Editor’s Note: New cyber security degree programs launch every year, and we’ve updated our rankings to reflect the rapidly evolving field. This page was last updated on 11/8/2018 to cover the best cyber security programs for students in 2019.
When it comes to the “best of the best” in security, you’ve got options! Our list of the top 20 cyber security schools in the country includes many big names that you’ll recognize and plenty of great state choices. Skip ahead to view the rankings.
To get you the most bang for your buck, we felt it was important to assess a school’s quality from a variety of angles. That means our rankings are based on a number of data sources, including:
- Integrated Postsecondary Education Data System (IPEDS) data on computer science program completions
- Integrated Postsecondary Education Data System (IPEDS) data on computer engineering program completions
- Ponemon Institute’s Report on Best Schools for Cybersecurity
- NSA CAE designations
To narrow down our finalists, we analyzed school listings that appeared in the first 3 data categories. We also noted whether or not they’re an NSA CAE designated school. Because we prioritized undergraduate completion rates, you’ll notice that big names in graduate programs (e.g. Carnegie Mellon) may be further down the list. Almost all of the schools in our top 20 were well-represented in each data category; all of the schools hold a CAE designation.
Best Cyber Security Colleges and Programs
Georgia Institute of Technology
Georgia Tech’s banner degree is its MS in Cybersecurity. With a 5-credit practicum and an emphasis on applicable skills, this program is available in 3 tracks:
- The Information Security track is run by the School of Computer Science and emphasizes technical issues in software, computer systems, and network security. Applicants are expected to have an undergraduate degree in computer science or the equivalent.
- The Energy Systems track is run by the College of Engineering and focuses on the security of the energy domain (e.g. cyber-physical systems security, smart grids, and power system protection).
- The Policy track is run by the School of Public Policy and explores topics related to policy, law, privacy, and management.
If you’re a technical professional (e.g. IT, engineering, or product design) who’s looking to make the jump to security, you could also consider the Cyber Security Certificate. This flexible 5-course program gives you the choice of 4 electives.
Research and Initiatives
To accomplish its research work for military, government, and private industry, Georgia Tech’s Institute for Information Security & Privacy (IISP) draws on talent from a large number of cybersecurity labs and centers across the university and within the Georgia Tech Research Institute. In the process, Georgia Tech has become a University Affiliated Research Center (UARC) for the Department of Defense and the recipient of a DSS “Excellence in Counterintelligence” award. It has also garnered some stellar U.S. News & World Report rankings.
In terms of initiatives, IISP has ongoing projects on everything from sensor systems and Machine Learning (ML) to privacy, smart cities, and side-channel attacks. It has also developed a Cybersecurity Fellowship Program, which supports PhD students who have ideas for unfunded & under-funded emerging research. Visit IISP’s Annual Cyber Security Summit or take an open enrollment course to see if Georgia Tech is the right fit for you.
- Astrolavos Lab
- Center for the Development and Application of Internet of Things Technologies
- Communications Assurance & Performance Group
- Converged Systems Security Lab
- Cybersecurity, Information Protection, and Hardware Evaluation Research (CIPHER) Lab
- Georgia Tech Cyber Security
- Georgia Tech Information Security Center (GTISC) Lab
- Information & Communications Laboratory (ICL)
- Institute for Information Security & Privacy (IISP)
- Intel Science & Technology Center for Adversary-Resilient Security Analytics (ISTC-ARSA)
- The Polo Club of Data Science
- Systems Software & Security Laboratory (SS&S)
For graduate students, Purdue’s main campus is the land of opportunity. You can be a working IT pro, a research fanatic, or even a linguistics lover, and still find a solid program to suit your interests. Choices include:
- A standard MS or a standard PhD in a relevant department (e.g. Computer Science, Electrical & Computer Engineering, Political Science, etc.), with a focus on infosecurity topics. For example, if you’re pursuing an MS in CS, you can expect to take baseline courses in areas like operating systems and electives in topics like computer security, cryptography, cryptanalysis, and advanced security.
