Building a Culture Around Cybersecurity with Andrew Marcinek

Hacking With Permission: K-12 Pen Testing with Zelvin Security

Welcome to Season 2 Episode 5 of the Zero Breach Zone, where hosts Phil Hintz and Andy Lombardo sit down with the people on the front lines of K-12 cybersecurity. This week they're joined by Brian Parton, penetration tester and security expert at Zelvin Security. Brian pulls back the curtain on what a real pen test looks like inside a school district, what attackers are actually looking for, why your printer might be your biggest vulnerability, and how knowing where your defenses fail is one of the smartest investments a district can make. Recorded during Teacher Appreciation Week, Phil and Andy take a moment to recognize the educators who make every other profession possible, including the cybersecurity pros keeping school networks safe. Key Takeaways: * Penetration testing is active, intentional, and noisy. The goal is to find every exploitable vulnerability across every layer of defense so you know everywhere you're exposed, not just where you didn't get caught * Red teaming is different. It's quieter and more covert, designed to simulate a real attacker who's trying not to be detected * Automated pen testing tools beat a basic vulnerability scan, but only a human tester can adapt, troubleshoot, and exploit the edge cases that tools miss. A false sense of security is worse than no test at all * Printers are a massively underestimated attack surface. Once configured for scanning and email, they often hold credentials that can unlock privilege escalation across your entire network * Separating admin accounts from everyday user accounts is one of the highest-impact, lowest-cost moves a district can make * Pen testing validates your existing tool spend and increasingly checks a box on cyber insurance applications Parting Tip: * Visit zelvin.com/K-12-resources [https://zelvin.com/k12resources] for free tools including a pen test ROI guide, a purple teaming explainer, and a password entropy checker. Aim for a base entropy score over 100 Resources Mentioned: * Zelvin Security — zelvin.com * DEFCON Groups — find your local chapter (search "DC" + your area code) * OWASP — find your local chapter for web security community and networking

Surviving a School District Cyberattack with Sandra Paul

Welcome to Season 2 Episode 4 of the Zero Breach Zone, where hosts Phil Hintz and Andy Lombardo sit down with the people on the front lines of K-12 cybersecurity. This week they're joined by Sandra Paul, a seasoned K-12 technology leader who takes us inside a real cyberattack on her school district. What happened, how her team responded, and what she'd do differently. Sandra brings hard-won, practical experience to a conversation every school IT leader needs to hear. She walks through the full arc of a live incident, from the moment the breach was discovered to the critical role of cyber insurance, legal counsel, and vendor relationships in getting through it. Her core message is one the whole field keeps coming back to — it's not a matter of if, but when. Schools that survive are the ones who prepared before the crisis hit. Key Takeaways: * Have an incident response plan and test it regularly with tabletop exercises * Get to know your cyber insurance provider and legal team before you ever need them * Strong vendor and partner relationships are a critical part of your defense * Communication during a crisis is just as important as the technical response Parting Tool:  * Canva for presentations  * Notebook LM for writing assistance Resources Mentioned:  * NIST Cybersecurity Framework  * CoSN (Consortium for School Networking) * Sophos Security Solutions  * NJ Edge

Building a Culture Around Cybersecurity with Andrew Marcinek

Welcome to Season 2 Episode 3 of the Zero Breach Zone, where hosts Phil Hintz and Andy Lombardo sit down with leaders shaping the future of technology and security in K-12 education. This week they're joined by Andrew Marcinek: father, author, education veteran and CTO, to dig into why building a culture around cybersecurity is the most important thing schools can do right now. Andrew shares his journey from classroom teacher to technology leader and makes a powerful case that digital safety isn't an IT issue — it's a people issue. The conversation tackles the ongoing debate around cell phone policy and screen time, with Andrew arguing that banning devices misses the point. Students need to learn to navigate technology the same way they learn to drive — with proper education and guardrails, not just restrictions. That thinking underpins his work in digital health and wellness and his widely praised book, *Teaching Digital Kindness*, which has become a go-to resource for educators looking to build empathy and accountability in digital spaces. They also explore how AI is transforming school communications and operations, and close out with a look at vibe coding — where students use AI tools to build and publish real websites with little to no traditional coding experience. Key Takeaways: * Cybersecurity in schools requires a culture, not just a tool * Students need digital literacy the way they need driver's ed — preparation, not prohibition * Digital health and wellness belongs in the classroom conversation * 'Teaching Digital Kindness' is essential reading for any educator navigating today's tech landscape along with Andrew's upcoming book (working title) 'Untangled'  * AI is streamlining how schools communicate and operate * Vibe coding is opening up real creative and technical opportunities for students Parting Tool: Try vibe coding with Claude Code or Lovable — two AI-powered tools that let students (and educators) build real websites and apps with minimal coding experience. Resources Mentioned: * Teaching Digital Kindness by Andrew Marcinek [https://www.amazon.com/Teaching-Digital-Kindness-Andrew-Marcinek/dp/1032281545] * Think Forward Solutions [https://thinkforwardsolutions.com]  * School Amplified AI [https://schoolamplified.ai]

Cybercrime at Machine Speed: Are Schools Ready?

