• I am the former Director of the Office of the CIO from 2017 to 2022 including the CIO representative to the Technology Advisory Committee. After leaving BCPS I became the CIO for another educational institution in Broward County. The proposed change to the Organizational Chart of eliminating the current position of Director, Information Technology (IT) Security and redirecting all of the existing staff to that position of Director, Infrastructure Service creates undue risk for BCPS and the District as a whole. As a CIO and senior leader in IT with over 30 years of experience I can attest that the position commonly referred to as the CISO (Chief Information Security Officer) is typically being elevated to a cabinet level position and often reporting directly to the Superintendent or CEO of the respective organization. Elimination of this position creates grave and serious risks for BCPS. The current Director has over 30 years with the District and appears to be offered little recourse. The minimal amount of time to transition over 15 years of knowledge is untenable. I PERSONALLY spent thousands of hours with the current Director of IT Security after the tragic events of Feb 14, 2018 (MSD) reconfiguring and adapting the technology of BCPS to be better prepared to handle critical events both technologically (cyber) and physical security. Her knowledge of the complete picture from intrusion detection to data breaches to the placement of an additional 20,000 video cameras throughout the District is unparalleled by any combination of the current employees with the District. I implore you as a former Director of IT for BCPS, Broward County resident, CIO, and technology expert to reconsider this proposed change and send this back to be worked by committee to propose a solution more in-line with current standards and practices surrounding cybersecurity in 2024. Thank you for your consideration. Sincerely, Dale A Bondanza, 6290 SW 24th Place, #305, Davie, FL 33314 (610-613-1976, dalebondanza@gmail.com)
I am writing in response to item CC-2 of the Superintendent's 2024-25 Organizational Chart, specifically page 14, the elimination of the Director, IT Security position.
Eliminating the Director, IT Security position significantly increases the risk of successful cyberattacks on the district, thus jeopardizing students, staff, families, and infrastructure. Cybersecurity incidents can cause educational disruptions, monetary losses, and personal data breaches, including student Social Security information, which might only be discovered years later when students apply for financial aid.
The Director, IT Security position protects the district’s digital assets, including sensitive data, intellectual property, and financial information. It is essential for preventing data breaches that can lead to severe financial losses, legal issues, and damage to the district’s reputation.
Given the continuously evolving and increasingly sophisticated nature of cyber threats, the Director, IT Security position ensures district defenses stay ahead of potential attackers. This has included overseeing advanced security measures, conducting regular threat assessments, and responding swiftly to incidents.
Additionally, the Director, IT Security position is crucial for the strategic planning of IT infrastructure. By aligning security strategies with business objectives, this position supports informed decision-making that contributes to the long-term success and resilience of the district.
I recommend the Board request a detailed explanation of why the Director, IT Security position is being eliminated and how its critical functions will be effectively managed going forward. Inquire about the number of attempted cyberattacks and the professional expertise required to protect the district.
In conclusion, the Director, IT Security is a vital position. Retaining this position protects digital assets and ensures compliance that enables the district to proactively address emerging threats and support the district’s overall strategy of teaching and learning.
Dear Board, I am writing to express my strong opposition to the proposed removal of the Director of IT Security position. This proposal poses substantial security risks to our $5 billion+ organization.
This role is responsible for protecting our sensitive educational & administrative digital environments by implementing & maintaining robust security protocols to safeguard personal information from breaches & unauthorized access.
This position also establishes clear & dedicated focus within the IT Security domain, safeguarding our digital & physical infrastructure. The Director provides independent & specialized oversight, ensuring security considerations are integrated in our daily operations. Eliminating this role undermines essential oversight, allowing security risks to go unaddressed or undetected.
The Director also offers independent & critical perspective in helping identify & mitigate risks effectively. Without this position, security decisions may become influenced by other operational priorities, compromising security measures.
