TechStep Foundation

Cyber, Data &
AI Risk Management
Clinic

We strengthen community organizations and build workforce pathways through supervised, real-world service — bridging the gap between vulnerable communities and the expertise they need.

Choose your path
01

Community Partner

Request clinic support for your organization

02

Participant

Join the workforce pathway through clinic service

03

Hiring Partner

Connect with clinic-trained talent

04

Funder

Support scalable community cyber resilience

73%
of nonprofits have no cybersecurity policyThe organizations trusted with the most sensitive data are the least protected.
0$
cost to community partnersQualifying organizations receive clinic services at no cost, funded by our partners.
faster career entry through real practiceHands-on supervised work accelerates the path into the security field.
← Back
Community Partner

Clinic support for your organization

The TechStep Clinic delivers structured, supervised cyber and data risk services to nonprofits, schools, and community organizations — at no cost to you. Our participants do real work, reviewed by real practitioners, resulting in deliverables your team can actually use.

01 What the clinic delivers

Risk Assessment

A structured review of your cybersecurity posture, data handling practices, and vendor relationships — with findings in plain language.

Policy Development

Practical, right-sized policies your team can actually use: data classification, incident response, acceptable use, and more.

Vendor Risk Review

Evaluation of third-party tools and vendors you rely on, with prioritized recommendations and a usable inventory.

AI & Data Governance

Guidance on responsible AI use, data governance frameworks, and managing third-party tools your staff has adopted.

Compliance Guidance

Alignment guidance for HIPAA, FERPA, NIST CSF, and other frameworks relevant to your organization type.

Staff Awareness

Short educational sessions to help your team recognize and respond to common threats — tailored to your context.

02 What's included

Your deliverables

Intake assessment and scoping call
Written risk findings summary
Prioritized recommendations report
At least one tailored policy document
Vendor risk inventory worksheet
Optional follow-up check-in at 60 days

Your commitment

2–3 hours for intake and interviews
Access to relevant documents and vendor contracts
A primary point of contact at your organization
Timely feedback on draft deliverables
Participation in a final findings review
03 Request a Risk Check-in

Tell us about your organization. A member of our team will follow up within 5 business days.

✓ Received — we will follow up within 5 business days.
Something went wrong. Please try again.
← Back
Participant

Build your career through real service

The TechStep Clinic isn't a course or a bootcamp. It's a supervised workforce pathway where you develop real GRC and risk management skills by doing actual work — for real organizations, with real stakes, under the guidance of experienced practitioners.

01 What you will do

Participants don't just learn about cybersecurity risk — they deliver it. Every engagement is real. Every deliverable matters. Every client is a community organization counting on your work.

You will be assigned to a team working with a real community partner. Under close supervision from experienced practitioners, you will conduct interviews, analyze risk, draft documentation, and present findings. Work product is reviewed before it goes to the client.

Engagements typically run 6–10 weeks. You may participate in multiple engagements over time, building depth across different organization types and risk domains.

GRC Vendor Risk Data Governance AI Governance Policy Writing Risk Assessment Client Communication Stakeholder Interviews
02 Expectations & what you gain

Time & commitment

5–8 hours per week during active engagements
Participation in team meetings and check-ins
Timely completion of assigned tasks
Professional conduct in all client interactions
Commitment to confidentiality

Mentorship & support

Direct mentorship from experienced security professionals
Documented work product for your portfolio
Supervised client exposure in a structured setting
Exposure to multiple industries and organization types
References and professional network connections
03 Express your interest

Tell us about yourself and your goals. We review applications on a rolling basis.

✓ Received — we will be in touch with next steps.
Something went wrong. Please try again.
← Back
Hiring Partner

Talent shaped by real-world work

TechStep Clinic participants don't just know the frameworks — they have applied them. They have interviewed real clients, written real policies, and delivered real risk assessments under the supervision of experienced practitioners.

01 What participants know

GRC Fundamentals

Governance, risk, and compliance frameworks applied in real organizational contexts — not just studied in isolation.

Vendor Risk Management

Third-party risk assessments, vendor questionnaires, and contract review for data and security provisions.

Data Governance

Data classification, handling policies, privacy considerations, and regulatory alignment basics across multiple frameworks.

AI Governance

Responsible AI use policies, AI risk inventories, and governance frameworks for emerging and third-party tools.

Policy & Documentation

Writing and structuring security policies, procedures, and risk reports — including for non-technical leadership audiences.

Stakeholder Engagement

Conducting risk interviews, presenting findings, and communicating risk to organizational leadership under supervision.

02 How to engage
Mentor Share your expertise and guide a participant through an engagement. Typically 1–2 hours per month — low time commitment, high impact for someone early in their career.
Host Bring a clinic team in to support a real risk initiative at your organization. Supervised and structured — you get real work product, participants get real experience.
Hire Connect with participants actively seeking roles. We can facilitate introductions to candidates aligned with your team's needs and culture.
03 Talent interest form

Let us know how you would like to engage and we will follow up with options that fit your needs.

✓ Received — we will be in touch shortly.
Something went wrong. Please try again.
← Back
Funder

Investing in community cyber resilience

The TechStep Clinic is a scalable, dual-impact model — delivering real risk services to underserved organizations while creating structured workforce pathways into the cybersecurity field.

01 The problem

Community organizations — nonprofits, schools, faith communities, local governments — are trusted with some of the most sensitive data in society: health information, youth records, financial data, immigration status. Yet most lack the resources, expertise, or internal capacity to manage cyber and AI risk in any structured way.

At the same time, the cybersecurity workforce gap remains critical. Traditional pathways favor candidates with expensive credentials and existing networks. First-generation professionals and career changers face structural barriers to entry.

The TechStep Clinic addresses both problems simultaneously — through supervised, community-based service.

02 How we measure impact
Orgs Served
Community partners who receive clinic assessments and deliverables
Participants
Individuals who complete supervised clinic engagements
Placement Rate
Participants entering security, risk, or compliance roles within 12 months
Deliverables
Risk assessments, policies, and governance documents produced

We track outcomes at both the community level (risk posture improvements, deliverables received) and the workforce level (credential attainment, employment, compensation). We are committed to transparent, verified reporting.

03 Clinic model
Community partners are assessed and matched to clinic teams
Participants are screened, onboarded, and trained before client work begins
Engagements are supervised by experienced security professionals throughout
All deliverables are reviewed before delivery to the partner
Structured curriculum supplements hands-on engagement work
Participants build portfolios of real, vetted work product
Hiring partners are connected to clinic-trained talent pipelines
Outcomes are tracked and reported directly to funders
04 Sustainability & responsible growth

We grow capacity deliberately — prioritizing quality of supervision and outcomes over speed of scale. As the model matures, we are developing a tiered sustainability structure that includes philanthropic support, earned revenue from hiring partners, and institutional partnerships with academic programs.

Funders who invest early help establish the evidence base for broader replication. We welcome conversations about multi-year support, evaluation partnerships, and aligned program investments.

05 Partner inquiry

We welcome conversations with foundations, government agencies, and institutional partners.

✓ Received — we will follow up within one week.
Something went wrong. Please try again.