The Center for Infrastructure Assurance and Security (CIAS) at UT San Antonio is dedicated to enhancing community preparedness and resilience by helping organizations improve their cybersecurity posture. The CIAS Community Cybersecurity Clinic (C4) provides no-cost cybersecurity services to small and midsize organizations. These services are delivered by UTSA cybersecurity students under the supervision ofCIAS professional Staff, giving students hands-on experience while helping local organizations reduce cyber risk.
C4 was created to:
Offer supervised student-led pro bono digital security assistance to community organizations, such as critical public infrastructure, non-profits, hospitals, municipalities, local government agencies and small businesses.
Create an experienced and capable cybersecurity workforce pipeline through paid and unpaid positions/internships for students.
Leverage dedicated cybersecurity professionals to mentor developing students.
C4 is currently supported by the Google Cybersecurity Clinics Fund and Craig Newmark Philanthropies, which helps expand access to cybersecurity expertise and workforce development opportunities.
The C4 Blueprint
C4 recommends the following phased approach for organizations; however, it can be adapted as needed to better align with your specific needs.
PHASE I - Initial Assessment
Reputation Search: A review of social media platforms to identify reputational risks related to cybersecurity by reviewing online conversations about the organization’s data handling, security breaches, or employee practices. The organization receives a formal report detailing any findings.
Information Leakage Search: Building on the Reputation Search, this assessment looks for specific information such as email addresses, phone numbers, and technologies the client organization uses. This search is conducted to detect potential data leaks before they are exploited by cybercriminals. The organization receives a formal report detailing any findings.
PHASE III - Policy and Plan Review
Policy Review: Examine and assess existing cybersecurity policies to identify gaps, weaknesses, or areas needing improvement. The review aligns with current industry best practices. The organization receives a formal report providing all recommendations.
Incident Response Plan (IRP) Review: Examine, assess and provide recommendations to improve the organization’s IRP. Key aspects of the review include:
- Determining if an incident has occurred
- Examining and analyzing a cybersecurity incident after it occurs
- Determining the root cause
- Identifying weaknesses in the security posture and implementing improvements
- Post-incident analysis
The organization receives a formal report disclosing recommendations of their existing incident response plan.
PHASE II - Vulnerability Assessment
Vulnerability Assessment: The Process of identifying, classifying and analyzing security weaknesses within the organization’s IT systems, applications, and networks. This service requires a non-disclosure agreement between students/mentors and the organization. The scope and parameters of the assessment are agreed to and documented. The organization receives a formal report disclosing all findings and recommendations at the completion of the assessment.
Intelligence Scan: A process that uses advanced data collection and analysis techniques to identify potential sensitive information leaks on organizational and public websites, abandoned or misconfigured web pages, and publicly assessible services. The organization receives a formal report detailing any findings.
PHASE IV - Cybersecurity Presentations & Training
Request C4 Services
If your organization wants to improve its cybersecurity posture, build staff awareness, or better prepare for cyber threats, the CIAS Community Cybersecurity Clinic (C4) is here to help. All services are provided at no cost by trained UTSA cybersecurity students under expert CIAS supervision.
Whether you need an assessment, a vulnerability review, policy guidance, or would like to participate in training, the C4 Blueprint gives you a clear path to stronger cybersecurity.
Take the first step today. Request C4 services and partner with us to build a safer, more resilient digital community.
Support C4
Your organization can play a direct role in strengthening the cybersecurity resilience of our community. By sponsoring the CIAS Community Cybersecurity Clinic (C4), you help ensure that small and midsize organizations receive critical security support at no cost—while empowering the next generation of cybersecurity professionals with hands‑on experience.
UTSA Student Support
C4 works with UTSA cybersecurity students to provide them with experiences and skills to help local community organizations protect against cyber threats. A primary focus of this effort is to maximize the students’ hands-on experience in planning for, conducting, and completing appropriate cyber assistance for local organizations. Students working with C4 are graduate or undergraduate students enrolled in a university cybersecurity course.
The students selected to participate in the C4 effort have been vetted and have passed a background check by The University of Texas at San Antonio.