When it comes to the “best of the best” in security, you’ve got options! Our list of the top 20 cyber security schools in the country includes many big names that you’ll recognize and plenty of great state choices. Skip ahead to view the rankings.
Choosing the Best Security Program
Your #1 choice will depend on your career aims. We made sure that each university in our list has fascinating research labs, whip-smart faculty, and ties to government & the private sector. But other factors to consider include:
- Scholarships & Grants: Money is pouring into programs! In addition to the CyberCorps® Scholarship for Service, you’re likely to find lots of security scholarships for both undergraduate & graduate students. Ask the department offering your degree (e.g. Department of Computer Science) for details on financial aid.
- Location: Strong cyber security schools often benefit from their proximity to tech areas (e.g. Silicon Valley), government defense agencies (VA/DC/MD area), and hubs of corporate activity (e.g. Atlanta or Chicago). Pay attention to sponsors & partners in research institutes—they often supply internships and job opportunities.
- Subject Expertise: Thanks to faculty and research connections, cyber security schools are usually known for certain areas of expertise (e.g. Norwich University & cyber defense). Explore options in our state lists as well as these rankings—you may find the ideal professor in an ideal program that’s not in our top 20.
- NSA CAE Designation: CAE designations are often considered a hallmark of quality, but the acronyms can be confusing to navigate. Since CAE is a factor in our ranking methodology, we talk a little more about this topic below.
To get you the most bang for your buck, we felt it was important to assess a school’s quality from a variety of angles. That means our rankings are based on a number of data sources, including:
- Integrated Postsecondary Education Data System (IPEDS) data on computer science program completions
- Integrated Postsecondary Education Data System (IPEDS) data on computer engineering program completions
- Ponemon Institute’s Report on Best Schools for Cybersecurity
- NSA CAE designations
To narrow down our finalists, we analyzed school listings that appeared in the first 3 data categories. We also noted whether or not they’re an NSA CAE designated school. Because we prioritized undergraduate completion rates, you’ll notice that big names in graduate programs (e.g. Carnegie Mellon) may be further down the list. Almost all of the schools in our top 20 were well-represented in each data category; all of the schools hold a CAE designation.
NSA Centers of Academic Excellence in Cybersecurity (CAE-C)
What is an NSA CAE-CD School?
To promote higher education in cyber security, the National Security Agency (NSA) and Department of Homeland Security (DHS) teamed up to designate a number of institutions as National Centers of Academic Excellence in Cyber Defense (CAE-CD).
All regionally accredited two-year, four-year and graduate level institutions in the U.S. are eligible to apply for a CD designation. These designations include:
- CAE2Y: Awarded to community colleges, technical schools, and government training centers that offer two-year certificate and associate’s degree programs in cyber security
- CAE-CDE: Awarded to four-year universities and colleges that offer bachelor’s and graduate degree programs in cyber security
- CAE-R: Awarded to universities that offer higher-level doctoral research programs in cyber security
To qualify for a CAE-CD designation, schools must meet a number of general and academic requirements. The designation is valid for 5 academic years.
Students attending CAE-CD and CAE-R schools are eligible for scholarships and grants through the Department of Defense Information Assurance Scholarship Program and the CyberCorps® Scholarship for Service Program.
What is an NSA CAE-CO School?
The NSA has also developed a designation called the National Centers of Academic Excellence in Cyber Operations (CAE-CO). This designation is available to four-year colleges and graduate-level universities.
As you might expect, the CAE-CO designation is given to programs that focus on the operations side of cyber security (e.g. engineering, network defense, operating systems, and programming). In its list of academic requirements, the NSA stipulates that CO degrees should:
- Be technical, inter-disciplinary, and firmly grounded in the computer science (CS), computer engineering (CE), and/or electrical engineering (EE) disciplines
- Emphasize technologies and techniques related to specialized cyber operations (e.g. collection, exploitation, and response; malware analysis; reverse engineering, etc.)
Students attending CAE-CO schools are eligible for the CyberCorps® Scholarship for Service Program.
Do I Have to Go to a CAE School?
The short answer is no. The NSA CAE is a voluntary designation – some very well-respected schools have decided that it does not accurately reflect the requirements that a cyber security program needs. Others have issues with the time involved in the application process.
If you’re in any doubt about the reputation of a school, do your research and ask around. Guidance counselors, professional peers, and senior level colleagues should all be willing to give you advice.
History of NSA CAE Designation
The idea of creating an information assurance designations began in 1998. At that time, the government was looking for ways to increase the profile of cyber security and foster research & education initiatives.
In response, it developed a variety of projects, including the:
- NSA National Centers of Academic Excellence in Information Assurance Education (CAE-IAE)
- Scholarship for Service program
After the release of the President’s National Strategy to Secure Cyberspace in 2003, the Department of Homeland Security (DHS) joined the NSA as a partner in 2004.
The initiative continued to grow throughout the 2000s:
- In 2008, the CAE in IA Research (CAE-IAR) program was established to promote higher-level doctoral research in cyber security.
- In 2010, the CAE in Two-Year IA Education (CAE2Y) program was created to accommodate two-year institutions, technical schools, and government training centers.
In 2014, CAE-IAE designations were replaced by the CAE-CD program.
NSA CAE-CD Requirements
The NSA has developed a broad set of criteria for its programs. In general, a CAE-CD school must:
- Meet a set of core and optional knowledge units (KUs)
- Demonstrate outreach and collaboration
- Have a center for CD education
- Foster a robust and active CD academic program
- Ensure CD is a multidisciplinary science within the institution
- Support the practice of CD throughout the institution
- Encourage student and faculty CD research
According to the NSA’s Academic Criteria, a technical two-year program should include the following core knowledge units (KUs):
1.1 Basic Data Analysis
1.2. Basic Scripting or Introductory Programming
1.3. Cyber Defense
1.4. Cyber Threats
1.5. Fundamental Security Design Principles
1.6. Information Assurance Fundamentals
1.7. Intro to Cryptography
1.8. IT Systems Components
1.9. Networking Concepts
1.10. Policy, Legal, Ethics, and Compliance
1.11. System Administration
A four-year program (e.g. BS in Cyber Security) should include all of the above KUs and:
2.2. Network Defense
2.3. Networking Technology and Protocols
2.4. Operating Systems Concepts
2.5. Probability and Statistics
These are the “must-haves”. The NSA makes room for a large number of optional KUs (e.g. cloud computing, digital forensics, supply chain security, etc.).