Our school system also faces daily threats & attacks that require constant vigilance & expert management. The Director’s expertise ensures we are both reactive & proactive in our cybersecurity approach. Given the increasing sophistication of cyber threats, removing the Director role will result in less effective incident management while increasing our exposure to cyberattacks and liability. This endangers our data, financial assets, reputation & customer trust.
The Director of IT Security is also integral in implementing a comprehensive security strategy aligned with our district’s goals. Without this role, our ability to proactively address emerging threats is severely compromised.
We are also subject to stringent regulatory requirements regarding data protection and cybersecurity. Without a Director of IT Security, our ability to comply with these regulations is undermined & will expose us to legal & financial penalties far more costly than the position.
I urge you to reconsider this proposal to ensure our enterprise, remains secure, resilient, & well-positioned to handle modern digital challenges & threats.
Thank you for your consideration, respectfully, Alex Macri.
Proposed change to the Organizational Chart is eliminating the current position Director, Information Technology (IT) Security and making everyone who used to report to that position to report now to Director, Infrastructure Service.
Such a change leaves the current Director, IT Security with only 6 weeks for knowledge transfer. Such a small amount of time for such a large knowledge transfer will absolutely lead to severe business risk including concern to successfully start next school year.
Current Director, IT Security has over 30 years of experience working at the District with the last 10-15 years managing District's IT Security. All existing policies and procedures are probably personally written/modified by this highly experienced individual. It will be impossible to transfer such a large amount of knowledge within a 6-month time frame to the Director, Infrastructure Service who has never been deeply involved in IT Security practices before. We are talking about hundreds of documents and many ongoing projects which need to be discussed in detail.
To be done correctly such a large change is required from 6 to 9 months for knowledge transfer. So, it is extremely important for the District to minimize business risk in such important topic as IT Security by adding addition position on the chart - Assistant Director, IT Security, which will be fully dedicated to the role of transferring knowledge between the person who is currently holding role of Director, IT Security and Director, Infrastructure Service.
Person who is currently holding the position of Director, IT Security needs to be offered to participate in this transition even if in the new Assistant Director role District will needs to keep the same compensation level as the person has on the current Director role. These are minor expenses in comparison to the huge business risk we have here
Proposed change to the Organizational Chart is eliminating the current position Director, Information Technology (IT) Security and making everyone who used to report to that position to report now to Director, Infrastructure Service.
Such a change leaves the current Director, IT Security with only 6 weeks for knowledge transfer. Such a small amount of time for such a large knowledge transfer will absolutely lead to severe business risk including concern to successfully start next school year.
Current Director, IT Security has over 30 years of experience working at the District with the last 10-15 years managing District's IT Security. All existing policies and procedures are probably personally written/modified by this highly experienced individual. It will be impossible to transfer such a large amount of knowledge within a 6-weeks time frame to another Director who has never been deeply involved in IT Security practices before. We are talking about hundreds of documents and many ongoing projects which need to be discussed in detail.
To be done correctly such a large change is required from 6 to 9 months for knowledge transfer. So, it is extremely important for the District to minimize business risk in such important topic as IT Security by add addition position on the chart - Interim Director, IT Security, which will be fully dedicated to the role of transferring knowledge between the person who is currently holding role of Director, IT Security and Director, Infrastructure Service.
Person who is currently holding the position of Director, IT Security needs to be offered to participate in this transition maybe even for extra money on top of current compensation level. These are minor expenses in comparison to the huge business risk we have here. This item need to go back to workshop and need to be re-done.
