Johan Hammerstrom hosts the podcast this week, interviewing Carolyn Woodard on her nonprofit IT management capacity growing pet project.

100% of nonprofits struggle with IT management capacity – whether it’s optimizing limited budgets, selecting the right tools, or building sustainable tech staffing models. Or just knowing where to turn for trustworthy, professional advice. We need structured connection to share best practices and elevate what works in IT management at nonprofits. We hope this community of practice will gather best practices and that it will snowball, attracting more participants with more experiences and ideas to share.

By publicizing proven approaches, we can develop the scalable best practices the broader nonprofit sector needs. By sharing widely within the philanthropy sector, we can reach more nonprofits and stakeholders with the opportunity to manage IT effectively.

• Technology Association of Grantmakers (TAG) is a membership organization of foundations, funders, and vendors, that shares knowledge and experiences with technology in philanthropy.
• Carolyn Woodard has been working in collaboration with Jean Westrick and Gozi Egbuonu at TAG to create a community of practice around better defining the challenges around IT support for nonprofits and grantees, and to gather and better disseminate best practices.
• When nonprofits have functioning and strategic IT they are 4 times more likely to be effective at achieving their missions. How, as a community, can the stakeholders come together in partnership to grow IT management capacity, IT funding, and IT strategic planning as a leadership component of any effective nonprofit?
• Together, TAG and Community IT curated a series of three events around this topic: a panel discussion with experts from providers, foundations, and TAG laying the groundwork of the issue; a mini-convening meet-up of interested stakeholders at the TAG Conference in 2025; and the release of a white paper in early 2026 outlining the nonprofit IT management landscape, existing resources, and areas for building out best practices.
• To join this community of practice and stay updated on events and publications, get in touch with Carolyn, through our contact us page or on Linkedin.

_______________________________
Start a conversation :)

• Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/
• email Carolyn at cwoodard@communityit.com
• on LinkedIn

Thanks for listening.

Why a 2025 technology equity guide for nonprofits?

Part 1 covers introductions and a deep discussion on the issues of equity in the technology your nonprofit staff use and how they use it. Part 2 delves into questions of funding tech at nonprofits and touches on creating technology tools and applications that can disrupt inequity in our communities, finishing with Q&A.

Nonprofit technology is marked by inequities within our organizations and our sector. You can see this in staffing and processes, and the way technology tools are implemented. Learn to use the free NTEN Equity Guide for Nonprofit Technology as an active and regular part of your strategy discussions and policy review processes and as a resource for evaluation.

Join Tristan Penn to learn how nonprofit staff can use technology strategically in racially equitable ways to meet our missions and community needs.

Worried about inherent bias and inequity built in to the technology your nonprofit uses?
Wondering how to implement strategies and frameworks to make sure your technology use aligns with your organizational values?

Navigating technology can be challenging for nonprofits, especially with the inequities in our sector. How can you use technology as strategically and equitably as possible to advance your mission?

This session will explore how to use the NTEN Equity Guide as a key part of your strategy and policy reviews. You’ll learn how to implement technology in racially equitable ways to better meet community needs. Get a head start on building a more equitable tech future for your organization.

Presenter:

Tristan Penn is the Equity and Accountability Director at NTEN, where he works to promote, coordinate, and evaluate best practices that support Diversity, Equity, Inclusion, Accessibility, and Liberation. His work focuses on equitable development and capacity building within the nonprofit sector. He manages a staff, community, and board-specific DEI Taskforce, creating long-term work plans and goals for equity initiatives both within NTEN and across the broader community.

In his role, Tristan supports and coaches conference speakers and course faculty on creating equitable presentations and manages an annual community survey to gather demographic data and assess customer satisfaction and goal alignment. He is also responsible for designing and implementing audit processes to evaluate the staff, board, and volunteer policies outlined in NTEN’s Equity Commitment, and for developing appropriate methodologies to measure the impact of NTEN’s equity efforts.

