dismissed EB-2 NIW Case: Cybersecurity

U.S. Citizenship 
and Immigration 
Services 
Non-Precedent Decision of the
Administrative Appeals Office 
Date: AUG. 14, 2023 In Re: 27773074 
Appeal of Nebraska Service Center Decision 
Form 1-140, Immigrant Petition for Alien Workers (National Interest Waiver) 
The Petitioner , a cybersecurity analyst, seeks classification as a member of the professions holding an 
advanced degree. Immigration and Nationality Act (the Act) section 203(b)(2), 8 U.S.C. § 1153(b )(2). 
The Petitioner also seeks a national interest waiver of the job offer requirement that is attached to this 
EB-2 immigrant classification. See section 203(b )(2)(B)(i) of the Act. U.S. Citizenship and 
Immigration Services (USCIS) may grant this discretionary waiver of the required job offer, and thus 
of a labor certification, when it is in the national interest to do so. 
The Director of the Nebraska Service Center denied the petition, concluding that the Petitioner 
qualifies for EB-2 classification as an advanced degree professional but that the record did not 
establish that a waiver of the job offer requirement is in the national interest. The matter is now before 
us on appeal. 8 C.F.R. § 103.3 . 
The Petitioner bears the burden of proof to demonstrate eligibility by a preponderance of the evidence. 
Matter ofChawathe , 25 I&N Dec. 369, 375-76 (AAO 2010). We review the questions in this matter 
de novo. Matter of Christa 's, Inc. , 26 I&N Dec. 537, 537 n.2 (AAO 2015). Upon de novo review, 
we will dismiss the appeal. 
I. LAW 
To establish eligibility for a national interest waiver, a petitioner must first demonstrate qualification 
for the underlying EB-2 visa classification , as either an advanced degree professional or an individual 
of exceptional ability in the sciences, arts, or business. Section 203(b )(2)(B)(i) of the Act. 
Once a petitioner demonstrates eligibility as either a member of the professions holding an advanced 
degree or an individual of exceptional ability, the petitioner must then establish eligibility for a 
discretionary waiver of the job offer requirement "in the national interest." Section 203(b )(2)(B)(i) of 
the Act. While neither statute nor the pertinent regulations define the term "national interest," Matter 
of Dhanasar, 26 I&N Dec. 884, 889 (AAO 2016), provides the framework for adjudicating national 
interest waiver pet1t10ns. Dhanasar states that USCIS may, as a matter of discretion, 1 grant a national 
interest waiver if the petitioner demonstrates that: 
• The proposed endeavor has both substantial merit and national importance; 
• The individual is well-positioned to advance their proposed endeavor; and 
• On balance, waiving the job offer requirement would benefit the United States. 
II. ANALYSIS 
The Director found that the Petitioner qualifies for EB-2 classification as an advanced degree 
professional based upon her master of business administration degree froml IUniversity in 
Wisconsin, obtained in 2020. The Director also found that the Petitioner established the substantial 
merit of the proposed endeavor. The issues on appeal are whether the Petitioner has established the 
proposed endeavor's national importance, whether she is well-positioned to advance the proposed 
endeavor, and whether, on balance, a waiver of the job offer requirement would benefit the United 
States. 
As to the proposed endeavor, the Petitioner states that she endeavors to protect the United States 
economy from cyberattacks with "risk management solutions for [digital] information and device 
vulnerabilities." The Petitioner describes in her personal statement the strategies that she believes are 
important for companies to use in cybersecurity risk management, 2 and states that these strategies 
"suggest a procedural model" for cybersecurity risk management that "adopts the concept of practical 
risk management and integrates it into the cybersecurity context." The Petitioner states that she will 
contribute this risk management model to "any organization I find myself [in] and I hope that I can 
continue my research" in cybersecurity risk management. 
In concluding that the Petitioner did not establish the national importance of the proposed endeavor, 
the Director noted that in this determination we focus on the specific endeavor that the Petitioner 
intends to undertake, rather than the importance of the industry or profession. The Director noted that 
the Petitioner submitted evidence of currently being employed as a "risk management specialist" and 
considered this employment to be representative of the type of work that the Petitioner would do for 
clients if the petition were approved. The Director concluded the record did not demonstrate that this 
type of work stands to sufficiently extend beyond the Petitioner's company or its business partners to 
impact the U.S. economy or security industry more broadly at a level commensurate with national 
importance. The Director also found that the evidence in the record did not establish that the proposed 
endeavor has the significant potential to employ U.S. workers or have other substantial positive 
economic effects. 
