Partner Talks: Navigating Cyber Threats in Education with Ankura's Robert Olsen
This episode is brought to you by Veracross and Toddle.
As independent schools integrate technology more deeply into their educational practices and administrative operations, they face critical questions: How can they protect their digital ecosystems? What strategies can be employed to shield against cyber threats? Furthermore, how does cybersecurity intersect with the broader educational goals of fostering a safe and innovative learning environment?
Robert Olsen, Global Practice Leader for Cybersecurity and Data Privacy at Ankura Consulting Group, addresses these pressing concerns. Olsen emphasizes the necessity for schools to adopt a proactive approach to cybersecurity. This stance is not merely about defense but about building a resilient digital culture that can withstand and adapt to the evolving nature of cyber threats.
Olsen remarks, "The reality is, threat actors are becoming increasingly sophisticated, making it all the more important for schools to adopt a comprehensive approach to cybersecurity." This observation by Olsen highlights a critical challenge: the pace at which cyber threats evolve demands an equally dynamic and informed response from independent schools.
Transitioning from Olsen's overarching insights, Christina Lewellen, the Executive Director of ATLIS, and Hiram Cuevas, the Director of Information Systems and Academic Technology at St. Christopher's School, provide practical perspectives on implementing these strategies within the school setting. Lewellen advocates for integrating technology to enhance collaboration and break down barriers within the school community. She asserts, "It's about leveraging technology to break down walls and foster collaboration," underscoring the essential role of cybersecurity in safeguarding the community's integrity and privacy.
Cuevas adds a personal dimension to the discussion by sharing his experiences with technology's dual nature—its capacity to connect and expose. He reflects on using features like 'Find My' on Apple devices, balancing the convenience and peace of mind such technologies offer with the potential privacy concerns they raise. "It's not about monitoring but ensuring safety," Cuevas says, highlighting the nuanced approach required when integrating technology into educational settings.
Olsen builds on these individual perspectives by addressing the unique challenges independent schools face, such as limited resources, which can make the implementation of comprehensive cybersecurity measures seem daunting. He advises a strategic focus: "It's about identifying the most critical assets and focusing efforts on protecting those." This approach advocates for maximizing the impact of existing resources through prioritization and strategic investment.
Going deeper, Olsen explores the broader implications of cybersecurity within the educational sector, including privacy issues and the ethical use of technology. He champions the creation of a secure yet practical ecosystem. "The goal is to create a secure and nurturing environment where technology enhances the educational experience without compromising the privacy or safety of the school community," he elaborates.
Bill Stites, the Director of Technology at Montclair Kimberley Academy, often highlights the importance of transparent communication facilitated by technology. "Slack has become crucial for us," he might say, emphasizing the role of digital tools in bridging the communication gap across decentralized campuses. This reliance on digital platforms underscores the critical need for robust cybersecurity measures to protect the flow of information.
Olsen's expertise not only sheds light on the challenges schools face in securing their digital domains but also offers a road map for navigating these challenges effectively. Through education, strategic investment in cybersecurity, and collaboration, schools can protect themselves and their students from digital threats, ensuring a safe and productive learning environment for all.
Resources:
- Connect with Robert on LinkedIn
- Cybersecurity Recommendations for Independent Schools
- ATLIS K-12 Cybersecurity Assessment
- ATLIS Cyber 101 Workshop
- 9ine Tech Academy
- EdSurge Product Index
- Common Sense Privacy
- iKeepSafe
- LearnPlatform
- Education Framework
- CISA - Cybersecurity and Infrastructure Security Agency
- K12 Six - K12 Security Information eXchange
- NIST - National Institute of Standards and Technology
Transcript
Narrator 0:02
Welcome to Talking Technology with ATLIS, the show that plugs you into the important topics and trends for technology leaders all through a unique Independent School lens. We'll hear stories from technology directors and other special guests from the Independent School community and provide you with focused learning and deep-dive topics. And now please welcome your host, Christina Lewellen.
Christina Lewellen
Hello, everyone, and welcome back to talking technology with ATLIS. I'm Christina Lewellen. I'm the Executive Director of the Association of Technology Leaders in Independent Schools.
Bill Stites 0:25
And I am Bill Stites, the Director of Technology at Montclair Kimberley Academy.
Hiram Cuevas 0:39
I'm Hiram Cuevas, Director of Information Systems and Academic Technology at St. Christopher's school in Richmond, Virginia.
Christina Lewellen 0:44
Hello, gentlemen, we are reunited again, it's great to see you. Good to see you as well. Good to see you, too. So I went out and I ran some errands, knowing that we were going to sit down and record today. And I had this moment where I could not find my phone. And I've been in my office all day. And I've used the phone today in the office. And I ended up leaving and running my errands, I had to go to the post office without my phone. And I had nothing to listen to me. Because my car, I don't even know how to run the radio in my car, right? Like it just connects to my phone. And I started thinking in this very, it was only about a five minute drive there and back to the post office. But in that five minutes, which felt like a lifetime, I started thinking about like, gosh, I did grow up without a phone. I mean, like I'm old enough to have grown up without a phone. And so now I was just thinking about what an indispensable piece of technology it is. But as I was driving back, I also thought there are pieces of my life that are tech focused and tech based that I just couldn't live without, you know, like for ATLIS, our entire organization is organized on Asana. And you know, as a project management system, we use it as a communication tool. And so what happened if like, you know, thinking about today's guests that we're going to bring in, if something happened to Asana and it got hacked, ATLIS would be like, grind to a halt. Right? So before we welcome our guests and start talking about all of our cyber issues that we all need to be thinking about, what is it for you that would just like grind to a halt? What technology can you not live without?
Bill Stites
I'm gonna give you two I'm gonna give you one work related and one personal related. The work related for me, honestly, is slack at this point, just so much goes on. Within slack, we adopted it at MK we're on three different campuses around the town of Montclair. So it's not like we're all in one place. And you know, my office is separate from everyone else. So it's a great tool for us for transparent communication, and just knowing what's going on across all different areas. Yeah,
Christina Lewellen
I hadn't really thought about the fact that like you guys are sort of decentralized. That's weird. For an independent school. You're like virtual? Exactly.
Bill Stites 2:52
It's difficult to balance. Yeah, yep. It's difficult to balance and having that as a place where we can go, in order to share everything that we're dealing with is one of those, the personal one, and I think this is more interesting, I think it will and harm you as well. You know, when you've got children and your children are traveling abroad, the Find My feature on the Apple phone, whether it's the air tag that I've got in my wallet, or whether it's the fact that it's turned on on my kid's phone while he's spending the semester in Seville or when my youngest is in South Jersey now dealing with stuff at college, having that level of just like, you know, checking, not like monitoring, not like, you know, on top of them all the time, but just Oh no, I
Bill Stites 3:37
mean, I'm a full on stalker. We admit it in my family. And you know, my kids are great, but I definitely like well, let's just stop and I stalked my parents like, how close are they to the house? We have a big life circle like 360 and I stalk them. So you're better than I if you're saying no, you don't monitor I want to know where my children are. They're adults, but I don't care. Yeah,
Hiram Cuevas 3:57
I think more so with the oldest now that when he was in Spain, the fact that it worked abroad was awesome. But also just, you know, there's a time difference. There's all these different things going on, just you know. And then, of course, he's like traveling the globe as he's like abroad. This week. He was in Amsterdam, you know, the week before he was in like Dublin, just knowing you safe.