Optional Focus Area
If they’re really keen, universities can also choose to apply for one or more CAE-CD Focus Area designations. These include:
- Cyber Investigations
- Data Management Systems Security
- Data Security Analysis
- Digital Forensics
- Health Care Security
- Industrial Control Systems – SCADA Security
- Network Security Administration
- Network Security Engineering
- Secure Cloud Computing
- Secure Embedded Systems
- Secure Mobile Technology
- Secure Software Development
- Secure Telecommunications
- Security Incident Analysis and Response
- Security Policy Development and Compliance
- Systems Security Administration
- Systems Security Engineering
Best Cyber Security Colleges
For graduate students, Purdue’s main campus is the land of opportunity. You can be a working IT pro, a research fanatic, or even a linguistics lover, and still find a solid program to suit your interests. Choices include:
- A standard MS or a standard PhD in a relevant department (e.g. Computer Science, Electrical & Computer Engineering, Political Science, etc.), with a focus on infosecurity topics. For example, if you’re pursuing an MS in CS, you can expect to take baseline courses in areas like operating systems and electives in topics like computer security, cryptography, cryptanalysis, and advanced security.
- An interdisciplinary graduate specialization in infosecurity (Masters’ and PhD), which is administered through CERIAS. These programs make a point of including graduate students from areas like the Departments of Philosophy and Communication, the Linguistics Program, and the College of Technology.
- An MS or PhD in Computer in Information Technology with a specialization in Cyber Forensics, which is run by the Cyber Forensics Lab in the Department of Computer and Information Technology. This program encompasses topics such as homeland security and infosecurity.
Looking to move up the career ladder? The Department of Computer Science also offers an intensive, one-year Information Security for Computing Professionals (ISCP) program, which bears the official title of an MS in Computer Science with a concentration in information security. The ISCP program is deliberately geared toward IT professionals who have some on-the-job experience in programming and computer science and who aim to become infosecurity specialists. You may also want to check it out if you have a BS in a computing major or an undergraduate minor in computing science.
Research and Initiatives
Purdue is famous for its Center for Education and Research in Information Assurance and Security (CERIAS). Like MIT’s CSAIL and Carnegie Mellon’s CyLab, CERIAS is one of the top labs in the country. It prides itself on its multidisciplinary approach to cyber security research and it draws on faculty expertise from six different colleges and 20+ departments. Cyber security geeks probably already know that CERIAS emerged from the COAST Laboratory, founded by the one and only Gene Spafford!
When we say “multidisciplinary,” we’re talking about in-depth projects into areas such as network security, assured identity & privacy, and cryptology, and a long-running investigation into Natural Language Information Assurance and Security (NL-IAS). What’s more, CERIAS has tons of ties to industry partners (e.g. Intel, GM, Raytheon, Deloitte, etc.) and many connections with other on-campus research labs that are interested in security issues.
You can get a taste of the CERIAS experience by attending the annual information security symposium or the two-month Research Experience for Undergraduates (REU). In the past, the REU has been funded by an NSF grant—check with CERIAS to see if it is being run in the current year.
- Center for Education and Research in Information Assurance and Security (CERIAS)
- Cyber Forensics Laboratory
- Department of Computer Science
- Dependable and Secure Distributed Systems Laboratory (DS2)
- Institute for Defense Innovation (IDI)
- Institute for Global Security and Defense Innovation (i-GSDI)
- Lab For Research In Emerging Network and Distributed Systems (FRIENDS)
- Purdue Homeland Security Institute (PHSI)
- Secure Software Systems S3
- Visual Analytics for Command, Control, and Interoperability Environments Center (VACCINE)
Georgia Institute of Technology
Georgia Tech’s banner degree is its MS in Cybersecurity. With a 5-credit practicum and an emphasis on applicable skills, this program is available in 3 tracks:
- The Information Security track is run by the School of Computer Science and emphasizes technical issues in software, computer systems, and network security. Applicants are expected to have an undergraduate degree in computer science or the equivalent.
- The Energy Systems track is run by the College of Engineering and focuses on the security of the energy domain (e.g. cyber-physical systems security, smart grids, and power system protection).
- The Policy track is run by the School of Public Policy and explores topics related to policy, law, privacy, and management.
If you’re a technical professional (e.g. IT, engineering, or product design) who’s looking to make the jump to security, you could also consider the Cyber Security Certificate. This flexible 5-course program gives you the choice of 4 electives.
Research and Initiatives
To accomplish its research work for military, government, and private industry, Georgia Tech’s Institute for Information Security & Privacy (IISP) draws on talent from a large number of cybersecurity labs and centers across the university and within the Georgia Tech Research Institute. In the process, Georgia Tech has become a University Affiliated Research Center (UARC) for the Department of Defense and the recipient of a DSS “Excellence in Counterintelligence” award. It has also garnered some stellar U.S. News & World Report rankings.
In terms of initiatives, IISP has ongoing projects on everything from sensor systems and Machine Learning (ML) to privacy, smart cities, and side-channel attacks. It has also developed a Cybersecurity Fellowship Program, which supports PhD students who have ideas for unfunded & under-funded emerging research. Visit IISP’s Annual Cyber Security Summit or take an open enrollment course to see if Georgia Tech is the right fit for you.
