Once we receive a project request from an organization, the main contact person of the organization will be contacted by a representative of the CYREN^ZH Cybersecurity Clinic team (see CYREN^ZH Cybersecurity Clinic Leadership Team and Contact below). In a first step, it is checked whether the organization is eligible for a clinic project (see Eligible Organizations below). If this is the case, further project details are clarified. 

If we agree to carry out a clinic project together, we will create a project description and look for an internal supervisor (a professor, lecturer or researcher) that supervises the project. Next, we are looking for a student or a team of students that are interested in carrying out the project. Before a project is started, a standard project contract will be signed by the university and the organization. This contract defines the expected duties of the project partners, ownership and publication of the project results, handling of confidential information, and liability.

During the actual project, regular meetings are scheduled between the main contact person, the student(s) and the supervisor. Depending on the project, the students typically require access to systems, information and people of the organization, and it may be required to carry out some work on site on the premises of the organization. The result of the project is typically a written report that is made available to the organization.

The clinic primarily provides services to organizations that lack the awareness, skills or resources to address cybersecurity on their own, or that have difficulties getting started with cybersecurity in general. This includes, e.g., SMEs, municipalities, schools, non-profits, start-ups and associations. Please note that there’s no strict separation between eligible and non-eligible organizations and that we decide on a case-by-case in borderline cases.

Organizations (regardless of size) that already have a high level of security or a well-established cooperation with a professional security service provider are excluded.

We offer services mainly in the seven categories depicted below. For more information about these services, please refer to the detailed Cybersecurity Clinic Service Portfolio.

As clinic projects are executed as part of the regular curricula (see Clinic Project Volume and Planning), they have a clear scope, are time-limited, and have well-defined start and end dates. This implies that time-critical services (e.g., emergency support during an incident) cannot be offered. Also excluded are projects in which students are expected to perform routine security tasks such as daily security operations.

While each individual clinic project is time-limited, it is possible to carry out multiple clinic projects with the same organization. For instance, two projects in parallel (executed by different students) may address different security challenges in different security categories, or a project may follow a previous project.

Please note that clinic projects are intended to provide cybersecurity services to organizations. They are not intended for joint research projects. Research projects with the involved universities are of course possible, but not as part of the CYREN^ZH Cybersecurity Clinic.

The students working on the clinic projects are Bachelor or Master students from University of Zurich, ZHAW School of Engineering, and ZHAW School of Management and Law. They are enrolled in different study programs, which means that they cover different aspects and have different knowledge and experiences in the field of cybersecurity. This is taken into account when assigning a clinic project proposal to one of the involved universities and when looking for suitable students. The students carrying out clinic projects are enrolled in the following study programs:

• University of Zurich: Master program Digital Skills at School for Transdisciplinary Studies
• ZHAW School of Engineering: Bachelor and Master programs in Computer Science 
• ZHAW School of Management and Law: Bachelor and Master programs in Business Information Technology

The students carry out clinic projects as part of regular projects or modules and receive the corresponding amount of ECTS credits as “compensation”. As these project and modules vary in scope, clinic projects can range from a few 10 hours (e.g., if a project is done as part of a regular module) to several 100 hours (e.g., in case of a semester project or bachelor thesis).

As the clinic projects are integrated into the curricula, they are usually bound to the academic calendar and are carried out during the fall semester (mid-September until Christmas) or the spring semester (mid-February to end of May). The assignment of projects to students is typically done about 3-4 months before the semester starts, which means that you should take this into account when planning to do a clinic project.

Students can usually freely select their projects. This implies that there’s no guarantee that a student or team of students can be found for a clinic project. However, experience shows us that projects in the cybersecurity domain are very popular among students, so the likelihood an interesting clinic project will be selected is quite good. 

Each clinic project is supervised by an experienced supervisor and the overall goal of every project is to deliver high quality results that meet the expectations of the organization. However, it is important to be aware that no guarantee of quality can be given as the projects are executed by students who are still in education and not by security professionals with years of experience. Therefore, the organization is expected to show goodwill and patience towards the students.

In addition, the success of a project is also dependent on the commitment of the organization. It is therefore expected that project partners are available for regular meetings and that they provide the students with the required access to systems, information and people that are required to carry put the project.

The CYRENCYREN^ZH Cybersecurity Clinic leadership team consists of members of the three involved universities:

Dr. Melanie Knieps (University of Zurich)

Prof. Dr. Marc Rennhard (ZHAW School of Engineering)

Prof. Dr. Nico Ebert (ZHAW School of Management and Law)

To contact us, please send us an email.