Bill Stites 4:16
So Are you zooming in to see what bar he's hanging out at? When he was in
Hiram Cuevas 4:20
Amsterdam? I refuse to zoom because there was just too much going on in Amsterdam that I didn't want to know about.
Bill Stites 4:26
Yeah. Okay, so now I have a bigger list. I'm going to take yours and put them on my list. I like both of those. Hi, Ron, what about you?
Hiram Cuevas 4:32
So from a productivity perspective, I mean, I've grown up using laptops since 1991. And really ever since I've moved to three monitors on my desk, my productivity will sink tremendously. If I don't have those multiple screens. I just love having lots of content up that I can go back and forth with and it really makes me super, super efficient. On the personal side, I'm going to give you to like you bill I love life. 360 My oldest daughter is a world traveler. And it's really nice knowing where she is and how fast she's traveling, if she happens to be on a bus or whatnot, and I was like, oh, that's kilometers, that miles per hour. Okay, that's cool. The other one that my family really enjoys, and we share content all the time on his Spotify. Spotify has been a big boon for us. And actually, I did a lot of traveling this past week, and I listened to a bunch of podcasts, the NBR way, podcast and listen to our podcast last week with Jeff. So it was really exciting. I would say Spotify live 360. And then from a hardware perspective, I've got to have my three monitors, not $2, but three monitors.
Bill Stites 5:42
Got it. Nice reference. Well, here, here's the thing. This is why we need our guest. today. We're welcoming to our pod today, Bob Olsen from anchor up. ATLIS has a relationship with anchor and I've presented with Bob, you guys have relationships with him as well. I think that this is the perfect time to bring him into the conversation, Bob Hello, and welcome to Talking Tech with ATLIS. And I'm sure you're sitting there going, Ah ha ha privacy data, cyber issues. So you just heard what tech we can't live without, we'll have you introduce yourself and tell everybody your background. But before we go, does anything we just said make you cringe from a cyber safety perspective.
Robert Olsen 6:25
Thanks for having me, first of all, super happy to be here and engage in conversation around topics very important to me. Yeah, I was definitely having some I had to bite my tongue a little bit about some of the privacy considerations. And I get it. I'm a parent of two millennials, and it is difficult to not track them. My son is known to turn it off at times, let's just say, my daughters who are a little bit more open. And I think that's the challenge that we all face. I mean, from a security and privacy standpoint, it's really hard. And it's really there's a lot of gray space. And there's a lot of decisions and thoughtfulness that needs to go into technology. And I think that's where we all struggle a bit, quite frankly, you know, as parents, as providers as professionals, and it's not an easy answer, which
Bill Stites 7:13
is exactly why we've invited you to join us today. Bob, your background, you have an extensive background in cybersecurity. It's what your company does. But let's start first with you, can you tell us a little bit about your journey, and the expertise that you are bringing to this conversation today,
Robert Olsen 7:29
I actually did not think I was going to go down the career path. And I was going down originally when I got into college, went into the military and had every intention of going into federal law enforcement. And it just so happens that the unit I wound up being assigned to for most of my time in, we were always on call, then we had a lot of downtime, a lot of hurry up and wait kind of time. And I really got into computers, got into a little bit of programming got into technology and just really piqued my interest in and got me excited. So after I got out of the military, I went into the telecommunication space doing like network design engineering, got into a bit of operations. I started out at Verizon, and it was an amazing experience that put me through a tremendous amount of training, really, that kind of started my journey. So again, early career started out doing mostly engineering, network design, implementation type work. And then as my career unfolded, I was fortunate to work in, you know, a really big organization like Verizon, as well as some smaller startups. And this was sort of during the telecom, boom, and then unfortunately, the bus. And I was fortunate to be exposed to not just the technical aspects, but a lot of operational aspects of technology, and also starting to get into security, which you know, wasn't called cybersecurity at the time, from Verizon and went to a startup from that startup, I went, did a couple of my own startups, and served as a CIO and CISO for a couple of mid market firms. And then for the last, I guess, eight or nine years I've been serving as I would say, a classic kind of consultant focused purely on cybersecurity and data privacy, which is really been fun. I love the consulting world, because it gives me a window into a lot of different client organizations, different sizes, different industries, just different geographical locations and considerations. And it's very rapidly evolving, as you guys know, and we'll talk about, it's just a fun space to be. It's sometimes quite frankly overwhelming trying to keep track of everything that's going on. But it is fun to try and sort of keep up if you
Bill Stites 9:29
will. So now let's talk about anchor for a minute because we have a pretty close relationship, you know, as a vendor partner of ATLISes, you guys provide for ATLIS members, kind of a free mock phishing, assessment and kind of giving folks a scorecard if schools are really under resourced, and or starting this journey. Tell me a little bit about anchor first of all, but also, let me know are there still schools that haven't walked down the path of maca Seeing or some of these very kind of entry level cyber security protocols that they can take? Are there still schools that are completely head in the sand? Not really addressing these issues? I
Robert Olsen 10:11
think over the last few years, we've seen a bit of a sea change. I think they're definitely you know, are there still schools that, as you said, have their head in the sand for sure. That's not unique to the K through 12. academic space. That's true, I think across really all industries, even industries that you would assume, like healthcare and financial services, you know, we still run into organizations there that haven't really done much of anything to really kind of build out a security program, privacy is generally an afterthought, as well. So I grew out, we are focused on cybersecurity and data privacy advisory services, we're vendor agnostic, so we don't always say that we're vendor agnostic, but we have strong opinions, or expertise. That's what we sell. So we don't resell anything, we don't have any relationships with any of the big providers that are out there, whether it's from a hardware or software managed service provider perspective, it's really helping clients. And this is actually one of the most rewarding aspects of what we do is really getting to know an organization's business model, operating model who their sort of key stakeholders and constituents are, and helping them build a security program or mature if they've got a good foundation and data privacy program that makes sense for them. So context, and just really understanding what is doable, because there's lots of constraints that are out there. And not just budgetary. There's also it's sometimes overwhelming. If you look at just like the threat landscape, let's say, you've tried to build a program that secures you against every potential threat actor group that's out there. I think any organization, particularly K through 12 school that's trying to defend against everything is probably not going to defend well against anything. It's just not realistic. And so bringing our expertise and what we see from a threat landscape and saying, okay, here, given your organization's profile, here are the threats, here's what we think is the most sort of likely and most impactful, and that's really built a program around that. And it is a little bit of a moving target, meaning that you know, the threat actors mature, they evolve, but just like anything, it's kind of a living organism, and it needs to continue to grow and mature. So everybody's on a different journey. That's, I think the reality,
Bill Stites 12:23
I know that the guys are gonna want to jump in with some specific questions for you before I unleash them upon you. One of my questions is in the space of what you're talking about the threat landscape. What are the trends right now? Like, what are some of the high level, either trends or issues you're seeing, or what are schools calling you to help out with
