George Mason University Antonin Scalia Law School
Contact Us
703-993-5620

Partner with the TEACH Cybersecurity + AI Clinic

Partner with the TEACH Cybersecurity + Clinic

 

 

 

Client FAQ

 

Who We Work With

We offer no-cost cybersecurity and AI services to under-resourced public and nonprofit organizations in the Washington, DC metropolitan area. Client partners include:

  • K-12 school districts
  • Local government agencies
  • Small utilities or public infrastructure operators
  • Community health clinics
  • Nonprofits and small businesses

What We Offer

Clinic student teams (supervised by expert faculty and cybersecurity professionals) may provide a range of services based on your organization’s needs and our student team focus areas. Services are free of charge and are tailored case-by-case — we work with each client to align the scope with clinic goals and your most pressing needs.

Potential services include:

  • Cybersecurity risk and vulnerability assessments: Review of technical and organizational practices, with a written report outlining key risks, gaps, and prioritized, actionable recommendations.
  • Incident response planning: Assistance developing or updating response protocols, including clear roles, escalation paths, and communication plans.
  • Basic cybersecurity awareness training: Creation or delivery of tailored staff training materials on cyber hygiene, phishing prevention, and data protection.
  • Regulatory compliance reviews: Analysis of relevant privacy, cybersecurity, and data laws (such as HIPAA, FERPA, FTC rules, and applicable state or local requirements), with practical recommendations.
  • Cybersecurity and data policy drafting: Support drafting or reviewing internal policies on access controls, vendor management, passwords, acceptable use, and more.
  • Breach notification planning: Guidance on legal and regulatory requirements for breach reporting, plus help creating a clear notification plan.
  • AI use case analysis: Evaluation of your current or planned use of AI to identify ethical, legal, and operational risks, and offer recommendations for responsible governance.

What We Don’t Do

Our Clinic does not perform intrusive activities, such as digging through your systems, accessing live networks, or handling sensitive data directly.

  • We do not “get hands on keyboards” or operate your systems.
  • All assessments are based on the information and documentation you choose to share — such as policies, procedures, and organizational context.
  • We respect client privacy and security at all times, and our goal is to help you understand risks and practical solutions through reviews, recommendations, and planning support — not to access or store your data.

What We Ask of You

To ensure productive engagement, client organizations commit to:

  • Designating a point of contact
  • Participating in kickoff, regular check-ins, and a potential on-site visit
  • Sharing relevant (non-sensitive) documentation and processes
  • Reviewing and discussing recommendations

Timeline & What to Expect

Clinic projects run on a semester schedule aligned with the academic calendar. Student teams begin active work with clients in January 2026 (Spring semester). During Fall 2025, we focus on confirming client participation, gathering basic information, and keeping in touch to ensure a smooth project kickoff in the new year.

Ready to Learn More?

If you’d like to find out if the TEACH Cyber + AI Clinic is a good fit for your organization, email Jessica Jones, Director, TEACH Cyber and AI Clinic at [email protected]. Download our Client FAQ here.

When reaching out, please include:

  • Your organization’s name and type (e.g., school, local government, nonprofit, small business)
  • A brief description of what your organization does
  • A primary point of contact and their role
  • The best email and phone number to reach you
  • One or two sentences about the kind of cybersecurity or AI support you’re looking for

We’ll get back to you promptly to discuss next steps!