CYSE 368

ODU Cybersecurity Clinic

Program Overview

CYSE 368 was an internship-style course built around the ODU Cybersecurity Clinic. The goal of the clinic was to support small businesses and public agencies in Hampton Roads that did not have the budget or staff for a full cybersecurity program. As student consultants, we helped these organizations improve their cybersecurity awareness, risk posture, and basic defenses, while we gained real-world experience working directly with clients.

The clinic ran as a 15-week program during the semester. At the start, we completed training on different cybersecurity modules and design thinking, so we understood both the technical side and the human side of working with clients. After training, we interviewed and met with our assigned client organizations, identified their biggest risks and needs, and then designed practical, realistic recommendations they could actually implement. Throughout the semester, we worked in teams under the supervision of ODU faculty and COVA CCI staff.

My Role in the Cyber Clinic

In Fall 2025, I served as a student cybersecurity consultant in the Cybersecurity Clinic. My team was assigned to work with a small organization that needed help understanding its cyber risks and building a stronger security foundation. I helped gather information from the client, ask clarifying questions about their current processes, and translate what we learned into clear, non-technical language they could use to make decisions.

My role focused heavily on risk and compliance thinking. I worked on identifying key assets, likely threats, and potential vulnerabilities, and then helped prioritize which issues were most important to address first. I also contributed to drafting written materials the client could reuse, such as basic policy language, security awareness guidance, and step-by-step next actions.

Types of Services and Projects

As a team, we provided support in several common Cyber Clinic service areas, including:

  • Cyber risk assessments – helping the client understand their current risk posture and where they were most exposed.

  • Cybersecurity policies and procedures – outlining simple, actionable policies to improve consistency and accountability.

  • Cybersecurity awareness and training – recommending ways to educate staff on phishing, passwords, account security, and safe use of technology.

  • SWOT analysis – identifying strengths, weaknesses, opportunities, and threats related to the client’s cybersecurity environment.

  • Best practices and next steps – aligning recommendations with widely accepted cybersecurity best practices so the client could keep improving after the clinic ended.

These projects required me to connect what I had learned in my courses—like risk management, policy, and technical fundamentals—to the real constraints of a small organization that did not have a full-time security team.

Skills and Lessons Learned

CYSE 368 helped me move from classroom learning to applied cybersecurity consulting. Some of the main skills I developed included:

  • Client communication: Explaining technical risks and controls in plain language and listening carefully to the client’s concerns, priorities, and limitations.

  • Cyber risk & compliance thinking: Applying concepts like risk assessments, basic frameworks, and best practices in a way that fit a small organization’s reality.

  • Teamwork and project management: Collaborating with other students, dividing responsibilities, keeping track of deadlines, and preparing deliverables for client meetings.

  • Design thinking: Using empathy, problem framing, and iteration to create recommendations that were actually usable for the client instead of overwhelming them with theory.

This experience reinforced a lot of what my ePortfolio highlights: I became more comfortable working with real stakeholders, thinking about cybersecurity at the organizational level, and bridging the gap between technical concepts and practical action.

Connection to My ePortfolio

The work I did in CYSE 368 directly supported the skills showcased in my ePortfolio:

  • It strengthened my Cyber Risk & Compliance skills by requiring me to apply risk and governance concepts with a real client instead of just working on hypothetical cases.

  • It built my Critical Thinking & Problem Solving by forcing me to balance security needs with the client’s time, budget, and staff capacity.

  • It supported my Research & Cyber Policy Analysis, since I had to stay aware of relevant frameworks and best practices and then adapt them to the client’s environment.

Overall, CYSE 368 and the Cybersecurity Clinic were key experiences that helped me see what cybersecurity work looks like outside the classroom and gave me a clearer picture of the kinds of roles I want to pursue after graduation.

Reflections

Throughout CYSE 368, I wrote reflections to document my growth in a real client-facing cybersecurity setting, including how my mindset, communication, and teamwork evolved over the semester. These entries show both what I accomplished and how I adjusted under pressure while producing deliverables intended to be useful beyond the classroom.

Reflection 01 – Early Adaptation and Design Thinking

In the first two weeks, I moved from uncertainty to steady confidence as I adjusted to the clinic environment. A major takeaway was applying design thinking in a cybersecurity context, especially the “Yes, and” approach, and how it improves collaboration and solution-building without shutting ideas down too early.

368-Reflection-1

Reflection 02 – Client Engagement and Professional Communication

Over my first 50 hours, I learned how to turn expert guidance into real-world action through guest speakers and client interactions. This reflection highlights how I communicated federal resources in a way small businesses could understand, improved my professional presence for client meetings, and gained confidence doing field assessments and relationship-building.

368-Reflection-2Download

Reflection 03 – Team Process Under Pressure

This period forced adaptability due to unexpected team constraints, and it exposed the importance of role clarity, internal deadlines, and leadership discipline. It also captures how last-minute decisions impacted quality and presentation flow, plus what I planned to do differently to keep teamwork organized and respectful.

368-Reflection-3Download

Individual Reflection – Full Internship Reflection

This reflection summarizes what went right and wrong, my lessons learned, and how the experience shaped my career direction. It specifically explains how the clinic shifted cybersecurity from “school” to professional work, strengthened my teamwork and communication, and clarified my interest in governance/risk-focused roles moving forward.

368-Individual-ReflectionDownload

Blue Water Advisors – Executive Team Reflection

This team reflection presentation summarizes our CYSE 368 client engagement with Blue Water Advisors, including the client’s background and the way we coordinated through weekly meetings and email. It also reflects on project execution (what went well, what didn’t, and what we would change), team dynamics, key engagement highlights, recommendations for future teams, and course feedback.

Executive Team Reflection Link