Robert Olsen 12:43
some of the trends that we're seeing is I think organizations are understanding that they can't defend against everything. And so being really thoughtful from a threat, Intel threat, sort of, you know, understanding the landscape, I think that's important. Resources are precious, doesn't matter what organization we're talking about. And so tailoring their actions to where they get the biggest bang for the buck, so to speak, and really align it with the threat landscape that's out there. Insurance industry continues to evolve. I speak in a lot of K through 12 conferences, and just the the level of premium increases year over year that folks come up and share with me, it's just mind blowing, I think it's stabilized a little bit, or it's maybe not quite as bad as it was for a few years. But we're still hearing that. And so trying to help folks understand the value of a cyber insurance policy and making sure that it does align with their risk profile, that they understand it, that it really is comprehensive as much as it needs to be or can be. And then probably the the elephant in the room is AI, you know, everybody's trying to wrap their head around sort of the art of the possible and it seems like it's almost endless, and all of the legal and moral and ethical, regulatory sort of implications of AI. I'm both excited and terrified, quite frankly, with AI. So those are some of the things that we're seeing. One last thought is definitely we're seeing, I would say an accelerated convergence of cybersecurity and data privacy from a regulatory standpoint. So you know, if I'm a IT director at a Annapolis member school, you're probably getting a lot of questions. We're starting to get questions around data privacy, and those folks never envisioned that they would have to be an expert on data privacy, which is a challenging topic. You know, what regulations apply? There
Robert Olsen 14:28
was a few things you mentioned there that really resonated and I think the world in which we're living right now, where we're having to meet the specifications that all these insurance policies are putting out as much as when I read them and have to go through them. I'm like pulling what little hair I have left in my head out trying to figure out how do we align with these things? Because a lot of times the ways in which they're worded is very difficult to follow. It does provide us as school technologists, the tool kind of to move some of these initiatives through because if I can say that this is not, you know, the tech department wanting to do this, but this is something we need to do to be in compliance for insurance and legal reasons that gives a little extra push behind the work that we have to do. So there's that piece of it that I think is, is a double edged sword there in terms of having to deal with the insurance to be compliant. But what that also gives us in terms of that extra push, the one thing I wanted to comment on specifically, as a school that's worked very closely with anchor compass back in the day, you know, we've been with you and working with you guys for quite a while, is really what I think is very thoughtful about the way in which you work with schools, is we went through a full blown, it's kind of like a cyber audit. And we spent a lot of time with people at anchor, going through the document that we were filling out. And I think I'll go back to that cybersecurity piece where you read it, and you're not really sure what they meant and, and how that all applies. And one of the things I think is really a great exercise, not only in in the report that you receive at the end, but the process that you go through, is really taking a deep dive into some of these questions that you need to answer and having a conversation, as you were saying about like, what's the threat landscape? What do you really need to be most concerned with? And then having that conversation with an expert about what it is your goals are as a school? What is best practice, and where is that place where you can meet in the middle, and really get the biggest bang for your buck, I think is one of the best things that can come out of working with anchor company like anchor to go through these types of things, if you've got that level of focus, I think it's great. One of the presentations I often do for ATLIS is I focus on the low hanging fruit. And I think you and the work that you do there surfaces a lot of low hanging fruit for schools in a way in which they can realistically apply. And I think that's great. And that focus is fabulous.
Robert Olsen 17:10
I appreciate very much the feedback. And yeah, it's something that we're passionate about. We've been fortunate to work with, Nick, it's over 75 schools. And one thing I'll add also is a lot of organizations have done a pretty good job of investing in technology. I'm a huge fan of the low hanging fruit, there's always low hanging fruit, there's also an opportunity to really maximize the technology investment that's already been made. You know, a lot of times what we'll see is, organizations immediately think that they've got to go buy something else. In a lot of cases, that's really not necessarily the case, it's that they don't maybe understand the full value and functionality, what they've already invested in, and especially when you get into some of the cloud platforms. So it's another important I think consideration.
Robert Olsen 17:51
Just to follow up really quickly on that when you when you think about that low hanging fruit, then what is that in your mind when you think about schools on what they can pick off and what they can really get the biggest bang for the buck early on.
Robert Olsen 18:04
So the way that we think about security is from a people policy and technology or people process and technology. And I think there's low hanging fruit really across each of those typically, and low hanging fruit also that has a really high value on avoiding or dramatically minimizing any type of a data breach. I'll start with one of the easiest ones on the technology side, MFA, you know, multi factor, yes, it can be defeated. But
Bill Stites 18:33
can I get an amen? We try to reinforce that for you all the time. But it's funny how many schools still aren't using it?
Robert Olsen 18:40
It is and a lot of it, what we find is, and this is still true today is there's a misperception on the complexity of implementing it. And they're just using it. And I've had people come up to me at conferences and just say, you know, basically, they they're like, Oh, it's just too complex. And I'm like, let me show you how easy it is. And I show them and they're like, that's it. Yeah, it's literally that simple. Well, you guys must have done something special like now it's not. I mean, you know, back in the day, it was not nearly as easy. You know, I think the industry has done a good job. Where we see issues is there still are vendors who have not adopted it for their individual product, which just blows my mind. It's one thing if it's not available, it's another thing if you're just choosing not to use it as an organization. So I think MFA is really important. You know, from a policy procedure standpoint, having a really thoughtful and not something that's downloaded off the internet, you know, written information security policy, which, you know, goes under a bunch of different names, but just stating what everyone's allowed to do or not do, and having a process in there for exceptions. So I'm sure you guys know, have lots of stories of faculty and staff downloading applications that are not, quote approved or whitelisted. And you don't want to discourage that because of the mission, but you want to provide a process for that to go through proper due diligence and vetting. And again, you know, so The poll is better. And then on the people side, you're creative security awareness training. And there's some good tools that are out there that you've got to use for gamifying, phishing and that sort of thing. But where I see a next step above that is helping folks understand the why. Why are we going through this? What does it mean to me, given my role at the school, because what folks don't realize is, a lot of times we get that, oh, I would never be targeted, or it would never happen to me. And when you talk through with them, or at least give them an opportunity to ask questions, then it's like the light bulb goes off a little bit, and what they don't realize, and also a lot of it transcends into their personal lives, because again, like we're talking about earlier, it kind of blurs together. So good security at work or at the school is also probably good security in their personal lives.
