’ Scam & Smarter Cyber Threats in 2026

Episode Description: Welcome to Season 2, Episode 1 of the Zero Breach Zone podcast. Phil Hintz and Andy Lombardo dive into the latest cybersecurity threats facing K-12 schools. They break down the rise of scam tactics like the “Hi, how are you?” texts and long-term “pig butchering” schemes, highlighting how attackers are shifting beyond email into more personal and trusted channels. The hosts share real-world examples and explain why even small interactions with scammers can increase risk. The conversation also focuses on a growing concern, student cybersecurity. From compromised student accounts to new training initiatives, Phil and Andy emphasize the importance of building safe habits early to protect school environments. Phil also shares a fun and inspiring story about students breaking a Guinness World Record by building the world’s largest Pong game, showcasing how coding and innovation are shaping the next generation of cybersecurity talent. The episode wraps with insights on evolving threats, student MFA challenges, and practical ways schools can stay ahead. Key Takeaways: * Text-based scams are rapidly increasing and highly effective * “Pig butchering” scams rely on long-term trust and manipulation * Engaging with scammers can make you a bigger target * Cyber threats are expanding beyond email into trusted platforms * Student accounts are a growing risk and need proper training * Early cybersecurity education is critical * MFA for students requires balancing security and usability Chapters: 00:00 Season 2 Kickoff and Reflections 01:30 New Year, New Cyber Threat Landscape 02:30 The Rise of “Hi, How Are You?” Scam Texts 04:30 Understanding Pig Butchering Scams 06:30 Real-World Scam Examples and Family Stories 08:30 Why You Should Not Engage with Scammers 10:00 Expanding Threats Beyond Email 11:30 Scareware and Social Engineering Tactics 13:00 Student Cybersecurity Risks 14:30 CyberNut Student Training Overview 16:30 Building Safe Habits for Students 17:45 MFA Challenges and Student Access 18:45 Real Incident: Google Doc Attack 19:45 Looking Ahead to 2026 Threats 20:30 Closing Thoughts and Wrap-Up

Knowing Is Half the Battle... The Other Half Is Cybersecurity Funding for Schools (Re-Air)

Welcome to episode 15 of the Zero Breach Zone podcast, where hosts Phil Hintz and Andy Lombardo discuss their experiences at recent conferences, focusing on cybersecurity strategies in K-12 education. They explore the importance of multi-factor authentication (MFA), the challenges of session timeouts, and the need for continuous improvement in cybersecurity practices. The conversation also highlights the significance of tabletop exercises for incident response and the convergence of physical and cybersecurity measures in schools. The hosts share insights on integrating technology for safety and the necessity of collaboration among various stakeholders. In this conversation, Andy Lombardo and Phil Hintz discuss various aspects of school security, including the importance of enhancing physical security measures, leveraging CISA for audits, and the role of AI in education. They emphasize the need for collaboration and networking within the EdTech community, as well as advocating for increased cybersecurity funding to protect K-12 institutions. The discussion ends with highlighting the significance of engaging with Congress to address these pressing issues and the helpful resources prepared by CoSN to do so. Key Takeaways: * MFA is essential but requires ongoing adjustments & MFA should extend to social media accounts * Session timeouts can pose risks if not managed properly * Tabletop exercises help prepare for incidents * Convergence of physical and cyber security is crucial * Stakeholder collaboration is key in incident response * Continuous learning from conferences is invaluable * K-12 cybersecurity threats are rising and we need your voice * Cybersecurity is a bipartisan issue with real-world consequences * Parting Tool: Help your district to become a Zero Breach Zone -Urge Congress to Protect and Invest in Cybersecurity Support for Schools-  through the CoSN prepared resources:https://cosn.quorum.us/campaign/115693/  [https://cosn.quorum.us/campaign/115693/] Resources Mentioned  * Evil Jinx: https://github.com/kgretzky/evilginx2 [https://github.com/kgretzky/evilginx2] Chapters 00:00 Spring Reflections and Conference Recap 03:08 Cybersecurity Strategies and MFA Insights 06:01 Real-World Cybersecurity Challenges 09:06 Tabletop Exercises and Incident Response 12:00 Convergence of Physical and Cybersecurity 14:57 Integrating Technology for Safety 19:12 Enhancing School Security Measures 20:50 Leveraging CISA for Security Audits 22:34 Insights from K-12 Conferences 23:32 AI in Education: Opportunities and Challenges 26:33 Networking and Collaboration in EdTech 31:46 Advocating for Cybersecurity Funding 39:21 Call to Action: Engage with Congress