background
When the American LGBTQ+ Museum (ALM) first approached Undaunted Consulting, they shared a familiar challenge: they understood the importance of cybersecurity but weren’t sure how to translate that urgency into practical protections. Everyone on their team was working as hard as they could. They did not have in-house expertise or time to learn. A spike in online harassment after Trump won a second term, and uncertainty about how they might be targeted in the future, put a spotlight on the need for stronger systems, informed staff, and a plan they could actually follow.
This project began the way all of our engagements do: with listening. We believe we must understand people before we can make any recommendations about the tools they might use. We learned everything we could about ALM’s mission, staffing model, existing digital tools, and pain points. We needed clarity on what the organization already understood about cybersecurity and where knowledge gaps existed.
When ALM described that part of the process, they said,
“We were able to give clear and concise expectations of what we needed as a client, and they [Undaunted] were able to assess our learning level of what we already knew about cybersecurity so that they could plot a plan for us to meet our goals.”
That early calibration became the foundation for a plan that was structured, realistic, and built to meet the nonprofit exactly where it was.
For a small team juggling many responsibilities, one of the most meaningful aspects of the project was not having to lead the process themselves. As the client put it,
“Undaunted really led the process, which was really great as a small nonprofit because we didn’t have much expertise or even understanding of what we needed in terms of cybersecurity. So, it was great to have them really lead that process.”
Maintaining a sense of guidance rather than inducing overwhelm was important. Cybersecurity often appears technical or daunting, but each measure was introduced with both clarity and context. The objective extended beyond implementation; it was to cultivate organizational understanding.
Building Systems That Support People
One of the early insights to emerge from the assessment was that the organization was using a mix of digital systems that didn’t communicate well with one another. This created inefficiencies for staff and opened vulnerabilities: more platforms meant more access points to track, more permissions to maintain, and more room for small but consequential security gaps. We recommended consolidating these systems into a single platform wherever possible.
For the client, that recommendation changed more than their security posture—it changed their day-to-day experience.
“One of the recommendations was to consolidate systems. Ultimately, now our systems run faster because it’s all on one platform. That recommendation was super helpful, and it also helped us tighten our security. [Now,] if we had a staff member leave or if we had a cybersecurity threat, it has made it so much easier to contain that by doing that switch.”
This shift is a good illustration of how Undaunted approaches nonprofit cybersecurity work: security improvements should make work easier. By reducing the number of systems to manage, staff gained time back while also lowering risk. And importantly, they gained the reassurance that their organization could respond quickly if something went wrong.
Training That Builds Confidence
As the assessment unfolded, it became clear that the organization’s staff and board needed shared language and shared practices around identifying and responding to threats. Undaunted led customized trainings designed for people without a technical background. Staff and board members learned how to recognize phishing attempts, understand common attack patterns, and to follow good account security and data hygiene practices.
The feedback from the organization’s board underscored the value of this approach.
“We’ve received the most feedback from the board that having Undaunted’s expertise, especially to show them how to identify different types of information skimming or phishing scams, was the most helpful part of our cybersecurity work, especially since they are working with very confidential or complex documents within our organization.”
For staff, the trainings created a kind of practical awareness that transformed their daily routines. They explained,
“We just know when something’s phishing now because we’ve been educated on all the ways that scams or different things could enter our organization. Everyone does feel more confident overall with cybersecurity.”
That confidence mattered not only for day-to-day operations but also for the organization’s broader sense of safety. As the client described it,
“[The biggest impact from working with Undaunted] truly is awareness. Before, we just didn’t know whether something that was happening in our organization was malicious or could be malicious or how these sort of attacks could take place. So it really has been peace of mind to know what all of these malicious cyber attacks could look like, what to do, [and to have] an incident response plan so that we can respond to it immediately.”
A Plan for Urgent Moments
While much of the engagement focused on building proactive security practices, ALM also needed a clear, usable plan for what to do when something went wrong. We developed an incident response plan aligned with the organization’s size, staffing, and risk profile — a plan that laid out who should take action, what steps to follow, and how to contain and document incidents.
Only a short time after the plan was put in place, the organization experienced an urgent security event. Previously, an incident like this might have prompted confusion or even panic. This time was different. Staff recalled,
“We had an urgent incident. Even just being able to shut that down so quickly and then having the peace of mind and security to know that we know what to do. That was worth every penny in my opinion.”
This, more than anything, illustrates the heart of the work: giving teams the tools and confidence they need to navigate moments that could otherwise derail operations.
A Partnership Built on Listening and Adaptation
Throughout the project, ALM consistently noted that what stood out about the experience was not only the expertise but the quality of the partnership. When they had feedback on an early training session, we adjusted the next one accordingly. As they put it,
“We were doing a training and we had some feedback about the training that Undaunted was giving, and they absolutely took all of our feedback. They made changes that we needed for the next training that we did, and everything was great, and everyone treated each other with the utmost respect.”
This kind of responsiveness reinforced the sense that the engagement was truly collaborative, not a one-size-fits-all process, but a conversation that adapted to the organization’s needs.
The Outcomes: Safety, Clarity, and Peace of Mind
By the end of the engagement, ALM described a fundamentally different experience of their work. They no longer had to pause operations to decipher suspicious emails or wonder whether a system issue was actually a threat. They explained,
“We feel safe and secure to just continue the work that we need to do. We feel very trained to be able to identify any scams that come through via email, phone call, texting. We’re very knowledgeable about cybersecurity now so that it’s no longer a question of if we have to stop doing something because we need to figure out a cybersecurity issue. We can just continue with our workflow.”
For a nonprofit balancing limited capacity with serious responsibility, that peace of mind is invaluable. Or as they put it more succinctly:
“We’re just so grateful for the work that you’ve helped us with.”
Looking Ahead
When asked what they would say to another organization considering similar work, the client didn’t hesitate.
“Undaunted will help you understand your baseline security needs and create actionable steps and plans in order to address potential issues and create contingency plans for any urgent needs that happen within your organization related to cybersecurity.”
They added,
“If you do not have the capacity on your team to consider cybersecurity, or if you are experiencing a higher volume of cybersecurity threats, then I definitely would recommend Undaunted.”
What started as uncertainty and vulnerability has evolved into clarity, confidence, and a safer digital landscape. With streamlined systems, an incident response plan, and a team prepared to handle threats, the American LGBTQ+ Museum now moves forward with the peace of mind they were looking for from the very beginning.
Amber Crayton
Amber is the Associate Cybersecurity Consultant here at Undaunted. She specializes in cybersecurity and data protection for nonprofits, including security audits, system implementation, staff training, and translating technical concepts for non-technical teams. Click here to learn more about Amber’s background and expertise!
David J. Dunn
David is the founder of Undaunted Consulting. He specializes in data management system optimization and rapid app development for social service, social justice, and environmental justice nonprofits. Click here to learn more about David’s background and expertise!