- Astrolavos Lab
- Center for the Development and Application of Internet of Things Technologies
- Communications Assurance & Performance Group
- Converged Systems Security Lab
- Cybersecurity, Information Protection, and Hardware Evaluation Research (CIPHER) Lab
- Georgia Tech Cyber Security
- Georgia Tech Information Security Center (GTISC) Lab
- Information & Communications Laboratory (ICL)
- Institute for Information Security & Privacy (IISP)
- Intel Science & Technology Center for Adversary-Resilient Security Analytics (ISTC-ARSA)
- The Polo Club of Data Science
- Systems Software & Security Laboratory (SS&S)
University of Washington-Seattle
Located deep in the heart of techville, UW Seattle’s BS in Informatics with an option in Information Assurance and Cybersecurity (IAC) pulls on faculty expertise from UW’s three campuses. You can choose electives from any campus (e.g. information assurance policy, secure coding, networking & systems administration, etc.) or tailor your concentration to your specific interests.
Already working in the field? UW Seattle also offers a convenient online Certificate in Cybersecurity that’s designed for software developers & analysts and folks with system, database, security, or network administration experience.
Research and Initiatives
UW Seattle researchers are particularly good at assessing the broad picture. The Security and Privacy Research Lab in the School of Computer Science and Engineering has its research fingers in many traditional pies (e.g. cyber-physical systems, mobile device security, network security, etc.). But it also works closely with the interdisciplinary Tech Policy Lab on issues surrounding smart cities, the Internet of Things, robotics, and more.
We should also mention the Cybersecurity Initiative in the International Policy Institute (IPI). The risks of using biometric data to help refugees? Issues with mobile and application insecurities? The threats of cyber-attacks on the nuclear industry? These are the kinds of questions being asked and answered by IPI faculty and fellows.
University of Maryland-College Park
As an undergraduate at UMD, you have an easy choice:
- If you love areas like operating systems, network security, and cryptology, you can opt for the BS in Computer Science with a Cybersecurity Specialization from the Department of Computer Science.
- If you’re interested in security nuts & bolts, there’s the BS in Computer Engineering with a Cybersecurity Specialization from the Department of Electrical & Computer Engineering.
For graduates, UMD offers an MEng in Cybersecurity that immerses students in core security courses (e.g. secure programming, networks & protocols, etc.) and hands-on technical electives. Alternatively, you can tailor the MS or PhD in Computer Science or the MS or PhD in Electrical and Computer Engineering to suit your interests.
Lack the time and funds for a full degree? The Graduate Certificate in Engineering – Cybersecurity is a 4-course, 12-credit program that draws on the prerequisites for the MEng.
Research and Initiatives
The hub of UMD’s security efforts is the Maryland Cybersecurity Center (MC2). Created in 2010, this interdisciplinary center has the advantage of being located in the Maryland-DC-Virginia triangle—home of countless government agencies and security firms. It has strong ties to corporate partners such as Lockheed Martin, Cisco, and Northrop Grumman and research projects in everything from cryptography to behavioral and economic aspects of security. You can hobnob with many of these researchers at the MC2 Annual Symposium.
UMD has also developed a number of excellent initiatives for cybersecurity undergrads. These include:
- The immersive Advanced Cybersecurity Experience for Students (ACES)— a two year (optional four year) living-learning honors program funded by Northrop Grumman.
- The super-active, student-run Cybersecurity Club, which runs weekly challenges and participates in national summits & competitions.
- START Career Development programs, which provide scholarship money and career support to students studying in the Homeland Security Science, Technology, Engineering and Mathematics (HS-STEM) arena.
- Advanced Cybersecurity Experience for Students (ACES)
- Cybersecurity Club
- Department of Computer Science
- Department of Electrical & Computer Engineering
- Maryland Cybersecurity Center (MC2)
- National Consortium for the Study of Terrorism and Responses to Terrorism (START)
- Office of Advanced Engineering Education
University of Illinois at Urbana-Champaign
Money flows freely at UIUC courtesy of its unique Illinois Cyber Security Scholars Program (ICSSP). Funded by CyberCorps® Service for Scholarships and stacked with financial benefits, this program covers:
- BS in Computer Science (CS) and the BS in Electrical and Computer Engineering (ECE): Along with technical electives, you’ll be expected to complete a cyber security research project and a summer internship in a government organization.
- MS or PhD with a concentration in Cyber Security (e.g. software engineering, enterprise data systems, computer networks, digital forensics, etc.): Like the BS, you’ll be required to tackle a graduate project (or a thesis) and a summer internship.
- JD with a concentration in Cyber Security: Offered by the College of Law, this 3-year, 90-credit degree focuses on cyber security topics that apply to the law (e.g. white collar crime, national security law, privacy, etc.).
UIUC also offers 3-course, 12-credit Graduate Certificate in Security and a 15-credit Undergraduate Certificate in Global Security. Students participating in the undergraduate certificate are eligible for scholarship opportunities from UIUC’s ACDIS program.
Research and Initiatives
The jewel in UIUC’s cyber security crown is the hugely active, interdisciplinary Information Trust Institute (ITI). Here faculty and fellows are working on research areas such as the power grid, health information, systems & networking, and data science. For example, ITI runs multiple government-sponsored centers in energy systems security, the Strategic Healthcare IT Advanced Research Projects on Security (SHARPS), and the Boeing Trusted Software Center (just to name a few!). Plus, on top of the ICSSP program, ITI also offers undergraduate internships, seminars & workshops, startup support, and a summer school for graduates & security professionals.
But wait, there’s more! As an UIUC student, you may be interested in working for the Arms Control & Domestic and International Security (ACDIS) Program, which has devoted itself to research on international security issues (e.g. nuclear materials security). In the Department of ECE, faculty are also heavily involved in reliable and secure computing systems.
