Citizen Portal
Sign In

Pleasant Valley tech team reports successful pen testing, finalizes incident response plan

5840325 ยท June 10, 2025

Get AI-powered insights, summaries, and transcripts

Sign Up Free
AI-Generated Content: All content on this page was generated by AI to highlight key points from the meeting. For complete details and context, we recommend watching the full video. so we can fix them.

Summary

District technology staff reported results of a multi-week ethical penetration test and completed an incident response plan and tabletop exercise; staff outlined network segmentation, new firewall routing via IP Pathways and E-rate funding for Internet management.

Pleasant Valley Comm School District technology staff told the board the district's cybersecurity posture has improved since a 2022 penetration test and that a recent three'week ethical hacking exercise did not breach district secure systems.

At the meeting, Director of Technology (presenter identified as Kevin) explained steps taken over the last 12 months: network segmentation to separate guest and instructional Wi'Fi, the purchase of Google security features (advanced spam filtering and sandboxing), deployment of managed endpoint detection and response (EDR), and migration of Internet management and an advanced firewall to IP Pathways under the district's E'rate filing. Technology staff also described a parent-facing web filter (iBoss) pilot for grades 7'12 that lets parents view and, outside school hours, restrict school-issued Chromebook activity.

The district contracted ProCircular for an incident response plan, a tabletop exercise with 13 participants (including administrators and a board member), and external and internal penetration testing. Staff said the recent spring test, during which ethical testers were given limited accounts and eight documented intrusion "occurrences" were pursued, did not succeed in penetrating secure systems. "They weren't able to get in to any of our secure systems," a presenter said, while adding that the testing produced recommended hardening steps staff are addressing.

Staff credited systems administrator Joe Price and the technology team for the improvements and said the district will review the incident response plan annually and address smaller gaps discovered in follow'up tests. The presenter also noted that many large Iowa districts have experienced significant ransomware or other incidents in recent years, and that the district's work was intended to reduce the same risks.

No formal board action was required for the update, but board members praised staff work and asked for follow'up details about insurance and budgeting of cybersecurity tools.