_______________________________
Start a conversation :)

• Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/
• email Carolyn at cwoodard@communityit.com
• on LinkedIn

Thanks for listening.

Why a 2025 technology equity guide for nonprofits?

Part 1 covers introductions and a deep discussion on the issues of equity in the technology your nonprofit staff use and how they use it. Part 2 delves into questions of funding tech at nonprofits and touches on creating technology tools and applications that can disrupt inequity in our communities, finishing with Q&A.

Nonprofit technology is marked by inequities within our organizations and our sector. You can see this in staffing and processes, and the way technology tools are implemented. Learn to use the free NTEN Equity Guide for Nonprofit Technology as an active and regular part of your strategy discussions and policy review processes and as a resource for evaluation.

Join Tristan Penn to learn how nonprofit staff can use technology strategically in racially equitable ways to meet our missions and community needs.

Worried about inherent bias and inequity built in to the technology your nonprofit uses?
Wondering how to implement strategies and frameworks to make sure your technology use aligns with your organizational values?

Navigating technology can be challenging for nonprofits, especially with the inequities in our sector. How can you use technology as strategically and equitably as possible to advance your mission?

This session will explore how to use the NTEN Equity Guide as a key part of your strategy and policy reviews. You’ll learn how to implement technology in racially equitable ways to better meet community needs. Get a head start on building a more equitable tech future for your organization.

Presenter:

Tristan Penn is the Equity and Accountability Director at NTEN, where he works to promote, coordinate, and evaluate best practices that support Diversity, Equity, Inclusion, Accessibility, and Liberation. His work focuses on equitable development and capacity building within the nonprofit sector. He manages a staff, community, and board-specific DEI Taskforce, creating long-term work plans and goals for equity initiatives both within NTEN and across the broader community.

In his role, Tristan supports and coaches conference speakers and course faculty on creating equitable presentations and manages an annual community survey to gather demographic data and assess customer satisfaction and goal alignment. He is also responsible for designing and implementing audit processes to evaluate the staff, board, and volunteer policies outlined in NTEN’s Equity Commitment, and for developing appropriate methodologies to measure the impact of NTEN’s equity efforts.

_______________________________
Start a conversation :)

• Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/
• email Carolyn at cwoodard@communityit.com
• on LinkedIn

Thanks for listening.

Technology Association of Grantmakers held their 2025 Conference in Atlanta. Jenny Huftalen and Carolyn Woodard attended and share the takeaways and trends in philanthropy for tech.

The takeaways:

• Technology Association of Grantmakers (TAG) convenes members bi-annually to share knowledge and experiences on technology used at foundations and funders.
• Four trends stood out from this year’s conference: AI, Data, Cybersecurity, and our own health.
• Almost every session and keynote spoke to the prevalence of AI in our lives, in philanthropy, and in the nonprofit space. If you are feeling FOMO or feeling that you don’t know enough about AI, rest assured no one really knows what they are doing either. We also heard several fascinating use cases where nonprofits in partnership with funders are using AI in thoughtful and impactful ways.
• Data and database cleaning and organizing was also a trending topic. Several presentations stressed the need to work on your data processes and governance before throwing an AI product at your data and expecting it to clean it up for you. Again, thoughtful attention to the human side of data is necessary to make the AI work well.
• Several speakers stressed the need to weave cybersecurity throughout your operations and realize that IT and cybersecurity touch every staff member at your organization. Starting with anti-virus software not being built-in to your purchase, IT has constantly packaged cybersecurity as something additional and separate. But that is an inadequate viewpoint. Weave cybersecurity into everything and keep yourself and your organization better protected.
• Finally, our health. IT in philanthropy is all about people. People need to be healthy, which can require a pause to reflect even in chaotic and stressful times. Several speakers and attendees talked about the need, as ever, to re-focus on the essentials: the communities we partner with, the deep knowledge we have about the assets we hold and the challenges we face, and that we do this work because we have hope for a better future.