- Arms Control & Domestic and International Security (ACDIS) Program
- Assured Cloud Computing University Center of Excellence (ACC-UCoE)
- Boeing Trusted Software Center
- Critical Infrastructure Resilience Institute (CIRI)
- Cyber Resilient Energy Delivery Consortium (CREDC)
- Department of Computer Science
- Department of Electrical and Computer Engineering
- Illinois Cyber Security Scholars Program (ICSSP)
- Information Trust Institute (ITI)
- Science of Security Lablet
- Strategic Healthcare IT Advanced Research Projects on Security (SHARPS)
- Trustworthy Cyber Infrastructure for the Power Grid (TCIPG)
University of Pittsburgh-Pittsburgh
Pitt is one of only a few universities that hold five Committee on National System Security (CNSS) certifications, which means its degrees are extremely thorough when it comes to systems security. Programs are run by the School of Computing and Information and come in a variety of flavors:
- BS in Information Science (BSIS) with a specialization in Networks and Security: Along with the security electives, the BS includes core courses in networks, programming, database management, and systems analysis. The program also includes a required summer internship.
- MS in Information Science (MSIS) with a specialization in Information Security: Certified by the CNSS as meeting the national standards for INFOSEC education, this degree digs deep into systems & technology.
- MS in Telecommunications (MST) with a specialization in Security: With its focus on areas like firewalls, encryption, and design, this track is intended to prepare you for a career as a network security specialist.
- PhD in Information Science with the option to focus on computer and network security research.
Pitt also has a 15-credit post-bachelor’s or a post-master’s Certificate of Advanced Study (CAS) in Security Assured Information Systems (SAIS) that will make you eligible for CNSS Certifications.
Research and Initiatives
Closely linked with the School of Computing, the Institute for Cyber Law, Policy, and Security is designed to be the core of Pitt’s work into cyber security. It was selected to run an Airforce Association (AFA) CyberCamp and it organizes a number of workshops and conferences where you can network with experts. The Institute was created in 2017, so we’re going to give it some time to grow.
While you’re considering Pitt, we also recommend a look around the research labs and centers in the School of Computing and the university itself:
- The Laboratory for Education & Research on Security Assured Information Systems (LERSAIS) is doing interesting work in emerging applications, systems survivability, cryptography, and wireless IA.
- The Matthew B. Ridgway Center for International Security Studies is generating research in areas such as international terrorism, transnational organized crime, nuclear weapons, and counterinsurgency.
- The Center for National Preparedness (CNP) is developing projects such as threat detection systems and threat potential modeling.
- Center for National Preparedness (CNP)
- Institute for Cyber Law, Policy, and Security
- Laboratory for Education & Research on Security Assured Information Systems (LERSAIS)
- Matthew B. Ridgway Center for International Security Studies
- Real-Time Outbreak and Disease Surveillance (RODS) Lab
- School of Computing and Information
- UPMC Center for Health Security
Graduate programs are the specialty of the house at Syracuse. Although they’re run by the College of Engineering and Computer Science, these degrees include input from the College of Law, the iSchool, and the Maxwell School.
- MS in Cybersecurity: This 30-credit program places a heavy emphasis on the design and development of secure & assured systems. It also includes options to tackle electives like data mining, Machine Learning (ML), and biometrics.
- Online MS in Cybersecurity: The distance learning option follows the same trajectory as the on-campus version. You’ll be expected to complete at least one on-campus immersion experience.
- Certificate of Advanced Study (CAS) in Cybersecurity: This 12-credit, 4-course graduate certificate is available to post-bachelor’s or post-master’s students looking for additional skills. Credits taken for the CAS may also be applied towards the MS.
- PhD in Computer and Information Science and Engineering (CISE) or a PhD in Electrical and Computer Engineering (ECE).
Fancy the idea of attending Pitt as an undergraduate? Check out the 18-credit Undergraduate Cyberengineering Semester. It’s designed to teach CS and ECE juniors and seniors how to build and verify highly assured systems.
Research and Initiatives
Engineering is a big deal at Syracuse. For example, the Center for Advanced Systems and Engineering (CASE), an NYSTAR-designated Center for Advanced Technology (CAT) in complex information systems, has a huge stake in cyber security and network assurance. What’s more, the College of Engineering has a large number of cyber security research projects on the burner, with a great deal of emphasis on secure systems.
Syracuse also has the Institute for National Security and Counterterrorism (INSCT), a significant initiative devoted to research work on national & international security and counterterrorism. It hosts various conferences & events and offers a number of interesting CASs (as well as an online cybersecurity course). If you’re intrigued by the intersection of tech and global events, it’s worth a visit.
George Mason University
Strategically located in Fairfax, VA—less than 10 miles from the Dulles Tech Corridor and Loudoun County’s data centers—GMU’s grand old Volgenau School of Engineering is overflowing with cyber security programs.
As an undergraduate, you could consider the:
- BS in Cyber Security Engineering
- BS in Information Technology: Concentration in Information Security
- BAS: Concentration in Cybersecurity (online or on-campus)
As a graduate, you have the option of the:
- MS in Applied Information Technology: Concentration in Cyber Security
- MS in Digital Forensics and Cyber Analysis
- MS in Data Analytics Engineering: Concentration in Digital Forensics
- MS in Information Security and Assurance
- MS in Computer Engineering: Specialization in Network and System Security
- PhD in Information Technology: Concentration in Information Security and Assurance
And as a budding security professional, you may wish to explore the:
- Graduate Certificate in Applied Cyber Security
- Graduate Certificate in Telecommunications Forensics and Security
- Graduate Certificate in Tactical Computer Operations
- Graduate Certificate in Information Security and Assurance
Alternatively, you could apply for a BS, MS, or PhD in Computer Science and tailor your concentration to your cyber security interests.
If you’re interested in the corporate side of security, you can even choose to pursue an MS in Executive Management of Secure Information Systems from the Business School.
Research and Initiatives
Created in 1990, GMU’s Center for Secure Information Systems (CSIS) was the first academic center in security in the country. It has alliances with major government & corporate sponsors (e.g. NSA, Northrop Grumman, MITRE, etc.) and many of its research projects involve national defense—no surprise when you consider the university’s location.
