Nonprofit Cyber FAQ

1. What is Nonprofit Cyber?

Nonprofit Cyber is a first-of-its-kind coalition of global nonprofit organizations to enhance joint action to improve cybersecurity. All coalition members are nonprofits that were formed to serve the public interest by developing, sharing, deploying, and increasing the awareness of cybersecurity best practices, tools, standards, and services. 

2. Why was Nonprofit Cyber formed?

A large number of nonprofits in the implementation cybersecurity space are working within their own areas of action toward the joint goal of improving cybersecurity. However, the lack of effective, low cost coordination and communication among them can sometimes lead to inefficiency and duplication, present challenges in working together to solve problems, and present issues for stakeholders in dealing with the cybersecurity nonprofit community. To address this challenge, the Founding Members decided to form a coalition of implementation-focused cybersecurity nonprofits to collaborate, work together on projects, voluntarily align activities to minimize duplication and increase mutual support, and link the community to key stakeholders with a shared communication channel. The coalition is called Nonprofit Cyber.

3. What are Nonprofit Cyber’s priorities?

Nonprofit Cyber will initially focus on two priorities: building awareness of the work of cybersecurity nonprofits globally and aligning their work to achieve the greatest effect. Envisioned as a “collaboration-of-equals,” each member organization has committed to work in coordination to better serve Internet users globally.

4. What activities may Nonprofit Cyber’s undertake?

As it grows, Nonprofit Cyber may work to:

  • Achieve visibility and understanding of the efforts nonprofits are making in cybersecurity;
  • Facilitate shared understanding, alignment and deconfliction of activities;
  • Encourage the leadership, sharing, and celebration of volunteers;
  • Advertise the association and collaboration of nonprofits;
  • Encourage and enable specific reference among members to each other’s products where applicable;
  • Provide a forum for sharing roadmaps of product development and release;
  • Enable and encourage synchronization of product releases where appropriate;
  • Create opportunities for joint or coordinated projects and products among members;
  • Provide a forum for alignment of threat and/or attack models that drive security practice selection;
  • Provide a forum for coordination of joint (by supporting members) public statements and joint communications to authorities on issues of mutual interest, and on the importance of shared and voluntary industry best practices;
  • Prepare and deliver joint presentations to stakeholders; and
  • Submit joint proposals for work and funding.

5. Will Nonprofit Cyber take positions and advocate on issues?

Nonprofit Cyber will support best practices, tools, standards, and services that improve cybersecurity, and it will promote innovations in these areas.  However, as a coalition, Nonprofit Cyber will not engage in activities that would have the appearance of lobbying or support or oppose specific policy actions by governments.  This stance does not preclude member organizations from taking such positions.  

6. Will Nonprofit Cyber direct its members or take specific actions?  

Nonprofit Cyber has no authority to commit or direct members, but is a “collaboration-of-equals”: a good-faith effort to better serve the entire community through expert agreement and collaboration. It does not assert any functional or operational control over any party, force any action by any party, or prevent an organization from holding a unique position on any particular issue or topic. 

7. Who are Nonprofit Cyber’s initial members?

The founding members of Nonprofit Cyber are the Anti-Phishing Working Group (APWG), the Center for Internet Security (CIS), the Cloud Security Alliance (CSA), Consumer Reports, CREST International (CREST), the Cyber Readiness Institute (CRI), the Cyber Threat Alliance (CTA), the Forum of Incident Response and Security Teams (FIRST), the Global Cyber Alliance (GCA), OWASP, and SAFECode [Add other organizations]. Tony Sager of CIS and Philip Reitinger of GCA will serve as co-chairs as the organization begins operations. 

8. Who is eligible to join Nonprofit Cyber?

Members must be:

  • 501(c)(3) or 501(c)(6) nonprofit organizations if organized under US law, and holding an equivalent status if organized under the laws of another country;
  • Nonprofits with the mission to develop, share, deploy and raise awareness of cybersecurity-relevant best practices, guidance, tools, standards and services, rather than focusing on reports, recommendations, or abstract research;
  • Focused on solutions at scale rather than primarily fee-for-service work;
  • Not associations focused on representing the private interests of members; and
  • Involved in “lobbying” only incidentally and only to advance cybersecurity generally rather than on behalf of members.

9. What is the process for applying to Nonprofit Cyber?

Prospective members must complete an application and then be approved by the Executive Committee and Co-chairs. Once approved prospective members must sign a Member Agreement and agree to abide by the Nonprofit Cyber Charter. Application may be downloaded here.

10. How will Nonprofit Cyber be governed?

Nonprofit Cyber will be governed by an Executive Committee, including two co-chairs, elected by the membership every two years. 

11. Is Nonprofit Cyber a US or global organization?

Although the preponderance of initial members are based in the US, Nonprofit Cyber is global in reach.  Some initial members have a global membership or operate in more than one country.  Further, we expect that foreign-based non-profits will join the coalition in the future.