Agenda Item
b. Approval of SecureIT (Not to exceed $2,068,760)
Summary: Presented by: Dr. Kermit Belcher, Chief Information Officer, Division of Information & Instructional Technology
Request: It is requested that the Board of Education approve the purchase of information and network security services and associated infrastructure components from Blue Ally ($534,200 Azure consumption & $148,100 managed services and support) in the amount of $682,300, Cyderes in the amount of $723,960 ($678,960 annual services & $45,000 onboarding services), Dean Dorton in the amount of $250,200, and VivacityTech in the amount of $412,300 for SecureIT for a total cost not to exceed $2,068,760.
Why: The purpose of this agenda item is to support the Division of Information and Instructional Technology (DIIT) and district leadership in ongoing efforts to secure information systems and network resources by protecting the confidentiality, integrity and availability of student, staff, and financial information/data.
Please note that this agenda item is intentionally written at a high level to provide transparency while maintaining necessary limitations that protect the district’s security posture. The SecureIT initiative supports this balance by promoting openness without compromising digital privacy, safety, or security.
Details: SecureIT is guided by the National Institute of Standards and Technology (NIST) Cybersecurity Framework, a widely adopted model used by leading public and private sector organizations. The framework is built around five core functions: Identify, Protect, Detect, Respond, and Recover. These pillars provide a structured approach to assessing risk, securing digital assets, monitoring threats, responding to incidents, and restoring operations. By aligning with this nationally recognized standard, the district ensures that its cybersecurity efforts are both rigorous and scalable.
Key Partners and Services:
Blue Ally
Manages Microsoft Azure & Microsoft 365 environments
Provides identity management, security hardening, breach detection, and 100 hours of on-demand support
Cyderes
24/7 managed security services with real-time threat detection and response
Includes SOC, SOAR automation, threat intelligence, proactive threat hunting, and unlimited investigations
Dean Dorton
Provides vCISO leadership and cybersecurity strategy aligned to the NIST framework
Supports incident response, audits, security awareness, assessments, and attack surface monitoring
VivacityTech
Delivers Google Workspace for Education Plus
Enhances security, reporting, collaboration, and administrative tools for education environments
Financial impact: $2,068,760
General Fund:
Professional Services: 100.2800.530000.00011.7600.9990.0308.070.0000
Computer Software: 100.1000.561200.00011.7600.9990.0308.070.0000
Expendable Equipment: 100.2210.561500.00011.7600.9990.0308.070.0000
Contact: Dr. Kermit Belcher, Chief Information Officer, Division of Information & Instructional Technology, 678.676.1200
Effective: August 2025
Status: Approved by the Office of Legal Affairs
June 30, 2025
Dr. Kermit Belcher
DeKalb County School District
1701 Mountain Industrial Boulevard
Stone Mountain, Georgia 30083
Dear Dr. Belcher:
It is our understanding that DeKalb County School District (DCSD) is interested in Cyber Risk and Compliance
consulting services to formalize, continually improve, and maintain DCSD’s Information Security Program. Dean
Dorton’s Cybersecurity team is ready to assist DCSD in addressing with this critical need.
Background
In our experience, we find that many organizations struggle with hiring and retaining Information Security
professionals: it was recently reported that there is a negative unemployment rate in the field of Cybersecurity
and offering a long-term career path for these individuals can be challenging for any organization.
Security and Privacy compliance requirements are increasingly complex. In the meantime, cyber-threats continue
to evolve, and organizations are not well prepared to handle sophisticated cyber-attacks. Knowing that the
average cost per each lost or stolen record containing confidential and sensitive data is well above $150,
Information Security is now a key business risk that needs to be addressed.
Dean Dorton Allen Ford, PLLC’s (Dean Dorton) Information Security Office’s (ISO) unique approach to this
challenge is to understand DCSD’s specific Information Security needs and to develop and implement a program
with your team that is supported by best practices and industry specific experience.
Dean Dorton’s ISO provides a team of experienced Information Security professionals who can augment an
organizations’ Information Security team or take the lead in designing, implementing, and maintaining a strong
Information Security program on your behalf. In addition, Dean Dorton ISO offers a variety of optional services to
assist as little as an organization wants or as much as they need to continuously strengthen their Information
Security program, so they can focus on their core business. For DCSD, Dean Dorton is proposing to provide a
Virtual Information Security Office (VISO) that also includes a yearly Cybersecurity Assessment.
Scope and Objectives
Virtual Information Security Officer
Dean Dorton will assign a senior security consultant (a former security officer or equivalent) who is supported by
a team of Dean Dorton technical and security consultants who can cost-effectively advise and assist you with the
various activities or projects necessary to improve the organization’s security posture. All projects would be
deandortontech.com
�DeKalb County School District
June 30, 2025
Page 2
approved by the organization’s management and could stem from the Security Roadmap. Of course, Information
Security is a moving target, so our team will continuously keep the organization updated of new cyber threats that
need to be addressed to keep DCSD’s information secure. This service is highly flexible based on DCSD’s needs
but it typically includes the following activities:
1. Cybersecurity Risk and Compliance Services and Strategy – the CISO will advise DCSD’s Chief Information
Officer (CIO) regarding Cybersecurity Risk and Compliance matters, evolving cyber threats, regulations,
and remediation strategies to further protect DCSD.
2. Security Reporting – the CISO will provide a regular report that will provide a high-level summary of where
the Information Security program stands, what the key risks are, and will provide education on what the
short and long-term improvement opportunities are.
3. Incident Response Oversight – the CISO will be responsible to coordinate incident response activities and
to communicate directly with DCSD’s CIO or other business leaders based on the information provided by
Dean Dorton Information Security Office, DCSD personnel, and/or other business partners as appropriate.
