More than 30 individuals affiliated with the Consortium of Cybersecurity Clinics attended the June 2024 Cyber Civil Defense Summit in Washington D.C., joining more than 150 additional cyber defenders, academics, and policymakers who share a mission of protecting under-resourced community organizations against cybersecurity threats. This was the second convening of the day-long annual conference — orchestrated by the UC Berkeley Center for Long-Term Cybersecurity (CLTC), which co-founded and co-chairs the Consortium, and made possible with a grant from Craig Newmark Philanthropies. 

Consortium representatives engaged throughout the robust agenda, scoped under the theme “Data Driven Resilience.” The Summit’s panels and presentations surfaced a range of valuable insights, including how volunteer-based programs like cybersecurity clinics are essential — but more must be done to provide incentives and fill the talent pipeline. 

Read more takeaways from the Summit on the CLTC website:
https://cltc.berkeley.edu/2024/07/18/eight-key-takeaways-from-the-cyber-civil-defense-summit/

Want to start a clinic? Check our our resources and learn more about our community of 33 (and counting!) members. 

The Consortium of Cybersecurity Clinics is pleased to announce that Matthew Nagamine will serve as Membership Director, responsible for developing and implementing strategic priorities for the Consortium, onboarding and stewarding member clinics, and working with Consortium leadership to achieve its mission of launching a university, college, or community-college based clinic in all 50 U.S. states by 2030. 

We sat down with Matt to learn more about his background, what he’s most looking forward to in his new role, and his vision for the Consortium.

Matt Nagamine has been CLTC’s Manager of Strategic Partnerships since 2018, where he has cultivated impactful relationships with key partners and allies to support CLTC’s programs. During his tenure Matt has managed multiple flagship projects including Cybersecurity Futures 2030 and CLTC’s Research Grants Program. In early 2021, Matt played a key role in getting the Consortium of Cybersecurity Clinics up and running. He researched and built the first backend systems for the Consortium, set-up monthly meetings, managed an RFP for Members, administered grants, and helped with the first Clinic of Clinics student networking event. Matt also co-led the creation and implementation of CLTC’s Diversity, Equity, Inclusion and Belonging strategic plan.

Matt earned his bachelor’s degree in Political Science with a minor in African American Studies from UC Berkeley, where he conducted research in Professor Nikki Jones’ Justice Interactions Lab, exploring the intersections of race, gender, and justice.

---

What attracted you to the Consortium’s mission?

What’s not to love? The Consortium’s purpose is to support a network of colleges and universities in building and growing cybersecurity clinics. These clinics educate and train students for the cybersecurity workforce while helping protect vulnerable organizations from cyber attacks. I was fortunate to contribute to the Consortium in 2018 by building the first back-end systems, setting up the first monthly meetings, facilitating an RFP that administered the Consortium’s first grants to members. Since then, I’ve had a front row seat observing how the Consortium has made clinics more effective by facilitating information sharing among members—and how making this knowledge accessible to others has significantly lowered the barriers for more universities to establish clinics of their own.

What will you be doing as Membership Director? What do you hope to achieve in the role?

In recent months, the Consortium has experienced a tremendous amount of growth, with new members in many states, major investments from funders, and increased visibility at the NICE cybersecurity conference and Cyber Civil Defense Summit. The Consortium now needs full-time support from someone who can provide leadership, structure, and organization for its members. As the Membership Director, I aim to drive both short- and long-term strategies that will significantly enhance the membership experience and the Consortium’s ability to support clinics in delivering high-quality training for students and services for their clients.

What aspects of the role most excite you?

I am most excited to meet, support, and work alongside this incredible group of cyber civil defenders. The Consortium and its members—an impressive and diverse network of academic institutions, including community colleges, Minority Serving Institutions (MSIs), tribal colleges, and international universities—are already doing amazing work. I’m fired up about helping these members become better connected and more effective through their membership.

Clinics are often championed for helping defend “civil society” and to grow and diversify the cyber workforce – why is this important, broadly, and to you personally?

This model addresses two major gaps in the cybersecurity field: 1) helping low-resource or otherwise vulnerable organizations that are providing crucial services to their communities to improve their cybersecurity posture with no-cost, direct assistance; and 2) equipping students, including many traditionally under-represented in the field of cybersecurity, with practical skills and real-world experiences that are transferable to the cybersecurity job market. Filling these gaps is crucial to achieving more secure and more equitable cybersecurity outcomes for everyone. I believe in and am excited to contribute to the grassroots, community-based approaches that Consortium members take to expand who participates in and has access to cybersecurity.