- An interdisciplinary graduate specialization in infosecurity (Masters’ and PhD), which is administered through CERIAS. These programs make a point of including graduate students from areas like the Departments of Philosophy and Communication, the Linguistics Program, and the College of Technology.
- An MS or PhD in Computer in Information Technology with a specialization in Cyber Forensics, which is run by the Cyber Forensics Lab in the Department of Computer and Information Technology. This program encompasses topics such as homeland security and infosecurity.
Looking to move up the career ladder? The Department of Computer Science also offers an intensive, one-year Information Security for Computing Professionals (ISCP) program, which bears the official title of an MS in Computer Science with a concentration in information security. The ISCP program is deliberately geared toward IT professionals who have some on-the-job experience in programming and computer science and who aim to become infosecurity specialists. You may also want to check it out if you have a BS in a computing major or an undergraduate minor in computing science.
Research and Initiatives
Purdue is famous for its Center for Education and Research in Information Assurance and Security (CERIAS). Like MIT’s CSAIL and Carnegie Mellon’s CyLab, CERIAS is one of the top labs in the country. It prides itself on its multidisciplinary approach to cyber security research and it draws on faculty expertise from six different colleges and 20+ departments. Cyber security geeks probably already know that CERIAS emerged from the COAST Laboratory, founded by the one and only Gene Spafford!
When we say “multidisciplinary,” we’re talking about in-depth projects into areas such as network security, assured identity & privacy, and cryptology, and a long-running investigation into Natural Language Information Assurance and Security (NL-IAS). What’s more, CERIAS has tons of ties to industry partners (e.g. Intel, GM, Raytheon, Deloitte, etc.) and many connections with other on-campus research labs that are interested in security issues.
You can get a taste of the CERIAS experience by attending the annual information security symposium or the two-month Research Experience for Undergraduates (REU). In the past, the REU has been funded by an NSF grant—check with CERIAS to see if it is being run in the current year.
- Center for Education and Research in Information Assurance and Security (CERIAS)
- Cyber Forensics Laboratory
- Department of Computer Science
- Dependable and Secure Distributed Systems Laboratory (DS2)
- Institute for Defense Innovation (IDI)
- Institute for Global Security and Defense Innovation (i-GSDI)
- Lab For Research In Emerging Network and Distributed Systems (FRIENDS)
- Purdue Homeland Security Institute (PHSI)
- Secure Software Systems S3
- Visual Analytics for Command, Control, and Interoperability Environments Center (VACCINE)
University of Maryland-College Park
As an undergraduate at UMD, you have an easy choice:
- If you love areas like operating systems, network security, and cryptology, you can opt for the BS in Computer Science with a Cybersecurity Specialization from the Department of Computer Science.
- If you’re interested in security nuts & bolts, there’s the BS in Computer Engineering with a Cybersecurity Specialization from the Department of Electrical & Computer Engineering.
For graduates, UMD offers an MEng in Cybersecurity that immerses students in core security courses (e.g. secure programming, networks & protocols, etc.) and hands-on technical electives. Alternatively, you can tailor the MS or PhD in Computer Science or the MS or PhD in Electrical and Computer Engineering to suit your interests.
Lack the time and funds for a full degree? The Graduate Certificate in Engineering – Cybersecurity is a 4-course, 12-credit program that draws on the prerequisites for the MEng.
Research and Initiatives
The hub of UMD’s security efforts is the Maryland Cybersecurity Center (MC2). Created in 2010, this interdisciplinary center has the advantage of being located in the Maryland-DC-Virginia triangle—home of countless government agencies and security firms. It has strong ties to corporate partners such as Lockheed Martin, Cisco, and Northrop Grumman and research projects in everything from cryptography to behavioral and economic aspects of security. You can hobnob with many of these researchers at the MC2 Annual Symposium.
UMD has also developed a number of excellent initiatives for cybersecurity undergrads. These include:
- The immersive Advanced Cybersecurity Experience for Students (ACES)— a two year (optional four year) living-learning honors program funded by Northrop Grumman.
- The super-active, student-run Cybersecurity Club, which runs weekly challenges and participates in national summits & competitions.
