Research Hub Offers Cybersecurity Help to Under-Resourced Orgs TechTarget and Informa Tech’s Digital Business Combine.TechTarget and InformaTechTarget and Informa Tech’s Digital Business Combine.Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.Dark Reading Resource LibraryBlack Hat NewsOmdia CybersecurityAdvertiseNewsletter Sign-UpNewsletter Sign-UpCybersecurity TopicsRelated TopicsApplication SecurityCybersecurity CareersCloud SecurityCyber RiskCyberattacks & Data BreachesCybersecurity AnalyticsCybersecurity OperationsData PrivacyEndpoint SecurityICS/OT SecurityIdentity & Access Mgmt SecurityInsider ThreatsIoTMobile SecurityPerimeterPhysical SecurityRemote WorkforceThreat IntelligenceVulnerabilities & ThreatsRecent in Cybersecurity TopicsСloud SecurityHackers Use AI for Exploit Development, Attack AutomationHackers Use AI for Exploit Development, Attack AutomationbyAlexander CulafiMay 11, 20264 Min ReadСloud SecurityAfter Replacing TeamPCP Malware, 'PCPJack' Steals Cloud SecretsAfter Replacing TeamPCP Malware, 'PCPJack' Steals Cloud SecretsbyNate NelsonMay 7, 20265 Min ReadWorld Related TopicsDR GlobalMiddle East & AfricaAsia PacificLatin AmericaSee AllThe EdgeDR TechnologyEventsRelated TopicsUpcoming EventsPodcastsWebinarsSEE ALLResourcesRelated TopicsResource LibraryNewslettersPodcastsReportsVideosWebinarsWhite Papers Partner PerspectivesDark Reading Resource LibraryCyber RiskEndpoint SecurityMobile SecurityRemote WorkforceCybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know.Research Hub Bridges Cybersecurity Gap for Under-Resourced OrganizationsThe UC Berkeley Center for Long-Term Cybersecurity (CLTC) offers tools and support to schools, local governments, and non-profits as they defend themselves against a growing volume of cyberattacks.Arielle Waldman,Features Writer,Dark ReadingMay 5, 20264 Min ReadSource: imageBROKER.com via Alamy Stock PhotoStates, cities, and localities are struggling to stay ahead of devastating cyberattacks, but some under-resourced organizations are buckling under pressure. Recent cuts to federal initiatives and policy changes mean they can't expect help from that quarter, paving the way for independent organizations and initiatives to fill the ever-widening void.The Cybersecurity Infrastructure and Security Agency (CISA) has seen its budget slashed and its workforce dramatically downsized over the past two years. The US government has also pulled back help for the Multi-State Information Sharing and Analysis Center, a public-private information-sharing initiative for people, businesses, and governments at the state, local, and tribal levels. And the White House's Cyber Strategy for America encourages organizations to adopt a more offensive approach as part of their defense strategies, something that may be difficult, if not out of reach, for smaller-scale organizations lacking dedicated IT and cybersecurity teams. Related:Electricity Is a Growing Area of Cyber-RiskThe University of California Berkeley's Center for Long-Term Cybersecurity (CLTC) aims to fill this growing gap by providing tools and services for low-resource organizations, such as nonprofits, municipalities, and schools. "The feds have pulled back so hard on funding and support," says Sarah Powazek, CLTC program director of public interest cybersecurity. "It's sort of everyone for themselves at the local level."'Out of Reach For Smaller Organizations'CLTC sees the problems and provides several initiatives to help resourced-strapped entities solve them. More importantly, the research and collaboration hub understands these groups have limitations. They need services — human-to-human, hands-on help — before they need toolkits, checklists, and software."[We're] in a state where there are a lot of tools for free, but very few people have free services," Powazek tells Dark Reading.On the research side, CLTC offers Cybersecurity for Cities and Nonprofits (CyberCAN), where nonprofits can partner with cities, counties, and state governments to conduct surveys in their regions and then share the findings. For example, research could highlight the number of attacks or the security health of nonprofits.Coalition building, which includes cybersecurity clinics, is more hands-on. The clinics operate as a dual workforce training/cybersecurity defense program. Students, including undergraduates, learn to perform basic vulnerability or risk assessments for local organizations, while nonprofits, schools, cities, and small