What’s something you want the Consortium of Cybersecurity Clinics community to know about you?

Last year, I led CLTC’s Cybersecurity Futures 2030 initiative, in partnership with the World Economic Forum’s Centre for Cybersecurity, which gathered global perspectives on how cybersecurity will evolve by 2030, providing decision-makers with strategic foresight to improve the decisions they make today. Through this work, I truly understood the importance of incorporating diverse perspectives to understand and solve issues. This experience reinforced my commitment to inclusive practices and to cybersecurity on a global scale.

What have you learned from working in the cybersecurity field that you’ll take with you?

Relationships and collaboration have been at the core of my work managing strategic partnerships at the UC Berkeley Center for Long-Term Cybersecurity (CLTC). I’ve learned that the most complex challenges in cybersecurity often can only be addressed through strong, trustworthy partnerships. I think this is true for Consortium members and the student and client communities they serve. These lessons will guide me in my role as Membership Director, helping to support our members and advance our mission.

Google.org’s $25M+ investment in 25 cybersecurity clinics by 2025 is helping expand the Consortium of Cybersecurity Clinics nationwide

BERKELEY, CA – Fifteen colleges, universities, and collaborative initiatives across the United States will receive $1 million grants and additional support from Google’s Cybersecurity Clinics Fund to launch new cybersecurity clinics. The funding from Google.org, the company’s philanthropic arm, is part of a $25-million+ investment to develop 25 U.S.-based clinics by 2025, in collaboration with the Consortium of Cybersecurity Clinics.

Similar to pro bono clinics in schools of law and medicine, cybersecurity clinics provide students with hands-on experience in digital security as they protect the networks of critical infrastructure like hospitals, schools, energy grids, as well as non-profits and other public interest organizations.

“Google’s transformative investment is catalyzing cybersecurity for the public good,” said Ann Cleaveland, Co-Founder and Co-chair of the Consortium of Cybersecurity Clinics and Executive Director of the UC Berkeley Center for Long-Term Cybersecurity, the Consortium’s administrative home.

“We congratulate the recipients and applaud these awards,
which propel forward the vision of the Consortium of Cybersecurity Clinics
to establish a cybersecurity clinic in every U.S. state by 2030.”

Ann Cleaveland

“After several years of working with public agencies in New England, it is now clear that college-based cybersecurity clinics can be the key to protecting critical urban infrastructure from cyber attack,” said Professor Larry Susskind, Co-Chair of the Consortium and Director of the MIT Cybersecurity Clinic. “The new clinics will expand the Consortium’s coverage to almost half the states in America. Clinics provide hands-on instruction while allowing their colleges and universities to meet their social responsibilities.”

According to the World Economic Forum’s 2024 Global Risks Report, cyber insecurity remains one of the top 10 global risks over the next 10 years. Americans filed 880,418 complaints with the FBI’s Internet Crime Complaint Center (IC3) in 2023, with potential losses exceeding $12.5 billion — a 22% increase compared to 2022. Meanwhile, there are nearly 450,000 open cybersecurity jobs available in the U.S, according to CyberSeek, and employment of information security analysts is projected to grow 32 percent from 2022 to 2032, according to the U.S. Bureau of Labor Statistics.

Cybersecurity clinics are a “win-win,” as they provide a diverse pool of students with hands-on cybersecurity training while protecting under-resourced community organizations from cyber threats. Clinics were included as part of the Biden-Harris Administration’s National Cyber Workforce and Education Strategy (NCWES), which encourages colleges, universities, and state, local, tribal, and territorial governments “to increase the use of hands-on learning opportunities, such as cyber clinics and cyber ranges, to enable students to work directly with organizations in their communities and develop cyber skills in simulated environments.” The Cybersecurity and Infrastructure Security Agency (CISA) also recently published a resource guide for university cybersecurity clinics, noting that “clinics act as force-multipliers for our mission to strengthen target-rich, resource-poor organizations.”

