In November 2025, the Consortium of Cybersecurity Clinics published its very first peer-reviewed publication on cybersecurity clinical education. The article, “Protecting Communities while Training Future Cybersecurity Professionals: Lessons from the Consortium of Cybersecurity Clinics,” was co-authored by Isak Nti Asare, Scott Shackelford, Jungwoo Chun, and Sarah Powazek and published in The Cyber Defense Review.
The article featured case studies from Consortium members Indiana University, MIT, and UC Berkeley that illustrate the role clinics have played in supporting critical infrastructure and advancing national cyber resilience efforts. The work across these three clinics and other members of the Consortium laid the foundation for expanding the cybersecurity clinic model worldwide, with the benefit of bolstering national security. The Consortium of Cybersecurity Clinics plans to build on this success by supporting and fostering additional collaborative research on cybersecurity clinics between Consortium members.
The Significance: Why Clinics Are Critical to National Security
National security vulnerabilities often originate at the local level, where under-resourced public-serving organizations are increasingly targeted by adversaries.
By training students to provide professional-grade, pro-bono services to organizations at the municipal and nonprofit levels, the article claims that clinics address two longstanding gaps in public sector capacity: “They redistribute capacity into vulnerable nodes ignored by markets and underserved by states… [And] cultivate a workforce oriented toward civic protection.” This dual-purpose model, scaled nationally by the Consortium to create a federated infrastructure of community-based cybersecurity services, presents a governance innovation that bolsters national security. It accomplishes this by strengthening local resilience and addressing the workforce shortage by training the next generation of cybersecurity professionals with experience in public-interest cybersecurity.
The Consortium of Cybersecurity Clinics serves as a catalyst for this model, facilitating resource sharing, standardizing best practices, and enabling the rapid, scalable growth of clinics needed to meet national demand.
High-Impact Case Studies
The article features three case studies illustrating the diverse and high-impact interventions of member clinics:
- The MIT Cybersecurity Clinic supports city governments in New England, focusing on risk assessments and policy updates to increase local governance capacity. Students engage in rigorous experiential learning, negotiating with city managers and drafting actionable policy documents. The clinic distilled the industry-leading NIST Cybersecurity Framework from its 108 controls to 23 core controls most relevant to small organizations. The streamlined assessment framework has been shared across the Consortium network.
- The Indiana University (IU) Cybersecurity Clinic works extensively with small and rural municipalities, private utility providers, and nonprofits in the Midwest. IU’s interdisciplinary teams focus on governance audits, the development of formal incident response plans, and helping organizations secure cyber insurance. One notable case involved working with a Department of Housing and Urban Development (HUD)-funded community action agency serving 60,000 low-income residents, where IU teams identified vulnerabilities and recommended improvements. Students also learn to translate technical findings into actionable policies within municipal codes and procurement rules.
- The UC Berkeley Cybersecurity Clinic focuses on defending politically vulnerable nonprofits (such as human rights and election-integrity groups) that are often targeted in hybrid conflicts and disinformation campaigns. Through its work with organizations like reproductive health providers and election-integrity advocates, the UC Berkeley Cybersecurity Clinic demonstrates that civil society resilience is integral to national security. As of Fall 2025, the clinic at Berkeley had supported more than 230 nonprofits in strengthening their cybersecurity defenses. By defending civil society organizations, the clinic contributes to our nation’s democratic durability: strengthening our democratic institutions against interference from adversaries.
Cultivating the Future Workforce
Clinics also directly address the major national challenge of workforce shortages. As of early 2025, there were over 450,000 unfilled cybersecurity jobs. They provide a practical solution to the paradox of “entry-level” jobs demanding prior experience by providing students with hands-on learning via real-world client engagements. Students build technical, policy, and communication skills in live operational environments, ensuring their work is both high-quality and aligned with professional standards. This cultivates a next-generation workforce oriented toward public-interest cyber pathways.
A Scalable Model: The Consortium of Cybersecurity Clinics
The clinic model’s effectiveness and scalability are driven by the innovations developed in the Consortium of Cybersecurity Clinics’ member clinics.
With 56 total members, the Consortium includes large research universities, small liberal arts colleges, community colleges, women’s colleges, and minority-serving institutions. Member clinics co-develop curricula, define best practices, and refine standardized methodologies that are shared and adapted by peers.
In conclusion, the Cyber Defense Review article argues that clinics are a field-tested model for strengthening national cyber resilience. The Consortium is transforming these efforts into a scalable cyber infrastructure that protects communities, supports critical services, and cultivates the cybersecurity workforce needed for tomorrow.
This article is an exciting first example of collaborative research and peer-reviewed scholarship on cybersecurity clinical education from the Consortium. Congratulations to the authors, Isak Nti Asare, Scott Shackelford, Jungwoo Chun and Sarah Powazek, for trailblazing this field of work, and thank you for your time, expertise, and dedication to supporting cybersecurity clinics.