- START Career Development programs, which provide scholarship money and career support to students studying in the Homeland Security Science, Technology, Engineering and Mathematics (HS-STEM) arena.
- Advanced Cybersecurity Experience for Students (ACES)
- Cybersecurity Club
- Department of Computer Science
- Department of Electrical & Computer Engineering
- Maryland Cybersecurity Center (MC2)
- National Consortium for the Study of Terrorism and Responses to Terrorism (START)
- Office of Advanced Engineering Education
University of Illinois at Urbana-Champaign
Money flows freely at UIUC courtesy of its unique Illinois Cyber Security Scholars Program (ICSSP). Funded by CyberCorps® Service for Scholarships and stacked with financial benefits, this program covers:
- BS in Computer Science (CS) and the BS in Electrical and Computer Engineering (ECE): Along with technical electives, you’ll be expected to complete a cyber security research project and a summer internship in a government organization.
- MS or PhD with a concentration in Cyber Security (e.g. software engineering, enterprise data systems, computer networks, digital forensics, etc.): Like the BS, you’ll be required to tackle a graduate project (or a thesis) and a summer internship.
- JD with a concentration in Cyber Security: Offered by the College of Law, this 3-year, 90-credit degree focuses on cyber security topics that apply to the law (e.g. white collar crime, national security law, privacy, etc.).
UIUC also offers 3-course, 12-credit Graduate Certificate in Security and a 15-credit Undergraduate Certificate in Global Security. Students participating in the undergraduate certificate are eligible for scholarship opportunities from UIUC’s ACDIS program.
Research and Initiatives
The jewel in UIUC’s cyber security crown is the hugely active, interdisciplinary Information Trust Institute (ITI). Here faculty and fellows are working on research areas such as the power grid, health information, systems & networking, and data science. For example, ITI runs multiple government-sponsored centers in energy systems security, the Strategic Healthcare IT Advanced Research Projects on Security (SHARPS), and the Boeing Trusted Software Center (just to name a few!). Plus, on top of the ICSSP program, ITI also offers undergraduate internships, seminars & workshops, startup support, and a summer school for graduates & security professionals.
But wait, there’s more! As an UIUC student, you may be interested in working for the Arms Control & Domestic and International Security (ACDIS) Program, which has devoted itself to research on international security issues (e.g. nuclear materials security). In the Department of ECE, faculty are also heavily involved in reliable and secure computing systems.
- Arms Control & Domestic and International Security (ACDIS) Program
- Assured Cloud Computing University Center of Excellence (ACC-UCoE)
- Boeing Trusted Software Center
- Critical Infrastructure Resilience Institute (CIRI)
- Cyber Resilient Energy Delivery Consortium (CREDC)
- Department of Computer Science
- Department of Electrical and Computer Engineering
- Illinois Cyber Security Scholars Program (ICSSP)
- Information Trust Institute (ITI)
- Science of Security Lablet
- Strategic Healthcare IT Advanced Research Projects on Security (SHARPS)
- Trustworthy Cyber Infrastructure for the Power Grid (TCIPG)
Rochester Institute of Technology
Founded in 1929, Rochester Institute of Technology (RIT) is ranked #102 in National Universities by U.S. News! Although its Center for Cybersecurity is fairly new, RIT has long been part of the National Security Agency’s (NSA) and Department of Homeland Security’s distinguished National Centers of Academic Excellence in the Cybersecurity Education field.
Under RIT’s College of Computing and Information Sciences, academic opportunities in cyber security include:
- A Minor in Computing Science, offering students a core background related to information security. There are only two required courses (Fundamentals of Computing Security, and Cryptography and Authentication or Intro to Cryptography), plus three advanced electives. Participating students should have a basic computing background in order to be successful.
- A BS in Computing Security, designed to address the demand for more high-tech, advanced studies within the field of network, mobile, database and web security, software development, and security science. It is highly encouraged that participating students possess solid math and science aptitudes. This major leans heavily on a hands-on, experiential curriculum with an emphasis on preparing students to become independent experts. Courses are designed to build and strengthen a rock-solid foundation in, “programming, scripting, databases, computing security, cryptography, security policy, networks, systems and network administration,” with another six security-focused courses. Senior year features a team- oriented capstone project to showcase what has been learned.