“The world is in a moment where emerging technologies, like AI, are creating both new opportunities and threats in the world of cybersecurity,” said Heather Adkins, VP of Security Engineering at Google. “It’s essential that we invest in growing a strong, diverse, and widespread cybersecurity workforce to help protect everyone — from critical infrastructure to small businesses and schools. The 15 clinics that we’re helping to establish serve a wide variety of students across all corners of the U.S. and we’re excited to see the impact they’ll have in their local communities.” 

“Google’s continued investment in expanding the reach and impact of university-based cybersecurity clinics will have a major impact for decades to come. We’re thrilled to be at the forefront of this movement that is training a diverse new generation of cybersecurity professionals and developing digital defenses for critical community organizations.”

Carol Christ, Chancellor, UC Berkeley

In addition to grant funding, Google will provide the new clinics with volunteer mentorship from Google employees, as well as Titan Security Keys and scholarships for the new Google Career Certificate in Cybersecurity.  As part of the investment in cybersecurity clinics, Google also made a $2.2M grant in 2023 to support the Consortium’s efforts to build the capacity of clinics nationwide, including mentoring new clinics, sharing teaching resources, and conducting research across the network of clinics to better serve the public interest. 

Chosen from over 200 applications, the 15 colleges, universities, and collaborations selected to receive the $1 million grants are:

• Benjamin Franklin Cummings Institute of Technology
• The Cyber Center of Excellence (CCOE), a non-profit collaborative that includes California State University San Marcos, National University, and San Diego State University
• Dakota State University
• Eastern Washington University
• The National Security Institute at George Mason University’s Antonin Scalia Law School, in collaboration with Howard University 
• Northeastern State University 
• Spelman College
• The University of Texas at El Paso 
• Tougaloo College
• Trident Technical College 
• Turtle Mountain Community College 
• The University of Arizona 
• The University of Hawaii – Maui College 
• The University of North Carolina Greensboro
• West Virginia State University

The grantees serve diverse student populations, including rural communities and students attending two-year institutions, and span a variety of Minority-Serving Institution designations, including Asian American and Native American Pacific Islander-Serving Institutions (AANAPISI), Hispanic-Serving Institutions (HSI), Historically Black Colleges and Universities (HBCU), Native Hawaiian Pacific Islander Serving Institutions, Tribal Colleges, and Native American-Serving Nontribal Institutions. The new clinics will bring the Consortium of Cybersecurity Clinic’s total presence to 32 cybersecurity clinics in 22 states plus the District of Columbia. 

Craig Newmark Philanthropies’ Cyber Civil Defense Initiative helped launch and establish the Consortium as a national platform. Other early supporters of the Consortium include the William and Flora Hewlett Foundation, the Fidelity Charitable Trustees’ Initiative, and New America’s Public Interest Technology University Network (PIT-UN).  

Students and faculty from 18 university-based cybersecurity clinics convened virtually to network and learn about the student-led Cyber Clinic at the University of Nevada Las Vegas

On April 18, the Consortium of Cybersecurity Clinics hosted its Spring 2024 “Clinic of Clinics”, a semesterly virtual event for students participating in cybersecurity clinics around the country to network, learn from experts in the field, and partake in group activities. This spring, 70 students from 18 different universities participated.

The event kicked off with a warm welcome from Ann Cleaveland, the Center for Long-Term Cybersecurity’s (CLTC) Executive Director, and Sarah Powazek, Director of CLTC’s Public Interest Cybersecurity Initiative. Both congratulated the Consortium on its recent growth.

Students then seized the opportunity to get better acquainted and network, grouping into breakout rooms to connect and learn more about the work being accomplished by their colleagues at other clinics. Attendees later regrouped to watch a presentation from the University of Nevada, Las Vegas’ (UNLV) Cyber Clinic, who showcased some internal tools and a training simulation students developed to teach new members. 

Mathew Salcedo and Angel Garcia, two co-founders of UNLV’s Cyber Clinic, explained how their clinic specializes in providing free cybersecurity services to small local businesses in the Las Vegas valley. 

The vast majority of clinics in the Consortium are faculty-led and taught as a semester-long course. UNLV’s Cyber Clinic is unique in that it operates as a student-led club, with support from faculty advisors, and operates year-round. This arrangement enables Cyber Clinic members to provide services to clients on an at-need basis, gives students more opportunities to gain experience working with different clients, and builds their skills over the course of their academic careers.

