Empower your business with Coro’s unmatched cybersecurity solutions and partner resources designed to maximize your revenue potential and drive exponential growth across global markets.
Choose Coro for seamless, AI-driven cybersecurity. No integration required—just powerful protection across all endpoints with a single, easy-to-use platform.
Explore our collection of recorded product demonstrations to witness Coro in action.
See how much time you could save with Coro guarding your business:
Instantly handle 95%+ of email threats
Monitor cloud app security from a single dashboard
Protect devices across the threat landscape
Prevent data loss with a deceivingly simple solution
Start a Free Trial
Try Coro for Free for the Next 30 Days
Build Your Compliance Report
Does your business satisfy security regulations? Take the survey to learn how your industry, services, and location can impact your compliance posture.
Law schools and medical schools have used the “clinical” model for years. These clinics have given students access to patients and clients with limited resources so that they could gain valuable real-world experience. This model—and all of its benefits—are now being applied to the field of cybersecurity.
Cybersecurity clinics are training students and helping them strengthen the defenses of non-profits, small businesses, and schools. With the help of experts, these students are assisting schools in cybersecurity protection while gaining valuable experience.
More than a dozen schools joined forces to form a Consortium of Cybersecurity Clinics in 2021. Since then, Google has invested millions in order to expand the program across the US. This can provide a potential lifeline for schools that need cybersecurity assistance?
Why participate in a cybersecurity clinic?
So, why would you work with a clinic? Or start one of your own? There are multiple benefits.
Benefits for students
Clinics provide students with practical experience in cybersecurity, which is valuable for future employment. Students can work with clients from different sectors and backgrounds, gaining a wider understanding of cybersecurity challenges and diverse practical experience and exposure. It can also be incredibly rewarding to give back to communities.
Benefits for the community
Clinics provide proactive assessments to public interest organizations neglected by the cyber market. Instructors teach risk assessments, incident response strategies, penetration testing, ransomware training, and tabletop simulations. This means that these organizations can strengthen their defenses against cyberattacks, while helping to develop a pipeline of qualified cybersecurity professionals.
Municipalities, organizations, and hospitals need cyber skills more than ever, and clinics offer passionate and experienced candidates. Although many clinic alumni work in the private sector, some are employed by their former clients.
Benefits for the school
Schools with cybersecurity clinics can build a reputation for excellence in cybersecurity education They may even be eligible for grants from government agencies and private foundations. Any faculty that is involved in a clinic can stay up-to-date on the latest cybersecurity threats and trends.
What do you need to start a clinic?
Higher education cybersecurity clinics are poised to become a major source of cyber talent. All you really need is a commitment from the faculty, local partners and some support.
Find a champion
Many clinics start with just one champion. That champion has the difficult task of ideating, getting buy-in, and looking for ways to fund the clinic, so it has to be someone that has administrative support, flexibility, and enough time to serve at the clinic itself. Building a clinic can take multiple hours of hard work over months or even years. A senior professor or teacher without tenure-track merit reviews will probably not be able to devote enough of their time to the project. On the other hand, seniors may have more academic and administrative support and resources on their hands. Look for a champion that matches your unique needs.
Find support
Finding support from the faculty or academic officials may mean adding a course to the catalog or getting access to school funding and other resources. Some clinics have found help from academic officials, or alliances with different disciplines so that they can cross-list clinic courses or invite participation from more than one degree program. This will boost student talent and the diversity of skills the clinic brings to the table. For instance, not all colleges are able to offer cybersecurity as a degree or elective. But many students have several abilities that perfectly position them to work in the field.
Don’t restrict yourself. Many programs are open to all campuses/degrees. For example, Indiana University invited all business, legal and social science majors, including graduates and undergraduates, to join their clinic. This meant that several students from t
Department of Urban Studies and Planning signed up as part of a cross-listed programme in Computer Science. They were able to receive extra credit, despite being part of a program that has limited electives.
Work towards a vision
Before the clinic launches, you have to have a clear vision of where you’d like it to go. This doesn’t have to be chosen from scratch – there are plenty of existing models to choose from. Answer key questions like:
Which communities do we want to serve?
How does the clinic fit in with our goals as an institution/department?
How can this benefit students?
What resources will we need? Why will we need them? Where will we find them?
Combine all of your decisions and answers into a clear vision document. This can be disseminated across the institution to get buy-in from important stakeholders.
Find local partners
Local partners can assist a new clinic connect with companies and communities that need them the most. Many clinics work with reputable local hubs to advocate the clinic programme to potential customers and identify clients who might benefit the most from free services. A funding proposal that is disseminated through a local partner may be more likely to be approved because it ensures the new clinic’s long-term viability.
Class: This is the most common model, with clinics offered as standalone courses over a semester. Students receive academic credit for their work, often while learning theoretical and practical aspects of cybersecurity.
Capstone project: This model integrates a client consulting project into an existing cybersecurity or related course. Engagements are typically shorter than semester-long clinics, focusing on specific tasks or projects.
Club or internship: These clinics operate year-round, offering students opportunities to participate outside of traditional class schedules. Engagements can be longer-term, allowing for deeper client interaction and follow-up. Students often receive no academic credit but gain valuable experience.
Paid internship: This model compensates students for their time, typically 1-6 hours per week, working on client projects outside of class time. This provides income while gaining experience, but may require additional funding mechanisms.
The best model depends on various factors like university structure, faculty availability, funding options, and desired student learning outcomes.
Selecting clientele
While most cybersecurity clinics aim to help “target-rich, cyber-poor” organizations like small businesses or local municipalities, the specific model for client engagement and instruction varies. Some clinics choose to work with a specific type of organization, allowing them to tailor lessons and advice to unique needs and foster deeper client-student relationships.
Others opt for broader risk assessments, reaching a wider range of clients but requiring adaptation of services. Faculty-led clinics streamline curriculum and partner management, leveraging faculty expertise but demanding dedicated time and support. Lecturer-led models offer flexibility in instructor selection and expertise, but may require additional faculty guidance for students. Industry instructors bring real-world experience and networks to the table, while private sector volunteers can enhance student support. Ultimately, the best model depends on institutional resources, faculty expertise, student needs, and community focus.
Funding
While some clinics enjoy strong institutional support, covering operational costs entirely or partially, others must explore diverse funding avenues.
Departments or student tuition can contribute to the clinic’s budget, or the university can organize fundraising campaigns just for the clinic.
You can also collaborate with your institution’s fundraising team to identify potential donors interested in cybersecurity education, workforce development, or experiential learning programs. Prepare a concise summary highlighting your clinic’s vision, personnel, activities, and impact to attract donors.
Alternatively, you can explore federal and state funding opportunities for cybersecurity workforce development, like NSF and NCAE-C.
Final thoughts
Remember, starting a successful clinic requires careful planning, collaboration, and ongoing commitment. By leveraging available resources and focusing on your school’s unique needs, you can contribute to building a more secure and resilient technological landscape for your students and community.
For more, check out this webinar about building a cybersecurity clinic, featuring staff members from MIT and Mass Cyber Center.
