We interviewed Nicolas Sera-Leyva, Co-executive Director of the Center for Digital Resilience, to learn more about its mission, how it is addressing digital inequalities by partnering with local communities, and how efforts like Common Good Cyber can solve some of the persistent barriers civil society organizations face. 

Can you introduce the Center for Digital Resilience and its work improving cybersecurity in the public interest?

The Center for Digital Resilience (CDR) is a US registered 501(c)(3) established in 2018, with a strong track record of implementing collaborative, data-assisted strategies to prevent digital attacks and protect civil society communities against global digital threats from hostile actors. CDR’s vision is that of a world where civil society has the space to thrive. Our mission is to strengthen the digital resilience of civil society communities, so they can operate more safely, sustainably, and independently in the digital space. Our international team, based across Europe, Africa and the US, works closely with high-risk civil society in over 20 countries, fostering regional hubs for community resilience by building sustainable and innovative tools, systems, and coalitions. 

CDR believes that digital security requires a strategic, collective effort with a long-term approach to behavior change. We work with local partners to bolster the digital strength and wellness of every individual within a stated community of civil society actors. We operate via local partnerships across multiple regions, including MENA, East Africa, and Southeast Asia. Our work includes incident response, preventative assistance, and threat intelligence sharing to help communities face evolving digital threats.

High-risk actors like NGOs often lack the cybersecurity resources available to larger organizations. How does the Center for Digital Resilience address this digital inequality, and what makes your model sustainable in the long run?

CDR develops and maintains a suite of adaptable, cross-cutting technology tools that can be easily deployed for partners. Our Link Helpdesk allows partners to offer communities secure, multi-channel infrastructure for rapid incident response; our Leafcutter platform allows users to aggregate and contextualize digital threat intelligence from helpdesk-generated ticketing data, in order to gain insight into patterns of attacks and thus better preventatively protect communities against them. 

We run capacity-building Community Resilience Programs, collaborating with local partners to develop localized structures for digital resilience: the tools, processes, training, capacity, threat intelligence, and support they need to act as local support hubs, providing communities of grassroots civil society organizations (CSOs) with long-term preventative assistance and reliable, effective incident response.

 We run Incubator Programs to upskill mid-career regional digital security practitioners into advanced digital security providers via intensive training, mentorship, and organizational embedments. Participants gain crucial skills (such as malware forensics analysis, phishing mitigation, and network penetration testing) to help them better meet the needs of their communities, building incident response capacity to aid human rights defenders and NGOs around the world. Since 2022, 42 providers from 25 countries have graduated from this highly competitive, unique-in-field program.

CDR’s programs are optimized for sustainability, allowing small NGOs and civil society groups to access trusted, local support that is sensitive to their needs and contexts, with providers who can offer support at a much lower cost than large cybersecurity providers, without relying on CDR’s long-term, continued presence to be successful. Our technology solutions are all open source and live across our various projects, growing and evolving via the ongoing incorporation of community member input and feedback throughout their life cycles; our Community Resilience and Incubator programs are wholly partner-driven and collaborative, strengthening local capacities and support structures that maximize existing resources and networks.

You work closely with regional stakeholders to build local capacities. How do these partnerships help strengthen your impact—and what lessons can others learn from your collaborative model?

At the most fundamental level, our work is based on strong partnerships. We believe that civil society organizations are intrinsically connected to each other. A vulnerability affecting one organization potentially affects all other stakeholders in that community. So it’s essential to work on the community level – assessing need and risk and building capacity across all stakeholders, to ensure that the network itself is made stronger and more resilient. We’ve seen the effect of this approach across our projects. In one community in the MENA region, we and our partners conducted dozens of digital wellness assessments, helped multiple partners build incident response operations, and operated our own helpdesk to help mitigate attacks against a very high-risk community. The community is now much more protected against attack than it was only a few years ago, thanks to a concerted, collaborative effort to lift all boats, so to speak. 

Can you share a success story where the Center’s work helped a vulnerable organization recover from or prevent a serious cyber threat? What does meaningful impact look like at the grassroots level?

