Farida, Naim, Stephen, and Oleksii are a part of something new. The Catalyst Cyber Clinic, funded by Okta, was designed to strengthen Canada’s most vulnerable non-profit organizations by pairing emerging cyber talent with real-world need. These four cyber pioneers are Catalyst graduates, which puts them in an optimal position to help a resource-constrained population and build their resumes to make a continual impact in the sector.
Farida, Naim, Stephen, and Oleksii are our Cyber Clinic Consultants: certified cybersecurity professionals translating technical expertise into tangible protection for organizations that need it most.
The Clinic is one of the first structured, learner and alumni-led cybersecurity advisory initiatives of its kind in Canada. The target audience is under-resourced non-profit and other community organizations across the country, and emerging leaders like Farida, Naim, Stephen, and Oleksii provide free cybersecurity risk assessments and actionable security roadmaps to these populations. “These vulnerable groups are already in a position where they’re suffering,” says Farida. “They’re in difficult situations. But they also face the risk that their information can be compromised or stolen. It’s just an additional layer.” It was this layer of preventable cyber risk that Farida wanted to reduce.
Understanding risk in the non-profit sector
Naim weighs in. He’s worked with non-profits before, and one theme has been consistent: they’re typically consumed with their objectives. “They take technology for granted, and that leads to completely overlooking the hidden factors that could pose a risk to their environment.”
Those hidden risks are often basic but dangerous: unpatched systems, inconsistent backups, missing multi-factor authentication, and blind spots in third-party software. He sees this as the value the Clinic delivers to those nonprofits, surfacing risks that are invisible until an incident occurs.
At the start of each engagement, Farida explains, it was important to understand the client’s needs and match them with practical solutions they could implement. Each Clinic team begins with a structured review of the organization’s existing controls, policies, access management, endpoint protections, and incident response preparedness, and maps gaps against widely recognized standards.
Unlike large corporations, Clinic clients don’t have access to expansive security budgets or tool stacks. The priority isn’t complexity; it’s practical controls they can implement and sustain. For many nonprofits, that means prioritizing foundational controls: strengthening password policies, enabling multi-factor authentication, improving phishing awareness, validating backup integrity, and clarifying roles in the event of a cyber incident.
This was part of the Clinic’s learning, according to Farida, that there are many things the average organization can do to significantly reduce risk exposure without major capital investment.
In one engagement, the team discovered that a nonprofit handling sensitive client records had no multi-factor authentication enabled across administrative accounts. Within days, the Clinic helped implement baseline protections, a small shift that dramatically reduced exposure.
Oleksii sees eye to eye with Farida on the Clinic’s mission and purpose. The common thread is that the Clinic connects to highly exposed nonprofit organizations, but there’s more to it. Oleksii underscores that the vulnerability of these organizations often goes hand in hand with the very valuable information that cybercriminals are most interested in: donor records, financial data, and sensitive client information.
Oleksii loved the work for precisely this reason: it presented a challenge and a great opportunity; he could meet a limited-capacity nonprofit where they were, conduct a structured risk review, and provide them with a clear, prioritised action plan.
A team-based model of defence
Stephen was particularly motivated by the opportunity to work on a team. Each nonprofit partnership in the Clinic operates as a self-contained engagement with defined milestones: assess, analyse, and deliver recommendations.
These teams are unique in that all teammates are driven to collaborate and make a difference, but they face the same expected and unforeseen challenges as any cybersecurity team: incomplete documentation, legacy systems, and evolving risk profiles.
“It’s been a while,” says Stephen, “since I’ve done a real team-focused project like this where everyone is expected to carry their weight. I had a great team.” Stephen explains that despite the calibre of his team, they each had to put themselves in the mindset of ‘we have to carry this project over the line.’ That was a core realization for Stephen. “It’s a lot of what cybersecurity is,” he says. “We’re not just lone operators. We all have to work on teams.”
Growth through application
Naim is a technology veteran but after a corporate layoff, he was having trouble landing work and enrolled in CLIC to get a foot in the door. The Clinic changed his horizon. He says that before, he had always thought of his career as having a dotted line to the Chief Information Officer. The Clinic was different. It showed him how much is taken for granted and how misconfigurations, excessive permissions, or neglected updates can have serious consequences for an organization.