On appeal, the Petitioner claims that the Director did not folly examine and consider the evidence in 
the record and that the Petitioner submitted "ample objective, documentary evidence" that establishes 
the endeavor's national importance. The Petitioner asserts that this was a "misapplication of the law" 
that rises to the level of abuse of discretion. Specifically, the Petitioner cites to the evidence of "the 
1 See also Poursina v. USCIS, 936 F.3d 868 (9th Cir. 2019) (finding USCTS' decision to grant or deny a national interest 
waiver to be discretionary in nature). 
2 These strategies including educating staff:: adoption of computer-aided tools to identify threats, adopting a multi-layered 
defense approach, and investing in anti-hacker insurance. 
2 
national initiatives in support of the endeavor, government ent1t1es identifying the endeavor as 
nationally important, and demonstrating how the endeavor serves to extend beyond the employment 
the petitioner seeks to hold." The Petitioner states that the evidence from the Cybersecurity and 
Infrastructure Security Agency (CISA), the White House, the U.S. Cyberspace Solarium Commission; 
and the Internet Crime Complaint Center (IC3), among other agencies and entities, establish this point, 
and that the Director did not consider this documentation. 
The Petitioner claims the evidence from these agencies are not "mere articles" but are "documentary 
evidence that expound a clear and straight demonstration of U.S. policies aimed at consolidating 
cybersecurity for, mainly, national security and economy purposes." The Petitioner also asserts that 
the "pieces of evidence are public documents, which ... [increase their] degree of competency and 
credibility." The Petitioner states that CISA and IC3 agree that effectively managing cybersecurity 
and cybercrime risk is critical for national security and the economy. The Petitioner also points out 
that the White House has declared strengthening cybersecurity to be a top priority. The Petitioner 
asserts that this evidence of the importance of cybersecurity and her proposed endeavor statement 
together establish that the endeavor is nationally important. 
In determining whether a proposed endeavor has national importance, we consider its potential 
prospective impact. Matter ofDhanasar, 26 I&N Dec. at 889. An endeavor that has national or global 
implications within a particular field, such as those resulting from certain improved manufacturing 
processes or medical advances, may have national importance. Id. Additionally, an endeavor that is 
regionally focused may nevertheless have national importance, such as an endeavor that has significant 
potential to employ U.S. workers or has other substantial positive economic effects, particularly in an 
economically depressed area. Id. at 890. 
Although the Petitioner characterizes the evidence from CISA, IC3, the White House, and other 
interested government agencies and organizations as identifying the proposed endeavor as nationally 
important and demonstrating that it extends beyond the Petitioner's potential employment, none of 
these sources discuss the Petitioner or her proposed endeavor specifically. Rather, this evidence relates 
to the topics of cybersecurity and cybercrime in general. We agree with the Director that in 
determining whether a proposed endeavor has national importance, the relevant question is not the 
importance of the industry, field, or profession in which an individual will work; instead, to assess 
national importance, we focus on the "specific endeavor that the [noncitizen] proposes to undertake." 
See id. at 889. The Petitioner did not submit any letters of support from any interested government or 
quasi-government agencies discussing the Petitioner's proposed endeavor and its potential to advance 
a national security interest, a critical and emerging technology, or the proposed endeavor's potential 
to have a broad impact on the field of cybersecurity risk management. 
We appreciate the Petitioner's statement that the evidence in the record from these law enforcement 
and government agencies are not "mere articles" and that the source of these reports and documents 
support their credibility. We agree that the evidence to which the Petitioner refers here is credible 
evidence and is helpful in establishing the potential need for and interest in improved cybersecurity 
risk management models, tools, and services. Primarily, however, this speaks to the substantial merit 
of the proposed endeavor, which we agree with the Director has been established. Additionally, while 
such evidence could also be a positive factor in determining national importance, it is not, by itself: 
sufficient for the Petitioner to meet her burden of proof These documents do not discuss the 
3 
Petitioner's specific proposed endeavor, and therefore do not help establish that her proposed endeavor 
is of such a scale that it has the potential to have a broad impact on the field, to have significant positive 
economic effects, or to otherwise rise to the level of national importance. As such, this evidence does 
not establish the proposed endeavor's national importance. 