In one of our long-standing projects, we work with a very high-risk community of NGOs working in and around the MENA region. These groups are vulnerable to attacks from skilled state-sponsored adversaries and we’ve spent years setting up incident response systems, conducting wellness checks, and building strategies for gradually increasing their resilience in the face of consistent threats. Nevertheless, attacks happen and need to be responded to quickly and expertly. 

One small NGO in this cohort had its WordPress website hacked, leading to worries about leaked databases, contacts, and staff identities. CDR worked with our partners to take the website offline, identify the specific attack, patch the WordPress vulnerability, and move the website to Cloudflare for DDoS and other protections. Once these mitigations were in place we brought the website back online and created new, secure user accounts. One major lesson from this incident is the amount of personal, hands-on work that is necessary to address these kinds of attacks. While many systems exist to automate incident response and threat data collection, in the end it’s up to experts with strong, trusted community relationships to ensure that organizations are protected. 

What are the biggest obstacles the Center for Digital Resilience faces in maintaining and scaling its mission—whether around funding, awareness, or structural barriers in local communities?

CDR’s primary obstacle to maintaining and scaling our mission is funding. Up until January 2025, our programs were primarily supported by US State Department grants. We suffered a major loss with sweeping termination of many such grants, specifically a three-year Community Resilience program we had just begun implementing in Latin America. This program would have allowed CDR to scale its work in support of digital threat data-sharing ecosystems for regional CSO communities, however our plans to implement it have now been put on hold while we seek new funding. 

This example is illustrative of the larger obstacle we face in terms of funding — because CDR’s programs are iterative in nature and address systems change at scale, they require multi-year funding support in order to be successful — if stopped short in their implementation, our partners and their communities stand to lose access to critical infrastructure, as well as invaluable progress made towards long-term, collective digital resilience. The funding landscape for programs of this type and timeline has shrunk drastically within only a few months, forcing us to focus on maintaining a minimum-viable level of operation for the platforms we maintain and partners we can still support, instead of planning and design for longer-term scaling and sustainability.

How can Common Good Cyber and funders most help the Center for Digital Resilience expand its reach and deepen its impact in protecting digitally vulnerable organizations?

To expand reach and deepen its impact in protecting digitally vulnerable organizations, CDR seeks funding to support the following:

Scale CDR Link operations to meet demand:

Our Link helpdesk platform is in use by over 20 organizations, but we currently have a backlog of demand from over 20 additional organizations (via direct requests and from the networks of our partners) that we are seeking to fulfill. CDR is in need of resources to invest in the capacity and outreach needed to not only maintain our currently active instances, but to fulfill our backlog of current demand, and identify and fulfill further demand from across our networks. Incident response is an essential component of community support; the ability to deploy and maintain more instances of the Link helpdesk will greatly expand the availability of this critical infrastructure for communities who need this assistance most.

Expand Community Resilience programming:

As smaller, under-resourced CSOs across the global majority face increasingly more expansive and dangerous threat landscapes, there is a greater need to support their community-level resilience to digital attacks and interference. In response, CDR is in need of resources to expand our proven model and build more systematic, reliable support structures for at-risk civil society together with local partners. This would include resumption of our previously terminated Latin America program, continued support for established MENA, East Africa, and Southeast Asia programs, and new partnerships to build programs in regions where there existing CSO communities have expressed need and demand for this type of support. This will furthermore allow CDR to continue developing processes and infrastructure for cross-regional sharing of digital threat data to improve local response and prevention efforts.

Scale Incubator Programs to meet demand:

Demand for our incubator programming is high; currently, we can’t accept more than 10% of all applicants due to funding and capacity constraints. CDR is in need of resources to increase the availability of our incubator programs to more incoming service providers, including the ability to support multiple cohorts concurrently through additional staff and trainer/instructor capacity. By doing so, we can facilitate an influx of new providers to support the needs of at-risk CSOs in regional communities, with the advanced skills needed to address the emerging, increasingly sophisticated threats faced by these organizations.