Cyber security faculty are also deeply involved in the:
- Center for Assurance Research & Engineering (CARE): Housed in the Volgenau School, CARE has a commitment to turning security research into real-world applications. Partners have included IBM, DARPA, and the DHS.
- Center for Configuration Analytics and Automation (CCAA): CCAA is a multi-university, multi-industry initiative focused on the challenges of analytics and automation.
- Center of Excellence in Command, Control, Communications, Computing, Intelligence, and Cyber (C4I and Cyber Center): Researchers at C4I and Cyber are absorbed by the military applications of IT and cyber policy. The Center has some fascinating projects and events, as well as ties to a range of industry partners.
The cherry on the cake? Volgenau established the first student-run cybersecurity organization in the country.
- Center for Assurance Research & Engineering (CARE)
- Center for Configuration Analytics and Automation (CCAA)
- Center of Excellence in Command, Control, Communications, Computing, Intelligence, and Cyber (C4I and Cyber Center)
- Center for Infrastructure Protection and Homeland Security (CIP/HS)
- Center for Secure Information Systems (CSIS)
- Center for Security Policy Studies
- National Security Institute at the Antonin Scalia Law School
- School of Business
- Volgenau School of Engineering
University of California-Davis
UC Davis has a long-standing reputation as a major tech university and its Department of Computer Science allows you to customize your graduate computer science degree to include security work:
- MS in Computer Science: Information Assurance Focus: The MS requires you to master 3 of 4 core areas—Theory, Systems, Architecture, and Applications. The Applications core has the most cyber security options.
- PhD in Computer Science: Information Assurance Focus: As with any PhD, you’ll be able to concentrate on favorite area of research after you get through the core areas covered in the MS.
Research and Initiatives
UC Davis is one of only 3 universities in California that holds a CAE-R designation for excellence in cyber security research. (In the faculty list, you may recognize the name of Professor Matthew Bishop, author of Computer Security: Art and Science.) Professor Bishop is a co-director of the Computer Security Lab, which is responsible for a number of in-depth research projects.
UC Davis is also a partner in the Cybersecurity Research Alliance, a multi-university partnership with the U.S. Army Research Laboratory to address threats, attacks, and risks in cyberspace.
The University of Texas at San Antonio
As you might expect, UTSA’s Department of Information Systems and Cyber Security in the College of Business often leans on the corporate side of security. For instance:
- In addition to technical courses (e.g. programming concepts, operating systems, network security, etc.), the BBA in Cyber Security places an equal weight on management (e.g. accounting, marketing, finance, and business law). It’s available online as well as on-campus.
- If you choose the MBA with a concentration in Cyber Security, you must complete 24 credit hours of MBA courses along with your 12 elective credits in cyber security.
However, it’s important to note that you can customize a degree in Computer Science (BS, MS, or PhD) or Computer Engineering (BS or MS) to suit your objectives. Or you can take the technical MS in Information Technology (MSIT) with a concentration in Information Assurance, which emphasizes core skills in telecommunications systems, voice & data security, and risk analysis.
Undergraduate minors in Cyber Security, Digital Forensics, Information Systems, and Network and Data Center Management are also available to students enrolled in any major.
Research and Initiatives
UTSA is a CAE-R institute, and it has three major research centers devoted to cyber security:
- UTSA is one of 5 universities in the National Cybersecurity Preparedness Consortium (NCPC), and its Center for Infrastructure Assurance and Security (CIAS) is committed to filling the cyber security knowledge gap. CIAS has created the Collegiate Cyber Defense Competition and Panoply programs, virtual machines for the National Youth Cyber Defense Competition, and multiple training courses & games. It also leads the ISAO Standards Organization.
- The Institute for Cyber Security (ICS) within the Department of Computer Science is running research projects sponsored by some big names (e.g. Intel, Army Research Office, Symantec, etc.) in two intriguing labs. It was established by UTSA Professor Ravi Sandhu in 2007.
- Faculty and researchers at the Center for Education and Research in Information and Infrastructure Security (CERI²S) are working on projects in everything from digital forensics and systems security to the impact of human psychology. The Center operates two educational labs, five research labs, and the Kudla Cyber Competitions Lab.
You can meet some of Texas’s cyber security stars at the AT&T Distinguished Speaker Series. UTSA Extended Education also offers IT Security courses that will prep you for common certifications (e.g. Network+, Security+, CISSP, etc.).
BU is a big university and its cyber security offerings are spread over a number of schools and colleges. The most “traditional” programs are the:
- BA in Computer Science with a concentration in Cryptography & Security, which is offered by the Department of Computer Science. Don’t be fooled by the name—this is a CS degree with a real emphasis on network security, cryptography, etc. Faculty from the BU Security Group (see below) are available to advise.
- MS in Computer Engineering with a specialization in Cyber Security, which is offered by the College of Engineering. It’s pretty flexible—you must take at least one 4-credit ECE course at the 700 level, but you can stack the degree with security credits and electives.
- MS in Computer Science (MSCS) with a specialization in Cyber Security, which is offered by the Department of Computer Science. You’ll cover 5 breadth courses and a variety of security electives (e.g. cryptography, digital forensics, network security, etc.). Security electives usually fulfill the “applications” breadth requirement.
But your second option is Metropolitan College (MET). MET programs are often tailored toward working professionals and place a heavy emphasis on job skills. Here you’ll find the:
- MS in Computer Science (MSCS) with a concentration in Security, which is aimed at folks with academic or work experience with programming, discrete mathematics, and computer systems. The security concentration consists of 5 courses (3 required and 2 electives) in typical areas (e.g. network security, cryptography, forensics, etc.).