Bill Stites 20:44
I think you were probably the one Bob that said to me, or kind of taught the ATLIS team and analogy that we use quite a bit with schools. And that is the debit card pin analogy when it comes to MFA. Like if, if you steal my debit card, you can't necessarily drain out my account at an ATM unless you have the pin. And it might even put a stop to shopping with it, etc. And so I think that having the MFA seems like it should be a no brainer. And yet, it still can be complicated at certain schools. I will say that in the last few years as I've traveled and I speak to different audiences. I'll ask them, if they're using MFA in their schools, and I see more hands now than not. So I think that we're moving in the right direction. But it leads me to ask you whether people generally call you proactively or reactively. Are you getting like happy? Please help me calls more often? Or are you getting we're in trouble calls at Ankara,
Robert Olsen 21:42
it depends on what day she is and what time of year, we get a bit of both. It's not 5050. But we do good, unfortunately, get. We do a lot of work in the K through 12. and higher ed space, as it relates to data breach response and incident response triaging threat containment, you probably have seen, if you look at some of the big cyber insurance carriers that publish claims data and some analysis around it, you know, the education space has been unfortunately, ascending that list into the top, typically, they're in the top three to five sectors that are falling the most claims and, unfortunately, are being targeted the most. So we we definitely continue to see a higher volume than I would like, for K through 12. Schools. Is
Bill Stites 22:24
that because education tends to be like a weak link. Is it because our schools are penetrable? Like, why are we climbing the list? That is not something to be proud of?
Robert Olsen 22:33
No, it's not soft targets?
Hiram Cuevas 22:35
Yeah, I
Robert Olsen 22:37
think it's a combination of things. I think, you know, the threat actors are gonna go after the sort of, I'll say the easy targets, because they know that K through 12, schools, really just the educational sector, in general, are generally resource limited on the IT and security side. Or maybe they're leveraging a managed service provider, which presents you know, an interesting sort of way to kind of attack the organization. And it directors are in a really tough spot where they've got this interesting mission set that you don't see in a for profit, where they're trying to balance securing the organization, making sure all the technology works, that everybody has what they need, but doing it in a way that's still fosters creativity, and collaboration, and all those things. And so sometimes, in the spirit of creativity, collaboration, there are proverbial doors or things that are left open, unfortunately, that can be exploited. The other piece to it is, you know, at the end of the day, you can have the best technical defenses, the best policies, if people do not so intelligent things, let's say sometimes and make bad choices, or just I keep telling my times I've heard somebody, you know, like, somebody did a series of things that it was like an out of body experience, almost when you talk to him afterwards. Because you're like, let's walk through this. You did this, and this and this. And they're like, Yeah, that was really stupid, wasn't it? The other thing is, I mean, the reality isn't threat actors are increasingly getting more sophisticated. AI is certainly going to help them we're already seeing that. It's making sort of mediocre hackers, much more proficient, unfortunately. And it's a lucrative business data is currency, even still today. So yeah, I don't think it's any one thing, unfortunately.
Hiram Cuevas 24:13
So Bob, I'm actually thrilled for this conversation, because you have validated so much of what I actually just went through this morning, we had a meeting with a couple of board members and a parent that works in this space to kind of give them an overview of what we do here at St. Christopher's school. And the thing that resonates with me that that you mentioned, it seems, multiple times, and we've actually mentioned in multiple episodes of this podcast is how important relationships are. So the fact that you were talking about putting the the personal and your professional lives together with the same skill set is huge. And I referenced today that very thought by saying we're responsible for creating a life skill for all of our constituents. In these areas, whether it is cyber, whether it is privacy or AI, this is a field that's going to continue to grow. And I'm going to steal something from the chat that Ashley wrote, she says, you know, even taking a look at clean credit records that are being monitored, these are things that people just are not familiar with. And our youngest, soon to be adults, in high school, they really have no concept of how much information of theirs is already out there, and what those impacts could be to their digital footprint, outside of social media in terms of things like credit writers, etc. So this has just been a fantastic conversation so far, thank you.
Robert Olsen 25:38
A lot of people do struggle. And I do sometimes as well, admittedly, with understanding the real intentions behind the hackers, because everybody immediately goes to it's just like a quick monetary gain. There are nations I'm this is gonna sound like a little tinfoil hat to shove me but there are nation states who I want to mention that are playing the long game. So they're assuming that your students and I'm sure they're right, if you look at your alumni are going to go on to very successful. So they are looking to essentially vacuum up all the data that you have. And over time, you know, essentially track these individuals and at some point potentially be able to use something, maybe some data that they collected, or something along the way to potentially blackmail or a person aid or whatever, you got these deep fakes now, so whenever I mentioned stuff like this, sometimes people's like roll their eyes, like, Oh, this guy's crazy. But truly, it's not a hypothesis of mine. It's a fact. I mean, we've seen it with some of the work that we do. And again, I think that's where folks, unfortunately, there's a lot of awarenesses, so many needs to be raised. Because it's not just oh, they got my social security number, who cares kind of thing, it's much more strategic in a lot of cases. In other cases, it's not, they're looking to make $1. And they're gonna, you know, encrypt the data and hold you hostage for ransom or payment. Not, for sure still happens a lot today. But there's also like a more strategic long term kind of aspect to which I appreciate sounds like the way he was thinking about hire him. So yeah, I think that's an area where folks could get a lot more knowledgeable and sort of insightful. I think
Robert Olsen 27:10
there was something in the air in Virginia and in New Jersey, because my morning started out much like firearms, we had a meeting administrative meeting this morning, where one of the things we ended up talking about was the idea of all of these tools that we're using, and the way in which COVID kind of exacerbated the proliferation of those tools, and just the number of those that are out there. And the ones that have gone through vetting, and gone through for review versus those that haven't. And as teachers try to use these different tools and pick them up and begin to use them without really the due diligence that needs to go into it. So one of the things that we talked about this morning amongst that administrative meaning is, what are we looking for when we're looking at these different vendors that we're using? What are the what are the red flags? What are the pros? What are the cons? What are the things that if you see, you know, turn and run as fast as you can versus what are the Okay, this looks like something that's going to be good to use. I asked the group, you know, how many times when you've signed up for something, have you read the Terms of Service and Privacy Policy that is associated with that service? And all of them laughed? And that's when we said, well, that's what we need to do. We need to read all of those things. And that's part of the process. So when it comes to working with vendors, when it comes to looking at all these things, what do you recommend? What do you say that, you know, we all should be doing when we do that
Robert Olsen 28:36
work. So first, I applaud you for having that conversation. Because I think vendors in general are a big blind spot for most organizations for a variety of reasons, the way that I like advising clients and think about their sort of vendor ecosystem or partner ecosystem, whatever you want to recall it, because it's really important to understand sort of the context and the role of each of the vendors, whether it's just a vendor that you're buying software from, whether it's a security on campus security firm, or whatever, really understanding the role that they play in not having not trying to have a one size fits all, but also not trying to make it overly complicated. So you know, like 50, different sort of questionnaires or due diligence questions. And so really understanding the context and the role that they play. And then prioritizing the level of due diligence that you do specific to that, typically, we'll see probably two or three tiers of categories of prioritization, and you kind of pluck it, the vendors into one of those two or three tiers, I wouldn't suggest more than three, one actually pretty cool use of AI and that you could think about is take that terms of service agreement, put it into something like GPT and ask it to basically analyze it as an IT director and see what it comes down as far as summarizing or identifying any kind of red flags or pain points. So that's one thought. The other thing is, if you don't actually know most organs sanctions think they know their sort of universe of vendors that they work with. And then when they find out who they actually, you know, as an organization are actually working with, they're always shocked at how many more there are. Start with your accounts receivable folks, I can guarantee if there's a vendor and you're paying them something, they're gonna come and let you know, that's a good place to start. So if you struggle with like, Hey, I don't I think I know who but I don't really know, go to your accounts receivable folks and pull that then some red flags. And again, this is somewhat role specific. But if there's nothing around key performance metrics around quality of service, especially if it's like an outsourced like managed service provider, it outsourced IT provider, service level objectives, service level agreements, you know, the devils in the details are related mistake that I see it I'm actually working with a client right now, who went down a path that they probably wish they hadn't is they didn't clearly define the user required their requirements upfront. And so being able to take their actual requirements and what they really wanted the vendor to do, relative to what they are doing today, there's a disconnect. And so put the time in upfront to say, Okay, what do we really want? What's the role of this vendor? What are the security expectations? What are the privacy expectations? Do we have a way, and this is not true in a lot of contracts? Do we actually have a way that makes sense to exit if something happens, where we need to part ways no one ever wants to talk about Yeah, it's not fun, you always want to assume every vendor relationship is going to be great and perfect. That's just not the reality of it. And this is more for like services type vendors, less so on like the software side or software as a service type side.