4. Liaison with internal and external audit – the CISO will facilitate IT audits by leading the response to
information requests for IT audits. Dean Dorton will also assist with the collection of information and will
participate to IT audit activities to ensure that accurate and timely information is provided to auditors.
5. Security Awareness Oversight – the CISO will provide strategic direction and oversight to DCSD’s
Information Security Awareness Program and will direct Dean Dorton’s Information Security Office to
manage the tactical aspect of the program and the associated tools or processes.
Cybersecurity Assessment
Dean Dorton’s Cyber Security Assessment Services are designed to provide organizations specific information
about the state of their Information Security posture and to validate that key controls are working as expected.
We offer a variety of services to accommodate any of your requirements, network architecture, and scenarios.
Dean Dorton will either perform a comprehensive yearly Security Assessment or deliver quarterly assessments to
validate that remediated issues are no longer an issue. The best approach will be discussed with DCSD.
Attack Surface Monitoring
When Dean Dorton Cybersecurity clients are enrolled in our external Attack Surface Monitoring (ASM) service,
Dean Dorton will maintain an inventory of exposed ports, services, software components, and known
vulnerabilities. Dean Dorton analysts are alerted to changes observed in any of these categories which trigger
reviews for risk. If anything is identified, Dean Dorton analysts work to alert clients and provide mitigation
strategies. Additionally, Dean Dorton monitors CVE’s, advisories, and publicly released exploits against the known
software inventory – helping provide early notification and mitigation strategies to anything affecting your
environment in a timely manner.
�DeKalb County School District
June 30, 2025
Page 3
Staffing
Dean Dorton strongly believes that a team approach to this project provides the best possible deliverable for
DCSD. As such, we will compile a team that consists of members from various areas of specialty within our
Cybersecurity Risk and Compliance team. If the need were to arise, we can also involve members from our
accounting and business consulting groups. The combined experience of these resources will provide a fully
qualified team that understands the compliance, technical, and practical aspects of a financial institution.
Pricing and Timing
Project Description Fees
Information Security and Compliance • Virtual Information Security Officer $20,850 per month
Office • Cybersecurity Assessment
• Attack Surface Monitoring
Incident response, forensic, and remediation activities not explicitly listed in this proposal can be provided as
separate services, as needed. Dean Dorton will provide DCSD a discounted hourly rate for projects and Incident
Response services. Additionally, DCSD will be invoiced for all out-of-pocket administrative and travel expenses
including mileage.
Terms
The engagement would be effective beginning August 2025. We will review the engagement annually and propose
changes as needed. The contract period will be a 12-month commitment; provided, however, either party may
terminate the contract immediately in the event of a material breach of this contract. After the 12-month
commitment, either party may elect to terminate this agreement by providing the other party with 90 days written
notice. In the event that services are terminated, you assume responsibility for the transfer of any third party
vendor services. Upon termination, all outstanding invoices will be required to be paid in full prior to the transfer
or release of any final documentation and information.
This engagement does not anticipate the compilation, review, or audit of financial records or financial statements.
At no time shall any member of the Dean Dorton team make any management decisions on behalf of DCSD. We
will only provide technical expertise, support and recommendations to management throughout this
engagement. It will be the responsibility of DCSD to assign a resource to act as our primary contact and to be
responsible for making all decisions on behalf of DCSD. Dean Dorton shall comply with the Non-Disclosure
Agreement dated the same date as this contract.
During the term of this engagement, and continuing for 24 months after the termination of this agreement, neither
party shall directly or indirectly, for its own account or for the account of others, urge, induce, entice, or in any
manner whatsoever solicit any employee directly involved in the activities conducted pursuant to this agreement to
leave the employment of the other party or any of its affiliates except general solicitation that is not directed
�DeKalb County School District
June 30, 2025
Page 4
specifically to any such employee. In the event of employee solicitation, the soliciting party agrees to pay the other
party the equivalent of one time the annual salary of the solicited employee, unless the other party agrees to waive
this provision.
In the unlikely event that differences concerning our services or fees should arise that are not resolved by mutual
agreement, in order to facilitate resolution of the differences and to save all parties time and expense, DCSD and
Dean Dorton agree to try in good faith to settle their differences by mediation administered by the American
Arbitration Association under the Dispute Resolution Rules for Professional Accounting and Related Services
Disputes before resorting to litigation. In the event that litigation cannot be avoided, DCSD and Dean Dorton
agree not to demand a trial by jury.
If any portion of this letter is held to be void or otherwise unenforceable, in whole or in part, the remaining
portions of this letter shall remain in effect.
While the scope of this engagement is intended to help DCSD mitigate security risks, no firm or security program can
guarantee complete protection. In addition, Dean Dorton is not in a position to mandate and require DCSD to
implement all recommendations. Therefore, Dean Dorton will not be responsible and cannot be held liable for any
data breaches while performing this service. Dean Dorton highly recommends all clients to evaluate and maintain
proper and adequate Cyber Insurance coverage.
If you are satisfied with the terms of this engagement, please sign and return this letter. If you have any questions,
please do not hesitate to contact me. We are pleased to have this opportunity to serve you and your staff. I look
forward to developing a long-lasting relationship. Thank you again for the opportunity to assist DCSD in these
matters.
Sincerely,
DEAN DORTON ALLEN FORD, PLLC
By:
Gui Cozzi
Cybersecurity Risk and Compliance Practice Lead
�DeKalb County School District
June 30, 2025
Page 5
ACKNOWLEDGEMENT:
This letter correctly sets forth the understanding of DeKalb County School District
Signature Date
Printed Name
