CYRENZH Cybersecurity Clinic
Cyberattacks are prevalent in today’s world and everybody may become an attack target. Successful attacks may have serious consequences, such as the theft of sensitive information, corrupted data and systems, and the inability to continue business operations, possibly for an extended period of time. Ultimately, successful cyberattacks typically lead to financial and reputational damage.
To increase resilience to cyberattacks, security must be actively addressed. However, many organizations (which includes companies, municipalities, schools, and others) lack the awareness, skills or resources to do so. This is where the CYRENZH Cybersecurity Clinic can provide assistance. The idea of this clinic is that students from University of Zurich, ZHAW School of Engineering, and ZHAW School of Management and Law provide pro bono cybersecurity services to selected organizations in Switzerland. The clinic has two main goals:
- Improving the cybersecurity posture, knowledge and awareness of organizations such as SMEs, municipalities, schools, non-profits, start-ups and associations.
- Training the next generation cybersecurity workforce by applying knowledge acquired during university courses in the real world.
As students from different universities and disciplines are participating in the clinic, we are covering various aspects of cybersecurity, including technology, management, organization, and people.
Are you an eligible organization and are you interested in carrying out a clinic project with us? In this case, please fill in the project request form. We will contact you within two weeks to clarify further details.
If you are unsure about your eligibility, whether your project idea is suited for a clinic project, or if you have general questions about clinic projects, please contact us by email.
How Does a Clinic Project Work and Who is Involved
Once we receive a project request from an organization, the main contact person of the organization will be contacted by a representative of the CYRENZH Cybersecurity Clinic team (see CYRENZH Cybersecurity Clinic Leadership Team and Contact below). In a first step, it is checked whether the organization is eligible for a clinic project (see Eligible Organizations below). If this is the case, further project details are clarified.
If we agree to carry out a clinic project together, we will create a project description and look for an internal supervisor (a professor, lecturer or researcher) that supervises the project. Next, we are looking for a student or a team of students that are interested in carrying out the project. Before a project is started, a standard project contract will be signed by the university and the organization. This contract defines the expected duties of the project partners, ownership and publication of the project results, handling of confidential information, and liability.
During the actual project, regular meetings are scheduled between the main contact person, the student(s) and the supervisor. Depending on the project, the students typically require access to systems, information and people of the organization, and it may be required to carry out some work on site on the premises of the organization. The result of the project is typically a written report that is made available to the organization.
Eligible Organizations
The clinic primarily provides services to organizations that lack the awareness, skills or resources to address cybersecurity on their own, or that have difficulties getting started with cybersecurity in general. This includes, e.g., SMEs, municipalities, schools, non-profits, start-ups and associations. Please note that there’s no strict separation between eligible and non-eligible organizations and that we decide on a case-by-case in borderline cases.
Organizations (regardless of size) that already have a high level of security or a well-established cooperation with a professional security service provider are excluded.
Cybersecurity Services Offered in the Clinic
We offer services mainly in the seven categories depicted below. For more information about these services, please refer to the detailed Cybersecurity Clinic Service Portfolio.
As clinic projects are executed as part of the regular curricula (see Clinic Project Volume and Planning), they have a clear scope, are time-limited, and have well-defined start and end dates. This implies that time-critical services (e.g., emergency support during an incident) cannot be offered. Also excluded are projects in which students are expected to perform routine security tasks such as daily security operations.
While each individual clinic project is time-limited, it is possible to carry out multiple clinic projects with the same organization. For instance, two projects in parallel (executed by different students) may address different security challenges in different security categories, or a project may follow a previous project.
Please note that clinic projects are intended to provide cybersecurity services to organizations. They are not intended for joint research projects. Research projects with the involved universities are of course possible, but not as part of the CYRENZH Cybersecurity Clinic.
Students Carrying out the Clinic Projects
The students working on the clinic projects are Bachelor or Master students from University of Zurich, ZHAW School of Engineering, and ZHAW School of Management and Law. They are enrolled in different study programs, which means that they cover different aspects and have different knowledge and experiences in the field of cybersecurity. This is taken into account when assigning a clinic project proposal to one of the involved universities and when looking for suitable students. The students carrying out clinic projects are enrolled in the following study programs:
- University of Zurich: Master program Digital Skills at School for Transdisciplinary Studies
- ZHAW School of Engineering: Bachelor and Master programs in Computer Science
- ZHAW School of Management and Law: Bachelor and Master programs in Business Information Technology
Clinic Project Volume and Planning
The students carry out clinic projects as part of regular projects or modules and receive the corresponding amount of ECTS credits as “compensation”. As these project and modules vary in scope, clinic projects can range from a few 10 hours (e.g., if a project is done as part of a regular module) to several 100 hours (e.g., in case of a semester project or bachelor thesis).
As the clinic projects are integrated into the curricula, they are usually bound to the academic calendar and are carried out during the fall semester (mid-September until Christmas) or the spring semester (mid-February to end of May). The assignment of projects to students is typically done about 3-4 months before the semester starts, which means that you should take this into account when planning to do a clinic project.
Students can usually freely select their projects. This implies that there’s no guarantee that a student or team of students can be found for a clinic project. However, experience shows us that projects in the cybersecurity domain are very popular among students, so the likelihood an interesting clinic project will be selected is quite good.
Mutual Expectations
Each clinic project is supervised by an experienced supervisor and the overall goal of every project is to deliver high quality results that meet the expectations of the organization. However, it is important to be aware that no guarantee of quality can be given as the projects are executed by students who are still in education and not by security professionals with years of experience. Therefore, the organization is expected to show goodwill and patience towards the students.
In addition, the success of a project is also dependent on the commitment of the organization. It is therefore expected that project partners are available for regular meetings and that they provide the students with the required access to systems, information and people that are required to carry put the project.
CYRENZH Cybersecurity Clinic Leadership Team and Contact
The CYRENZH Cybersecurity Clinic leadership team consists of members of the three involved universities:
Dr. Melanie Knieps (University of Zurich)
Prof. Dr. Marc Rennhard (ZHAW School of Engineering)
Prof. Dr. Nico Ebert (ZHAW School of Management and Law)
To contact us, please send us an email.