Districts are one of the
most-attacked targets
in the country.
We help you defend your data.
.svg "Untitled design (8)")
82%
of U.S. K-12 schools experienced a cyber incident between July 2023 and December 2024.
$556K
average ransom demand against an education institution, first half of 2025.
22%
of K-12 ransomware incidents enter through phishing - the leading entry point.
How We Work
K-12 districts, charter networks, and colleges sit on exactly the data attackers want - student records, staff payroll, vendor integrations - usually with smaller security teams than the threat warrants. We test your environment the way an attacker would, then hand you a plan your team can actually act on.
The risk isn't theoretical,
and the people asking about it aren't waiting.
Three pressures are converging on education institutions at the same time. Most leaders are feeling at least one of them.
The attacks themselves
Education is now the fourth-most-targeted sector for ransomware globally.
Vendor-side breaches like PowerSchool in late 2024 mean even institutions with strong internal hygiene can be exposed through third parties.
The board and trustees
Cybersecurity is a standing agenda item in a way it wasn't five years ago.
Board members want to know — in plain language — whether the institution is ready, and whether someone qualified has actually looked.
The insurance layer
Cyber insurance carriers are tightening requirements.
State privacy laws are multiplying. FERPA, COPPA, and (for higher ed) GLBA expectations are getting sharper. A documented penetration test is becoming an increasingly important part of how institutions show their compliance.
A penetration test is a controlled, expert attempt to find the gaps
before someone else does.
Two ways to think about it, depending on which seat you're sitting in.
01 For leadership and the board
A pen test gives your leadership a clear, documented picture of where your institution stands today. Not a marketing slide, not a vendor self-assessment — an outside expert's read on what's actually exposed.
It's the kind of evidence a board, a trustee, or an insurance carrier wants to see when they ask, in plain terms, "Are we ready?"
02 For IT and security teams
We probe your environment the way a real attacker would — student information systems, identity providers, network perimeter, public-facing apps, vendor integrations, learning management systems. We document what we found, how we found it, and what to do about it.
You get a prioritized remediation plan that fits your team's actual capacity, not a 200-page PDF nobody reads.
Six phases,
no surprises.
Designed so your team's day-to-day isn't disrupted.
01
Scoping
We meet with leadership and your IT or security team to map systems, set boundaries, and align on what's in and out of scope.
02
Active Testing
Controlled probing of your in-scope systems by certified testers. Daily check-ins with your team. Anything critical gets flagged immediately, not at the end.
03
Reporting
An executive summary your board will actually read, a technical findings document for IT, and a remediation roadmap ranked by risk and effort.
04
Readout
We walk leadership and your security team through the findings together. You leave with a clear plan and documentation you can hand to a board, an auditor, or a carrier.
05
Remediation
We work alongside your team - at whatever level of involvement you need - supported by our vCISO partner. A set bank of hours is included; additional hours can be purchased ahead of time or a la carte.
06
Re-test
A full re-test of every previous finding. We verify what's actually closed and update your documentation so you can show - not just claim - that the gaps are fixed.
Documentation that holds up
to Board-level scrutiny and IT-level detail.
Written to be useful, not to fill pages.
Executive Summary
A short, plain-language brief leadership can hand to a board chair, a trustee, or a cyber insurance carrier. Risk posture, key findings, what's been done, what comes next.
Technical Findings Report
The full picture for IT and security staff. Methodology, evidence, severity ratings, and reproducible steps for each finding.
Remediation Roadmap
A prioritized plan with realistic timelines and effort estimates - built around what your team can actually take on this year.
See if we're a fit.
Our 20-minute Fit Check is exactly that - we ask about your environment, you ask about ours. If we're the right fit - fantastic! If we're not, we'll point you to someone who might be.
How is this different from a vulnerability scan?
When auditors or carriers ask what we've done, can we point to this?
Yes - a documented pen test is one of the most concrete pieces of evidence an institution can put in front of an auditor, a board, or a cyber insurance carrier. It doesn't make you FERPA-compliant or GLBA-compliant on its own; compliance is broader than that. But when those frameworks and your carrier's underwriting questionnaire ask whether you've tested your environment, who tested it, what they found, and what you did about it - you have a real answer with real artifacts behind it.
We'll talk through what your specific situation calls for on the call.
What if you find something serious mid-engagement?
How is pricing structured?
We're a small district with a small IT team. Is this overkill?
It isn't.
Smaller institutions are often the ones with the least margin, financial or other, to absorb a breach. We tune the scope and the depth to match what you actually run - you're not paying for an enterprise engagement you don't need.
Who does the actual testing?
Testing is done by our CREST-certified* penetration tester partner team.
In practice, it means the people testing your environment have been independently verified to know what they're doing, follow consistent methodology, and handle your data responsibly. Coverage is comprehensive - the kind of testing your board, your carrier, and your auditors expect.
*CREST is an international accreditation body that audits pen testing firms against rigorous technical, methodological, and ethical standards.