Author: Rachel Wesen

Google Fund to Help Colleges and Universities Launch 15 New Cybersecurity Clinics across the U.S.

Google.org’s $25M+ investment in 25 cybersecurity clinics by 2025 is helping expand the Consortium of Cybersecurity Clinics nationwide

BERKELEY, CA – Fifteen colleges, universities, and collaborative initiatives across the United States will receive $1 million grants and additional support from Google’s Cybersecurity Clinics Fund to launch new cybersecurity clinics. The funding from Google.org, the company’s philanthropic arm, is part of a $25-million+ investment to develop 25 U.S.-based clinics by 2025, in collaboration with the Consortium of Cybersecurity Clinics.

Elijah Baucom (center), director of UC Berkeley’s cybersecurity clinic, pictured with current clinic students.

Similar to pro bono clinics in schools of law and medicine, cybersecurity clinics provide students with hands-on experience in digital security as they protect the networks of critical infrastructure like hospitals, schools, energy grids, as well as non-profits and other public interest organizations.

“Google’s transformative investment is catalyzing cybersecurity for the public good,” said Ann Cleaveland, Co-Founder and Co-chair of the Consortium of Cybersecurity Clinics and Executive Director of the UC Berkeley Center for Long-Term Cybersecurity, the Consortium’s administrative home.

“We congratulate the recipients and applaud these awards,
which propel forward the vision of the Consortium of Cybersecurity Clinics
to establish a cybersecurity clinic in every U.S. state by 2030.”

Ann Cleaveland

“After several years of working with public agencies in New England, it is now clear that college-based cybersecurity clinics can be the key to protecting critical urban infrastructure from cyber attack,” said Professor Larry Susskind, Co-Chair of the Consortium and Director of the MIT Cybersecurity Clinic. “The new clinics will expand the Consortium’s coverage to almost half the states in America. Clinics provide hands-on instruction while allowing their colleges and universities to meet their social responsibilities.”

According to the World Economic Forum’s 2024 Global Risks Report, cyber insecurity remains one of the top 10 global risks over the next 10 years. Americans filed 880,418 complaints with the FBI’s Internet Crime Complaint Center (IC3) in 2023, with potential losses exceeding $12.5 billion — a 22% increase compared to 2022. Meanwhile, there are nearly 450,000 open cybersecurity jobs available in the U.S, according to CyberSeek, and employment of information security analysts is projected to grow 32 percent from 2022 to 2032, according to the U.S. Bureau of Labor Statistics.

Cybersecurity clinics are a “win-win,” as they provide a diverse pool of students with hands-on cybersecurity training while protecting under-resourced community organizations from cyber threats. Clinics were included as part of the Biden-Harris Administration’s National Cyber Workforce and Education Strategy (NCWES), which encourages colleges, universities, and state, local, tribal, and territorial governments “to increase the use of hands-on learning opportunities, such as cyber clinics and cyber ranges, to enable students to work directly with organizations in their communities and develop cyber skills in simulated environments.” The Cybersecurity and Infrastructure Security Agency (CISA) also recently published a resource guide for university cybersecurity clinics, noting that “clinics act as force-multipliers for our mission to strengthen target-rich, resource-poor organizations.”

“The world is in a moment where emerging technologies, like AI, are creating both new opportunities and threats in the world of cybersecurity,” said Heather Adkins, VP of Security Engineering at Google. “It’s essential that we invest in growing a strong, diverse, and widespread cybersecurity workforce to help protect everyone — from critical infrastructure to small businesses and schools. The 15 clinics that we’re helping to establish serve a wide variety of students across all corners of the U.S. and we’re excited to see the impact they’ll have in their local communities.” 

“Google’s continued investment in expanding the reach and impact of university-based cybersecurity clinics will have a major impact for decades to come. We’re thrilled to be at the forefront of this movement that is training a diverse new generation of cybersecurity professionals and developing digital defenses for critical community organizations.”

Carol Christ, Chancellor, UC Berkeley

In addition to grant funding, Google will provide the new clinics with volunteer mentorship from Google employees, as well as Titan Security Keys and scholarships for the new Google Career Certificate in Cybersecurity.  As part of the investment in cybersecurity clinics, Google also made a $2.2M grant in 2023 to support the Consortium’s efforts to build the capacity of clinics nationwide, including mentoring new clinics, sharing teaching resources, and conducting research across the network of clinics to better serve the public interest. 