The Petitioner also appears to object to the Director considering the Petitioner's employment to be 
representative of the type of work that the Petitioner would do for clients if the petition were approved. 
She notes that the Director "simply states that it must be presumed that the Petitioner will conduct 
work in line with their current employment in furtherance of their endeavor." However, the Petitioner 
does not explain how her proposed endeavor would differ from her current work. She also does not 
explain why her current work is not representative of her proposed endeavor, if in fact is it not. 
Additionally, the Petitioner's RFE response brief states that the Petitioner is "already implementing 
her endeavor" by working with her current employer. 
Moreover, the record provides very little other specific information as to how the Petitioner will pursue 
her proposed endeavor. Although counsel's brief in support of the RFE response implies that the 
Petitioner intends to be self-employed, the Petitioner's personal statement and proposed endeavor 
statement do not specify whether the Petitioner proposes to find employment at a company, to be self-­
employed, or to engage in academic research related to cybersecurity risk management. As noted 
above, the Petitioner only states that she hopes to contribute her risk management model to "any 
organization I find myself [in]" and that she hopes to "continue [her] research" in cybersecurity risk 
management. 3 The Petitioner also did not provide a business plan or any evidence of establishing or 
incorporating a business entity. The Petitioner's initial personal statement and the "proposed endeavor 
statement" and "cybersecurity risk management proposal" submitted in response to the RFE primarily 
discuss the Petitioner's educational background and work experience and describe the Petitioner's 
recommended strategies for a "procedural model" for cybersecurity risk management. The statements 
and proposal do not, however, describe a specific business plan for disseminating this model or 
otherwise using this model in such a way that may have a broad impact on the field. 
We acknowledge that the Petitioner intends for the strategies she recommends for cybersecurity risk 
management to be "circulated in the field" and for them be a "significant contribution." But we must 
consider the scope of the specific proposed endeavor, as established by the record. See Matter of 
Dhanasar, 26 I&N Dec. at 889. Here, the evidence in the record establishes that the Petitioner's model 
for cybersecurity risk management is to educate staff, adopt computer-aided tools to identify threats 
quickly, adopt a multi-layered defense approach, and invest in anti-hacker insurance, and that the 
Petitioner may pursue promoting this approach through self-employment. Even if the Petitioner is 
successful in establishing a business and offering consultancy services or otherwise promoting this 
model, the Petitioner has not demonstrated that this would have an impact outside of her individual 
clients and customers. Particularly without an explanation of what sets her methodology apart from 
other cybersecurity models and a specific plan to spread this methodology through the industry, such 
as a business plan or a proposal to engage in academic research, the Petitioner has not established by 
a preponderance of the evidence that her specific endeavor rises to the level of national importance. 
3 Other than this passing reference to "research," the Petitioner did not describe her proposed endeavor as involving 
publishing, presenting, or otherwise disseminating any research within the field, nor she did provide evidence of a 
publication record, a citation record, or having previously presented her work in an academic context. Additionally, the 
Petitioner does not assert on appeal that she intends to engage in academic research. 
4 
The Petitioner has not established that her proposed endeavor has national importance, as required by 
the first prong of the Dhanasar analytical framework. Because the Petitioner has not met the requisite 
first Dhanasar prong, we conclude that she has not established that she is eligible for a national interest 
waiver. We reserve our opinion regarding whether the record satisfies the second or third Dhanasar 
prongs. See INS v. Bagamasbad, 429 U.S. 24, 25 (1976) (stating that agencies are not required to 
make "purely advisory findings" on issues that are unnecessary to the ultimate decision); see also 
Matter of L-A-C-, 26 I&N Dec. 516, 526 n.7 (BIA 2015) (declining to reach alternative issues on 
appeal where the applicant is otherwise ineligible). 
III. CONCLUSION 
Because the Petitioner has not met the national importance requirement of the first prong of the 
Dhanasar analytical framework, we conclude that the Petitioner has not established that she is eligible 
for or otherwise merits a national interest waiver as a matter of discretion. 
ORDER: The appeal is dismissed. 
5