businesses receive similar help that they'd get from a professional service. One important note: It's free.Related:Lies, Damned Lies, and Cybersecurity Metrics"I used to work for CrowdStrike, and those engagements are very expensive and pretty much out of reach for smaller organizations," she says. "But they're the ones who need hands-on support and education the most."More Attacks, Less SupportSchools, local government, and nonprofits are dealing with cyberattacks and scams of all kinds. For example, a phony invoice is enough to get nonprofits — operating with small budgets and margins — to hand over a large chunk of money, according to Powazek. Nonprofits have to prioritize funding support operations and delivering services, which leaves little for cybersecurity. Losing $10,000 to $20,000 in this kind of a scam could be enough to put them out of business, she warns. "The risk is higher [for these nonprofits] even though the types of threats they face are similar to enterprise organizations," she says. "Maybe not as many nation-state attacks, but commercial attacks hit them hard enough."  While ransomware is a huge disruptor for K-12 schools, CLTC is also seeing a growing number of supply chain attacks against K-12 vendors. CLTC convened a group of education technology vendors to discuss security next-steps shortly after cyberattackers exploited vulnerabilities in the widely used MOVEit file transfer application. The attacks resulted in one of the largest data breaches affecting K-12 schools, exposing students' personal and health information — an attacker's treasure trove. Related:Shadow AI in Healthcare Is Here to Stay"The education technology industry is behind the times with cybersecurity," Powazek says. "They have few bug bounty programs or vulnerability disclosure programs."Every school uses Microsoft and Google — and less than 10 vendors account for 80% of the ed-tech market, according to Powazek. Applying the right amount of pressure on vendors to implement secure-by-design initiatives and turn on multifactor authentication by default "could have a cascading effect on the K-12 industry," she says. Perspective: It's a Community Center Issue Powazek also points to CLTC's state-run volunteering initiative. Its goal is to act as a bridge. Cyber reserve teams will deploy state volunteers to help recover from a city ransomware incident, for example. States and localities are trying to build up the people and infrastructure to start taking care of these incidents by themselves, knowing that the feds are pulling back even more, she adds."It was an issue even before CISA had this exodus, but it didn't extend the last mile," Powazek says. "It didn't penetrate to communities themselves."Community security is national security, emphasizes Powazek, and that's what she'd like her work at CLTC to highlight. Take less-resourced organizations and large enterprises together, and "it's a large attack surface for the US," she says. Tackling security for the former will only benefit the larger picture."Understand it as a community center issue — homeless services, legal aids, food banks — all those types of organizations that really don't have IT staff but are integral to the community," she says. About the AuthorArielle WaldmanFeatures Writer, Dark ReadingArielle spent the last decade working as a reporter, transitioning from human interest stories to covering all things cybersecurity related in 2020. Now, as a features writer for Dark Reading, she delves into the security problems enterprises face daily, hoping to provide context and actionable steps. She looks for stories that go past the initial news to understand where the industry is going. She previously lived in Florida where she wrote for the Tampa Bay Times before returning to Boston where her cybersecurity career took off at SearchSecurity. When she's not writing about cybersecurity, she pursues personal projects that include a mystery novel and poetry collection.   