Chosen from over 200 applications, the 15 colleges, universities, and collaborations selected to receive the $1 million grants are:

  • Benjamin Franklin Cummings Institute of Technology
  • The Cyber Center of Excellence (CCOE), a non-profit collaborative that includes California State University San Marcos, National University, and San Diego State University
  • Dakota State University
  • Eastern Washington University
  • The National Security Institute at George Mason University’s Antonin Scalia Law School, in collaboration with Howard University 
  • Northeastern State University 
  • Spelman College
  • The University of Texas at El Paso 
  • Tougaloo College
  • Trident Technical College 
  • Turtle Mountain Community College 
  • The University of Arizona 
  • The University of Hawaii – Maui College 
  • The University of North Carolina Greensboro
  • West Virginia State University

The grantees serve diverse student populations, including rural communities and students attending two-year institutions, and span a variety of Minority-Serving Institution designations, including Asian American and Native American Pacific Islander-Serving Institutions (AANAPISI), Hispanic-Serving Institutions (HSI), Historically Black Colleges and Universities (HBCU), Native Hawaiian Pacific Islander Serving Institutions, Tribal Colleges, and Native American-Serving Nontribal Institutions. The new clinics will bring the Consortium of Cybersecurity Clinic’s total presence to 32 cybersecurity clinics in 22 states plus the District of Columbia. 

Craig Newmark Philanthropies’ Cyber Civil Defense Initiative helped launch and establish the Consortium as a national platform. Other early supporters of the Consortium include the William and Flora Hewlett Foundation, the Fidelity Charitable Trustees’ Initiative, and New America’s Public Interest Technology University Network (PIT-UN).  

Consortium hosts Spring 2024 “Clinics of Clinics”

By Shannon Pierson |

Students and faculty from 18 university-based cybersecurity clinics convened virtually to network and learn about the student-led Cyber Clinic at the University of Nevada Las Vegas

On April 18, the Consortium of Cybersecurity Clinics hosted its Spring 2024 “Clinic of Clinics”, a semesterly virtual event for students participating in cybersecurity clinics around the country to network, learn from experts in the field, and partake in group activities. This spring, 70 students from 18 different universities participated.

The event kicked off with a warm welcome from Ann Cleaveland, the Center for Long-Term Cybersecurity’s (CLTC) Executive Director, and Sarah Powazek, Director of CLTC’s Public Interest Cybersecurity Initiative. Both congratulated the Consortium on its recent growth.

Students then seized the opportunity to get better acquainted and network, grouping into breakout rooms to connect and learn more about the work being accomplished by their colleagues at other clinics. Attendees later regrouped to watch a presentation from the University of Nevada, Las Vegas’ (UNLV) Cyber Clinic, who showcased some internal tools and a training simulation students developed to teach new members. 

Mathew Salcedo and Angel Garcia, two co-founders of UNLV’s Cyber Clinic, explained how their clinic specializes in providing free cybersecurity services to small local businesses in the Las Vegas valley. 

The vast majority of clinics in the Consortium are faculty-led and taught as a semester-long course. UNLV’s Cyber Clinic is unique in that it operates as a student-led club, with support from faculty advisors, and operates year-round. This arrangement enables Cyber Clinic members to provide services to clients on an at-need basis, gives students more opportunities to gain experience working with different clients, and builds their skills over the course of their academic careers.

Salcedo and Garcia showcased the web portal application they created for their clinic. The portal is one of many internal tools their students have developed for Cyber Clinic, which serves to streamline clinic operations.

“Most of UNLV’s members have backgrounds in computer science, information systems, and cybersecurity. Many have an interest in software development,” said Salcedo. “This project allowed for some of our members to practice their programming and software development skills. Web applications are a very big portion of cybersecurity. In the past, members have been able to conduct penetration assessments or tests on our own website, too.” 

Garcia explained to the audience how UNLV clinic students access the portal using an email and password, landing at a central dashboard that hosts a timesheet application for members to track their volunteering hours working on cases for clients. The dashboard also featured a training library, where students can access and track completed cybersecurity certification training– including student-developed training and the CompTIA Security+ certification.

UNLV also shared their innovative approach to onboarding their clinic’s new members. Cyber Clinic’s leadership built a training simulation in Minecraft to prepare new members for conducting client site visits and train students how to identify cyber and operational risks in small businesses. At the “Clinic of Clinics” event, Salcedo and Garcia demoed a gameplay walkthrough of their Minecraft  simulation, which was modeled after the Krusty Krab restaurant from the Spongebob Squarepants television show. 