Good afternoon. This is regarding the org changes impacting BCPS Tech Cyber Security. I am a parent of 2 BCPS Students and work in the technology field for over 25 years. I understand the difficult economic climate our public school system faces and understand the hard choices you all must make while making sure the education of our children does not get impacted. While other public and government agencies are looking for ways to combat and build their Cybersecurity layers; BCPS should not be working towards diluting the expertise in this area. In March of this year the Department of Education launched a council to stop k12 attacks due to the severity of such attacks as public schools is one of 16 critical infrastructure sectors in the USA. “From 2016-2022, there were 1,619 reported cyber incidents involving public schools and districts, including unauthorized breaches, ransomware attacks, phishing attacks and denial-of-service attacks, according to K-12 SIX, an information-sharing and analysis center https://bit.ly/4aoawIE.” In Sept of 2023 Forbes published an article w/ a survey conducted by Cyber security Sophos where it stated that 80% of schools across 14 nations including the USA had been victims to ransomware attacks; these are not small numbers. In our tech industry we read weekly nightmare stories of how ill prepared organizations are in the USA and its Government at all levels, reason for efforts in the cont. building of its resources to protect its data and assets for its citizens. If BCPS does not cont. building on this rather than cutting, it will find itself in another situation in which it may not be prepared and able to recover due to experienced professionals being let go. With out the access to digital resources being protected for our children’s education, is BCPS prepared to possible lose more kids when its unable to protect their data. As a father, I do weigh this aspect regarding the type of educational institution my children attend. I urge the board to please reevaluate this decision and continue building its safety protocols to thwart these types of attacks on BCPS Students and Staff, whom are the victims of these cyber-terrorist Orgs. Thank you
This item needs to be returned for additional review, because clearly whoever suggested this org chart has no understanding of IT Security and probably had bad visibility of what IT Security division is doing and handling on a daily basis. You cannot just remove the Director of IT Security which has 15 plus years of IT security experience. This person build and maintaining ALL existing IT security practices for particular organization. This is similar to pulling a few dozens of large bricks from foundation of the building. This would be a disaster - huge business risk factor. Which Business Risk officer even approved such changes for the Board? Annual compensation level of $130,000 for the highly rated cyber security specialists is nothing on today's market - this is the lowest compensation level I have ever seen in this industry. Person who suggested this doesn't understand what he is talking about and clearly demonstrated a lack of expertise in the IT Security field. This org chart should be re-done at this aspect. Just return it back to workshop - you don't want to sign something you don't have clear vision on.
By the way, not renewing a contract without strong disciplinary reason for someone in retirement age after 20+ years in organization by any lawyer would be clearly classified as discrimination by age factor. Board members don't want to be responsible for any of these - just return it for additional discussion to workshop and spend reasonable time to understand what damage for organization was suggested in this org chart. Thank you for your attention.
This is the same comment which by mistake was submitted early to HH-6.
This item CC-2 needs to be returned back for modification, because it is totally inappropriate that Superintendent who is leaving organization is suggesting large organizational chart change which will cause huge damage to organization IT Security. Superintendent, or whoever suggested remove position of Director, IT Security from the chart obviously have no idea on the load behind IT Security team and on the risk which will be presented to organization in the event if such important expertise will be removed from organization. This is basically equivalent of cutting a tree on which you are seating. This is completely unprofessional suggestion and Superintendent which is leaving will not be responsible for damage this will cause. But Board members if they will approve this chart in a way it is will be definitely responsible for results. In case if another ransomware will hit organization nobody will be able to keep their seats after such not professional decision. So, I am suggesting to do homework on this item and for now return it back for review for new Superintendent. In such case if this item will return back to the Board it will be clearly new Superintendent responsibility, not someone who is leaving organization. Things should improve organization instead of damage it, which is clearly the case here. Best Regards.
Please consider to return this item back to workshop. This chart eliminates Director, IT Security position which poses a huge damage and risk to organization. Probably people who suggested such change have very bad understanding that skills, expertise and 15+ years of experience which current Director, IT Security has is extremely large and valuable. It almost impossible to transfer such knowledge to other Director, who doesn't have IT Security expertise in nearly close amount. Superintendent who is suggesting this change is leaving organization and will leave Board members responsible for such bad decision. This item has to returned back for additional discussion. Don't break things which are working well. Thank you for your time.