Bill Stites 31:36
So basically, you're saying that our schools need a prenup? Yeah, really.
Robert Olsen 31:41
And you also want to make sure that it's reviewed by not just like one person, like, I think that the practice that we see a lot is, well, Joe, the IT director reviewed it, so it must be good. Well, how about somebody from legal 100 Somebody from the finance team from risk or whoever. And it could be that, you know, especially in schools, you know, there's one person that wears a bunch of different hats, and maybe they wear all those hats, and that's fine, but thinking about it, not just from a, Hey, this is a software as a service platform, whereby it's, we're just going to have the IT director review, and we're good to go. There's other stakeholders that should at least have a chance to take a look at it, and say, Hey, I'm gonna do this, or here's something we need to think about. And then make a business decision if you
Bill Stites 32:22
up. So you brought up a really cool use of AI, the idea that you could take the terms and service language, which is mind numbing, and plunk that into AI and ask chat, GPT or whatever system to assess it for you. That's really interesting. But earlier, you said I'm both excited and terrified about AI. So let's stop down and talk about that in two parts. My friend, chapter one, why are excited chapter two, why are terrified, Please elaborate?
Robert Olsen 32:55
Chapter one, we'll start with the positive. So within Ankur, we actually have and have had for a number of years a what we call our AI Institute. And it's a bunch of people way smarter than me who I just hold in very high regard. And I have the pleasure of sitting actually on our Innovation Council internally. And so I get a chance to have a window into some of the cool stuff that they're doing. It's what I call the art of the possible. There's just so much potential here to take mundane tasks, not super relevant in schools, but there's some relevancy I think, from a contract, like, I know, lawyers, friends of mine that are using AI, they've got to read a 500 page pre fee, or a new regulation that came out, that's 1000 pages. And they're able to take that and plug it into chat GPT, or one of the other tools and have it summarize, you know, what are the top 10 things. So what would have been a very mundane, very dry, very painful, and quite frankly, probably not the best use of their time, because they're much more talented than that, now they get something that comes out of it, that they can then go take action, and you know, it sort of eliminates that. So I'm excited for the advances that it's going to happen. I mean, you know, I think every field across the board medical advances academic, I think it's going to open a lot of doors for new learning opportunities. You know, my son is in the tech field, probably no surprise. And so he's, you know, looking at grad degrees in AI and that sort of thing. And I'm kind of jealous, quite frankly, because it's pretty cool stuff. But I don't even think we just scratched the surface. So to stay on the art of the possible and what it means specific to security and privacy. I think it's going to create an opportunity for organizations that have low resources to be essentially be a force multiplier. So I'm excited about some of the technology that I think is going to come out around really say this the right way, but a tool that is able to very much take a tailored view of an organization and kind of the way it operates behavior analytics, those sorts of things and almost act like an offensive like proactively. in an automated fashion, react and respond, and really shorten that containment, so it's not that they're not going to get attacked. But if they do get attacked, the walls will be up faster, they'll be contained more quickly. And again, I think there's lots of opportunities on the negative side, sort of chapter two a little bit, the threat actors are using it to make their packing tools, better, faster, cheaper, those sorts of things. And we're already seeing that, unfortunately, even around things like just creating more compelling phishing emails. One of the things that I always find interesting is when we see these phishing emails that if only they would hire like an English teacher, because the grammar, there's lots of red flags. But if you can now put that through one of the AI tools, and have it clean it up and make it much sound much more sort of American now, all of a sudden, it's probably going to be a lot more effective. And you could literally do that in seconds, unfortunately. But it's exciting. I think, I think overall, it's going to advance society generally, not just from a security standpoint, but with great power comes great responsibility. And I don't think we've got our head wrapped around
Bill Stites 36:01
it. It's really interesting. I mean, I think a cool supplemental audio for this podcast would be a recording of your dinnertime conversation with your son, the two of you kind of geeking out about all that as possible in the world of AI and cyber safety stuff. It's really interesting that you, you know, bring up some interesting pluses and minuses in terms of what challenges this might present but specifically focused on independent schools, we are similarly having these dichotomous conversations, right? It's going to be great for these reasons. But then there are issues for these other reasons. Our schools coming to you for support in this space. Are they nervous, scared, because obviously, Bill and Hiram are a little bit more forward leaning, I think most ATLIS core community members are leaning into AI, recognizing there's things to be careful of right. But I think that they're generally interested in the possibility of it. Are schools coming to you for help? And are there things that in particular school should be focused on when it comes to AI and making sure that we're protecting ourselves as we step out into this world of exploration? Yeah,
Robert Olsen 37:12
so most of the conversations that we're having with clients to include schools is a very common kind of question is like, they know they should be doing something to take advantage of AI. But they don't know where to start to do it in a safe and secure way. And there's not a lot of regulations out there either. So they're also sort of trying to future proof a little bit as much as you can. So most of the conversations right now, I would say, from a governance perspective, like how do we dip our toes in and maybe put one foot in, and let folks explore the art of the possible start taking advantage of this amazing technology, and evolution, quite frankly, but at the same time, not open Pandora's box and have it get out of control? Which, you know, in some cases, it's like, how do we put Pandora back in the box, quite frankly, when it gets really hard, you know, we all use search engines, Google, Bing, whatever, they're now you know, have aI built in. There's even like, if you're allowing your students or your staff, faculty and staff to access some of the different search engines, there's some lawyers that I know, they're starting to argue that you're already using AI, even if you said you're not using it. So if you're putting in any kind of data or anything, you shouldn't be into a search engine, then you're essentially probably already violating something. Some of the things that we're seeing folks think about is, it's essentially the equivalent of like a private cloud. So private AI, private chat, GPT, or something that has a compartmentalization aspect to it, where they're able to control what comes in and what comes out. They can provide guidance around like prompt engineering, like what's the best way, the most productive way to interact with the tools and those sorts of things, because it's what folks also don't realize is like, unless you're an AI engineer, to get the full value out of a tool like chat, GPT, or all the other ones that are out there, you really have to understand how you should interact with that. And so what we find is a lot of folks are doing trial and error, and they're uploading things that they probably shouldn't be in that they don't need to be. And so there's all these considerations, when again, especially in a learning environment, like you want to foster that creativity, but you want to do it in just like anything else where there's physical security, like you want to, you want to make sure that the students are doing it in a safe and secure manner. And it's a challenge. So I think thinking about it from a governance perspective, and then kind of working down and being receptive. We do have some clients not on the school side, and we just said we're not the answer is now in no way shape or form. Are we adopting this? I think they're going to regret that and rather short where that's just not feasible. I mean, the way people have access to, you know, all the different tools that are out there today, and it's just totally impractical in my opinion, and unrealistic.