“We tried to incorporate every kind of cyber and operational security problem you may run into when working for a client,” said Salcedo. “We’ve tried to include, virtually, as many different problems and security risks that we’ve actually seen in restaurants or in small businesses in this simulation.” 

The simulation recreates a business owner’s office, visualized as Mr. Krabs office, complete with computers, smartphones, and tablets functioning as the point-of-sale system. Users can interact with these devices to evaluate their cybersecurity practices and identify any potential vulnerabilities.

“Many [security] vulnerabilities have to do with the client’s computer, how they’re managing their passwords, what they’re doing with old devices, or where they’re storing important documents or financial documents on [business] premises.” 

The co-founders also plugged the UNLVs clinic’s cybersecurity podcast called, “Cyber Clinic Central”, with episodes available on Spotify. The podcast welcomes industry speakers to talk about their career paths as well as welcomes clinic members on to discuss a range of cybersecurity concepts. 

After the presentation, students engaged in further group discussions before CLTC concluded the session with the unveiling of this semester’s new “Clinic of Clinics” challenge coin design—colored a vibrant “cyber yellow”! Students can collect a new coin for each “Clinic of Clinics” they participate in.

CLTC thanks all those who participated in the session!  For more information about UNLV’s Cyber Clinic, visit freecyberclinic.org or email info@cyberclinicoffical.org 

Growth And Impact: Looking Back At Our 2022 to 2023 Academic Year

What a journey this past year has been for us at the Consortium of Cybersecurity Clinics! As we embark on 2024, we’re eager to reflect on last year’s accomplishments and share new data collected from the 2022-23 academic year on the growth of the cybersecurity clinics.

Training More Students Than Ever Before

University-based cybersecurity clinics provide hands-on training to students from diverse backgrounds and academic expertise. This training initiative aims to strengthen the digital defenses of community organizations that often fall through the cracks of cyber defense, as well as train the next generation of cyber civil defenders.

Our latest data shows that over 880 students nationwide have benefitted from this training initiative. Moreover, the 2022-23 academic year marked a significant milestone for the Consortium, with a record-breaking number of over 450 students trained – a 150 percent increase from the previous year. This cohort represents the largest group of students trained in the Consortium’s five-year history.

Expansion of the Clinics Model

Since its inception five years ago in 2018, our network of university-based cybersecurity clinics has grown to encompass 15 active clinic locations. Our clinics now spread across nine different states, bringing us closer to our ultimate goal of launching a university cybersecurity clinic in all 50 U.S. states by 2030. 

The Consortium is committed to expanding the reach and impact of cybersecurity clinics in partnership with Google.org, which is committing more than $20 million dollars to support the creation and expansion of cybersecurity clinics at 20 higher education institutions across the United States.

80+ Public Interest Organizations Served

Many public interest organizations that provide essential public services lack the resources for basic cybersecurity self-defense. Our university-based cybersecurity clinics provide pro bono assistance to these kinds of “target-rich, resource-poor” organizations to help them develop long-term cybersecurity defense, increase their resilience, and expand their cyber security capacity.

Over the past five years, our clinics have supported 83 local and regional resource-strapped organizations with cybersecurity assistance. 

Clinics served a diverse range of public interest-aligned clients in the 2022-23 academic year. Non-profit organizations comprised over half of our clients (52%), with local governments following as the second-largest group served (18%). Additionally, Small businesses (10%) , K-12 education institutions (8%), and healthcare organizations (6%) made up a significant portion of our clientele, underscoring the breadth of our impact across various sectors.

The Work Ahead

The Consortium is proud of the expansion of the clinic model and the positive results this initiative has had for cybersecurity students and community organizations across the country.

Thank you for being a part of our journey. We look forward to continuing our mission to amplify the upside of the digital revolution and ensure that everyone can safely benefit from what technology has to offer. We cannot wait to see how the Consortium of Cybersecurity Clinics continues to grow and make an impact for public interest organizations in the coming year.

Stay tuned for more updates from the Consortium of Cybersecurity Clinics!

Job Announcement: Consortium Membership Director

The Consortium of Cybersecurity Clinics is seeking a qualified individual for a full-time, year-round Membership Director position to support the Consortium in assisting universities around the country and the world with cybersecurity workforce development and protecting vulnerable organizations from cyberattacks.

