K-12 environments represent one of the most complex and under-discussed security landscapes in the industry. Over two decades as a CISO in a large school district, Matthew Frederickson operated in an environment where IT, OT, and physical security systems converged—often within a single Active Directory domain.

This session provides a practitioner-level view into the realities of securing these environments, where HVAC systems, door access controls, surveillance platforms, and student information systems coexist under severe budget constraints and evolving regulatory pressure.

Through real-world scenarios, attendees will see how seemingly low-risk misconfigurations can be chained into full domain compromise, and how security programs can be built and sustained in resource-constrained environments. The session also explores the unique human factors of K-12 security, including insider threats, social engineering, and overlapping compliance requirements.

This is a candid, experience-driven session focused on lessons learned, practical strategies, and insights that apply far beyond the education sector.