•  
  •  
 

Publication Date

9-8-2025

Abstract

The cybersecurity profession continues to face a significant shortfall of qualified professionals despite steady growth in degree programs. Employers consistently cite experience as the main barrier for entry-level cybersecurity hires. This paper argues that clinic-based experiential learning offers a scalable solution to that preparation gap. A systematic literature review spanning academic and professional literature was conducted to examine: (1) barriers to entry for aspiring cybersecurity professionals; (2) the effectiveness of experiential learning compared to traditional instruction; and (3) the viability and scalability of cybersecurity clinics. Screening emphasized workforce development, experiential pedagogy, and alignment with the NICE Cybersecurity Workforce Framework. Findings show persistent misalignment between curricula and employer demands as entry-level roles frequently require prior professional experience, certifications, and proficiency with industry-standard tools. In contrast, experiential models grounded in Kolb’s learning cycle and informed by traditions in law and health consistently improve technical competence, professional judgment, and job readiness. Cybersecurity clinics, implemented as capstones, semester courses, perpetual or club programs, or internships, provide authentic client work that builds student portfolios and professional networks while delivering public-interest services. This paper examines two Arizona initiatives, Regional Security Operations Centers (RSOCs) and the Arizona Cybersecurity Clinic, as illustrative examples of scaling experiential models to server under-resourced organizations while producing measurable workforce benefits. Contributions include a synthesis of clinic models and tools, a preliminary mapping of clinic activities to NICE roles and KSAs, and a forward agenda defining shared evaluation metrics, open datasets, and longitudinal outcome studies.

Download

Share

COinS