The Membership Director supports the Consortium of Cybersecurity Clinics in assisting universities around the country and the world with cybersecurity workforce development and protecting vulnerable organizations from cyberattacks. The Consortium will be growing its membership by 10-20 or more universities and colleges over the next several years. This position works in close alignment with the Executive Committee of the Consortium of Cybersecurity Clinics, currently co-chaired by clinic leadership at the UC Berkeley Center for Long-Term Cybersecurity and the Massachusetts Institute of Technology. 

This is a fulltime, 2-year contract position with the possibility of extension and/or conversion to career.

More Information

Application Review Date

The First Review Date for this job is: March 23, 2024 – Open Until Filled

Responsibilities

Provides leadership, structure, and organization for the long-term effectiveness of the Consortium of Cybersecurity Clinics, with responsibility for administrative and programmatic activities. Leads short- and long- term planning, assesses effectiveness, and recommends changes to content, policies and procedures accordingly.

  • Conducts strategic planning and works with the Consortium’s faculty executive committee to develop and implement strategic priorities for the Consortium.
  • Develops annual program plans, including milestones/deliverables, timelines, monitoring and evaluation frameworks, and ecosystem development strategies.
  • Monitors progress toward Consortium-wide goals and objectives, through semi-annual review meetings to review milestones/outputs and plan/problem solve. Establishes and collects key data points from Consortium members and supports related research about the impact of cybersecurity clinics.
  • Prepares critical program outputs including briefing documents, donor reports, requests for proposals (RFPs), peer review protocols and templates, surveys, event concept notes and agendas.
  • Represents the Consortium in recurring partners meetings and regular management meetings to facilitate knowledge-sharing and collaboration, promote efficiency, and maintain clear channels for feedback and communication.
  • Conducts outreach, onboards, and stewards new members of the Consortium. Assesses the Consortium’s organizational effectiveness, and recommends changes to program’s content, policies and procedures to support the success of existing and new members of the Consortium.
  • Creates and implements improved processes to qualify, welcome, onboard and steward new members.
  • Oversees improvements to the Consortium’s backend infrastructure for member communication and information sharing; selects and supervises vendors to deliver results.
  • Ensures that lessons-learned are shared and elevated with Consortium membership, to continue raising the bar for clinic effectiveness.

Facilitates the efforts of Consortium leadership, clinic faculty at various institutions, allied organizations, volunteers, donors and state, local and federal officials to collaboratively strengthen cybersecurity clinics across the US and worldwide.

  • Facilitates collaborative problem-solving to reach solutions that benefit all parties.
  • Expands the Consortium of Cybersecurity Clinics clearinghouse of clinical resources with new collaborative content; hosts a community of practice around clinical education / technical assistance with peer clinics.
  • Develops symposiums, workshops and other convening events.
  • Engages the clinic alumni community and corporate partners as ambassadors and program volunteers.
  • Supports Consortium-wide programming related to skill development for students.
  • Participates in external initiatives such as the Public Interest Technology University Network.

Participates in workshops and publicity events, and provides public relations oversight and social media support.

  • Directs and manages professional PR / communications consultants, and student media interns to highlight the accomplishments of Consortium members
  • Authors blogs, op-eds and/or social media content that raise visibility for the cybersecurity clinic model and the Consortium and change the way policymakers, researchers, and practitioners think about digital security technical assistance.
  • Liaises with Consortium members to ensure that key research findings are communicated with the public and the field. Prepares collateral and data visuals that communicate impact and success stories.

Identifies and pursues funding opportunities and revenue streams.

  • In coordination with Consortium leadership and development staff, stewards relationships with a range of program sponsors (including corporate partners, foundations, and private donors), carefully tracking priorities and identifying overlapping interests.
  • Identifies and elevates funding opportunities that emerge from Consortium outreach, and helps connect member clinics to prospective funders.
  • Participates in budgeting and accounting processes to support a self supporting financial outlook for the Consortium.
  • Researches and plans for long-term governance and financial sustainability of the Consortium; presents options to the executive committee.