Salcedo and Garcia showcased the web portal application they created for their clinic. The portal is one of many internal tools their students have developed for Cyber Clinic, which serves to streamline clinic operations.

“Most of UNLV’s members have backgrounds in computer science, information systems, and cybersecurity. Many have an interest in software development,” said Salcedo. “This project allowed for some of our members to practice their programming and software development skills. Web applications are a very big portion of cybersecurity. In the past, members have been able to conduct penetration assessments or tests on our own website, too.” 

Garcia explained to the audience how UNLV clinic students access the portal using an email and password, landing at a central dashboard that hosts a timesheet application for members to track their volunteering hours working on cases for clients. The dashboard also featured a training library, where students can access and track completed cybersecurity certification training– including student-developed training and the CompTIA Security+ certification.

UNLV also shared their innovative approach to onboarding their clinic’s new members. Cyber Clinic’s leadership built a training simulation in Minecraft to prepare new members for conducting client site visits and train students how to identify cyber and operational risks in small businesses. At the “Clinic of Clinics” event, Salcedo and Garcia demoed a gameplay walkthrough of their Minecraft  simulation, which was modeled after the Krusty Krab restaurant from the Spongebob Squarepants television show. 

“We tried to incorporate every kind of cyber and operational security problem you may run into when working for a client,” said Salcedo. “We’ve tried to include, virtually, as many different problems and security risks that we’ve actually seen in restaurants or in small businesses in this simulation.” 

The simulation recreates a business owner’s office, visualized as Mr. Krabs office, complete with computers, smartphones, and tablets functioning as the point-of-sale system. Users can interact with these devices to evaluate their cybersecurity practices and identify any potential vulnerabilities.

What a journey this past year has been for us at the Consortium of Cybersecurity Clinics! As we embark on 2024, we’re eager to reflect on last year’s accomplishments and share new data collected from the 2022-23 academic year on the growth of the cybersecurity clinics.

Training More Students Than Ever Before

University-based cybersecurity clinics provide hands-on training to students from diverse backgrounds and academic expertise. This training initiative aims to strengthen the digital defenses of community organizations that often fall through the cracks of cyber defense, as well as train the next generation of cyber civil defenders.

Our latest data shows that over 880 students nationwide have benefitted from this training initiative. Moreover, the 2022-23 academic year marked a significant milestone for the Consortium, with a record-breaking number of over 450 students trained – a 150 percent increase from the previous year. This cohort represents the largest group of students trained in the Consortium’s five-year history.

Expansion of the Clinics Model

Since its inception five years ago in 2018, our network of university-based cybersecurity clinics has grown to encompass 15 active clinic locations. Our clinics now spread across nine different states, bringing us closer to our ultimate goal of launching a university cybersecurity clinic in all 50 U.S. states by 2030. 

The Consortium is committed to expanding the reach and impact of cybersecurity clinics in partnership with Google.org, which is committing more than $20 million dollars to support the creation and expansion of cybersecurity clinics at 20 higher education institutions across the United States.

80+ Public Interest Organizations Served

Many public interest organizations that provide essential public services lack the resources for basic cybersecurity self-defense. Our university-based cybersecurity clinics provide pro bono assistance to these kinds of “target-rich, resource-poor” organizations to help them develop long-term cybersecurity defense, increase their resilience, and expand their cyber security capacity.

Over the past five years, our clinics have supported 83 local and regional resource-strapped organizations with cybersecurity assistance. 

Clinics served a diverse range of public interest-aligned clients in the 2022-23 academic year. Non-profit organizations comprised over half of our clients (52%), with local governments following as the second-largest group served (18%). Additionally, Small businesses (10%) , K-12 education institutions (8%), and healthcare organizations (6%) made up a significant portion of our clientele, underscoring the breadth of our impact across various sectors.

The Work Ahead

The Consortium is proud of the expansion of the clinic model and the positive results this initiative has had for cybersecurity students and community organizations across the country.

Thank you for being a part of our journey. We look forward to continuing our mission to amplify the upside of the digital revolution and ensure that everyone can safely benefit from what technology has to offer. We cannot wait to see how the Consortium of Cybersecurity Clinics continues to grow and make an impact for public interest organizations in the coming year.

Stay tuned for more updates from the Consortium of Cybersecurity Clinics!