- The Master of Science in Computing Security is a 30-credit program aimed at those who completed a computing-related degree. If a foundational background was not already completed, prerequisite “bridge” courses may be taken in order to prepare potential students for the rigorous study ahead. Students interested in learning about computer vulnerabilities, mitigating attacks, and protecting privacy data from criminals using networks of “compromised” computers will enjoy this program. It covers the latest breakthroughs in security concepts related to “software engineering, computer science, mobile computing, computer networking, policy and risk management, and systems administration.” The intent of the program is to enable graduates to transform into industry leaders or prep them for more in-depth academic research.
- A combined BS/MS in Computing Security is a great way to kill two birds with one stone! Undergrads may take up to 9 semester hours in Computing Security, applied to both degrees, thus potentially giving students the unique ability to earn both in just five years! Admission requirements include a stringent minimum 3.25 GPA and 20 completed credits in computing coursework, among other criteria.
- If you’re ready for a PhD Program, RIT features their Golisano College of Computing and Information Sciences (GCCIS) PhD as a research degree for budding scholars, researchers, and educators. Graduates of this challenging interdisciplinary program are well-prepared to launch into successful careers in academia or industry work. Requiring 60 post-baccalaureate credit hours, the GCCIS PhD ranks #68 on the U.S. News list of Best Doctoral Computer Science Programs. There are four stages to the admissions process, as outlined on their site.
Research and Initiatives
Rochester is renowned for its spectrum of well-funded research projects. Current RIT projects include: SIRA: Socio-Technical Approaches to Cybersecurity; SaTC-EAGER: A Criminology-Based Simulation of Dynamic Adversarial Behavior in Cyberattacks; Security Lablet: Impact through Research, Scientific Methods, and Community Development; and over a dozen more! Research and scholarly topics range from Cryptography, Cybersecurity Education, Security Technology, Usable Security, and others.
Under the Center for Cybersecurity, there is also the Eaton Cybersecurity Security Assessment and Forensic Examination (SAFE) Lab, a “living laboratory environment” for students to get work on live industry partner issues, and to “operationalize” the Center’s impactful research efforts. In this space, students receive an unparalleled chance to gain paid work experiences which they can use to build their portfolios and resumes. Student involvement also extends to the RITSec club, which grooms members to “compete in security-related competitions,” with personal and team exercises on penetration testing, server hardening, web security, and other relevant topics.
University of Pittsburgh-Pittsburgh
Pitt is one of only a few universities that hold five Committee on National System Security (CNSS) certifications, which means its degrees are extremely thorough when it comes to systems security. Programs are run by the School of Computing and Information and come in a variety of flavors:
- BS in Information Science (BSIS) with a specialization in Networks and Security: Along with the security electives, the BS includes core courses in networks, programming, database management, and systems analysis. The program also includes a required summer internship.
- MS in Information Science (MSIS) with a specialization in Information Security: Certified by the CNSS as meeting the national standards for INFOSEC education, this degree digs deep into systems & technology.
- MS in Telecommunications (MST) with a specialization in Security: With its focus on areas like firewalls, encryption, and design, this track is intended to prepare you for a career as a network security specialist.
- PhD in Information Science with the option to focus on computer and network security research.
Pitt also has a 15-credit post-bachelor’s or a post-master’s Certificate of Advanced Study (CAS) in Security Assured Information Systems (SAIS) that will make you eligible for CNSS Certifications.
Research and Initiatives
Closely linked with the School of Computing, the Institute for Cyber Law, Policy, and Security is designed to be the core of Pitt’s work into cyber security. It was selected to run an Airforce Association (AFA) CyberCamp and it organizes a number of workshops and conferences where you can network with experts. The Institute was created in 2017, so we’re going to give it some time to grow.
While you’re considering Pitt, we also recommend a look around the research labs and centers in the School of Computing and the university itself:
- The Laboratory for Education & Research on Security Assured Information Systems (LERSAIS) is doing interesting work in emerging applications, systems survivability, cryptography, and wireless IA.
