A local faith-based nonprofit faced outdated security practices and a recent email compromise attempt. We assessed their systems and implemented modern protections.
A solo health consultant handling sensitive client data needed HIPAA-aligned security practices without enterprise-level costs.
A retired individual became a victim of a tech support scam and needed help securing their digital life and recovering from the incident.
A K-8 charter school needed to assess their network security and train staff before a state compliance review.
A community health clinic serving underserved populations needed ransomware preparedness assessment and staff training.
This faith-based community organization had been operating with minimal cybersecurity infrastructure for over a decade. Their email system had been targeted in a business email compromise (BEC) attempt that nearly resulted in a fraudulent wire transfer. Staff members were using shared passwords, and there was no formal IT policy in place. The organization lacked the budget for a full-time IT professional and needed affordable, mission-aligned support.
Paragon Cyber deployed a team of two residents under senior supervision to conduct a comprehensive security assessment. We performed a full email security audit, implemented multi-factor authentication across all accounts, and configured advanced threat protection on their Microsoft 365 environment. Our residents created a customized Acceptable Use Policy and conducted a 90-minute staff training session on recognizing phishing attempts and social engineering tactics. We also established a quarterly security check-in schedule.
“Working with this organization showed me how much impact we can have on communities that are often overlooked by traditional security firms. Seeing the staff gain confidence in their digital safety was incredibly rewarding.”
Security Analyst Resident
An independent health consultant working with multiple healthcare organizations needed to ensure their practice met HIPAA security requirements. Operating as a solo practitioner, they handled protected health information (PHI) daily but lacked formal security controls. A recent client audit raised concerns about their data handling practices, putting future contracts at risk.
Our team conducted a HIPAA security risk assessment following OCR guidelines. We documented all systems handling PHI, identified gaps in administrative, physical, and technical safeguards, and created a prioritized remediation plan. Residents helped implement encrypted email communications, secure file sharing solutions, and a documented incident response procedure. We provided a compliance documentation package suitable for client audits.
“This project taught me how to translate complex compliance requirements into practical, affordable solutions. Small businesses deserve the same protection as large enterprises.”
Compliance Analyst Resident
A retired community member fell victim to a sophisticated tech support scam, granting remote access to their computer and providing financial information. They were emotionally distressed and unsure of the extent of the compromise. Family members reached out seeking help to secure their loved one's digital presence and prevent future incidents.
Paragon Cyber provided pro-bono incident response services. Our team performed a full system scan and malware removal, reset all compromised credentials, implemented a password manager with unique passwords for all accounts, and set up fraud alerts with credit bureaus. We conducted a personalized one-on-one training session covering common scam tactics and red flags. A resident created a simple quick-reference guide for the client to identify suspicious contacts.
“This case reminded me why I got into cybersecurity. Helping someone regain their sense of safety after being victimized was one of the most meaningful experiences of my residency.”
Incident Response Resident
A charter school serving 400 students faced an upcoming state technology compliance review with concerns about their network security posture. The school had experienced several phishing attempts targeting staff, and their IT infrastructure had grown organically without formal security planning. Budget constraints limited their options for commercial security services.
Paragon Cyber conducted a network security assessment covering all school systems, including student information systems, learning management platforms, and administrative networks. Our residents performed vulnerability scanning, reviewed firewall configurations, and assessed wireless network security. We delivered a school-specific security awareness training for all 45 staff members, including realistic phishing simulation exercises. A comprehensive report with prioritized recommendations was provided.
“Schools are critical infrastructure for our communities. Knowing that our work helps protect student data and keeps learning environments safe gives real purpose to the technical skills we’re building.”
Network Security Resident
A federally qualified health center (FQHC) serving underserved communities became concerned about ransomware threats after several similar clinics in the region were attacked. With limited IT staff and a complex mix of electronic health records, medical devices, and administrative systems, they needed to understand their risk exposure and improve their defensive posture without disrupting patient care.
Our team performed a ransomware readiness assessment evaluating backup systems, network segmentation, endpoint protection, and incident response capabilities. Residents conducted tabletop exercises with clinic leadership simulating a ransomware scenario to test response procedures. We provided specific recommendations for backup improvements, network isolation of critical systems, and staff training. A customized incident response playbook was developed for their environment.
“Healthcare organizations face unique challenges balancing security with patient care. This project showed me how to communicate risk to non-technical stakeholders in ways that drive real action.”
Threat Assessment Resident
All client identities have been fully anonymized in accordance with our strict NDA policy. Case studies are shared to illustrate capability only. No identifying information, locations, or organizational details have been disclosed.
Whether you’re a nonprofit, small business, school, or individual — we’re here to help secure your mission.
