
How Metropolitan School District of Wayne Township combats ransomware with Infosec IQ
Learn why MSD of Wayne Township selected Infosec IQ to keep their districtâs data secure.
The Metropolitan School District (MSD) of Wayne Township is located in the heart of Indiana. The district is home to 16,500 students, 2,500 employees and over 15,000 computers and devices. After experiencing four ransomware attacks in a few short years, Chief Technology Officer Pete Just knew it was time to take a new approach to educating his faculty and staff about the risks of phishing and malware. Pete made several changes to the districtâs security strategy and enrolled their employees in Infosec IQ awareness training. Peteâs efforts have been successful â the district has remained ransomware free since deploying these changes in late 2017. Pete, a former teacher, uses Infosec IQ to deliver personalized security awareness training to employees who need it the most. We met with Pete to learn more about his approach and how heâs used Infosec IQ to keep his districtâs data secure.
MSD of Wayne Township
Enhancing security through workforce education
Pete helped pioneer personalized learning at MSD of Wayne Township long before leveraging it in his security awareness training program. Using technology and data-driven insights, Pete and the MSD of Wayne Township boosted graduation rates by letting students choose education paths tailored to their needs and learning styles.
âThere are two ways we like to think about personalized learning â one for students and one for staff,â said Pete. âWe teach our faculty to personalize education through actionable classroom data.â
Pete follows this same approach when teaching staff how to identify phishing attacks. âRather than hosting a meeting and making staff sit through a three-hour training, we tailor training to their own level of understanding. If we want to teach them something new, we first assess what they know. No one likes to sit in a room and listen to a talking head. And they donât like getting trained on something they already know.â
Outsmarting the bad guys starts here.
See for yourself how Infosec IQ will empower your employees to outsmart cyber crime at work and at home. With over 2,000 awareness resources and phishing simulations at your fingertips, it’s easy keep your employees secure and engaged in training, regardless of their location, preferred language or learning style.

Using positive reinforcement to transform end-user behavior
In addition to leveraging personalized learning, Pete uses positive reinforcement to drive the behavioral changes needed to combat phishing and ransomware attacks. He uses Infosec IQ phishing simulations to identify at-risk employees and deliver training tailored to their security aptitude.
âTraining shouldnât be punitive,â said Pete. âThatâs one of the things I like about how we use Infosec IQ. If youâre not clicking links and getting phished, you donât need the training and you wonât have to take any. If you need training, weâll start with a three-minute module. If that doesnât work, then weâll have you take the 20-minute training.â
Pete recommends tying the benefits of security awareness training to life in and outside of the workplace. âIf youâre not secure at work, youâre probably not secure at home,â said Pete. âI ask our employees, âDo you want people to get into your bank account?â The answer is always no. Security awareness training will teach them how to stay safe online at work and at home.â
Why Metropolitan School District of Wayne Township selected Infosec IQ
Before exploring external training solutions, the district tried an in-house approach. They sent informative emails to staff and hung posters in the buildings, but they did not see the results they needed. âThis approach wasnât well received. People werenât engaging with the emails,â said Pete.
Infosecâs history in security education made the product stand out to me. It was a complete package for a very reasonable price.
Pete looked at several major awareness training vendors before selecting Infosec IQ as their training solution. The fact Infosec developed Infosec IQ caught Peteâs attention. âInfosecâs history in security education made the product stand out to me,â said Pete. âIt was a complete package for a very reasonable price.â
Platform features important to Pete included customization options, personalized learning and engaging, interactive content. âWe wanted the ability to customize our campaigns and receive regular reports as campaigns were in progress. We also wanted training to be closely associated with learner clicks, and needed the ability to determine what training module went to whom and why,â said Pete.

Assess your organization's phish rate
Need to build buy-in? Run a free Phishing Risk Test to measure your organization’s phishing susceptibility and share results with stakeholders.

Demo Infosec IQ
Want to see for yourself? Request a demo of the Infosec IQ awareness training and phishing simulation platform.

View plans and pricing
Find the best security awareness and training for your employees, and the right plan for your organization.
Getting training buy-in from stakeholders & staff
Phishing simulations and workforce security awareness training is fairly new to K-12 education. Pete and the Indiana CTO Council surveyed school districts in the state to see how many used security awareness training to fight the growing phishing and ransomware threat. âOf the 400 folks who participated in the survey, 62% had never run phishing security tests,â said Pete.
Pete knew it was time to start an awareness training program at MSD of Wayne Township, but first needed to secure buy-in from stakeholders. âOur test database was locked up about two years ago following a ransomware attack,â said Pete. âThankfully, we were backed up, but it put some people out. I reminded our stakeholders the entire situation could have been avoided if users knew not to click malicious links.â
Security awareness training presented an opportunity for MSD of Wayne Township to make life easier, protect resources and keep everyone safe. âI asked the group if we wanted to keep everyone safe, and of course they said yes,â said Pete. âI then explained we were going to provide just-in-time awareness training for people who need it the most. Two months later, we started our first phishing campaign.â
Pete attributes much of his success to the way he approached stakeholders and explained awareness training benefits. âThe way I approached the group helped them understand what we wanted to do was a positive thing,â said Pete. âIt starts with how you announce your program. It canât be about âgotchaâ moments and negative feedback. If you start that way, youâre probably going to have all kinds of problems. I explained itâs a learning opportunity and a way to avoid future attacks.â
Creating a culture of security at Metropolitan School District of Wayne Township
With 2,500 employees, Pete knew making changes at the cultural level was going to be a challenge. Pete and his team looked to a group of key school leaders and stakeholders for help introducing the new program. âWe have group of about 40 teachers and 10 tech assistants who serve as technology leaders in the district,â said Pete. âWe told them we were getting ready to start this program and showed them what to expect. We combined the new software with a train-the-trainer model.â
Called the iTEC team, this group helps field questions from staff about phishing simulations and awareness training. If negative feedback is received, itâs reported back to Peteâs team for further evaluation. âiTEC helps get staff on the same page,â said Pete. âWe have 1,200 teachers â not all of them know who I am. I could send an email to everyone about the program, but this approach is more effective.â
Program results
Before security awareness training, teachers at MSD of Wayne Township didnât understand why they were a hacker target. Educating them about phishing, social engineering and ransomware has helped the school district keep their data secure. âOur threatscape is constantly changing,â said Pete. âIn the past 18 months, weâve experienced an onslaught of sophisticated attacks. Hackers are targeting our users in very specific ways.â
In the years before training their staff with Infosec IQ, the district was hit with four ransomware attacks. There have been no ransomware attacks since deploying the Infosec IQ solution. âInfosec IQ was one of many changes we made to our security strategy,â said Pete. âSecurity takes a multilayered approach, and employee security education is an important layer.â