Bill Stites 39:48
Well, and that leads me to a great question is that there is so much to keep track of you have your eye on the ball all the time in this space, but whether it's AI or cyber safety data privacy in general, where do schools turn, right? Because certainly, there's resources from ATLIS. And we have the ATLIS 360 suite of products where you can kind of do a self evaluation to see where you stand, you can score yourself in a rubric. And then we provide a companion manual for schools that maybe don't have, for example, an incident response plan. So we'll at least give them a place to start. And I think that that's useful for schools that are on this journey. But if they're listening to this, and they're overwhelmed, because they either haven't been keeping up with these trends, or just maybe are overwhelmed, and so they don't really know where to start, like, Do you have any guidance for schools in terms of resources? Or how to stay one ear to the ground on these issues? How do they make sure they're doing all they can to protect their schools in these particular topic areas?
Robert Olsen 40:53
Yeah, first of all, the products that you mentioned that was provided that girl are tremendous. I'm a big fan of Kiss, keep it simple. And a lot of times when we find schools in particular, that haven't really done much to invest in security, it's a lot of times when I'll hear especially, you know, when I speak at conferences is they don't kind of know where to start, it's an overwhelming topic, it's only getting more overwhelming, whether that's from a regulatory perspective, or now they've got AI and now they've got probably like, all the you got to start somewhere. So I think the guides that ATLIS provides, I think, are a great place to start. There's sort of some similar free materials that are available from CISO, from DHS Department of Education, like there's a lot of good information that's out there. The reality though, is you've got to buy into it as an organization. So it's one thing to have access to all the, you know, the helpful job aids and the incident response plan, templates example, that's great. But there's got to be a cultural buy in. And it really starts, I think, within the leadership team, and the Board of Trustees as well, like there's got to be leadership buy in, because the, to your point, there are a lot of job aids that are out there, but we still see and they've been around for quite a while, we'll still see organizations that haven't adopted them or taking advantage of that, to be honest, I think get someone in excusable, because again, I think they're easy to use. The way I explained is every We're on a journey. So it's being able to tell a story. Does anybody expect you and 30 days, 60 days all of a sudden be perfect if you don't have anything, but at least be able to articulate that here's the journey we're starting. Here's the path we're going down. We're doing it in a thoughtful way. We're going to leverage resources, like what ATLIS provides. And we're just going to start, you know, the how to eat an elephant one bite at a time. But in today's age, if your answer is I'm gonna stick my head in the sand and not do anything, then shame on you. It's inexcusable.
Bill Stites 42:45
Yeah, we owe more to our student community than that there's an ethical consideration of making sure that we're taking steps to at least have a standard of care that we tried, right that we just we gave it our effort to make sure that we protected our students while they were in our care, especially, they're very clean as Hiram brings up the very clean social security numbers and identities, their digital twins that are out there. They're clean and fresh and ripe for the taking. It's our responsibility, I think, as adults entrusted with their care to kind of make sure that we have their backs and take steps to protect them. So
Hiram Cuevas 43:22
Bob, I have a follow up thought, curious. So Bill and I, we push really hard at our schools in these particular areas. But one of the things that I find challenging is, from a staffing perspective, we're not attorneys were not compliance officers, are you starting to see a movement, say something that's occurring in higher ed, that's going to trickle down to K 12, where schools are going to need resources like this, because for schools in this space to go to an attorney, that's going to charge several $100 an hour to review the Terms of Service for applications A through J for a particular school year? That's a lot of cash. A lot of schools don't necessarily have that discretionary income.
Robert Olsen 44:09
Yeah, so something interesting that I mentioned earlier that I'm on our Innovation Council. So we are or have developed what is called a multi agent tenant for Chuck GPT. And what's really interesting is you can build a team of experts within the tool. So let's say you're doing a contract review, you need a lawyer, you need a security expert, you need a privacy expert, you know, maybe risk management or business officer, you can essentially have chat GPT in this case, create for different individuals. And I'm using that in air quotes that bring that expertise. So again, here's a great example where you're right a school is not going to be able to go out and spend probably 1000s of dollars to find experts in each of those to review a document let's say or a potential contract, but it's a way that AI could really sort of bring that expertise. And I've seen some of the analysis that this multi agent platform does. And it's mind blowing. It's a little scary. I mean, they interact like humans. So it's, you know, I'm just envisioning, like, you know, that you put in four robots, and they're sitting in a conference room. And now all of a sudden, you don't need me anymore. But it is a challenge. At the end of the day, the regulatory landscape is just changing so rapidly. And I think the bar it's not just changing as in more states are adopting regulations that could apply to K through 12. Schools, it's that the regulations that are on the books, the bar is getting raised higher and higher and higher. And so the burden on the IT professional in an independent school is, I feel like every week we turn around, it's like one more thing on their plate. And I think it's a challenge. I mean, I think it is a significant challenge. And it's unrealistic to assume that an IT professional is going to be able to wear all those hats and do it well. And at the same time, keep everything up and running, make sure the helpdesk is responding, all the all the other things that come to running school and being supportive, and technology's pervasive across every aspect of, you know, an independent school stating the obvious. So that is the most important piece, but to then layer on top 234 sort of additional roles or areas of expertise, I think, is a challenge. And again, I'm excited about AI potentially being a solution for that. I don't think the right answer, though, is released, not a very satisfying answer, if I'm sitting in that IT director role is to then turn around and say, well, here's a bunch of resources, you can go read, because it still takes that person's time, you know, they got to apply, like all that. So, again, it's important to have those materials available. The challenge is, then there's only so many hours in the day. So
Bill Stites 46:49
one of the things that I think is interesting there is every time somebody will talk about, you know the differences in it, they'll talk about it from the perspective of oh, well, you're in education, this is how we're doing it in enterprise. This is how we do it in education. And I think about the number of clients that we serve, I think about the number of devices that we have deployed, I think about the number of tools that we use. And I often say to myself, education is worse, it's much harder. There's much more going on, there's more moving pieces to all this. So don't tell me that enterprise is the top tier and education is this below tier where you know, it's not having to adapt to so many things. I think there's a lot more given the age range, given all the different variables that we deal with. So one of the questions that I've got for you is thinking about that when you talk to education, when you talk to enterprise? How are those conversations similar? How are those conversations different? Where do you see the greatest degree of risk, or I'll even say focus needing to be when you're talking to those two different groups.
