Paul Cerra and the Business of Securing a School

Steven Sutton | ssutton23@dtechhs.org

When you go to the west side of the building, on the first floor, down the first hallway, you will find drawn blinds and a locked door. Behind that locked door, you might find Paul Cerra, d.tech’s sole IT administrator. Within his den, he is constantly working away furiously at his keyboard, or perhaps on the phone, trying to solve one of the myriad of tasks awaiting him at his desk.

Cerra has been working at d.tech for 5 years now; he’s seen it all, and done it all. Working at d.tech “has had its ups and downs” he says. Everyday there is a new problem he needs to solve; chromebooks to repair, projectors and printers that have stopped working, and the thing that’s on his mind most: security.

————

Network Security

Keeping the network secure is a big job, and Cerra does it all. Right now, he is testing a new program that could significantly increase his ability to secure the network, and might allow students to officially use their personal devices, a constant turmoil between students and staff.

Currently, d.tech uses Cisco Meraki to control school wifi networks, and the system works to secure them (for example, Meraki caught and blocked malware accidentally downloaded on February 18) but only to an extent. It’s protection isn’t all encompassing.

As a high school, d.tech is especially at risk to ransomware attacks that would allow the hacker access to an incredible amount of information. Now, you may think it doesn’t really matter. After all, who cares if a hacker can see my grades? But it’s not just grades; it’s phone numbers, home addresses, HIPAA-protected medical information, and more. There could even be enough information to commit identity fraud. Remember, most students are not adults, and data protection law surrounding minors is strict. If someone with malicious intentions were to get ahold of this information and even threaten to release it, students and the school itself would be in serious trouble.

Meraki Systems Manager could close those gaps. Cerra has been working with a trial of the software, and it appears as though it would secure all this information behind a nearly unpickable lock. It would allow for the network to be monitored constantly for all forms of attacks and suspicious activity. Additionally, it would allow for greater security on all devices on the network, addressing the key problem surrounding students' personal devices. The “zero trust” policy the d.tech wifi networks are forced to use under the current system makes securing new devices difficult, but with this new system, all devices (including those new to the network) would be secured.

All this being said, Systems Manager is expensive and, critically, charges by device, so even if it is implemented, students may not be able to benefit. Personally, Cerra supports both the adoption of the system and allowing for students to use it for personal devices. He will be presenting the information surrounding Meraki Systems Manager to the school’s board of directors later this year.

The Building

“Who else is going to do this stuff?” Cerra, despite his job description being purely centered around IT, is d.tech’s go-to for securing the building, and everyday there is something new.

Recently, a student’s bike that was locked on the public racks by the d.tech staff parking lot was stolen, and there wasn’t really anything that d.tech could do about it. The camera in the parking lot could only see the lot itself, so the thief couldn’t be found. The student said that the reason why they didn’t use the locked bike cage in the Oracle 500 Garage was because there was a rumor that you could get into the cage with a credit card. To Paul, this was ridiculous. Of course you can’t get into the cage with a credit card; but nevertheless, he had to go out there and make 100% sure. Sure enough, you can’t. And this wasn’t the first time that dealing with theft had become part of his job.

Remember the “devious licks” trend? Paul Cerra does. Not long ago, he was out on the east patio and found that the bright red “emergency meeting area” sign had been taken down and laid out on the ground. Assuming someone had intent to come back and steal it, he picked it up and  brought it inside. That sign has now been sitting inside his office for months. Who tried to steal it? Who knows. Why? Because they could. And Cerra found himself dealing with it. 

Add onto that all of the little things that can, and do, go wrong. Back in January, the credit card readers on the vending machines went out, and the vending company representative that was sent out to fix it was insistent on the idea that it was the fault of the cell network repeaters inside the building. There are cell service repeaters for all the major cell companies inside d.tech and the vending machine readers run on Verizon. Paul spent a long time attempting to fix the repeater itself, before he came to the conclusion that the repeater was functioning perfectly normally. It turned out that the “point of sale” devices inside the vending machines themselves were broken, and the vending company came back out to replace them, but not before a significant amount of Cerra’s time and energy had been used trying to fix something that was never broken in the first place.

d.tech’s building is packed to the gills with technology, and technology sometimes breaks down. Recently, Cerra found a broken GFCI on the west patio. GFCI stands for Ground Fault Circuit Interrupter, and they are critical security devices, preventing people from getting potentially deadly electrical shocks. Problems like this are dealt with by Oracle Technicians (after all, d.tech is on Oracle property), and thankfully they came through and fixed it without a hitch. But, while he was out there, Cerra found that the badge reader that opens the door to the patio from the outside had broken. 