It’s clear that the intersection of technology and philanthropy is evolving rapidly. These trends can feel like a lot to navigate, but remember that the strongest solutions always come from a thoughtful, human-centered approach. Community IT is here to help your nonprofit or foundation thoughtfully weave technology into your operations so you can focus on your mission.

_______________________________
Start a conversation :)

• Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/
• email Carolyn at cwoodard@communityit.com
• on LinkedIn

Thanks for listening.

What Do Nonprofits Need to Know About Penetration Testing?

Nonprofit Cybersecurity expert and Community IT CTO Matt Eshleman explains what penetration testing is, why some nonprofits may need it, and why other nonprofits may not, or may not need it until after a basic assessment and vulnerability scanning.

Do you have someone urging you to get expensive pen testing, and you aren’t sure if you really need it, or if it is just checking a box on an insurance form? This podcast should give you more information on what the pen test tests, and how to match your investment in cybersecurity to your nonprofits’ risks and needs.

Takeaways on Pen Testing for Nonprofit Cybersecurity

What is penetration testing?

• When nonprofits hosted a server on premises, penetration testing was a step that could be taken to look for vulnerabilities such as open ports on the local network.
• Pen testing, as the name implies, involves finding vulnerabilities and exploiting those openings to show how far into your system a hacker could get. Usually a pen testing company will provide a long and very technical report about the client’s cybersecurity configurations.
• Now that most nonprofits are working in the cloud, there is less to test in a pen test. Vulnerability scanning and a basic assessment can usually create a more valuable list of vulnerabilities and remediation suggestions, for a more affordable price. An assessment will provide a more comprehensive and holistic report on the cybersecurity practices at your nonprofit.
• If you have been told you “need” to have a pen test, make sure you understand why and the ROI return on investment the pen test is expected to provide.
• Pen testing has definite value, but that value is very specific to certain types of organizations; with on-site servers, and with certain technical needs and risks.
• The most likely source of compromise and fraud at most small- to mid-sized nonprofits is going to be malicious phishing email leading to wire fraud or compromised credentials. If you have a limited budget to put toward cybersecurity practices, it makes sense to invest in staff training to decrease the risks of clicking on a bad link, and “basic” cybersecurity to protect account credentials and user ID.
• In general, Community IT would recommend starting a cybersecurity improvement journey with a basic assessment, adding vulnerability scanning, and only after addressing any vulnerabilities discovered at that level, determining whether a pen test is a valuable tool to learn more about your system security and resilience.

Community IT hopes that we can provide trusted advice and guidelines for nonprofit safety and security. Your cybersecurity risks and needs will be individual to your nonprofit. If you have questions on pen testing, vulnerability scanning, and basic assessments, reach out and schedule a conversation or assessment with Matt.

_______________________________
Start a conversation :)

• Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/
• email Carolyn at cwoodard@communityit.com
• on LinkedIn

Thanks for listening.

October is ESOP Employee Owner Month

An Employee Stock Ownership Plan, or ESOP, is a legal structure used in the U.S. to create an employee-owned company. Essentially, an ESOP is a type of retirement plan that invests primarily in company stock, holding the assets in a trust for the staff.

Community IT is 100% employee-owned. This structure means our staff participates in the company’s success. Not all ESOPs are 100% employee-owned. Our CEO Johan Hammerstrom walks through the decisions and concerns of our founder, David Deal, that the mission of the company always remain focused on serving nonprofits with well-managed IT. The best way to preserve that mission when he sold the company in 2012 was to sell it entirely to the staff.

Being an ESOP is fundamentally important to Community IT because it ensures we maintain the stability and focus required to serve the nonprofit sector best. This structure guarantees we control our own destiny, allowing us to prioritize long-term, excellent service to nonprofit organizations over external pressures like seeking to be acquired or maximizing short-term profits for outside owners.

