Craig Newmark, founder of online classified site Craigslist, is providing a new gift from Craig Newmark Philanthropies to establish the NYU Cybersecurity Clinic at the NYU Center for Cybersecurity (NYU CCS). The clinic will deliver free, hands-on cybersecurity support to the nonprofits, community health clinics, shelters, legal aid services, K–12 schools, and small organizations that increasingly find themselves on the front lines of cybercrime while lacking adequate resources to defend themselves. The clinic will empower these organizations to improve their cyber resiliency with technology and governance strategies, training, and tools, and public-private information sharing. The clinic will not provide legal advice or representation.
[Photo above: Craig Newmark. Photo by Ian Gittler]
Founded in 2015, the NYU Center for Cybersecurity is jointly housed at the NYU School of Law and the NYU Tandon School of Engineering and brings together more than 50 faculty members across law, computer science, and policy. NYU Tandon is one of a small number of US institutions designated by the National Security Agency as a National Center of Academic Excellence in Cyber Defense, Cyber Operations, and Cyber Research. The center’s existing degree programs already pair technologists with lawyers and policymakers, including Tandon’s MS in cybersecurity and a joint NYU Tandon and NYU Law MS in cybersecurity risk and strategy launched in 2017—the same interdisciplinary model the new clinic will deploy in service of community organizations.
The clinic will draw on that interdisciplinary expertise to provide technological and governance-based cyber risk tools and training, guidance on cybersecurity hygiene (including multi-factor authentication, cloud security, and protections against phishing and social engineering), incident response playbooks, and recovery planning. Faculty, fellows, and trained students working under faculty supervision will deliver these services directly to client organizations, helping the organizations understand and address the ransomware, fraud, deepfakes, and disinformation that are reshaping the security landscape.
The clinic will also join the Consortium of Cybersecurity Clinics, the national network cofounded in May 2021 by UC Berkeley’s Center for Long-Term Cybersecurity. The consortium currently spans 61 cybersecurity clinics across 29 US states and eight countries, and as of June 2025 had trained 3,766 students and served 921 client organizations.
“Under-resourced organizations carry an outsized share of cyber risk in this country, and they shoulder it largely alone,” said Craig Newmark, founder of craigslist and Craig Newmark Philanthropies. “NYU brings together the law, engineering, and policy chops to actually do something about it, and to train the cyber civil defenders we’ll need for decades to come.”
The launch comes at a moment of mounting pressure on civic infrastructure. Ransomware attacks on hospitals, school districts, and small utilities have become routine; AI-generated deepfakes and social engineering schemes are eroding public trust; and the organizations holding the most sensitive data about vulnerable New Yorkers are often the least equipped to protect it.
“Cybercrime and fraud are frontline threats against the institutions that hold our communities together,” said Judith H. Germano, co-director of the NYU Center for Cybersecurity and former chief of economic crimes at the US Attorney’s Office for the District of New Jersey, where she spent more than a decade prosecuting cybercrime, fraud, and identity theft. “The NYU Cybersecurity Clinic will enable NYU to bring its outstanding legal, technical, and policy expertise to bear on that problem, in direct service of organizations that have been waiting too long for help. We are deeply grateful to Craig Newmark Philanthropies for making this possible.”
The clinic will also work closely with city, state, and federal partners (including NYC Cyber Command, the New York State chief cyber officer, and federal law enforcement) to share threat intelligence, coordinate response, and shape the policy frameworks that govern cybercrime.
