Zero Breach Zone·May 26, 2026·30m·Episode #5

Hacking With Permission: K-12 Pen Testing with Zelvin Security

Download audio Show notes Apple Podcasts Spotify

Show notes

Recorded during Teacher Appreciation Week, Phil and Andy take a moment to recognize the educators who make every other profession possible, including the cybersecurity pros keeping school networks safe.

Key Takeaways:

Penetration testing is active, intentional, and noisy. The goal is to find every exploitable vulnerability across every layer of defense so you know everywhere you're exposed, not just where you didn't get caught
Red teaming is different. It's quieter and more covert, designed to simulate a real attacker who's trying not to be detected
Automated pen testing tools beat a basic vulnerability scan, but only a human tester can adapt, troubleshoot, and exploit the edge cases that tools miss. A false sense of security is worse than no test at all
Printers are a massively underestimated attack surface. Once configured for scanning and email, they often hold credentials that can unlock privilege escalation across your entire network
Separating admin accounts from everyday user accounts is one of the highest-impact, lowest-cost moves a district can make
Pen testing validates your existing tool spend and increasingly checks a box on cyber insurance applications

Parting Tip:

Visit zelvin.com/K-12-resources for free tools including a pen test ROI guide, a purple teaming explainer, and a password entropy checker. Aim for a base entropy score over 100

Resources Mentioned:

Zelvin Security — zelvin.com
DEFCON Groups — find your local chapter (search "DC" + your area code)
OWASP — find your local chapter for web security community and networking

← Previous

Surviving a School District Cyberattack with Sandra Paul

Welcome to Season 2 Episode 5 of the Zero Breach Zone, where hosts Phil Hintz and Andy Lombardo sit down with the people on the front lines of K-12 cybersecurity. This week they're joined by Brian Parton, penetration tester and security expert at Zelvin Security. Brian pulls back the curtain on what a real pen test looks like inside a school district, what attackers are actually looking for, why your printer might be your biggest vulnerability, and how knowing where your defenses fail is one of the smartest investments a district can make. Recorded during Teacher Appreciation Week, Phil and Andy take a moment to recognize the educators who make every other profession possible, including the cybersecurity pros keeping school networks safe. Key Takeaways: Penetration testing is active, intentional, and noisy. The goal is to find every exploitable vulnerability across every layer of defense so you know everywhere you're exposed, not just where you didn't get caught Red teaming is different. It's quieter and more covert, designed to simulate a real attacker who's trying not to be detected Automated pen testing tools beat a basic vulnerability scan, but only a human tester can adapt, troubleshoot, and exploit the edge cases that tools miss. A false sense of security is worse than no test at all Printers are a massively underestimated attack surface. Once configured for scanning and email, they often hold credentials that can unlock privilege escalation across your entire network Separating admin accounts from everyday user accounts is one of the highest-impact, lowest-cost moves a district can make Pen testing validates your existing tool spend and increasingly checks a box on cyber insurance applications Parting Tip: Visit zelvin.com/K-12-resources for free tools including a pen test ROI guide, a purple teaming explainer, and a password entropy checker. Aim for a base entropy score over 100 Resources Mentioned: Zelvin Security — zelvin.com DEFCON Groups — find your local chapter (search "DC" + your area code) OWASP — find your local chapter for web security community and networking