- MS in Computer Information Systems (MSCIS) with a concentration in Security (online or blended), which is accredited by both the accredited by the PMI’s Global Accreditation Center (GAC) for Project Management and the Commission on Accreditation for Health Informatics and Information Management Education (CAHIIM). This program is a combo of technical training and managerial and organizational courses, and is open to those with a bachelor’s degree from a regionally accredited institution.
- Graduate Certificate in Information Security (online or blended), which is a 4-course, 16-credit program designed to help graduates develop and implement IT security in their own organizations.
Research and Initiatives
The BU Security Group in the Department of Computer Science is affiliated with the university’s Center for Reliable Information Systems and Cyber Security (RISCS). Under the command of the Hariri Institute for Computing (HIC), RISCS has become a multidisciplinary initiative with a smorgasbord of research projects (e.g. Modular Approach to Cloud Security (MACS)). It also hosts regular seminars & events, including the Charles River Crypto Day.
It’s important to remember that HIC has a close relationship with MIT’s Lincoln Lab, organizing joint Cybersecurity Workshops and collaborating on initiatives such as the Moving Target Defense and the Verificare project. HIC even funds exceptional undergraduates (UROP Summer Research Awards) and PhD students (Graduate Student Fellows Program) involved in computational research.
Oklahoma State University-Main Campus
Cyber security programs at OSU’s main campus are handled by the Department of Management Science and Information Systems in the Spears School of Business. That means programs often stress the real-world, business applications of IT and security.
For example, the BS in Business Administration with a major in Management Information Systems and an option in Information Assurance (yep, that’s the title) highlights hands-on analysis of organizational issues in IA and security. The MS in Information Assurance covers managerial topics such as telecommunications, risk, offensive and defensive practices, and legal issues.
Can’t commit to a degree? The short, 15-credit Graduate Certificate in Information Assurance will school you in telecommunications technology, industry trends, and management and security of telecommunications systems.
Research and Initiatives
One of the reasons why so many OSU programs deal with telecommunications is due to the Center for Telecommunications and Network Security (CTNS). This center pulls on faculty expertise from multiple departments, including electrical engineering, to investigate areas such as secure communications protocols. In addition to providing labs, CTAN also has ties to the super-active, student-run Information Security and Assurance Club (ISAC).
Hoping to improve your career contacts? Every April, the Spears School of Business hosts the OSU Cyber Security Conference.
University of Houston
UH’s Department of Information and Logistics Technology is responsible for both the BS in Computer Information Systems (CIS) with technical electives in Security and the MS in Information System Security.
Choosing technical electives in the BS is a way to focus your strengths on Information Assurance (IA). You’re allowed to choose 4 courses from topics such as secure application design, digital forensics, and intrusion detection & incident response.
The two-year MS, on the other hand, is explicitly designed for folks with undergraduate degrees in technology disciplines who want to be able to assess, implement, and manage security solutions for information and network systems. In addition to hands-on technical work, there’s a big push for project management expertise.
Research and Initiatives
Established in 2007, UH’s Center for Information Security Research and Education (CISRE) is the heart of UH’s cyber security efforts. In addition to the degrees we’ve mentioned, it operates security labs, liaisons with other universities & centers, and tackles various research projects.
Faculty in the Department of Computer Science also have a keen interest in security issues—CS runs its own Reasoning and Data Analytics for Security (ReDAS) Lab.
Johns Hopkins University
JHU’s flagship security program is the MS in Security Informatics (MSSI). This full-time, 3-semester degree is administered by the School of Engineering and students must complete either the technology & research track or policy & management track. Both tracks include core technical courses, but the policy & management track is—understandably—more concerned with business issues. With the MSSI, you can also choose to pursue a dual degree in engineering in computer science, applied math & statistics, and health sciences, or even tack on JHU’s Certificate in National Security Studies (CNSS).
Trying to fit your degree in around work? Johns Hopkins Engineering for Professionals offers a flexible MS in Cybersecurity (10 courses) and a Post-Master’s Certificate in Cybersecurity (6 courses) in online or on-campus forms. In addition to traditional foundation courses, the MS allows you to choose a track of interest (e.g. systems, networks, or analysis).
Finally, if you really want to get stuck into the subject, you could also consider a PhD in Computer Science. The Department of Computer Science will be more than happy to help you customize your study plan.
Research and Initiatives
Founded by Gerald Masson, JHU’s venerable Information Security Institute (ISI) has been working on security issues since 2001. Researchers at ISI are particularly concerned with health and medical security (remembering that JHU has one of the best medical schools in the country) and cryptography & privacy. We should also mention that MSSI applicants are eligible for an Information Security Institute Fellowship (ISIF).
George Washington University
Handily based in Washington, D.C., GWU’s Department of Computer Science has 3 roads that lead toward cyber security expertise:
- BA/BS in Computer Science & MS in Cybersecurity in Computer Science: This accelerated program allows you to earn a conventional bachelor’s in computer science (with 2 graduate-level courses as electives) and an MS in just 5 years. This could save you a considerable amount of money.
- MS in Cybersecurity in Computer Science: The MS is a 30-credit, full-time or part-time program with a computer science core and a host of electives in security (e.g. computer security, network security, applied cryptography, forensics, cyber law, etc.). Thesis and non-thesis options are available.
- Graduate Certificate in Computer Security and Information Assurance (CSIA): This short, 4-course program is targeted at practicing computer scientists and other IT personnel who want to improve their security skills. You also have the option to transfer your certificate credits to the MS.
In the distance learning arena, GWU has developed strengths in management & leadership programs:
- Online Master of Engineering in Cybersecurity Policy & Compliance: The MEng CPC is aimed at seasoned professionals who aspire to manage their organization’s cyber practices (i.e. information security managers). It blends courses like cryptography, security systems, algorithms, and software paradigms, with credits in policy, project management, compliance, and risk management.
- Online Master of Professional Studies in Cybersecurity Strategy and Information Management: This MPS is well-suited to folks working in military, homeland security, and private sectors. It was designed in consultation with the DHS and law enforcement, and its courses are designed to combat the methods of hackers, terrorists, and cyber criminals.
