According to Ming Chow, director of the university's Cybersecurity Clinic, the program first piloted last spring with a focus on practical interdisciplinary work that prepares students for real-world challenges. It’s part of the broader Cybersecurity Center for the Public Good at Tufts.
Chow said there are over 300 cybersecurity centers — research and training hubs — in the United States, but clinics that offer hands-on support are much rarer. Thankfully, he said, it’s a growing specialty. The Consortium of Cybersecurity Clinics, a group of university-based clinics across the U.S., had 15 members in May 2024 and has grown to 42 as of January 2025, including Tufts.
The Tufts program connects cohorts of about 15 students to nonprofits across the country who have reached out to Chow for support, usually assigning three or four students to each organization. The students offer consultations on a range of issues, including password management, data governance, website audits and security education. According to an article in TuftsNow, one student team found and updated an old WordPress blog that contained cybersecurity vulnerabilities, and another group enrolled their client in a free, secure email platform.
Chow said fixes like these can go a long way for nonprofits, which are often constrained monetarily and by the size and technical expertise of staff. Many of the organizations rely on a handful of employees who work part time or on a volunteer basis. Often they have little to no experience with IT work, so students learn the importance of communication and collaboration for effective cybersecurity — a lesson that can be difficult to incorporate into the classroom, Chow said.
“The students not only love it, but quite frankly, that’s what a lot of students really need these days,” he said. “This is not about programming. It’s not about theory … It's as real as it gets.”
The variety of causes the nonprofits support also shows students that cybersecurity involves skills beyond the technical. For example, some nonprofits who work with non-English speakers might value cybersecurity experts who speak multiple languages.
“Very few of the students realize how important it is to have an interdisciplinary team,” Chow said.
The clinic’s application process is intentionally inclusive as well, allowing students from diverse academic backgrounds to apply if they demonstrate cybersecurity knowledge and a commitment to public service. As more students pass through the program and into the workforce, Chow said he envisions a mentorship program that connects alumni with current students to sustain institutional knowledge and expand the clinic’s reach.
