Previous Next

Experiential Learning in Cybersecurity


The Clinic is focused on experiential learning opportunities for DePaul students studying cybersecurity-related subjects. That is, students work on real-world projects for a client organization. The clinic provides a means for students to further develop their professional skills, and in doing so, become better prepared for the workforce.

The DePaul Cybersecurity Clinic is particularly special in that it is interdisciplinary, bringing together students from three different colleges: the School of Computing, the College of Business, and the College of Law. This Clinic feature is important, because it mimics the cybersecurity workforce in medium-to-large organizations where cybersecurity involves technical staff, policy-making staff, and risk management staff – each contributing their particular expertise toward a holistic cybersecurity program.

The core service the Clinic offers is a security vulnerability assessment that a student team performs using industry standards as guidance, conducting staff interviews, and performing a walkthrough observation at the client site. Depending on the project, technical cybersecurity students may also perform vulnerability scans on a client’s network ONLY at a client’s explicit, written request for this service. A project may also include security policy reviews, security program development, or compliance assessment – depending upon the client’s security needs and project requests. The Clinic may serve multiple clients on multiple projects requests at a given point in time. Therefore, student projects in the Clinic will vary in scope, depending on the services requested by a given client, as well as the pool of available students at a given time.

Clinic projects are student-led with guidance from an instructor or coach. All students working on Clinic projects are expected to make an unwavering commitment to professionalism and project completion. Professionalism includes, but is not limited to:

  • a strong work ethic, integrity, reliability, and trustworthiness

  • effective communication with team members, with the client, and with the Clinic instructor/coach

  • asking for help from a Clinic coach or mentor when needed

  • effective vulnerability assessment based on guidance from the Clinic instructor/coach; industry best practices; proactive research as needed; and team input

  • effective cybersecurity recommendations to the client, based on findings in the vulnerability assessment; industry best practices; team consensus; and Clinic instructor/coach input

  • quality artifacts (e.g., written report; written policy; written training and instructions; etc.) provided to your client



Student Participation in the Cybersecurity Clinic


Students participate in Clinic projects by either taking an approved experiential learning course or volunteering. Student volunteers must complete Clinic training on working with clients on cybersecurity projects. These two options for participation are illustrated in the following flowchart:


Each college manages its curricula and has its unique course offerings, academic advising, and in the case of the Law college, academic calendar. Therefore, each college identifies the courses its students may take to participate in Clinic projects for college credit. Please learn more about your college’s offerings for Clinic participation. We then invite you to complete an application to join the Clinic as applicable.


Complete the student application to request participation in a Clinic project.


Card image cap
School of Computing

SoC offers UG and MS degrees in cybersecurity, and an MS-IS degree with a domain in IT gov. & legal responsibility.

Learn more ...
Card image cap
College of Business

DCOB offers an UG in accountancy with studies in internal audit and MS studies in audit and risk management.

Learn more ...
Card image cap
College of Law

The College of Law offers a certificate program in online privacy and cybersecurity law and courses in regulatory compliance.

Learn more ...

Frequently Asked Questions


Students who participate in the Clinic as part of an experiential learning course earn college credit for their project work. All other students participating in a Clinic project do so as volunteers, similar to participation in a student organization.
Students enrolled in an experiential learning course will form teams at the start of the academic term. For all other students, teams are formed from a list of available students who have completed an application and are awaiting a project.
Enroll in an approved experiential learning course with your college or complete the student application.
Student applications to join the Clinic are evaluated once monthly. Someone from the Clinic leadership team will notify the student on whether their application has been accepted.
Students must meet the eligibility criteria.
Students enrolled in an experiential learning course have priority on project assignments. Students joining the Clinic outside of an experiential course are placed on a waiting list and assigned to projects as client project requests are received and the student’s area of study fits a project.
No. You can apply to the Clinic prior to completing the training, but you will not be assigned to a project until training is completed.
Students who participate in an experiential learning course are coached on client communication; interview tips; privacy and security practices for client data and operations; etc. Students who are joining the Clinic via Pathway #2 or Pathway #3 would not have received such coaching. Therefore, it is necessary for these students to complete a separate training prior to working with clients on cybersecurity projects.
The Clinic training program is computer-based. Students will complete approximately five computer-based training modules that each consists of lessons and a quiz. Each module is expected to take approximately 30-45 minutes to complete. Students must pass each module with a score >=80%. After successfully completing the computer-based training, the student will interview with a member of the Clinic leadership team.
In general, training is completed once: either as part of an experiential learning course, or as a separate training course. However, Clinic leadership reserves the right to periodically require training refreshers on subsequent projects on an as-needed basis.
For initial Clinic participation, a student works on a single project. After completing an initial Clinic project, the student may subsequently work on one or more projects. Therefore, the Clinic provides an opportunity for students to work on multiple projects over time.
All students participating in Clinic projects benefit from real-world experience that supplements other coursework and better prepares students for the cybersecurity workforce. Clinic projects provide good resume material and relevant stories to share during job interviews. Moreover, students become part of a Clinic community of students who share similar career interests. This network can continue to be viable even after graduation.
Students from different degree programs working on a single project. Each student performs work tasks relevant to his or her area of study.
Larger organizations have a variety of work roles working on various aspects of cybersecurity. DePaul’s Cybersecurity Clinic provides students with real-world experience working on projects with multiple roles contributing to various aspects of cybersecurity work, such as technical assessments, policy creation, and risk management planning. Working on such diverse teams will better prepare students for the cybersecurity workforce.
The Clinic aims to make as many projects teams interdisciplinary as possible. However, team membership and skills depend on student enrollment in an approved experiential learning course and student applicants for non-course Clinic projects.