- The Matthew B. Ridgway Center for International Security Studies is generating research in areas such as international terrorism, transnational organized crime, nuclear weapons, and counterinsurgency.
- The Center for National Preparedness (CNP) is developing projects such as threat detection systems and threat potential modeling.
- Center for National Preparedness (CNP)
- Institute for Cyber Law, Policy, and Security
- Laboratory for Education & Research on Security Assured Information Systems (LERSAIS)
- Matthew B. Ridgway Center for International Security Studies
- Real-Time Outbreak and Disease Surveillance (RODS) Lab
- School of Computing and Information
- UPMC Center for Health Security
Texas A&M University-College Station
Texas A&M opened its doors for business in 1876 under the name “Agricultural and Mechanical College of Texas.” The renowned university launched their Cybersecurity Center 139 years later. Falling under their illustrious College of Engineering, which U.S. News ranked 14th in the nation for undergrad programs, the Center focuses on cutting-edge research plus several educational options, including:
- An undergraduate Cybersecurity Minor, for students who select an interdisciplinary engineering degree. Made to appeal to students regardless of their technical expertise, this minor provides a solid cybersecurity foundation, and incorporates 20 courses from across multiple colleges. The intent behind this broad curriculum is to enable the widest application of the cybersecurity core. In fact, A&M’s Cybersecurity minor can be applied to students majoring in either a science or arts degree. The minor is further broken down into 3 tracks: a Technology Track, Engineering Track, or an Interdisciplinary Track. Each requires 16 credits, a 2.5 minimum GPR (Grade Point Ratio), and 6 hours of 300-400 level courses. Course options include Cybersecurity and Digital Ethics, Cybersecurity Risk Management, Cybersecurity Law and Policy, to give a few examples.
- A&M’s Master of Engineering in Engineering with a Specialization in Cybersecurity is a 30 credit hour program designed to help graduates and industry professionals hone their cybersecurity skills within their specific fields. Requirements for admittance include completion of a Bachelor of Science in Engineering or Computer Science, and a 3.0 minimum GPA. The three core classes are Foundations of Computing, Foundations of Cybersecurity Engineering, and Cybersecurity Law and Policy, with the remaining courses coming from a combination of directed electives and concentration areas.
One huge selling point of A&M’s graduate degree is their convenient distance education option. Students can complete the program entirely online in as little as 20 months via A&M’s highly ranked Engineering Online graduate program.
Research and Initiatives
A&M’s top-notch research programs have garnered multiple distinctions, paving the way for their recognition as a National Center for Academic Excellence from the National Security Agency (NSA) and the Department of Homeland Security. Research themes include: Malware Infrastructure Analysis, Resilient Adversary-Tolerant Systems, Predictive Cyber Modeling, Cryptography, Human Dimensions of Cybersecurity, and Analysis of the “Internet of Things.”
GenCyber Camps is a free instructional session sponsored by the NSA and the National Science Foundation, to instruct teachers and students in cybersecurity “in support of the GenCyber principles and Texas Essential Knowledge and Skills (TEKS).”
There’s also a strong focus on partnerships in both the public and private sector. The latest is with Facebook’s Cyber Security University Program, which offers a hybrid course in cybersecurity sponsored by the social media giant. Top students go on to intern with Facebook, apply for scholarships, and participate in exciting industry competitions.
Another unique opportunity for A&M students is their access to exclusive internships. These positions are advertised on A&M’s internship page. Recent openings have been with the Secretariat of the Internet & Jurisdiction Policy Network in Paris, France, and the National Institute of Standards and Technology Student Pathways Program.
Interested students may also join the A&M Cybersecurity Club, which welcomes all interested parties, regardless of major!
University of California-Davis
UC Davis has a long-standing reputation as a major tech university and its Department of Computer Science allows you to customize your graduate computer science degree to include security work:
- MS in Computer Science: Information Assurance Focus: The MS requires you to master 3 of 4 core areas—Theory, Systems, Architecture, and Applications. The Applications core has the most cyber security options.
