Cloud Security, Risk Assessments/Management, Security Strategy, Plan, Budget

Nearly two dozen nonprofits form new coalition to collaborate, amplify good cyber advice

Philip Reitinger, president & CEO of Global Cyber Alliance, attends the 2016 Concordia Summit on Sept. 20, 2016, in New York City.  (Photo by Paul Morigi/Getty Images for Concordia Summit)

A group of nonprofits are banding together to form a larger coalition that will combine and align their collective cybersecurity research, tools and resources to help protect vulnerable organizations from cyberattacks.

Called Nonprofit Cyber, it includes at least 22 nonprofit organizations dedicated to cybersecurity, including the Center for Internet Security, the Cloud Security Alliance, the Cyber Threat Alliance, the Cyber Peace Institute, the Global Cyber Alliance, MITRE’s Engenuity Center for Threat Informed Defense, SAFECode and Consumer Reports.

According to a press release, Tony Sager, senior vice president of the Center for Internet Security, and Philip Reitinger, president and CEO of the Global Cyber Alliance, will serve as co-chairs of the executive committee. The initial focus of Nonprofit Cyber will be on building awareness of the work and services that these organizations provide to the public free of charge as well as aligning their internal workstreams to achieve “greatest effect.”

In an interview with SC Media, Reitinger described Nonprofit Cyber as a lightweight “coalition” that is bound by a charter, and though all 22 current members are non-profits, Nonprofit Cyber is not itself a 501c3 organization.

“This is a collection of entities that are all working in that ‘trying to get stuff done’ space, and it just seemed…that we could be more effective if we were even better at working together,” Reitinger said. “There are opportunities to do things jointly, like joint releases, timing of announcements, these sorts of things where we can do an even better job of supporting each other and making sure that our activities align.”

The main goals are to improve broader coordination within the non-profit sector, give greater reach to the specific expertise each organization brings and provide a unified signal to the public about some of the best cybersecurity practices or resources available. It's part of a broader effort to cut through the marketing hype and FUD (or “Fear Uncertainty and Doubt”) that many organizational leaders face when navigating their cybersecurity problems.

“A big challenge here is the sheer amount of noise there is, the biggest barriers for small businesses for example to get something done is not implementing something for picking what to implement,” said Reitinger.

(Photo source:

It also means aligning their workstreams to be complimentary so that multiple organizations are working together on projects so they aren’t needlessly duplicative or wasting resources, as well as potentially collaborating on cybersecurity guidance documents in the future.

The idea of banding together was described as a bottom-up initiative, with many individual discussions among different groups over the past few years about the need to coordinate their limited resources and amplify good research throughout the nonprofit ecosystem. In the fall of 2021, those conversations led to Zoom meetings to explore the concept and develop the outlines of a charter and organizational structure that could guide the collective efforts of a larger group.

One thing Nonprofit Cyber will explicitly veer away from is taking formal positions around policy or regulatory decisions, with Reitinger telling SC Media that it was “absolutely not” in their writ to get involved in lobbying governments or pushing for legal or policy changes, though individual members are still free to do so.  

“It’s not going to lobby, it’s not going to say, you know, governments need to regulate or not regulate or do these sorts of things — that’s not what this is about,” Reitinger said. “Members can take those sorts of positions, members can band together to take those positions, but the actual organization is about mutual collaboration or raising awareness.”

A full list of member organizations includes: the Anti-Phishing Working Group, the Center for Internet Security, the Center for Threat-Informed Defense, the Cloud Security Alliance, Consumer Reports, CREST International, the Cyber Defence Alliance, the CyberPeace Institute, the Cyber Readiness Institute, the Cyber Threat Alliance, the Cybercrime Support Network, the CyberGreen Institute, the FIDO Alliance, the Forum of Incident Response and Security Teams, the Global Cyber Alliance, the National Cyber Forensics and Training Alliance, the National Cybersecurity Alliance, the Open Web Application Security Project, SAFECode, the Shadowserver Foundation, Sightline Security, and #ShareTheMicInCyber.

Derek B. Johnson

Derek is a senior editor and reporter at SC Media, where he has spent the past three years providing award-winning coverage of cybersecurity news across the public and private sectors. Prior to that, he was a senior reporter covering cybersecurity policy at Federal Computer Week. Derek has a bachelor’s degree in print journalism from Hofstra University in New York and a master’s degree in public policy from George Mason University in Virginia.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.