Robert Olsen 47:56
I would agree with you and I've served as CIO sees on the enterprise side, I think it is much more challenging and difficult to be an IT director in a K through 12. School than it is to be. Wait,
Bill Stites 48:10
wait, wait, I need you to say that again. Say it again. Lower your voice, slow it down. Let's get on the record once and for all Bibles and say it again. Yep.
Robert Olsen 48:20
I wholeheartedly believe that it is much more difficult to be an IT director at a K through 12. School than it is then the for profit sector. That's probably a whole nother couple hours session on why but it is trying to balance I touched on this a little bit earlier, trying to balance creating that safe and secure environment with extremely limited resources, little tangent. So sometimes I'll have like enterprise clients, they know we work with schools a lot. They're like, what's that like? Just sort of the inverse of what you're asking? And because they generally are interested in inquisitive? And when we start talking about like typical, like headcount, their mind is just Beloved. They're like, how is that even possible? Then I'm like, because the people are just that talented. And they're really, really good at multitasking.
Bill Stites 49:06
Our people are unicorns, they are dedicated unicorns. They
Robert Olsen 49:10
really are. So I think one of the differences in my enterprise clients and relations behavior for that link. I think one of the big differences is the passion level that I see the tie that every faculty and staff member has to really the mission of the school. I think that's a big difference. And it's not that we don't see that on the enterprise side. But it's almost like a different degree of loyalty and a different degree of passion as it relates to creating that environment. clearly stating the obvious, you know, resources, whether it's people or capital investment dollars are generally a lot more limited on the school side, as opposed to the enterprise side. Some similarities. Everybody wants to be safe and secure. Like nobody, you know, intentionally sets out to do something that doesn't benefit the organization. I think there's also a common risk management sort of approach or thoughtfulness. You know, in some cases, it's formal. In some cases, it's more informal and ad hoc. But, you know, I think folks do understand, for the most part that this is really a mis risk management issue. It's not just a it issue or just a cybersecurity issue. I think another commonality is the technology that's out there. The good news is, a lot of it is sort of the enterprise grade stuff and is available, not always at the right price point. But it is available, there's some good options, lower cost, but still really effective tools that are out there. I think that's kind of cool. The other thing, I think that's a big difference is if you look at, you've got faculty, you've got staff, you've got the students, you've got guests, like you have a much more disparate set of end user communities that have different needs different levels of proficiency, even more so than what we typically see in an enterprise type organization where it's much more sort of homogeneous. And so, you know, school IT director tried to satisfy the requirements and sort of have everybody be happy, I think, is an incredible challenge that I don't think most sort of enterprise organizations face. And it's not that they don't have, you know, within the different like, functionaries finance, HR legal like they all but I just feel like it's very different. Some of it is, quite frankly, it's a generational thing. You know, you've got elementary, middle school students, or high school students that are more sophisticated, combined with adults, if you will, or, and it's interesting, where you've got, again, just a lot of different stakeholders with different levels of understanding of the implications of doing things, they shouldn't have to understand the leverage of technology, adherence to policies. It's just a much more dynamic environment, I think, than what we typically see enterprise world.
Bill Stites 51:46
Yeah, it's a diverse group of stakeholders. And it's really complicated and complex. It's a tough puzzle. So when we gather as a community at the ATLIS annual conference this spring in Reno, for those of you who are interested in this topic, and also looking for some deeper dive conversations with Bob and the anchor a team, there's an entire track that is sponsored by Ankara. And so I want to publicly first of all, thank you for your organization's continued support of ATLIS. But in doing so, you basically buy out a room at our conference, and you help our people, the entire conference long with specialized topics. I'm sitting here looking at the agenda and all of these sessions will be available on ATLISes website, but you guys are, you and your team are going to dive into the partnership between it and operations. When it comes to like both physical and cybersecurity, you're going to look at data privacy, and how to have that compliance, checking those boxes with emerging regulations. You're looking at prioritizing security monitoring controls to focus on critical assets and events, how to map your cybersecurity program to a framework, you guys are going to dive into artificial intelligence and how to manage vendors like how to mitigate some risk when it comes to vendor management. I can't thank you enough for bringing this specialized content to the Independent School community because I know you do handle and work with a lot of different types of clients, but the fact that you're honing your expertise into a really specific niche that we serve. It's really great for our members. And it's a really an incredible opportunity for our attendees. So I appreciate that. I'm looking forward to all of those topics and more your sessions last year, Ankara's track was like standing room only, like people couldn't get in the room. And then after the sessions, they're running up to us going, where's the deck? Where's the deck? I go? I don't I Hold on, wait a minute. Who's deck they wanted the PowerPoints. The minute you guys were done, people were like swarming the membership desk asking for the resources. I think that's a pretty good sign of a good conference session.
Robert Olsen 54:03
No, we appreciate it. It is truly and I'm literally genuinely not see it. Here's my favorite conferences. I was so bummed because last year is was the first one. I think it's six years that I hadn't been able to go to because of a personal commitment. But it is a very collaborative environment. That's one thing I love about the conferences, everybody is willing and even beyond willing, just very actively interested in helping their fellow professionals and we totally buy into that like love being part of the conference and just the ATLIS network. Quite frankly, it's very rewarding. I've got the two kids I mentioned earlier, both of them are products of independent school. So I definitely believe in buy into the mission. Within the practice. We've got a number of folks that also came up through that independent school wreck. So I've seen great examples and it's an opportunity honestly for us to kind of give back a little bit as well. So we love it and appreciate the part To ship and I'm looking forward to next year, I'm not missing this one. So I'll be there, I will be there.
