Hackers don’t wait—neither should you.
“Cybersecurity is not a product; it is a process. Build resilience, not just defense.”
“Phishing accounts for over 90% of breaches—one click can cost a company everything.”
“Cybersecurity is a shared responsibility—every employee, every device, every day.”
“An unpatched system is an unlocked door—automatic updates are essential.”
Click wisely; think twice, act secure.
CYSE 368 - Cybersecurity Clinic
This course places students in a real-world consulting role, where they provide cybersecurity services to microbusinesses and/or local government organizations. Rather than relying on a pre-existing internship, students work directly with clients as part of a structured clinic environment, assessing digital risks, identifying vulnerabilities, and offering tailored cybersecurity solutions. Funded through the Commonwealth Cyber Initiative (COVA CCI), the program provided both financial support and invaluable professional experience in cybersecurity consulting.
Impact of Cybersecurity
The advancement of technology has guaranteed that it plays a significant role in our lives. We utilize it throughout the day as part of our everyday routine. This phenomenon demonstrates our reliance on ever-strengthened technology. Moreover, the digital revolution has transformed and continues to affect the world and our lives. Even though technological improvements have a positive impact on our lives, there is overwhelming evidence that digital technology might have a harmful impact on human behavior, ethics, and small businesses.
Human Behavior: Cyber Stalking/Cyber Harassment
According to Hazelwood and Magnin (2013), cyber stalking and cyber harassment have become widespread issues that demand criminologists’ and criminal justice experts’ attention. Although there are no nationwide assessments of the scope and pervasiveness of these crimes, research of various towns and universities raises concerns. The Department of Justice (1999) estimated that roughly 20% of stalking cases in Los Angeles and 40% of stalking cases in New York used the Internet as the medium for this criminal conduct in a discussion of the scope of cyber stalking. According to recent research, over 40% of college students have experienced cyberstalking at some time in their life (Reyns et al., 2012). Based on these figures, as well as the rising usage and availability of electronic gadgets, I think it is apparent that cyberstalking and cyber harassment deserve the criminal justice system’s attention.
Cyber Harassment (CH)
Cyber harassment entails tormenting, annoyance, terrorizing, offending, or threatening an individual over email, instant chat, or other means with the purpose of injuring that person. Harassing communications includes all aspects of conventional harassment, but also includes the use of technological devices to send messages that make a person feel personally targeted for damage. Creating a Facebook account in someone else’s name and using that profile to insult others is an example of CH. Additional instances of CH include sending improper text messages (e.g., of a frightening or sexual nature) or building a website with photo-shopped photographs of an uninformed individual engaged in sexual actions (Hazelwood & Magnin, 2013).
Cyber Stalking (CS)
Cyberstalking is defined as “the repeated pursuit of an individual utilizing electronic or Internet-capable devices” in its simplest form (Reyns et al., 2012, p. 1). Any unsolicited electronic messages that are threatening, coercive, or frightening are considered repeated pursues. In the end, stalking is a crime that causes the victim to feel dread, terror, intimidation, tension, or worry. The victim may lose a sense of control over his or her own life as a result of the stalker’s repeated nature, as the victim never knows when the stalker may emerge or contact him or her again. The stalker’s ability to access the victim at any time and from any distance undermines the victim’s feeling of security and can lead to a perpetual state of terror (Hazelwood & Magnin, 2013).
CYSE 368 Clinic
Cybersecurity Clinic: Strengthening Small Businesses and Local Governments
The CYSE 368 Cybersecurity Clinic was a transformative service-learning experience where I worked directly with microbusinesses and local government agencies to provide cybersecurity as a service. Sponsored by the Commonwealth Cyber Initiative (COVA CCI), this 50-hour internship allowed me to translate academic theory into practice by supporting real-world cybersecurity needs. Through collaborative assessments, client consultations, and project deliverables, I developed critical technical and professional skills that will shape my future in the cybersecurity field.
Key Cybersecurity Clinic Activities
Engaging K–12 Students in Cybersecurity Education
As part of a team, I conducted cybersecurity assessments for a local business client. We used the NIST 2.0 Framework to identify weaknesses, evaluate controls, and offer tailored recommendations. This included:
Asset identification and threat modeling
Reviewing password policies and network configurations
Creating a cybersecurity risk matrix
Presenting findings in an executive brief
Cybersecurity Clinic Profile Template
I helped draft the Cybersecurity Clinic Profile Template, a structured report summarizing our assessment findings, risks, and prioritized recommendations. We held multiple follow-up meetings with the client to ensure they understood our guidance and had clear action steps.
Professional Development Highlights
-
Design Thinking with Dr. Baaki: Applied human-centered design to cybersecurity problem-solving; focusing on usability, empathy, and iterative feedback loops.
-
Leadership Skills with Kristin Stephens: Learned about influencing without authority, building trust with clients, and communicating technical ideas to non-technical stakeholders.
-
NIST Cybersecurity Framework v2.0: Reviewed and implemented NIST 2.0 with guidance from Professor Duvall, applying its functions (Identify, Protect, Detect, Respond, Recover) to small business operations.
-
CISA Top 10 Takeaways from David Price: Gained insights from a federal cybersecurity expert on vulnerabilities impacting local government systems and small businesses.
-
Consultation with Greg Tomchick: Practiced delivering clear, concise cybersecurity recommendations to community partners during our final presentations.
Challenges and Reflections
Cybersecurity for microbusinesses is both urgent and under-resourced. Many of the clients we worked with lacked dedicated IT teams or written security policies. This required our team to simplify technical concepts and emphasize “cyber hygiene” practices that were both affordable and actionable.
I learned that human error remains the most significant risk, and awareness training can drastically reduce exposure. Communication was as vital as technical knowledge especially when working with non-technical clients who needed guidance, not jargon.
Conclusion
The CYSE 368 Cybersecurity Clinic taught me the importance of service-based cybersecurity. I grew as both a technical practitioner and a consultant. This experience deepened my understanding of risk management, NIST compliance, and client-focused cybersecurity strategy. With support from COVA CCI, I gained the confidence and experience to support businesses in building a secure digital foundation.
This internship reaffirmed my goal to pursue a career in cybersecurity consulting and public-sector cyber defense. I look forward to continuing this journey with a focus on community-centered, scalable, and equitable cybersecurity solutions.
Stay connected.
Welcome to a platform where cybersecurity becomes more than a skill—it's a passion. Let's embark on this transformative journey together. Welcome aboard, Cyber Defender!