• I am the former Director of the Office of the CIO from 2017 to 2022 including the CIO representative to the Technology Advisory Committee. After leaving BCPS I became the CIO for another educational institution in Broward County. The proposed change to the Organizational Chart of eliminating the current position of Director, Information Technology (IT) Security and redirecting all of the existing staff to that position of Director, Infrastructure Service creates undue risk for BCPS and the District as a whole. As a CIO and senior leader in IT with over 30 years of experience I can attest that the position commonly referred to as the CISO (Chief Information Security Officer) is typically being elevated to a cabinet level position and often reporting directly to the Superintendent or CEO of the respective organization. Elimination of this position creates grave and serious risks for BCPS. The current Director has over 30 years with the District and appears to be offered little recourse. The minimal amount of time to transition over 15 years of knowledge is untenable. I PERSONALLY spent thousands of hours with the current Director of IT Security after the tragic events of Feb 14, 2018 (MSD) reconfiguring and adapting the technology of BCPS to be better prepared to handle critical events both technologically (cyber) and physical security. Her knowledge of the complete picture from intrusion detection to data breaches to the placement of an additional 20,000 video cameras throughout the District is unparalleled by any combination of the current employees with the District. I implore you as a former Director of IT for BCPS, Broward County resident, CIO, and technology expert to reconsider this proposed change and send this back to be worked by committee to propose a solution more in-line with current standards and practices surrounding cybersecurity in 2024. Thank you for your consideration. Sincerely, Dale A Bondanza, 6290 SW 24th Place, #305, Davie, FL 33314 (610-613-1976, dalebondanza@gmail.com)
School Board Members,
I am writing in response to item CC-2 of the Superintendent's 2024-25 Organizational Chart, specifically page 14, the elimination of the Director, IT Security position.
Eliminating the Director, IT Security position significantly increases the risk of successful cyberattacks on the district, thus jeopardizing students, staff, families, and infrastructure. Cybersecurity incidents can cause educational disruptions, monetary losses, and personal data breaches, including student Social Security information, which might only be discovered years later when students apply for financial aid.
The Director, IT Security position protects the district’s digital assets, including sensitive data, intellectual property, and financial information. It is essential for preventing data breaches that can lead to severe financial losses, legal issues, and damage to the district’s reputation.
Given the continuously evolving and increasingly sophisticated nature of cyber threats, the Director, IT Security position ensures district defenses stay ahead of potential attackers. This has included overseeing advanced security measures, conducting regular threat assessments, and responding swiftly to incidents.
Additionally, the Director, IT Security position is crucial for the strategic planning of IT infrastructure. By aligning security strategies with business objectives, this position supports informed decision-making that contributes to the long-term success and resilience of the district.
I recommend the Board request a detailed explanation of why the Director, IT Security position is being eliminated and how its critical functions will be effectively managed going forward. Inquire about the number of attempted cyberattacks and the professional expertise required to protect the district.
In conclusion, the Director, IT Security is a vital position. Retaining this position protects digital assets and ensures compliance that enables the district to proactively address emerging threats and support the district’s overall strategy of teaching and learning.
Dear Board, I am writing to express my strong opposition to the proposed removal of the Director of IT Security position. This proposal poses substantial security risks to our $5 billion+ organization.
This role is responsible for protecting our sensitive educational & administrative digital environments by implementing & maintaining robust security protocols to safeguard personal information from breaches & unauthorized access.
This position also establishes clear & dedicated focus within the IT Security domain, safeguarding our digital & physical infrastructure. The Director provides independent & specialized oversight, ensuring security considerations are integrated in our daily operations. Eliminating this role undermines essential oversight, allowing security risks to go unaddressed or undetected.
The Director also offers independent & critical perspective in helping identify & mitigate risks effectively. Without this position, security decisions may become influenced by other operational priorities, compromising security measures.