“The Clinic helped me see the real-world impact of these issues,” says Naim, “and I felt motivated to approach these business challenges with a security mindset.”
Stephen and his peers left the project with confidence. He identifies a shared sentiment between the four: “I can do this again. Even if I had to do it on my own, I’ve seen the process work now. I did it, so I know I can do it again.”
Naim says it comes down to courage. It’s his biggest takeaway. “You have to have self-confidence to step out of your comfort zone and not fear taking on a new challenge, even if you haven’t faced those sorts of challenges before.” There’s a fearlessness involved in asking questions, but it’s the only way to make change and learn new things. If you didn’t know the answer to a question, says Naim, you could ask someone at the Clinic. “Everything else, we learned, or you’re coming with experience. It reinforced that you need to learn by doing, and real growth happens when you apply what you’ve learned to a real-life business situation.”
For Farida, it was confidence that made the difference, too. “I started to believe in my abilities. I thought if someone else does, I should too.”
The Clinic was transformative to the career path of Oleksii, Farida, Stephen, and Naim.
Oleksii found a promotion through his development in the Clinic. He was laid off and with his package, he decided to take the CLIC program. Following that, he wrote an email to the Clinic; the deadline was tight. He completed the program, and by the end, he had found a job as a manager of financial systems analysis.
For Farida, the transition from the Clinic to professional growth was seamless. As the Clinic came to a close, she was hired into a role made possible by the experience she gained supporting an under-resourced organization. She felt a newfound confidence, even on Day 1, because the Clinic equipped her with the skills to contribute as an active team player.
At the time that he applied to the Clinic, Stephen was looking for a role, sending his resume around, doing online courses, and trying to build his skills. Since completing the Clinic, consulting opportunities have surfaced.
With a background in knowledge translation, the Clinic has inspired Naim to make cyber concepts accessible to the general population.
Building collective resilience
Like his colleagues, Stephen felt the difference on the ground. Not only was he inspired by putting his cyber skill set to work, but he also felt the magnitude of helping organisations reduce their exposure to ransomware, phishing, and data compromise.
“I got a survey at the end asking, would you be open to doing another one of these? And if so, how soon? I said, ‘immediately.’ I would do this again in a heartbeat.” Farida, Naim, and Oleksii were quick to say something to the same effect.
The Clinic does more than strengthen individual organisations. It builds capable defenders while embedding sustainable security practices where they’re needed most, expanding Canada’s cyber resilience from the ground up.
Consultant bios
Farida Mussayeva:
Farida is a cybersecurity professional with experience in cyber threat intelligence, threat hunting, and incident response, specializing in analyzing adversary tactics, techniques, and procedures (TTPs) to support intelligence-driven decision-making. She is skilled in producing threat assessments, tracking campaigns, and applying frameworks such as MITRE ATT&CK and the Cyber Kill Chain.
Naim Minawi:
Naim is an IT Manager with over 2 decades of experience in IT service management and cybersecurity managing a global team. He holds an MBA in Digital Transformation from McMaster University, and recently graduated from the Rogers Cyber Security program where he earned industry recognized certifications in Cybersecurity Technologies.
Oleksii Zelinskyi:
Oleksii is a dedicated and detail-oriented IT professional with a strong background in financial and business systems analysis, project management and IT audit. He is an expert in continuous improvement, team management, GRC (governance, risk management and compliance) to provide outstanding IT service management. Olkilled in conducting research, technology evaluation, developing incident response plans, and collaborating across teams to enhance IT operations.
Stephen Douglas:
Stephen is an experienced Senior Operations Administrator, making the transition from the financial services industry into cybersecurity. Over ten years of comprehensive experience within online banking, finance, and IT. He possesses expertise in cybersecurity, help desk support, operations administration, IT troubleshooting, risk analysis, case management, time-sensitive investigations & analysis, customer service, conflict resolution and de-escalation. Stephen recently completed the Rogers Cybersecurity Catalyst Program. He acquired multiple IT certifications to date and actively honed skills through hands-on technical scenarios & lab work.