Cybersecurity Consultation Service for High School District Case Study
Industry: Education
Project Feedback
The school district has successfully received the foundational documents — such as policy templates and disaster recovery plans — that are necessary for them to create their cybersecurity program. FRSecure proves to be an expert in their field. The client also praises their dedication and integrity.
Case Study
Don Ringelestein
CTO, Maine Township High School District
The Client
Introduce your business and what you do there. I’m the CTO for a high school district in Park Ridge, Illinois that has about 6,500 students in three schools. We’re the first school district to ever adopt Google; our schools are among the best in Illinois. As the CTO, I’m in charge of all the technology used in the district; I’m responsible for everything from data systems and infrastructure to classroom equipment.
The Challenge
What challenge were you trying to address with FRSecure? Prior to my arrival at the district, there were no security efforts. As a result, I needed some help to get a better cybersecurity program.
The Approach
What was the scope of their involvement? FRSecure gives me high-level advice and recommendations on how our organization can move forward in terms of establishing a security program. They essentially serve as our virtual chief information security officer (vCISO). They do most of their work for us remotely. The FRSecure team also offers penetration testing services, and I plan to take them up on that offer for our network.
What is the team composition?
I work with two people from FRSecure. One of them is a customer representative; he’s in charge of the company’s relationship with me. The other person is a project manager’s who’s highly familiar with security programs.
How did you come to work with FRSecure?
I found FRSecure’s contact information after I underwent a free Certified Information Systems Security Professional (CISSP) training program. That was how I first engaged with them. During that time, I acquired a favorable opinion of their organization — I became convinced of their expertise and alignment with our group’s mission. Their integrity stood out to me. As a result, I hired them.
How much have you invested with them?
We’ve spent around $24,000 on their vCISO service; I also pay around $10,000 for their retainer. What is the status of this engagement? We started the engagement in August 2021, and it’s ongoing.
The Outcome
What evidence can you share that demonstrates the impact of the engagement? FRSecure has successfully provided me with the foundational documents that I need to start our district’s cybersecurity program. Those documents include policy templates, disaster recovery plans, business continuity plans, and business impact analysis templates.
How did FRSecure perform from a project management standpoint?
Their management skills are outstanding. Our engagement isn’t project-based; they simply provide the expertise that I don’t have. However, they offer great tools in terms of helping me do the foundational work necessary to start our security programs. In terms of communication, we talk on a bimonthly basis over the phone.
What did you find most impressive about them?
The team is more interested in their mission than money — that’s reflected in the fact that they offer free CISSP certification. They’re essentially donating their expertise to the profession, which is incredibly impressive for me. In other words, their integrity and relevance have been outstanding. Overall, the team is truly passionate about security and helping organizations. While they also need to make money, they’re truly more dedicated to making others secure.
Are there any areas they could improve?
No, there aren’t any. The team has been responsive to my needs; they tailored their work around such needs.
Do you have any advice for potential customers?
Know what you need. On top of that, somebody from your leadership team should handle the engagement with FRSecure. That person should be able to look into the relationship strategically. In my experience, many organizations jump directly to the day-to-day security operations. They buy the latest technologies that the vendor assures them will protect their organization — without analyzing their risks first. However, you can’t have a security program without doing some foundational work first, such as getting sign-offs from the executive team. FRSecure can help with this and lay a good groundwork for cybersecurity governance.