- PhD in Computer Science: Information Assurance Focus: As with any PhD, you’ll be able to concentrate on favorite area of research after you get through the core areas covered in the MS.
Research and Initiatives
UC Davis is one of only 3 universities in California that holds a CAE-R designation for excellence in cyber security research. (In the faculty list, you may recognize the name of Professor Matthew Bishop, author of Computer Security: Art and Science.) Professor Bishop is a co-director of the Computer Security Lab, which is responsible for a number of in-depth research projects.
UC Davis is also a partner in the Cybersecurity Research Alliance, a multi-university partnership with the U.S. Army Research Laboratory to address threats, attacks, and risks in cyberspace.
Virginia Polytechnic Institute and State University (Virginia Tech) is consistently ranked in the Top 100 of the U.S. News Best Colleges list. One of the reasons is their outstanding College of Engineering, which offers award-winning, multidisciplinary programs in the field of cybersecurity. Current opportunities include:
- An Engineering Minor in Cybersecurity, which focuses on information security, network security, and computer system security, giving students the technical core needed to work in areas such as secure system design. The minor requires six courses, plus a seminar. Minor courses include Network Application Design, Internet Software Development, Telecommunication Networks, Applied Software Engineering, and Cryptography to name a few. For those who complete a BS in Computer Science or Engineering, they’ll be prepared to work in fields of software or embedded systems engineering, or information systems management.
- The BS in Computer Engineering offers a Cyber Operations Track which is supported by the National Security Agency’s (NSA) National Centers of Academic Excellence (CAE), and offers a “technical, inter-disciplinary, higher education program firmly grounded in the computer science, computer engineering, and/or electrical engineering disciplines…” The best thing about this program is the focus on “hands-on” learning through labs and exercises. Completion of optional Knowledge Unit requirements can lead to a certification in Cyber Operations.
- Virginia Tech will soon launch their Major in Networks and Cybersecurity, and they currently partner with the federal government for offer a BS/MS Program – CyberCorps Scholarship for Service. This amazing opportunity pays full in-state tuition plus a $22,500 a year stipend to undegrads (and $34,000 for grad students).
- There’s even a MS or PhD in Computer Science with Cybersecurity Track, or online Masters of Information Technology with Cybersecurity Track for students who can’t attend classes on campus.
- Finally, the school offers a four-course Graduate Certificate in Information Assurance Engineering.
Virginia Tech is unique in regards to it’s optimal location, strategically centered for graduates looking for work with any number of large employers within the Washington DC area, in particular defense contractors, federal agencies, or even the DoD Information Assurance Workforce Improvement Program. The school serves as an efficient pipeline for successful grads who are ready to launch straight into a lucrative career, with countless organizations standing by to offer them a job!
Research and Initiatives
Virginia Tech is nationally recognized for its non-degree related programs and research work in the cybersecurity world. From Cyber-Physical System Security, Cybersecurity Policy and Governance, and Wireless Communications and Networking Security, their award-winning programs cover six centers and labs, garner an astounding $15 million a year in grants and contracts, and provide employment to 150 graduate research assistants.
Virginia Tech hosts a popular cybersecurity club (VTCSEC) for students to stay engaged in out-of-the-classroom events related to their studies. VTCSEC has the stated aim to “develop awareness and expertise in all areas of cyber security including physical, social, hardware, and software.” “Hacking the planet since 2011,” the club provide a valuable extracurricular learning and social group for students to get ahead. There are no formal prerequisites to join, but they encourage members to come ready to learn.
University of Washington-Seattle
Located deep in the heart of techville, UW Seattle’s BS in Informatics with an option in Information Assurance and Cybersecurity (IAC) pulls on faculty expertise from UW’s three campuses. You can choose electives from any campus (e.g. information assurance policy, secure coding, networking & systems administration, etc.) or tailor your concentration to your specific interests.
Already working in the field? UW Seattle also offers a convenient online Certificate in Cybersecurity that’s designed for software developers & analysts and folks with system, database, security, or network administration experience.
