Dennis Fisher: I wasn't familiar with what you guys are doing but it's one of those things that I think people probably forget about, there's a whole bunch of under resourced organizations out there that just don't have a lot of security expertise and or budget to train people to help with what they need to do, so can you tell me a little bit about how this got started?
Sarah Powazek: I'd be happy to, and you know Dennis you're in good company. Most folks haven't heard of cyber clinics yet. It's one of the things we're trying to change. They’re one of the least talked about programs in the cyber workforce and cyber defense. So what a clinic is essentially is very similar to other higher education clinics in the United States. So imagine a medical school clinic or a clinic at a law school. These are students who are providing direct services to clients in their community who can't otherwise afford them as a part of their educational training. So it's a very common concept. It's just recently been applied to cybersecurity which is a very similar field in which there's this service that everybody needs and some folks can afford it and there's no other way to get it. So that's sort of the impetus of the clinic is how do we create a program where students can learn where they can get some hands on job training without having to find an internship where they can actually learn to apply the skills that they're learning in school to the real world and there are all these organizations that need help that need maybe the first couple steps to take in their cybersecurity journey. These are nonprofits, municipalities. Maybe a small hospital or a small electric co-op, folks who might not even have a full-time IT or cybersecurity staff member. They're not going to go looking to the NIST cybersecurity framework and trying to do a self-assessment right? They need someone to come in and translate that for them. And talk to them about what they're doing and what they're not doing and sort of help them prioritize so that's really what clinics do as a whole, is they do a really high level cybersecurity maturity assessment for these organizations and kick off their journey and give them next steps for implementation.
Dennis Fisher: What a cool model. This is such a good idea. Was this your idea or was it something that a group of people were kicking around and decided to finally put it together?
Sarah Powazek: Yeah I wish. No, it's a great program. So UC Berkeley about five years ago I think in 2018 out of the Center for Long-Term Cyber Security where I work had this idea of integrating cyber security clinical training as a part of education so we started at UC Berkeley the citizen clinic which is focused on serving nonprofits at risk of politically motivated cyber attacks. So our clinic works mostly with refugee assistance organizations with LGBTQ plus advocacy organizations. Voting rights organizations. So folks who might be politically targeted, maybe hacktivists are targeting them. So that’s really focused on secure communication and VPN usage and that sort of thing. But a lot of folks had a similar idea around the same time so we actually joined forces with folks from the University of Alabama, Indiana University, University of Georgia and MIT a number of years ago. We were all running some version of a clinic, you know MIT worked with municipalities, Indiana University is working with some state organizations as well and we all had a different flavor and we started meeting every month just to talk and share best practices. You know, how are your students doing, what sort of curriculum are you using, and that snowballed as more and more folks got interested in it. We have participation from dozens of universities and we have over fifteen active clinics in the United States right now.