Research and Initiatives
GWU is a CAE-R institution, and its Cyber Security and Privacy Research Institute (CSPRI) is involved in a number of research projects centered around issues like cyber surveillance, data collection, and supply chain safety. It’s a founding member of the National Cyber League and a supporter of the National CyberWatch Center.
But the fun doesn’t stop there. GWU also boasts a Center for Cyber and Homeland Security (CCHS), a nonpartisan “think and do” tank focused on homeland security, counterterrorism, and cyber security issues. (This is, after all, the land of D.C. and its government agencies). CCHS generates a vast quantity of research & publications and hosts many events with powerful speakers. Internships are available.
Meanwhile, over the School of Law, the Cybersecurity Law Initiative is taking flight. It organizes regular events on law and technology that are open to students and members of the public. GW Law students who wish to study aspects of cyber security law are eligible for CyberCorps® scholarships.
Iowa State University
ISU has a hyper-flexible approach to cyber security degrees. If you’re considering on-campus programs, the:
- MS in Information Assurance (IA) allows you to pursue a degree from the Department of Electrical and Computer Engineering, Management Information Systems, Mathematics, or Political Science—you decide which department suits your expertise and interest! The MS is 30 credits in all, with a thesis option or non-thesis option. Each home department has its own course schedule & admission requirements.
- PhD in Computer Engineering or Computer Science or Math with a focus on Information Assurance is also administered by a home department. This is for folks interested in technical research—the Departments of Political Science and Management are not involved.
ISU has also developed a number of distance learning alternatives. However, these online degrees are only offered by the Department of Electrical and Computer Engineering, so keep in mind that the university is typically looking for applicants with a BS or MS in computer engineering (or a closely related field). For example, the:
- Online MS in Information Assurance (IA) includes core coursework such as network & computer security, cryptography, forensics, and information warfare, and comes with thesis or non-thesis options.
- Online MEngr in Information Assurance (IA) covers a lot of the same ground as the MS, but no thesis or creative component is required to graduate—the degree is based on coursework credits only.
- Online Graduate Certificate in Information Assurance is a 4-course, 12-credit program that is designed to help you become a better information system security specialist in government, the private sector, and/or educational institutions.
And if that isn’t enough, you also have the option to pursue an Undergraduate Minor in Cybersecurity.
Research and Initiatives
ISU’s poster boy for cyber security is the Information Assurance Center (IAC). Established in 2000, the IAC takes a multi-faceted approach to its research projects, but it’s particularly interested in real-world applications—ISU is the home of the U.S. DOE’s Ames Laboratory. IAC plays host to a security testbed called ISEAGE – Internet-Scale Event & Attack Generation Environment, leads the Iowa Cyber Alliance, and heads the ISU Information Assurance Research Consortium.
Once you’re on campus, you’ll find fellow security enthusiasts in the Information Assurance Student Group (IASG) and the Information Systems Security Laboratory (ISSL). ISU also runs 5 Cyber Defense Competitions each year.
Mississippi State University
MSU’s cyber security offerings come courtesy of its Department of Computer Science & Engineering. Its MS in Computer Science with a concentration in Computer Security and PhD in Computer Science with a concentration in Computer Security have been around for quite some time, and both curricula draw on the security expertise of department faculty. In the MS, you can choose to complete a thesis, a professional project, or courses-only.
But that’s not all! In 2017, MSU created the MS in Cyber Security and Operations, a specialist degree with concentrations in either cyber defense or cyber operations (e.g. reverse engineering, wireless networks, malware analysis, etc.). Cyber defense graduates apply for jobs in private corporation or government organizations; cyber operations graduates often find work with the government or penetration testing firms.
Last but not least, MSU offers a 15-hour, 5-course Graduate Certificate in Information Assurance that stresses IA and data security.
Research and Initiatives
MSU is the only university in the state to hold the triple crown of designations: CAE-R, CAE-CO & CAE-CDE. Thanks to its Center for Computer Security Research (CCSR), it has developed major research strengths in AI, computer forensics, and cryptography. For example, MSU has its own National Forensics Training Center (NFTC), which is funded by the Department of Justice to train law enforcement officers to fight cyber crime. What’s more, CCSR is particularly committed to encouraging the participation of women in cyber security through internships, camps, and mentorship.
Another initiative we should highlight is MSU’s High Performance Computing Collaboratory (HPC²), which hosts the:
- Center for Cyber Innovation (CCI), where researchers have a hand in high tech projects that focus on global national security, homeland security, and peacekeeping operations and access to a top-ranked DOD-restricted supercomputer.
- Distributed Analytics and Security Institute (DASI), which receives funding from the Pacific Northwest National Laboratory (PNNL) and the federal government to work on a wide range of data-related security projects.
University of Kansas
KU’s School of Engineering offers one graduate degree that’s specifically devoted to security—the MS in Information Technology (MSIT) with a focus in Cyber Security. The focus includes a traditional core (e.g. network security, IA, project management, etc.) and a large number of electives.
Alternatively, you might choose to pursue an MS or PhD in Computer Science or Computer Engineering and customize it with courses from the Security and Assurance cluster.
Not ready for a degree? KU’s 12-credit Graduate Certificate in Cybersecurity is designed for professionals with two or more years of practical experience in IT who want to hone their skills in advanced areas of information security.
Research and Initiatives
KU’s ranking is partly due to its dedicated faculty. For example, at the Information and Telecommunication Technology Center (ITTC), you’ll find the Information Assurance Laboratory (IAL)—focused on developing, verifying, and fielding high-assurance information systems—and research projects on areas such as communication & network systems security.
On top of this, KU supports the student-run KU InfoSec Club, helps to organize the Central Area Networking and Security Workshop (CANSec), and has made a public commitment to promoting diversity in engineering disciplines.
