Welcome to Season 2 Episode 5 of the Zero Breach Zone, where hosts Phil Hintz and Andy Lombardo sit down with the people on the front lines of K-12 cybersecurity. This week they're joined by Brian Parton, penetration tester and security expert at Zelvin Security. Brian pulls back the curtain on what a real pen test looks like inside a school district, what attackers are actually looking for, why your printer might be your biggest vulnerability, and how knowing where your defenses fail is one of the smartest investments a district can make.
Recorded during Teacher Appreciation Week, Phil and Andy take a moment to recognize the educators who make every other profession possible, including the cybersecurity pros keeping school networks safe.
Key Takeaways:
- Penetration testing is active, intentional, and noisy. The goal is to find every exploitable vulnerability across every layer of defense so you know everywhere you're exposed, not just where you didn't get caught
- Red teaming is different. It's quieter and more covert, designed to simulate a real attacker who's trying not to be detected
- Automated pen testing tools beat a basic vulnerability scan, but only a human tester can adapt, troubleshoot, and exploit the edge cases that tools miss. A false sense of security is worse than no test at all
- Printers are a massively underestimated attack surface. Once configured for scanning and email, they often hold credentials that can unlock privilege escalation across your entire network
- Separating admin accounts from everyday user accounts is one of the highest-impact, lowest-cost moves a district can make
- Pen testing validates your existing tool spend and increasingly checks a box on cyber insurance applications
Parting Tip:
- Visit zelvin.com/K-12-resources for free tools including a pen test ROI guide, a purple teaming explainer, and a password entropy checker. Aim for a base entropy score over 100
Resources Mentioned:
- Zelvin Security — zelvin.com
- DEFCON Groups — find your local chapter (search "DC" + your area code)
- OWASP — find your local chapter for web security community and networking
What is Zero Breach Zone?
Welcome to the "Zero Breach Zone," where we delve into the vital mission of fortifying K-12 schools against breaches and phishing threats. Hosts Andy Lombardo and Phil Hintz lead insightful conversations with top experts in cybersecurity, education, and technology, uncovering strategies to protect our schools. From breaking down the latest digital threats to sharing actionable security measures, this podcast empowers educators, administrators, and parents with the tools they need to safeguard students and staff in today’s connected world.