Our school system also faces daily threats & attacks that require constant vigilance & expert management. The Director’s expertise ensures we are both reactive & proactive in our cybersecurity approach. Given the increasing sophistication of cyber threats, removing the Director role will result in less effective incident management while increasing our exposure to cyberattacks and liability. This endangers our data, financial assets, reputation & customer trust.
The Director of IT Security is also integral in implementing a comprehensive security strategy aligned with our district’s goals. Without this role, our ability to proactively address emerging threats is severely compromised.
We are also subject to stringent regulatory requirements regarding data protection and cybersecurity. Without a Director of IT Security, our ability to comply with these regulations is undermined & will expose us to legal & financial penalties far more costly than the position.
I urge you to reconsider this proposal to ensure our enterprise, remains secure, resilient, & well-positioned to handle modern digital challenges & threats.
Thank you for your consideration, respectfully, Alex Macri.
Proposed change to the Organizational Chart is eliminating the current position Director, Information Technology (IT) Security and making everyone who used to report to that position to report now to Director, Infrastructure Service.
Such a change leaves the current Director, IT Security with only 6 weeks for knowledge transfer. Such a small amount of time for such a large knowledge transfer will absolutely lead to severe business risk including concern to successfully start next school year.
Current Director, IT Security has over 30 years of experience working at the District with the last 10-15 years managing District's IT Security. All existing policies and procedures are probably personally written/modified by this highly experienced individual. It will be impossible to transfer such a large amount of knowledge within a 6-month time frame to the Director, Infrastructure Service who has never been deeply involved in IT Security practices before. We are talking about hundreds of documents and many ongoing projects which need to be discussed in detail.
To be done correctly such a large change is required from 6 to 9 months for knowledge transfer. So, it is extremely important for the District to minimize business risk in such important topic as IT Security by adding addition position on the chart - Assistant Director, IT Security, which will be fully dedicated to the role of transferring knowledge between the person who is currently holding role of Director, IT Security and Director, Infrastructure Service.
Person who is currently holding the position of Director, IT Security needs to be offered to participate in this transition even if in the new Assistant Director role District will needs to keep the same compensation level as the person has on the current Director role. These are minor expenses in comparison to the huge business risk we have here
Proposed change to the Organizational Chart is eliminating the current position Director, Information Technology (IT) Security and making everyone who used to report to that position to report now to Director, Infrastructure Service.
Such a change leaves the current Director, IT Security with only 6 weeks for knowledge transfer. Such a small amount of time for such a large knowledge transfer will absolutely lead to severe business risk including concern to successfully start next school year.
Current Director, IT Security has over 30 years of experience working at the District with the last 10-15 years managing District's IT Security. All existing policies and procedures are probably personally written/modified by this highly experienced individual. It will be impossible to transfer such a large amount of knowledge within a 6-weeks time frame to another Director who has never been deeply involved in IT Security practices before. We are talking about hundreds of documents and many ongoing projects which need to be discussed in detail.
To be done correctly such a large change is required from 6 to 9 months for knowledge transfer. So, it is extremely important for the District to minimize business risk in such important topic as IT Security by add addition position on the chart - Interim Director, IT Security, which will be fully dedicated to the role of transferring knowledge between the person who is currently holding role of Director, IT Security and Director, Infrastructure Service.
Person who is currently holding the position of Director, IT Security needs to be offered to participate in this transition maybe even for extra money on top of current compensation level. These are minor expenses in comparison to the huge business risk we have here. This item need to go back to workshop and need to be re-done.
