The Citizen Clinic Cybersecurity Education Center

UC Berkeley’s Citizen Clinic helped launch the cybersecurity clinic model and offers here open-source resources in basic cybersecurity – now augmented by the additional resources found at the Consortium of Cybersecurity Clinics that we helped establish and co-lead.


Citizen Clinic Course SyllabusDescription of course outline, materials, and modules
1. Introduction to Public Interest CybersecurityIntroduction to core themes of the course such as access to cybersecurity, the threat landscape, and the role of ethical considerations in undertaking this work
2. Ethics and the Citizen Clinic Code of ConductCoverage of ethics harms and challenges for the work of Citizen Clinic and cybersecurity as a whole
3. Old School INFOSEC: Basic ControlsIntroduction on security control tools and methods of organizational policy
4. Digital Surveillance of Politically Vulnerable Organizations: The Threat LandscapeExploration of common surveillance threats and the factors contributing to an attack
5. Problem Diagnosis and ReframingOverview of problem reframing methodology in the context of cybersecurity security and Citizen Clinic work
6. Threat Modeling & Bounding Risk AssessmentsIntroduction to describing the state of cybersecurity protection of an organization with a focus on recognizing threats and vulnerabilities
7. Contextual & Capacity ResearchCoverage of methods and frameworks to analyze different organizational aspects that impact security with respect to differences in organizational type and industry
8. Information GatheringComparison and contrast between interviews and surveys in collecting information from organizational members regarding security
9. Open Source Research Methods, Safety, and ToolsOverview of open source investigative techniques and their limitations in gathering information about an organization, an individual, or their contexts
10. Adversary Persona DevelopmentOverview of the rationales and planning of different kinds of cybersecurity attacks to better understand how identity, motivations, and resources can describe the who
11. Threat Scenario DevelopmentDescription of a framework to generate threat scenarios to better describe organizational vulnerabilities to clients
12. Changing Security BehaviorsDescription of the psychology of why individuals think the way they do regarding organizational security and threats as a way to better assess how to implement habit changes
13. Social Engineering and PhishingOverview of how security breaches occur due to attackers understanding human behavior and practicing specific interpersonal techniques to bypass security measures
14. Designing Security TrainingDevelopment of an effective security training program
15. Psychosocial ResilienceOverview of the overlap between mental wellness and organizational security and measures to improve resilience in an organizational
16. Harmful Information (Misinformation and Harassment)Description of a framework to assess and interpret threats of harmful information by organization type
Reading Materials & Guides
Readings Lists Compiled list of all articles, tools, and related media for modules
Case Studies in Client Engagement with Cybersecurity ClinicsProfiles of past Citizen Clinic projects with different organizational types
Baseline Organizational Security Guide for Low Risk Organizations (White Paper) Guidance on how to set up a security policy for nonprofits and public interest organizations with little cybersecurity foundation
Creating Virtual Identities GuideGuidance on the presence of identity and how to best disguise one’s self in cyberspace
Using Virtual Private Networks GuideGuidance on setting up and using Virtual Private Networks
Security Evaluation Framework for Open Source Investigative Techniques Guidance on best use of publicly available information and tools while protecting the researcher’s presence

Comments or Ideas? Email us at

License for written content: CC BY 3.0. See original sources for license information of any images and linked publications.