December 8-12, 2025
Following the path of K-12 technology, one hop at a time.
A Week of Challenges, Progress, and Opportunities
The central tension of district technology leadership has always been balancing risks against progress. How do we keep our networks secure without stifling the innovation happening in the classroom? This week provided a perfect case study in that balancing act. While cybersecurity pressures continued to demand our attention, a handful of positive developments offered a clear path forward. Below is a curated look at the stories shifting the landscape for K-12 tech leaders this week.
The Vendor Power Dynamic Is Shifting
The FTC’s recent action involving Illuminate Education continues to ripple through the market, creating a distinct shift in tone. For years, districts often had to fight for basic transparency regarding data retention and security protocols. That dynamic is flipping.
Vendors are actively reexamining their retention policies and preparing for tougher questions from districts because they recognize that security expectations are no longer negotiable.
The Strategy: This is the moment to refresh your vendor requirements. The environment is currently supportive of strong expectations. If you have received pushback on strict data privacy addendums in the past, now is the time to re-address them.
Resilience Is Becoming Routine
Threat activity remains a constant in our daily lives—phishing, credential misuse, and ransomware are still poking around district firewalls. However, the story this week isn’t the threats; it’s the response.
Districts are responding with more maturity than ever before. Backups are improving, network segmentation is becoming standard, and response teams are operating with greater confidence. The landscape is dangerous, but the district IT shield is slowly, surely getting stronger.
The Human Element: Burnout as a Security Risk
One theme that surfaced repeatedly this week is staff burnout. While often viewed as an HR issue, for a CTO, this is a security issue. Your team carries one of the most diverse workloads in public education. When they are fatigued, cognitive load drops and risk increases. It is that simple.
The Move: Prioritize margin. Making space for your team to rest isn’t just “nice to have” – it pays security dividends. (Note: If your internal team is red-lining, this is a specific area where Lockstep can step in to augment capacity).
Reframing Shadow IT as “Unsanctioned R&D”
Teachers continued doing what they always do: solving instructional problems quickly, often with tools that aren’t on the approved list. It is tempting to view this strictly as a compliance breach, but I encourage you to treat it as a signal.
When teachers go “rogue,” they are identifying gaps in your current stack. They are experimenting and pushing instruction forward.
Leadership Guidance:
- Investigate the “Why”: Ask what the unapproved tool is helping them accomplish.
- Map to Strategy: Identify if an approved tool already solves this problem (and perhaps just needs better training).
- Collaborate: If the tool has merit, help shape a small pilot. Innovation is not the enemy; unstructured adoption is.
Bright Spots: Removing Friction from Security
Security is often synonymous with friction, but this week saw K-12 friendly MFA options that actually improve the user experience.
- Clever (Classroom MFA): Now offering authentication methods like PINs and badges, strengthening security without frustrating younger students or para-staff.
- RapidIdentity (Device-less MFA): Solving the long-standing “cell phone problem,” this allows for robust authentication without relying on personal student devices.
The Opportunity: These are shifts toward practical security. If your district uses these platforms, investigate these controls immediately.
Regional Intelligence: The Funding Landscape
For districts in the Lockstep service region, policy and funding movements are creating new opportunities for 2026.
- Georgia: State activity continues to favor modernization and cybersecurity refresh efforts.
- North Carolina: Expanded criteria are making more districts eligible for broadband infrastructure grants.
- Louisiana: The state is exploring a cybersecurity cooperative model to help smaller parishes standardize protections and reduce costs.
- South Carolina: Upcoming DOE data privacy guidance looks poised to simplify reporting obligations.
- Texas: Continues to lead nationally in cyber funding, with another round of grants expected in 2026.
- AL / MS / TN: Pre-legislative signals suggest new digital learning and cybersecurity initiatives may appear in the next session.
Strategic Note: Districts with updated documentation and clear technology plans always capture funding first. If you don’t have a relationship with your local state delegate, take the opportunity to brief them on your challenges now, before the sessions begin.
How Lockstep Supports You
Lockstep’s role is simple: We help districts make sense of a fast-changing environment and give their teams the support they need to thrive. Whether you need a cybersecurity roadmap, AI governance support, or just extra hands on-deck when your team is overloaded, we are here.
No pressure. No script. Just practical help.
If something in this week’s update sparked a question for your district, we are always ready to talk.
