Jobs, Internships, and Opportunities

Program Director, AI Security Initiative

Graduate Student Researcher (GSR), Nonprofit Cybersecurity

School of Information

Start date: May 18, 2026
First review date: Friday, April 17, 2026

Position Description

The UC Berkeley Center for Long Term Cybersecurity (CLTC) and the School of Information (I School) seek a Graduate Student Researcher (GSR) to support a research project on nonprofit cybersecurity. This position will be hired as a 50% GSR for the summer 2026 academic semester.

The GSR will work under the supervision of the Program Director of Public Interest Cybersecurity in CLTC. Work location will be remote. Through this research project, the Graduate Student Researcher will be exposed to nonprofit cybersecurity expertise, survey methodology, data analysis, and technical writing for a policy audience. Through the insights developed in the resulting report, the GSR will contribute and independently manage research, data analysis, and paper writing in conjunction with collaborators at CLTC and TechSoup.

Duties

• Conduct a literature review on nonprofit cybersecurity resources, cybersecurity, and risk management of grantmakers. 
• Detail a framework for understanding the lifecycle of a nonprofit engaging with cybersecurity defenses, and how that engagement changes as an organization grows and/or becomes more advanced
• Conduct interviews and networking calls with academics, nonprofit leaders, and grantmakers to advance your knowledge of cybersecurity with regard to nonprofits
• Research, outline, and write a 10-20 page single-spaced report on this topic in conjunction with partners at TechSoup and CLTC
• Put together repositories of nonprofit tools and resources as needed

Qualifications

• Demonstrated ability to manage and analyze basic quantitative and qualitative data
• Research skills (including online research)
• Experience with basic technology tools such as Microsoft Excel, and the Google Suite (GDocs, Google Sheets, etc)
• Strong written and verbal communication skills
• Ability to draft concise communications regarding programs and policy
• Demonstrated ability to manage multiple tasks and meet deadlines

The ideal candidates will also have the following qualities:

• Familiarity with the breadth of subfields in cybersecurity
• Detail-oriented and dependable
• Strong organizational and research skills
• Strong writing and communication skills
• Ability to take directions, but also resourceful and able to take initiative and offer creative solutions

The position is part-time, involving 20 hours of work per week.

Compensation: Minimum Step IV GSR appointment (from May 18 to August 18, 2026) and fee remission. 

Applicants should review the minimum eligibility requirements for Graduate Student Researchers at UC Berkeley on the Graduate Division website.

How to apply: Please send the requested items below with the subject line “GSR Application” to [powazek@berkeley.edu].

Priority deadline: Friday, April 17, 2026 (first review)

Required application materials

1. CV / Resume

2. Short cover letter (1 page max) describing your prior experience and interest in the position. This should be personally written without the use of AI tools, and may include, as applicable:
– Compiling, organizing, and analyzing information
– Arranging and conducting focus groups and interviews
– Knowledge of cybersecurity fields

3. Writing sample (5 pages max): a past excerpt of an essay, report, blog, or other piece of writing that demonstrates your communication style, and of which you are the sole author.

Research Outline

Problem
TechSoup and the Center for Long-Term Cybersecurity (CLTC) are conducting a research collaboration called “Right-Sized Cybersecurity: Defining Security Thresholds for Small Nonprofits” to develop evidence-based guidance on how cybersecurity practices could most effectively take hold within under-resourced nonprofit organizations.

Existing cybersecurity frameworks often implicitly assume organizational capacity that many nonprofits do not have. While these frameworks offer reasonable guidance for medium and large organizations, they do not adequately differentiate the wide range of organizations that fall within the category of “small” (i.e., under ~$2M budget or under ~40 staff). As a result, very small organizations are often given recommendations that are impractical, inefficient, or counterproductive.

This project aims to identify practical security “thresholds” — points in an organization’s growth at which various controls meaningfully improve security versus imposing burden — and translate them into actionable guidance for funders, technical assistance providers, and nonprofits themselves.

Background
Small nonprofits are often treated as a single homogenous category in cybersecurity guidance, but in reality, they exist across a wide spectrum of operational maturity. A one-person organization and a thirty-person organization face fundamentally different risks and implementation realities.
Without right-sized guidance:

• Organizations become overwhelmed with the landscape and underinvest in critical protections
• Organizations over-invest in controls they cannot sustain or that are not right-sized for their needs and capacity
• Funders lack a basis for determining reasonable expectations
• Technical volunteers struggle to recommend appropriate solutions

This creates both wasted resources and avoidable risk — not only to individual nonprofits, but to the networks, communities, and grant portfolios connected to them.

Approach
Inputs for this research will include:

• TechSoup community data and segmentation insights
• Existing nonprofit cybersecurity survey research 
• Practitioner and volunteer interviews
• Focus groups
• Market and service-gap analysis

Anticipated outcome

• A “right-sized security” decision framework for small nonprofits
• Guidance funders can use to set realistic expectations
• Practical implementation guidance for advisors and volunteers
• Foundation for future shared services and secure-by-design tools