Required Qualifications

  • Bachelor’s degree in cybersecurity, law, science & technology studies, public policy, information science, business, non-profit management or a related area, or equivalent years of related work experience.  
  • Academic background in cybersecurity, law, science & technology studies, public policy, information science, business, non-profit management or a related area. 
  • Demonstrated success building membership-based organizations, multi-institution collaborations and/or network organizations. 
  • Advanced ability to work with an executive committee and/or advisory board to develop and implement a strategic plan.
  • Ability to oversee strategic communications and public relations, and establish a basic social media presence.
  • Demonstrated success with program building within an academic or other institution. Advanced program management skills, including project management, tracking deliverables, managing budgets, selection and supervision of vendors, and report writing. 
  • Advanced interpersonal skills. Ability to lead collaborations with leaders in the field and to convene internal and external peers and experts to achieve results.
  • Advanced oral and written communication skills.
  • Demonstrated evidence of a commitment to advancing diversity, equity and inclusion.
  • Ability to steward funders and other program supporters.

Preferred Qualifications

  • 8+ years of management experience in membership-based organizations, coalitions or associations.
  • Understanding of the unique digital security needs of under-resourced public interest organizations (such as public agencies, nonprofits, and small businesses).

Salary & Benefits

For information on the comprehensive benefits package offered by the University, please visit the University of California’s Compensation & Benefits website.

Under California law, the University of California, Berkeley is required to provide a reasonable estimate of the compensation range for this role and should not offer a salary outside of the range posted in this job announcement. This range takes into account the wide range of factors that are considered in making compensation decisions including but not limited to experience, skills, knowledge, abilities, education, licensure and certifications, analysis of internal equity, and other business and organizational needs. It is not typical for an individual to be offered a salary at or near the top of the range for a position. Salary offers are determined based on final candidate qualifications and experience. 

The budgeted salary or hourly range that the University reasonably expects to pay for this position is $120,000 to $160,000 annually. This is a 100% FTE, 2-year contract position eligible for full benefits.

Other Information

This is a fulltime, 2-year contract position with the possibility of extension and/or conversion to career.

More Information

Congressman Marc Veasey Advocates for Cybersecurity Clinics to Close Workforce Gaps and Strengthen National Security

Texas Congressman Marc Veasey recently spoke as an advocate for cybersecurity clinics, a trailblazing model that is scaling nationally and worldwide through the Consortium of Cybersecurity Clinics. 

Veasey, a member of the U.S. House of Representatives Committee on Energy and Commerce, made the remarks as part of a January 11 subcommittee hearing titled “Safeguarding Americans’ Communications: Strengthening Cybersecurity in a Digital Era.” The purpose of the hearing was to respond to the increasing frequency and complex nature of cyberattacks and mitigate the risks to America’s communications networks.

Congressman Marc Veasey

“Clinics offer a potential path to help increase the number of cybersecurity professionals and help [underrepresented] civil society organizations, state and local government agencies, and small and medium-sized businesses develop their cyber workforce security.“

Congressman Veasey

In Fall 2022, Congressman Veasey also introduced the Cybersecurity Clinics Grant Program Act, which would create a Department of Homeland Security (DHS) grant program to fund higher education-based cybersecurity clinics at community colleges and minority-serving institutions. The legislation would also require DHS to develop an experiential cybersecurity curriculum for grant recipients.

A recording and transcript of Congressman Veasey’s remarks can be found below.

“What a great hearing to talk about cybersecurity defenses — I think that we cannot have enough conversations about it. I think that we need to continue to do everything that we can to raise awareness amongst the American public and even empower individual Americans to do what they can in their own small businesses and homes to protect themselves. 

Last Congress, I introduced the Cybersecurity Clinics Grant Program Act. The bill would create a grant program at the Department of Homeland Security to fund higher education-based cybersecurity clinics at community colleges and minority-based institutions. 

Cybersecurity clinics are interactive, they’re personalized workshops that provide education on the importance of protecting devices, data, and identity from physical and digital compromise. It’s my belief that this model can really empower students and we can start working with people while they’re young — before they start their businesses and have to worry about their own households being compromised — on how they can protect themselves. 

The benefits of these clinics at higher education institutions are twofold: the first is that these clinics really do offer a potential path to help increase the number of cybersecurity professionals; and the clinics help [underrepresented] civil society organizations, state and local government agencies, and small and medium-sized businesses develop their cyber workforce security. 

Because again, I think that everyone is going to have to participate sooner or later in order to get this right. Efforts like these should help set the framework for a robust and strategic pipeline that can close the cyber workforce and skills gap while also strengthening our national security defenses domestically and globally.” 

Subscribe to the Consortium