CYRENZH Cybersecurity Clinic

Cyberattacks are prevalent in today’s world and everybody may become an attack target. Successful attacks may have serious consequences, such as the theft of sensitive information, corrupted data and systems, and the inability to continue business operations, possibly for an extended period of time. Ultimately, successful cyberattacks typically lead to financial and reputational damage.

To increase resilience to cyberattacks, security must be actively addressed. However, many organizations (which includes companies, municipalities, schools, and others) lack the awareness, skills or resources to do so. This is where the CYRENZH Cybersecurity Clinic can provide assistance. The idea of this clinic is that students from University of Zurich, ZHAW School of Engineering and ZHAW School of Management and Law provide pro bono cybersecurity services to selected organizations in Switzerland. The clinic has two main goals:

  • Improving the cybersecurity posture, knowledge and awareness of organizations such as SMEs, municipalities, schools, non-profits, start-ups and associations.
  • Training the next generation cybersecurity workforce by applying knowledge acquired during university courses in the real world.

As students from different universities and disciplines are participating in the clinic, we are covering various aspects of cybersecurity, including technology, management, organization, and people.

Are you an eligible organization and are you interested in carrying out a clinic project with us? In this case, please fill in the project request form. We will contact you within two weeks to clarify further details.

How Does a Clinic Project Work and Who is Involved

Once we receive a project request from an organization, the main contact person of the organization will be contacted by a representative of the CYRENZH Cybersecurity Clinic team (see CYRENZH Cybersecurity Clinic Leadership Team and Contact below). In a first step, it is checked whether the organization is eligible for a clinic project (see Eligible Organizations below). If this is the case, further project details are clarified. 

If we agree to carry out a clinic project together, we will create a project description and look for an internal supervisor (a professor, lecturer or researcher) that supervises the project. Next, we are looking for a student or a team of students that are interested in carrying out the project. Before a project is started, a standard project contract will be signed by the university and the organization. This contract defines the expected duties of the project partners, ownership and publication of the project results, handling of confidential information, and liability.

During the actual project, regular meetings are scheduled between the main contact person, the student(s) and the supervisor. Depending on the project, the students typically require access to systems, information and people of the organization, and it may be required to carry out some work on site on the premises of the organization. The result of the project is typically a written report that is made available to the organization.

Eligible Organizations

The clinic primarily provides services to organizations that lack the awareness, skills or resources to address cybersecurity on their own, or that have difficulties getting started with cybersecurity in general. This includes, e.g., SMEs, municipalities, schools, non-profits, start-ups and associations. Please note that there’s no strict separation between eligible and non-eligible organizations and that we decide on a case-by-case in borderline cases.

Organizations (regardless of size) that already have a high level of security or a well-established cooperation with a professional security service provider are excluded.

Cybersecurity Services Offered in the Clinic

We offer services mainly in the seven categories depicted below. For more information about these services, please refer to the detailed Cybersecurity Clinic Service Portfolio.

As clinic projects are executed as part of the regular curricula (see Clinic Project Volume and Planning), they have a clear scope, are time-limited, and have well-defined start and end dates. This implies that time-critical services (e.g., emergency support during an incident) cannot be offered. Also excluded are projects in which students are expected to perform routine security tasks such as daily security operations.

While each individual clinic project is time-limited, it is possible to carry out multiple clinic projects with the same organization. For instance, two projects in parallel (executed by different students) may address different security challenges in different security categories, or a project may follow a previous project.

Please note that clinic projects are intended to provide cybersecurity services to organizations. They are not intended for joint research projects. Research projects with the involved universities are of course possible, but not as part of the CYRENZH Cybersecurity Clinic.

Students Carrying out the Clinic Projects

The students working on the clinic projects are Bachelor or Master students from University of Zurich, ZHAW School of Engineering, and ZHAW School of Management and Law. They are enrolled in different study programs, which means that they cover different aspects and have different knowledge and experiences in the field of cybersecurity. This is taken into account when assigning a clinic project proposal to one of the involved universities and when looking for suitable students. The students carrying out clinic projects are enrolled in the following study programs:

  • University of Zurich: …
  • ZHAW School of Engineering: Bachelor and Master programs in Computer Science 
  • ZHAW School of Management and Law: Bachelor and Master programs in Business Information Technology

Mutual Expectations

Each clinic project is supervised by an experienced supervisor and the overall goal of every project is to deliver high quality results that meet the expectations of the organization. However, it is important to be aware that no guarantee of quality can be given as the projects are executed by students who are still in education and not by security professionals with years of experience. Therefore, the organization is expected to show goodwill and patience towards the students.

In addition, the success of a project is also dependent on the commitment of the organization. It is therefore expected that project partners are available for regular meetings and that they provide the students with the required access to systems, information and people that are required to carry put the project.

CYRENZH Cybersecurity Clinic Leadership Team and Contact

The CYRENZH Cybersecurity Clinic leadership team consists of members of the three involved universities:

To contact us, please send us an email.

Cybersecurity Clinic Service Portfolio

Check out what topics we cover!