Further, it enhances our culture by aligning the incentives of our passionate employees with our mission, empowering independent decision-making and ensuring that clients benefit from a dedicated, resourceful, and stable team that is invested in the organization’s lasting success.

Join CEO Johan Hammerstrom as he explains what October being ESOP employee owner month means to Community IT, our clients, and our dedication to providing excellent outsourced IT services.

Interested in the ESOP structure advantages and how to become an ESOP? Contact Johan directly, he is always happy to talk about our ESOP.

_______________________________
Start a conversation :)

• Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/
• email Carolyn at cwoodard@communityit.com
• on LinkedIn

Thanks for listening.

A Panel Discussion with Matthew Eshleman and Ian Gottesman.

In part 1, Ian and Matthew discuss an approach to cybersecurity for nonprofits, taking the first steps, and 3 steps you can take to prevent at least 80% of attacks. In pt 2, they talk about making cybersecurity training more engaging, and lessons learned this year. They finish by taking audience questions.

Our nonprofit cybersecurity experts discuss the current state of risks, and the best counter-measures nonprofits should have in their toolboxes.

Learn what are cybersecurity essentials for nonprofits, and how your nonprofit organization can meet the moment.
Keep your staff, your networks, and your data secure in an insecure world.

Worried about nonprofit cybersecurity?

You aren’t alone. The nonprofit sector is seeing new attacks and politicization of work that was never political before. Most attacks we are seeing in our networks are still financial, not political – but that doesn’t make being a victim of these attacks better. AI is changing cybersecurity needs rapidly.

If you aren’t sure what you need to know, or who to ask, learn from our expert panel in this webinar where we will discuss cybersecurity essentials for nonprofits in accessible language, and lay out a plan for any nonprofit to put the basics of cybersecurity in place.

Secure your devices.

Secure your accounts.

Secure your data.

In this new webinar, expert panelists discuss cybersecurity essentials and take Q&A.

As with all our webinars, this presentation is appropriate for an audience of varied IT experience.

Community IT is proudly vendor-agnostic, and our webinars cover a range of topics and discussions. Webinars are never a sales pitch, always a way to share our knowledge with our community.

_______________________________
Start a conversation :)

• Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/
• email Carolyn at cwoodard@communityit.com
• on LinkedIn

Thanks for listening.

A Panel Discussion with Matthew Eshleman and Ian Gottesman.

In part 1, Ian and Matthew discuss an approach to cybersecurity for nonprofits, taking the first steps, and 3 steps you can take to prevent at least 80% of attacks. In pt 2, they talk about making cybersecurity training more engaging, and lessons learned this year. They finish by taking audience questions.

Our nonprofit cybersecurity experts discuss the current state of risks, and the best counter-measures nonprofits should have in their toolboxes.

Learn what are cybersecurity essentials for nonprofits, and how your nonprofit organization can meet the moment.
Keep your staff, your networks, and your data secure in an insecure world.

Worried about nonprofit cybersecurity?

You aren’t alone. The nonprofit sector is seeing new attacks and politicization of work that was never political before. Most attacks we are seeing in our networks are still financial, not political – but that doesn’t make being a victim of these attacks better. AI is changing cybersecurity needs rapidly.

If you aren’t sure what you need to know, or who to ask, learn from our expert panel in this webinar where we will discuss cybersecurity essentials for nonprofits in accessible language, and lay out a plan for any nonprofit to put the basics of cybersecurity in place.

Secure your devices.

Secure your accounts.

Secure your data.

In this new webinar, expert panelists discuss cybersecurity essentials and take Q&A.

As with all our webinars, this presentation is appropriate for an audience of varied IT experience.

Community IT is proudly vendor-agnostic, and our webinars cover a range of topics and discussions. Webinars are never a sales pitch, always a way to share our knowledge with our community.

_______________________________
Start a conversation :)

• Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/
• email Carolyn at cwoodard@communityit.com
• on LinkedIn

Thanks for listening.