Welcome to Season 2 Episode 2 of the Zero Breach Zone podcast, where hosts Phil Hintz and Andy Lombardo break down emerging cybersecurity threats and what they mean for K-12 schools in 2026. Drawing from recent industry predictions, they explore how cybercrime is becoming more industrialized—powered by AI, automation, and speed. Andy shares real-world examples of how quickly attackers identify and target new staff, sometimes within days, and how campaigns are expanding beyond employees to include parents and community members. The conversation dives into modern attack techniques like token theft, AI-driven reconnaissance, and ransomware-as-a-service, highlighting how attackers are operating more like businesses than ever before. Phil and Andy also discuss the growing importance of identity as the new security perimeter, reinforcing the need for MFA, zero trust strategies, and strong onboarding and offboarding processes. They wrap up with a look at EdTech trends, including shifting perspectives on student device usage, and this week's Parting Tool shared by Andy shows how to turn Google Slides into AI-narrated videos for quick and effective content delivery. Key Takeaways: * Cybercrime is evolving into a fast, AI-driven industry * Attack timelines are shrinking dramatically * New staff and even community members are becoming targets * Token theft and automated attacks are on the rise * Identity and MFA are central to modern defense * Zero trust and lifecycle management are critical * Ransomware-as-a-service continues to grow Parting Tool: Use Google Slides’ “Convert to Video” feature to create AI-narrated presentations for training and classroom content. Resources Mentioned: Fortinet 2026 Cyber Threat Predictions (White Paper) Chapters: 00:00 Introduction and 2026 Cyber Threat Predictions 03:15 The Acceleration of Cyber Attacks 06:40 Real-World Phishing Examples 10:05 Token Theft and AI Threats 14:20 Ransomware and Cybercrime Evolution 18:10 Identity and Zero Trust 22:30 EdTech Trends and Tool of the Day

Season 2 Kickoff: The ‘Hi, How Are You?’ Scam & Smarter Cyber Threats in 2026

Episode Description: Welcome to Season 2, Episode 1 of the Zero Breach Zone podcast. Phil Hintz and Andy Lombardo dive into the latest cybersecurity threats facing K-12 schools. They break down the rise of scam tactics like the “Hi, how are you?” texts and long-term “pig butchering” schemes, highlighting how attackers are shifting beyond email into more personal and trusted channels. The hosts share real-world examples and explain why even small interactions with scammers can increase risk. The conversation also focuses on a growing concern, student cybersecurity. From compromised student accounts to new training initiatives, Phil and Andy emphasize the importance of building safe habits early to protect school environments. Phil also shares a fun and inspiring story about students breaking a Guinness World Record by building the world’s largest Pong game, showcasing how coding and innovation are shaping the next generation of cybersecurity talent. The episode wraps with insights on evolving threats, student MFA challenges, and practical ways schools can stay ahead. Key Takeaways: * Text-based scams are rapidly increasing and highly effective * “Pig butchering” scams rely on long-term trust and manipulation * Engaging with scammers can make you a bigger target * Cyber threats are expanding beyond email into trusted platforms * Student accounts are a growing risk and need proper training * Early cybersecurity education is critical * MFA for students requires balancing security and usability Chapters: 00:00 Season 2 Kickoff and Reflections 01:30 New Year, New Cyber Threat Landscape 02:30 The Rise of “Hi, How Are You?” Scam Texts 04:30 Understanding Pig Butchering Scams 06:30 Real-World Scam Examples and Family Stories 08:30 Why You Should Not Engage with Scammers 10:00 Expanding Threats Beyond Email 11:30 Scareware and Social Engineering Tactics 13:00 Student Cybersecurity Risks 14:30 CyberNut Student Training Overview 16:30 Building Safe Habits for Students 17:45 MFA Challenges and Student Access 18:45 Real Incident: Google Doc Attack 19:45 Looking Ahead to 2026 Threats 20:30 Closing Thoughts and Wrap-Up