Bill Stites 55:05
Good. I was gonna say I hope that whatever personal obligations pop up, you're gonna have to just tell him to wait because you've, you've got your commitment and Reno this year,
Robert Olsen 55:13
I can tell you having sat in on one of those sessions last year, you know, just nerding out just sitting there, you know, listening to what was going on. And turning to Allie Wenzel, who is like I talked about with data maps all the time and trying to figure out how to manage vendors and all this stuff. She and I sat there and I think Hiram was in the room as well, we're kind of just like, going through all this. And it was like one of those things, where, to Christina's point, like afterwards, I was up talking with the gentleman that was presenting, just asking him a ton of questions. And then going back and talking to Herman Ali and like saying, okay, you know, this is what we can do here. And it was like one of those sessions that it wasn't even over, and I had like an action plan and already had like, spreadsheets out, and you know, my data map out, and I'm like, looking at all the ways in which I pop it on and do all these things in different ways. And it was like, you know, I always look for one thing, when I go to a conference or one session, you know, out of one session, and it was like coming out of that I had like, four or five things I got on follow up calls, you know, with you guys about it, because it was just that invigorating, and really that inspiring in terms of actual practical things that you can do that is going to have real meaning to the work that we do on a day to day basis. So that my very long winded way, which I do often of saying thank you for that commitment to the ATLIS community because you bring a lot to it, and we benefit from it greatly.
Robert Olsen 56:33
Now you're very welcome. That is exactly an example of the passionate and why one of the big differences between the independent school IT professionals and not independent now offended every one of my enterprise clients, probably, Sri
Bill Stites 56:47
they won't listen to this podcast, the people who love you will listen to it, you'll be okay.
Robert Olsen 56:52
Never know. That's a perfect example of why we love working with schools.
Bill Stites 56:57
Yeah, well, you're an indispensable partner for us. So in the beginning of this conversation, I started by asking bill and Hiram what tech they couldn't live without. So I've got to ask, same question posed to you, Bob. What tech Could you not live without? It can be a hardware, it can be a software, but what tech is just core to your heartbeat each day.
Robert Olsen 57:17
I'm gonna take some liberties and I haven't necessarily be just one because literally every one of you touched on saw Hiram. I'm sitting here in front of three monitors. So fist bump to you for the three monitors, the air tags, I think someone mentioned their tags. I have three dogs. That's my trackers. Now for my dogs, which I love.
Bill Stites 57:37
That's awesome. Yeah,
Robert Olsen 57:38
it's very cost effective. And I've had to use it to find them. And so it does work. If you have any doubt about it, nothing, probably there's any doubt. And then I find myself, I travel a ton. So my phone is now like, my productivity is if I didn't have my phone, I think that probably would be my biggest thing. If I didn't have my phone. We as a firm have done a good job of sort of empowering like the mobile user. And so I can almost do my entire job just using my phone to some extent, or some limitations, but that's probably the biggest thing.
Bill Stites 58:07
I mean, I understand I almost didn't go to the post office Bob like I almost canceled my Erin because I couldn't find my phone. Like that's where we're at with this. That's crazy. And I also am thinking bill and Hiram, I think maybe we should have like a how many monitors? Do you have competition among our listeners are like a show us your monitors. Wouldn't that be fun? Like tag us on LinkedIn? I want to see your monitor setup. And I feel like we could probably give a really cool prize at the annual conference for like the best monitor setup. Would either of you win that competition, by the way?
I don't think I'd win. Because there's a limited amount of space. I have a feeling iron probably has something like you know, it looks like Starfleet Command that in front of him, you know, just by his very nature. Looking at him now. You can't see it. But he's got a monitor behind him. So he's got three in front of them and one behind them. I've lost this already. Yeah, I've
Hiram Cuevas 59:00
got five if you kept the laptop screen in this room. Oh,
Bill Stites 59:03
Lord. Hi, Ron, I think you need an intervention. All right, before we land this plane and wrap up this incredible conversation with Bob. I do just have one more very important question. This year. We are heading to Reno as we mentioned for the annual conference. So are the ATLIS members going to see you gambling? Are you a betting man, we're going to be at a casino. So Is that exciting to you?
Robert Olsen 59:24
It is exciting. I've actually never been to read out. So I'm very much looking forward to that. I do gamble a little bit. I wouldn't say I'm a big gambler, but I do enjoy it a little bit. So I will be gambling.
Bill Stites 59:35
Bill Hiram. Are you going to take Bob gambling? Are you guys into that?
Unknown Speaker 59:39
I have two kids in college.
Bill Stites 59:40
So that already is a gamble. Is that what you're saying?
I need every penny I can get though I am bringing my snowboard because I'm taking the two days the Thursday and Friday. I'm going over to Tahoe with two other people and we're going to hit the slopes for two days. So I'm saving my money for that.
Robert Olsen 59:57
We're going to save up for those monitors too.
Bill Stites 1:00:01
I'm glad that's happening after the conference instead of before the conference, because I don't have oh, yeah, no, no, that's right. No hospital visits.
Robert Olsen 1:00:09
Two of them are current AI participants. So I know they need to be able to walk up on stage, at least, for part of it. So I gotta make sure they're healthy.
Bill Stites 1:00:17
Exactly.
Hiram Cuevas 1:00:18
There you go. I'll probably bring some discretionary dollars, you know, usually in the in the $20 range. I must admit, I did go to Vegas a few years ago with the head of our Upper School, and we were looking at some different technological devices and whatnot, and the head of school gave us 20 bucks to spend to bring back a lot of money. And he went to the roulette table, and I said, Oh, put it on double zero, put it on double zero music that we're never gonna win double zero. So he puts it on black. What hits double zero.
Bill Stites 1:00:51
So is that how we're funding our cybersecurity efforts? Now? Here, folks? Absolutely. I think that we are risk averse on all fronts on this podcast. We don't take chances with cybersecurity and we don't take chances at Penny slots, apparently. Bob, thank you so much for joining us today. This has been an incredible conversation. And I know that as these issues and trends continue to evolve, I think that we're going to need to keep our finger on the pulse with you. So keep us in the loop. And you are welcome back anytime to talk about these issues because I know they're top of mind for our members.
Robert Olsen 1:01:26
Well, thank you again for having me. It's been a lot of fun. Love our partnership and love continuing it for many years to come. So thank you so much for the opportunity and definitely
Hiram Cuevas 1:01:35
fun time. And Bob, we'll see you in Reno.
Robert Olsen 1:01:38
I'll be there probably next year in the slot machine
Hiram Cuevas 1:01:41
so we got those nickels.
Bill Stites 1:01:47
You guys are a mess. I'm starting to regret this decision to go to Reno. It was an experiment to begin with. But I think I'm already pulling back. We're never going to do this again.
Narrator 1:01:59
This has been talking technology with ATLIS produced by the Association of technology leaders and independent schools. For more information about ATLIS and ATLIS membership, please visit the ATLIS.org If you enjoyed this discussion, please subscribe, leave a review and share this podcast with your colleagues in the independent school community. Thank you for listening.