There’s always something broken, and it’s Cerra’s job to fix it.

————

Chromebooks

“We used to be able to do more.”

Every single student at d.tech has a school issued chromebook, and it is Cerra’s job to administer them and keep them running. But with only one man in charge of more than 500 devices, it gets difficult quickly.

“The Right to Repair movement hasn’t quite reached Chromebook manufacturers,” Cerra says. Our school chromebooks are notoriously difficult to repair when they break, which they do rather frequently. The expected lifespan of the Lenovo chromebooks held by current Sophomores and Juniors is only two years. Many years ago, we used chromebooks made by Acer, which had many more replaceable parts and were quite easy to repair. But now, many common points of failure are soldered directly to the motherboard of the computer, meaning if one thing fails, the entire computer is permanently dead. 

When Cerra first started encountering these problems, he was unsure of what to do, and sought help from other education IT professionals. He called around to other schools to hear their policies and even joined the K12 SysAdmin subreddit group. There, he was forced to come to the conclusion there wasn’t really anything he could do about it. Chromebooks don’t last very long, and when they do break, they often can’t be easily fixed. It may cost more in the short term, but when you factor in labor, time, and sheer frustration, replacement becomes the better option.

When the new 14in HP devices were bought this year for Freshmen and Seniors, Cerra understood the new reality of device repair, and he had the school intentionally overbuy chromebooks so that when they encounter fatal errors there will be replacement devices on hand. There are currently around 30 HP chromebooks still in their boxes in Cerra’s office, ready to serve as replacements. 

We were very lucky to have the new HP devices come in this year. Due to the worldwide chip shortage, there simply aren’t enough chromebooks in the United States, and schools were quickly buying them up whenever they became available. And that same shortage has made acquisition of the parts we can replace more difficult and expensive. For example, replacement screens for Lenovos used to cost around $50 each, but since d.tech went back in person, they have cost in excess of $100 each.

Before the pandemic began, students would be billed for chromebooks repairs. That policy had to be changed when the pandemic started. “I can only imagine what it’s been like for families in this pandemic,” Cerra said. He decided to make payment for repairs optional. “It seems like the right thing to do,” he said, and most families have managed to pay.

————

Paul, Personally

Cerra started working at d.tech part time in January 2017 and went full time in October of that year. He was here when d.tech moved from the warehouse campus to its current building, and that transition was difficult. The move created new responsibilities surrounding security infrastructure that he wasn’t expecting. 

Working at d.tech has been stressful, but for Cerra, the benefits outweigh the downsides.

“This is a cool community … I can really help [students],” he says. “When I came to work at d.tech I didn’t understand I was coming to work at a school. .. I just thought I was turning wrenches and fixing chromebooks. I said to the Class of 2021 that they were the first class where I knew them more than I knew their chromebooks. When I first came to work here there was a stack of broken chromebooks with students' names on them; the joke used to be that I knew students' chromebooks more than I knew you. Over time that’s really changed. [...] Eventually, as I met more of you [I realized] there’s a lot of cool people here.”

Helping students with tech issues, keeping classroom technology running, even just unblocking websites for students who need them can be rewarding. And the pressures have become easier with time, and he can see it making a difference and mitigating stress. “[In life] there are things you can control and things you can't [..] you learn to stop stressing over what you cannot control.”

Getting to know us, he says, “has been far more fulfilling than fixing a screen and a trackpad. This is actually a job about people. I have the word support in my job title, and I believe in that. The community is more important than a chromebook.”

“I'm not gonna get many more opportunities to say ‘Hi’ to students like Kasvi Singh; along with the rest of the class of 2022, she'll be graduating soon. But one day, when I'm out of this job, I'll remember the students."

Paul lives nearby with his wife Stephanie in a home they recently moved into. Stephanie is a former college professor and one-time intersession teacher who recently got a job writing Google Support pages. She likes to read mysteries. Paul introduced her to author Agatha Christie’s detective character Hercule Poirot a while back, and she fell in love with the art. It’s no surprise then that her one foray into intersession teaching was about the mystery writers of the early 20th century.

If you see him in the halls, feel free to say hi, but not much more. He is probably very busy.