See more from Arielle WaldmanWant more Dark Reading stories in your Google search results?Add Us NowMore InsightsIndustry ReportsHow Enterprises Are Developing Secure ApplicationsInside RSAC 2026: security leaders reveal the risks redefining your defense strategyHow Enterprises Are Harnessing Emerging Technologies in CybersecurityDitch the Data Center: Understanding Flexible Cloud Infrastructure Security Management2025 State of MalwareAccess More ResearchWebinarsThe New Attack Surface: How Attackers Are Exploiting OAuth to Own Your Cloud WorkspacePrompt Injection Is Just the Start: Securing LLMs in AI SystemsAnatomy of a Data Breach: What to Do if it Happens to YouHow Well Can You See What's in Your Cloud?Implementing CTEM: Beyond Vulnerability ManagementMore WebinarsEdge PicksApplication SecurityAI Agents in Browsers Light on Cybersecurity, Bypass ControlsAI Agents in Browsers Light on Cybersecurity, Bypass ControlsCyber RiskBrowser Extensions Pose Heightened, but Manageable, Security RisksBrowser Extensions Pose Heightened, but Manageable, Security RisksLatest Articles in The EdgeCybersecurity OperationsHelping Romance Scam Victims Requires a Proactive, Empathic ApproachApr 24, 2026|5 Min ReadCyber RiskElectricity Is a Growing Area of Cyber-RiskApr 22, 2026|5 Min ReadVulnerabilities & ThreatsNIST Revamps CVE Framework to Focus on High-Impact VulnerabilitiesApr 16, 2026|4 Min ReadСloud SecurityWhy Orgs Need to Test Networks to Withstand DDoS Attacks During Peak LoadsApr 13, 2026|2 Min ReadRead More The EdgeWant more Dark Reading stories in your Google search results?Black Hat Asia | Marina Bay Sands, SingaporeExperience cutting-edge cybersecurity insights in this four-day event. Use code DARKREADING for a Free Business Pass or $200 off a Briefings Pass.GET YOUR PASSDiscover MoreBlack HatOmdiaWorking With UsAbout UsAdvertiseReprintsJoin UsNewsletter Sign-UpFollow UsCopyright © 2026 TechTarget, Inc. d/b/a Informa TechTarget. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers. All copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.’s registered office is 275 Grove St. Newton, MA 02466.Home|Cookie Policy|Privacy|Terms of UseYour Privacy Choices

The TechTarget and Informa Tech network, encompassing properties like Dark Reading and Digital Business, is presenting itself as an unparalleled resource for professionals across the technology landscape, serving a substantial audience of over 50 million with original content. This network’s core function is to provide critical insights and inform decision-making for businesses, leveraging its 220+ online properties and 10,000+ granular topics. The organization’s efforts are particularly focused on bridging a critical gap in cybersecurity support for under-resourced organizations—specifically, schools, local governments, and non-profits. This gap has widened due to budget cuts impacting agencies like the Cybersecurity Infrastructure and Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center, alongside the White House’s shift towards an offensive cybersecurity strategy which can be challenging for smaller entities.

The University of California Berkeley’s Center for Long-Term Cybersecurity (CLTC), now a Research Hub, is directly addressing this need. Under the direction of Sarah Powazek, the CLTC offers a range of services, recognizing that traditional, expensive security solutions aren’t accessible to these organizations. The hub operates through initiatives like Cybersecurity for Cities and Nonprofits (CyberCAN), facilitating collaboration between these groups and larger entities to share threat intelligence and conduct vulnerability assessments. This involves hands-on “clinics” where students, effectively acting as cybersecurity defense programs, perform risk assessments and educate local organizations—a service previously unavailable due to the cost associated with professional security firms. Powazek emphasizes that resources are scarce, with many tools available but lacking the human support needed.

The CLTC’s approach is characterized by its recognition of the evolving threat landscape, including attacks on K-12 education technology vendors following the MOVEit breach, and the increased vulnerability of supply chains, particularly within the tech sector. Powazek points to a lack of bug bounty programs and vulnerability disclosure programs within the ed-tech industry, highlighting the need for pressure to drive secure-by-design initiatives and default multifactor authentication. The organization's broader vision extends to a “community center issue” perspective, recognizing that cybersecurity for smaller organizations is integral to national security and emphasizing the importance of building local resilience. This collaborative model, combining state volunteers and larger enterprises, addresses a security gap exacerbated by the federal government's reduced support. The Research Hub essentially aims to mitigate risks stemming from a larger combined attack surface.