5 top cybersecurity masters degrees: Which is right for you?

Some programs target mid-career security pros, others target career-changers new to cyber.

In the beginning there were certifications, and they were enough.

Put some word salad after your name — CISSP, CEH, GIAC, GPEN, CISM, ABC, 123, WTF, etc — and you were considered a security wizard, with a magical salary to boot.

Certifications are imperfect ways to measure security aptitude and skill, and more traditional academic institutions are now offering professional masters degrees in cybersecurity. Unlike a traditional research-oriented masters degree in computer science, however, these new professional degree programs are more akin to law school or medical school, advanced vocational training for specialists.

Some of these programs focus more on recruiting mid-career experienced security professionals and giving them the boost they need to leapfrog their way up the corporate ladder into a CSO or CISO role. Other programs focus more on helping career-changers with no experience working in IT move into an entry-level security role. All train students in the fundamentals of cryptography, network security, and application security to wildly varying degrees of difficulty. Every program is different, with some focusing more on policy and management, some exclusively on hands-on-keyboard skills, and every possible tweak of the dial in between.

Masters degree programs in cybersecurity are popping up all across the country. A quick web search turns up a couple dozen programs that may or may not be worth your time and money. Here's our unscientific — and biased — guide to the best of the best.

University of California Berkeley Masters in Information and Cybersecurity (MICS)

The MICS program at the UC Berkeley iSchool is one of the best professional cybersecurity masters degree around, but then again this reporter is currently enrolled in the MICS program and graduates as part of the first cohort this December. So full disclosure: I am biased.

MICS, at least so far, has focused on recruiting mid-career, experienced security professionals, and unlike many other competing degree programs, believes that cybersecurity is an interdisciplinary field encompassing technical skill as well as public policy, law and risk management.

A remote-only, part-time program, MICS is designed for working professionals, many of whom are unable or unwilling to take two years out of their life to go back to school for a masters degree.

New York University MS in Cybersecurity

A remote, part-time program similar to the Berkeley MICS degree, NYU's MS in Cybersecurity is designed to recruit college grads in their late 20s to early 30s with other degrees like psychology or sociology and to retrain them as entry-level cybersecurity professionals.

The NYU masters degree goes hand-in-hand with that university's Cyber Fellows program, a scholarship that pays for 75% of tuition costs, making it one of the best value — if not, perhaps, the most prestigious — cybersecurity masters degrees around. Their "bridge program" makes it easy for prospective students to learn basic computer science prerequisites at an affordable price ($1,500), and to see if they have the aptitude for cybersecurity work.

"The skills shortage people are talking about is in the hundreds of thousands, even millions," program director Nasir Memon told CSO earlier this year. "In order to scale and build this pipeline, affordability was needed. Once you digitize things, you can scale it to levels that allow you to start producing experts at a scale the country needs."

NYU's program is part of a larger initiative by the city of New York to increase the cybersecurity talent pool in that area, and the university works closely with local industry to help match graduates with jobs. Students don't have to live in New York to enroll, however. The Cyber Fellows program is open to all US residents.

Tufts' Masters in Cybersecurity and Public Policy

Tufts' new, full-time, on-campus cybersecurity masters program is a cross-disciplinary masters degree ideal for those interested in the thorny public policy and international law questions at the heart of the cybersecurity discipline. The masters is a joint degree between the School of Engineering, Department of Computer Science and the Fletcher School of Law & Diplomacy.

"We'll be training technologists to look at the policy sides of computer science and cybersecurity," Susan Landau, a bridge professor in cyber security and policy, with joint appointments in the Tufts' engineering and diplomacy schools, tells CSO. "Because the Fletcher School [of Law & Diplomacy] is part of this joint degree program, we're looking at all this with an international focus."

Columbia University Masters in Computer Security

Another New York City institution has begun offering a remote, part-time masters degree, noteworthy for eschewing "cybersecurity" in favor of "computer security" in the name — a respectable, if King Canute-like, effort to stem the linguistic tides.

Columbia expects most of its masters students to have either a bachelor's degree in computer science or significant experience in computer science and math. Delivered as part of the Columbia Video Network, the new masters degree is "indistinguishable from those given to students studying on-campus at Columbia University."

SANS Institute MS in Information Security Engineering

Brought to you by the same folks who manage the well-respected GIAC certifications, the SANS MS in Information Security Engineering is another part-time, online masters degree for working professionals. Many of the courses end with GIAC certification exams, so graduating students finish with not only a masters degree, but a bunch of GIAC certs to go with it.

The SANS masters occupies a middle ground between infosec certs and traditional academic masters degree programs. The development of graduate cybersecurity programs remains in flux, and it remains to be seen whether this approach will be successful.

How to pick a cybersecurity masters degree

Every law school teaches more or less the same curriculum; the discipline of law is ancient and well-understood. Every cybersecurity professional masters degree program, however, is different. In this rapidly changing field, every university has its own vision of what a professional masters degree means. Take the time to research all the above options, and the dozens more you'll find touting their wares online. Finding the right fit will be the difference between a great experience and two years of frustration.

Some questions to ask yourself:

Are you an experienced security professional looking to take your career to the next level? Then a program like MICS at Berkeley might be right for you.

Are you a college grad with a degree in the social sciences or humanities who is good at math and likes puzzles? Then a program like NYU's MS in Cybersecurity might be the career transition masters degree you need.

Are you interested in public policy, diplomacy, and the law? You'll need a solid ground in both technical cybersecurity and policy issues to be successful. Tuft's new cross-disciplinary masters degree might be a good fit — as well as the cross-disciplinary MICS degree at Berkeley.

Perhaps the most crucial question to ask yourself: Do you want to stop working for a couple years and go back to school? Or are you a working professional who wants to study part-time and remotely? If you have the luxury of taking a couple years off work, then any number of traditional, research-focused computer science masters degree programs might be your jam. However, if you want to keep working and study part-time, the number of quality masters programs worth their salt are few and far between. Take a close look your options before sinking money and time into a masters degree.


Copyright © 2019 IDG Communications, Inc.

22 cybersecurity myths organizations need to stop believing in 2022