Good afternoon. This is regarding the org changes impacting BCPS Tech Cyber Security. I am a parent of 2 BCPS Students and work in the technology field for over 25 years. I understand the difficult economic climate our public school system faces and understand the hard choices you all must make while making sure the education of our children does not get impacted. While other public and government agencies are looking for ways to combat and build their Cybersecurity layers; BCPS should not be working towards diluting the expertise in this area. In March of this year the Department of Education launched a council to stop k12 attacks due to the severity of such attacks as public schools is one of 16 critical infrastructure sectors in the USA. “From 2016-2022, there were 1,619 reported cyber incidents involving public schools and districts, including unauthorized breaches, ransomware attacks, phishing attacks and denial-of-service attacks, according to K-12 SIX, an information-sharing and analysis center https://bit.ly/4aoawIE.” In Sept of 2023 Forbes published an article w/ a survey conducted by Cyber security Sophos where it stated that 80% of schools across 14 nations including the USA had been victims to ransomware attacks; these are not small numbers. In our tech industry we read weekly nightmare stories of how ill prepared organizations are in the USA and its Government at all levels, reason for efforts in the cont. building of its resources to protect its data and assets for its citizens. If BCPS does not cont. building on this rather than cutting, it will find itself in another situation in which it may not be prepared and able to recover due to experienced professionals being let go. With out the access to digital resources being protected for our children’s education, is BCPS prepared to possible lose more kids when its unable to protect their data. As a father, I do weigh this aspect regarding the type of educational institution my children attend. I urge the board to please reevaluate this decision and continue building its safety protocols to thwart these types of attacks on BCPS Students and Staff, whom are the victims of these cyber-terrorist Orgs. Thank you
This item needs to be returned for additional review, because clearly whoever suggested this org chart has no understanding of IT Security and probably had bad visibility of what IT Security division is doing and handling on a daily basis. You cannot just remove the Director of IT Security which has 15 plus years of IT security experience. This person build and maintaining ALL existing IT security practices for particular organization. This is similar to pulling a few dozens of large bricks from foundation of the building. This would be a disaster - huge business risk factor. Which Business Risk officer even approved such changes for the Board? Annual compensation level of $130,000 for the highly rated cyber security specialists is nothing on today's market - this is the lowest compensation level I have ever seen in this industry. Person who suggested this doesn't understand what he is talking about and clearly demonstrated a lack of expertise in the IT Security field. This org chart should be re-done at this aspect. Just return it back to workshop - you don't want to sign something you don't have clear vision on.
By the way, not renewing a contract without strong disciplinary reason for someone in retirement age after 20+ years in organization by any lawyer would be clearly classified as discrimination by age factor. Board members don't want to be responsible for any of these - just return it for additional discussion to workshop and spend reasonable time to understand what damage for organization was suggested in this org chart. Thank you for your attention.
This is the same comment which by mistake was submitted early to HH-6.
This item CC-2 needs to be returned back for modification, because it is totally inappropriate that Superintendent who is leaving organization is suggesting large organizational chart change which will cause huge damage to organization IT Security. Superintendent, or whoever suggested remove position of Director, IT Security from the chart obviously have no idea on the load behind IT Security team and on the risk which will be presented to organization in the event if such important expertise will be removed from organization. This is basically equivalent of cutting a tree on which you are seating. This is completely unprofessional suggestion and Superintendent which is leaving will not be responsible for damage this will cause. But Board members if they will approve this chart in a way it is will be definitely responsible for results. In case if another ransomware will hit organization nobody will be able to keep their seats after such not professional decision. So, I am suggesting to do homework on this item and for now return it back for review for new Superintendent. In such case if this item will return back to the Board it will be clearly new Superintendent responsibility, not someone who is leaving organization. Things should improve organization instead of damage it, which is clearly the case here. Best Regards.
Please consider to return this item back to workshop. This chart eliminates Director, IT Security position which poses a huge damage and risk to organization. Probably people who suggested such change have very bad understanding that skills, expertise and 15+ years of experience which current Director, IT Security has is extremely large and valuable. It almost impossible to transfer such knowledge to other Director, who doesn't have IT Security expertise in nearly close amount. Superintendent who is suggesting this change is leaving organization and will leave Board members responsible for such bad decision. This item has to returned back for additional discussion. Don't break things which are working well. Thank you for your time.