In November 2025, the Consortium of Cybersecurity Clinics published its very first peer-reviewed publication on cybersecurity clinical education. The article, “Protecting Communities while Training Future Cybersecurity Professionals: Lessons from the Consortium of Cybersecurity Clinics,” was co-authored by Isak Nti Asare, Scott Shackelford, Jungwoo Chun, and Sarah Powazek and published in The Cyber Defense Review.

The article featured case studies from Consortium members Indiana University, MIT, and UC Berkeley that illustrate the role clinics have played in supporting critical infrastructure and advancing national cyber resilience efforts. The work across these three clinics and other members of the Consortium laid the foundation for expanding the cybersecurity clinic model worldwide, with the benefit of bolstering national security. The Consortium of Cybersecurity Clinics plans to build on this success by supporting and fostering additional collaborative research on cybersecurity clinics between Consortium members.

The Significance: Why Clinics Are Critical to National Security

National security vulnerabilities often originate at the local level, where under-resourced public-serving organizations are increasingly targeted by adversaries. 

By training students to provide professional-grade, pro-bono services to organizations at the municipal and nonprofit levels, the article claims that clinics address two longstanding gaps in public sector capacity: “They redistribute capacity into vulnerable nodes ignored by markets and underserved by states… [And] cultivate a workforce oriented toward civic protection.” This dual-purpose model, scaled nationally by the Consortium to create a federated infrastructure of community-based cybersecurity services, presents a governance innovation that bolsters national security. It accomplishes this by strengthening local resilience and addressing the workforce shortage by training the next generation of cybersecurity professionals with experience in public-interest cybersecurity.

The Consortium of Cybersecurity Clinics serves as a catalyst for this model, facilitating resource sharing, standardizing best practices, and enabling the rapid, scalable growth of clinics needed to meet national demand.

High-Impact Case Studies

The article features three case studies illustrating the diverse and high-impact interventions of member clinics:

• The MIT Cybersecurity Clinic supports city governments in New England, focusing on risk assessments and policy updates to increase local governance capacity. Students engage in rigorous experiential learning, negotiating with city managers and drafting actionable policy documents. The clinic distilled the industry-leading NIST Cybersecurity Framework from its 108 controls to 23 core controls most relevant to small organizations. The streamlined assessment framework has been shared across the Consortium network.

• The Indiana University (IU) Cybersecurity Clinic works extensively with small and rural municipalities, private utility providers, and nonprofits in the Midwest. IU’s interdisciplinary teams focus on governance audits, the development of formal incident response plans, and helping organizations secure cyber insurance. One notable case involved working with a Department of Housing and Urban Development (HUD)-funded community action agency serving 60,000 low-income residents, where IU teams identified vulnerabilities and recommended improvements.  Students also learn to translate technical findings into actionable policies within municipal codes and procurement rules. 

• The UC Berkeley Cybersecurity Clinic focuses on defending politically vulnerable nonprofits (such as human rights and election-integrity groups) that are often targeted in hybrid conflicts and disinformation campaigns. Through its work with organizations like reproductive health providers and election-integrity advocates, the UC Berkeley Cybersecurity Clinic demonstrates that civil society resilience is integral to national security. As of Fall 2025, the clinic at Berkeley had supported more than 230 nonprofits in strengthening their cybersecurity defenses. By defending civil society organizations, the clinic contributes to our nation’s democratic durability: strengthening our democratic institutions against interference from adversaries.

Cultivating the Future Workforce

Clinics also directly address the major national challenge of workforce shortages. As of early 2025, there were over 450,000 unfilled cybersecurity jobs. They provide a practical solution to the paradox of “entry-level” jobs demanding prior experience by providing students with hands-on learning via real-world client engagements. Students build technical, policy, and communication skills in live operational environments, ensuring their work is both high-quality and aligned with professional standards. This cultivates a next-generation workforce oriented toward public-interest cyber pathways.

A Scalable Model: The Consortium of Cybersecurity Clinics

The clinic model’s effectiveness and scalability are driven by the innovations developed in the Consortium of Cybersecurity Clinics’ member clinics.

With 56 total members, the Consortium includes large research universities, small liberal arts colleges, community colleges, women’s colleges, and minority-serving institutions. Member clinics co-develop curricula, define best practices, and refine standardized methodologies that are shared and adapted by peers. 

