EPISODE · Nov 19, 2025 · 46 MIN
The CoSN Webinar Series: We Survived a Cyber Incident: From Readiness to Recovery
from The CoSN Podcast · host COSN - The Podcast
This story has a happy ending. In January 2024, the “not if but when” happened to us. We’d been cyber-attacked, and the bad guys were in the house.Presenters:Luke Allpress, CETL, MEd Director of Innovative Solutions Agua Fria Union High School District Avondale, AZBrandon GabelDirector of Information Technology Agua Fria Union High School District Avondale, AZIt started off with a fairly normal outage. Internal sites were stuck, and printing stopped working. We halted all network traffic as we methodically checked possibilities: power, hardware, network servers/services. Then, our Manager of Network and Security found it—a service account doing way more than it should.He immediately initiated a quarantine, isolating all network traffic, “locking the bad guys in the house” as we began our investigation. The two aims of a cyber threat actor, 1) exfiltrate data, 2) lock us out for ransom, were both mitigated by his quick, informed action. We survived with little loss to operations and no data loss, thanks to our plan. Come hear about the preparation and lessons learned from our first cyber incident.Key Take Aways:We shape our workshops through Adult Learning Theory, emphasizing the expertise participants bring to the session and making ample space to apply new knowledge to existing problems. They will be reflecting on their own security plans and applying our lessons to their own situations.Have a plan (CIRP). The worst time to figure out your cyber security plan is the day you need one. Call your network and insurance partners NOW to discuss your CIRP, not when it happens.The guts: Know your backups and the backup solution/plan, make sure you’re backing up all servers. Audit admin access regularly. Ensure all accounts and devices, that can be, are locked behind MFA.Slides, templates, etc. bit.ly/cosn2025cyberWatch the webinar:https://www.youtube.com/watch?v=REzmsuKmIkwThe Sessions Everyone Was Talking About Webinar SeriesMissed CoSN2025 in Seattle or couldn’t attend every session? Don’t worry—we’re bringing the most popular, standing-room-only presentations to you in a special webinar series. Learn from top EdTech leaders from across the country—no travel needed!CoSN is vendor neutral and does not endorse products or services. Any mention of a specific solution is for contextual purposes. For a complete listing of all CoSN's webinars, please visit: https://www.cosn.org/Produced in partnership with edCircuit.
What this episode covers
This story has a happy ending. In January 2024, the “not if but when” happened to us. We’d been cyber-attacked, and the bad guys were in the house.Presenters:Luke Allpress, CETL, MEd Director of Innovative Solutions Agua Fria Union High School District Avondale, AZBrandon GabelDirector of Information Technology Agua Fria Union High School District Avondale, AZIt started off with a fairly normal outage. Internal sites were stuck, and printing stopped working. We halted all network traffic as we methodically checked possibilities: power, hardware, network servers/services. Then, our Manager of Network and Security found it—a service account doing way more than it should.He immediately initiated a quarantine, isolating all network traffic, “locking the bad guys in the house” as we began our investigation. The two aims of a cyber threat actor, 1) exfiltrate data, 2) lock us out for ransom, were both mitigated by his quick, informed action. We survived with little loss to operations and no data loss, thanks to our plan. Come hear about the preparation and lessons learned from our first cyber incident.Key Take Aways:We shape our workshops through Adult Learning Theory, emphasizing the expertise participants bring to the session and making ample space to apply new knowledge to existing problems. They will be reflecting on their own security plans and applying our lessons to their own situations.Have a plan (CIRP). The worst time to figure out your cyber security plan is the day you need one. Call your network and insurance partners NOW to discuss your CIRP, not when it happens.The guts: Know your backups and the backup solution/plan, make sure you’re backing up all servers. Audit admin access regularly. Ensure all accounts and devices, that can be, are locked behind MFA.Slides, templates, etc. bit.ly/cosn2025cyberWatch the webinar:https://www.youtube.com/watch?v=REzmsuKmIkwThe Sessions Everyone Was Talking About Webinar SeriesMissed CoSN2025 in Seattle or couldn’t attend every session? Don’t worry—we’re bringing the most popular, standing-room-only presentations to you in a special webinar series. Learn from top EdTech leaders from across the country—no travel needed!CoSN is vendor neutral and does not endorse products or services. Any mention of a specific solution is for contextual purposes. For a complete listing of all CoSN's webinars, please visit: https://www.cosn.org/Produced in partnership with edCircuit.
NOW PLAYING
The CoSN Webinar Series: We Survived a Cyber Incident: From Readiness to Recovery
No transcript for this episode yet
Similar Episodes
Mar 26, 2026 ·1m
Mar 19, 2026 ·34m
Feb 18, 2026 ·11m
Feb 11, 2026 ·45m