The oldest private military college in the country punches above its weight. If you like Vermont’s rolling hills, the College of Professional Schools offers a BS in Computer Security and Information Assurance (CSIA) with a concentration in digital forensics or advanced information assurance. This includes a practicum and plenty of fascinating security electives. Undergraduates also have the option to choose a Minor in Computer Crimes and Forensics or a Minor in Information Assurance.
In addition, there are a number of distance learning options, including the:
- Online BS in Cyber Security: Tailored to working professionals, the BS allows you to select a concentration in computer forensics & vulnerability management (e.g. malware forensics, vulnerability testing, etc.) or information warfare & security management (e.g. defense, security policy, systems assurance, etc.). Foundational courses cover key IT areas and electives dip deep into concentration subjects.
- Online MS in Information Security & Assurance: The MS is available in multiple concentrations and completed in three six-month semesters. In the final semester, you’ll be able to focus on your area of interest before you attend a final, one-week residency on Norwich’s campus.
Finally, we should note all of the 11-week courses (12 graduate credits) that you can add to your résumé to improve your hiring chances. These include the:
- Online Graduate Certificate in Computer Forensics Investigation
- Online Graduate Certificate in Critical Infrastructure Protection & Cyber Crime
- Online Graduate Certificate in Cyber Law & International Perspectives on Cyberspace
- Online Graduate Certificate in Vulnerability Management
Certificate credits can be used toward Norwich’s masters’ degrees.
Research and Initiatives
As you might expect, Norwich has a tight relationship with the military—in 2017, the Department of Defense Cyber Crime Center (DC3) certified Norwich as a National Center for Digital Forensic Academic Excellence (CDFAE). Among the Norwich University Applied Research Institutes (NUARI) are the Cyber Conflict Research Institute (CCRI) and Defense Technologies Research Institute (DTRI). Both are heavily involved in battling new security threats.
Training is another key strength. NUARI is responsible for projects like the DECIDE® Platform and the PPD-41 Learning Module, and its Learning Technologies Research Institute (LTRI) was one of the five founding members of the National Cybersecurity Preparedness Consortium (NCPC). Through the Cyber P3 initiative, Norwich has become one of six centers of cybersecurity training for the U.S. Army Reserve.
Want to try before you buy? Norwich runs a free, week-long pre-college program—the Cyber Security and Cyber Defense Camp—for high school students. The Norwich University Center for Advanced Computing and Digital Forensics (NUCAC-DF) also helps coordinate a variety of student activities & competitions.
- College of Professional Schools
- Cyber Conflict Research Institute (CCRI)
- Cyber Security and Cyber Defense Camp
- Defense Technologies Research Institute (DTRI)
- Learning Technologies Research Institute (LTRI)
- Norwich University Applied Research Institutes (NUARI)
- Norwich University Center for Advanced Computing and Digital Forensics (NUCAC-DF)
Carnegie Mellon University
CMU has a dizzying array of cyber security graduate programs, each with its own unique slant. If you’re seeking a technical degree, your choices include the:
- MS in Information Security (MSIS): This two-year program is designed to produce security experts who are trained to handle complex data, networks, and systems security issues. You can customize the program with a certificate in Cyber Operations or Cyber Forensics and Incident Response.
- MS in Information Networking (MSIN): Although the two-year MSIN has a broad core (e.g. computer science, engineering, information systems, etc.), it does allow you to concentrate on security electives. You must complete an INI-approved internship to graduate.
Looking for something more specialized? Try the:
- MS in Information Technology—Privacy Engineering (MSIT-PE): Developed for computer scientists and engineers who wish to pursue careers as privacy engineers or technical privacy managers, this one-year program covers areas like cyber security, product design, business, and law, and includes a summer-long capstone project.
- MS in Information Security Policy and Management (MSISPM): The MSISPM is administered by Heinz College, so its curriculum is stacked with both management and security credits. You’ll be expect to complete a thesis or a project, and a summer internship.
- MS in Information Technology-Information Security & Assurance (Evening or Online): Telecommunications management, risk management, information security, policy, data privacy—it’s all covered in this 144 unit program.
- Chief Information Security Officer (CISO) Certificate: Created with the input of the CERT division at the Software Engineering Institute, this six-month program is specifically designed for professionals with significant information security responsibility for their organizations. Credits can be applied to the MSIT.
Seeking to travel? CMU also offers the:
- MS in Information Technology (MSIT)-Information Security (Pittsburgh/Silicon Valley): For this degree, you’ll split your time between Pittsburgh (first two semesters) and the sunny campuses of California (the remainder). The information security track contains a huge number of course options and the project-based practicum will allow you to work with big name sponsors and fellow students.
- MS in Information Technology-Information Security (Kobe MSIT-IS) / Master of Applied Informatics: This unusual two-year program is a joint effort with the University of Hyogo in Kobe, Japan. You’ll complete the MSIT-IS at CMU and the MAI in Japan.
Research and Initiatives
CMU is huge in the world of cyber security. Not only does it hold CAE-CDE, CAE-O, and CAE-R designations, it runs CyLab—the largest university-based cyber security research & education institute in the country. CyLab has major research projects, multiple centers & labs, and partnerships with plenty of recognizable names.
What’s more, CyLab is affiliated with the:
- CERT Division at the Software Engineering Institute (SEI)—a famous security research and development center with close links to the DoD, DHS, FBI, and law enforcement. CERT develops tools, researches security vulnerabilities, monitor networks, and much, much more.
- Institute for Strategic Analysis (ISA)—a resource for CMU faculty and government officials who wish to apply cyber research to matters of national security. ISA often organizes scientific short courses and yearlong seminars in cyber security areas.
- Information Networking Institute (INI)—a center that administers many of CMU’s cyber security graduate programs, arranges internships, and supplies career services.
In addition, there’s tons of research being done by faculty in CMU’s departments. These are just a few reasons why CMU’s graduate programs usually appear in the top 5 of U.S. News & World Report rankings for engineering & computer science.