In conclusion, the Cyber Defense Review article argues that clinics are a field-tested model for strengthening national cyber resilience. The Consortium is transforming these efforts into a scalable cyber infrastructure that protects communities, supports critical services, and cultivates the cybersecurity workforce needed for tomorrow. 

This article is an exciting first example of collaborative research and peer-reviewed scholarship on cybersecurity clinical education from the Consortium. Congratulations to the authors, Isak Nti Asare, Scott Shackelford, Jungwoo Chun and Sarah Powazek, for trailblazing this field of work, and thank you for your time, expertise, and dedication to supporting cybersecurity clinics.

On November 13, 2025, 135 students from more than 30 colleges and universities met for the Fall 2025 “Clinic of Clinics.” This biannual event, held by the Consortium of Cybersecurity Clinics, gave these future cybersecurity professionals the opportunity to connect with their peers while hearing from a panel of current experts in the field. 

The Consortium of Cybersecurity Clinics is a collaborative network of cybersecurity clinics, which are higher education-based programs that train students to provide pro-bono, cybersecurity capacity-building services to real organizations in their communities. Since its inception, the Consortium’s member clinics have trained over 3,700 students in service of more than 900 combined clients. 

Cybersecurity Journeys   

Introducing a panel featuring clinic alumni, panel moderator Jonathan Edward, Co-Founder and CEO of New Harbor, a company specializing in automated security services for small organizations, stated, “there is no single way to build a career in this field.” The three panelists only further proved this point as they shared their journeys from students to the professionals they are today. 

A Day in the Life  

After sharing their stories, the panelists spoke on what a typical workday entails for a cybersecurity professional. 

For example, Huang works in incident response at CrowdStrike, where she is responsible for taking immediate action when an attack occurs. She is the first person on the scene to analyze the who, what, where, why, and how of the attack, and while she needs a host of technical skills to be able to analyze these attacks, she stressed the empathy her job requires, as she always shows up in the midst of a crisis. Huang also stressed the importance of focusing on social engineering, as it is the cause of a significant portion of cyberattacks. 

Brown, on the other hand, works to ensure her clients follow all necessary requirements to comply with various standards, such as International Organisation for Standardization (ISO) and System and Organization Controls (SOC), walking them through various steps of the certification process. In addition to technical skills, Brown’s work requires a vast knowledge of the cybersecurity standards and requirements different organizations must comply with to strengthen their cybersecurity posture and meet customer requirements. 

While his fellow panelists’ work focuses primarily on consulting, Gilmore explained that he spends his days developing code. He works with a small team to create fast, simple, and secure solutions for his clients, and he stressed the importance of collaboration and continued learning.  

Advice for Clinicians  

Wrapping up, the panelists took a moment to consider what they had learned since their time as clinicians, and they offered the following advice to the attendants:

1. “Find something you are passionate about and be confident in it.” Brown stressed the importance of finding specific areas or projects that are personally exciting. She has found this passion not only improves overall work performance but can help someone stand out to potential employers.
    
2. “Leverage the skills you already have.” Gilmore emphasized the importance of using one’s current skillset in unique ways to gain opportunities in a new field.
    
3. “There is always something more to learn.” Huang highlighted the importance of accepting that it is impossible to know everything in one’s field, which is why being a professional means continually learning and improving.  

Q&A Session  

After the panel, students were given the opportunity to ask the panelists questions directly. Questions focused on becoming more involved and eventually securing a job in the cybersecurity field, as many attendants either recently entered or will soon be entering the job market. Their advice can be summed up in three key takeaways.

1. Always seek out people and opportunities that can help you learn more.  
2. Find or create a project of your own to stand out.  
3. Get comfortable with admitting when you don’t know something. 

Breakout Sessions  

The session concluded with students being moved into breakout rooms, where they were able to connect with their peers and share their clinic experiences. Using the prompts provided, students engaged in meaningful discussions about their own cybersecurity journeys.  

Final Reflections  

Demonstrated by the panelists’ remarks, the Fall 2025 Clinic of Clinics highlighted some of the most important traits in a cybersecurity professional: a continuing desire to learn and a passion for this work. As the field of cybersecurity continues to evolve, events like this will serve as an opportunity for each new generation of professionals to engage in the never-ending quest to improve.