Research and Initiatives
UW Seattle researchers are particularly good at assessing the broad picture. The Security and Privacy Research Lab in the School of Computer Science and Engineering has its research fingers in many traditional pies (e.g. cyber-physical systems, mobile device security, network security, etc.). But it also works closely with the interdisciplinary Tech Policy Lab on issues surrounding smart cities, the Internet of Things, robotics, and more.
We should also mention the Cybersecurity Initiative in the International Policy Institute (IPI). The risks of using biometric data to help refugees? Issues with mobile and application insecurities? The threats of cyber-attacks on the nuclear industry? These are the kinds of questions being asked and answered by IPI faculty and fellows.
George Mason University
Strategically located in Fairfax, VA—less than 10 miles from the Dulles Tech Corridor and Loudoun County’s data centers—GMU’s grand old Volgenau School of Engineering is overflowing with cyber security programs.
As an undergraduate, you could consider the:
- BS in Cyber Security Engineering
- BS in Information Technology: Concentration in Information Security
- BAS: Concentration in Cybersecurity (online or on-campus)
As a graduate, you have the option of the:
- MS in Applied Information Technology: Concentration in Cyber Security
- MS in Digital Forensics and Cyber Analysis
- MS in Data Analytics Engineering: Concentration in Digital Forensics
- MS in Information Security and Assurance
- MS in Computer Engineering: Specialization in Network and System Security
- PhD in Information Technology: Concentration in Information Security and Assurance
And as a budding security professional, you may wish to explore the:
- Graduate Certificate in Applied Cyber Security
- Graduate Certificate in Telecommunications Forensics and Security
- Graduate Certificate in Tactical Computer Operations
- Graduate Certificate in Information Security and Assurance
Alternatively, you could apply for a BS, MS, or PhD in Computer Science and tailor your concentration to your cyber security interests.
If you’re interested in the corporate side of security, you can even choose to pursue an MS in Executive Management of Secure Information Systems from the Business School.
Research and Initiatives
Created in 1990, GMU’s Center for Secure Information Systems (CSIS) was the first academic center in security in the country. It has alliances with major government & corporate sponsors (e.g. NSA, Northrop Grumman, MITRE, etc.) and many of its research projects involve national defense—no surprise when you consider the university’s location.
Cyber security faculty are also deeply involved in the:
- Center for Assurance Research & Engineering (CARE): Housed in the Volgenau School, CARE has a commitment to turning security research into real-world applications. Partners have included IBM, DARPA, and the DHS.
- Center for Configuration Analytics and Automation (CCAA): CCAA is a multi-university, multi-industry initiative focused on the challenges of analytics and automation.
- Center of Excellence in Command, Control, Communications, Computing, Intelligence, and Cyber (C4I and Cyber Center): Researchers at C4I and Cyber are absorbed by the military applications of IT and cyber policy. The Center has some fascinating projects and events, as well as ties to a range of industry partners.
The cherry on the cake? Volgenau established the first student-run cybersecurity organization in the country.
- Center for Assurance Research & Engineering (CARE)
- Center for Configuration Analytics and Automation (CCAA)
- Center of Excellence in Command, Control, Communications, Computing, Intelligence, and Cyber (C4I and Cyber Center)
- Center for Infrastructure Protection and Homeland Security (CIP/HS)
- Center for Secure Information Systems (CSIS)
- Center for Security Policy Studies
- National Security Institute at the Antonin Scalia Law School
- School of Business
- Volgenau School of Engineering
Graduate programs are the specialty of the house at Syracuse. Although they’re run by the College of Engineering and Computer Science, these degrees include input from the College of Law, the iSchool, and the Maxwell School.
- MS in Cybersecurity: This 30-credit program places a heavy emphasis on the design and development of secure & assured systems. It also includes options to tackle electives like data mining, Machine Learning (ML), and biometrics.
- Online MS in Cybersecurity: The distance learning option follows the same trajectory as the on-campus version. You’ll be expected to complete at least one on-campus immersion experience.
- Certificate of Advanced Study (CAS) in Cybersecurity: This 12-credit, 4-course graduate certificate is available to post-bachelor’s or post-master’s students looking for additional skills. Credits taken for the CAS may also be applied towards the MS.
- PhD in Computer and Information Science and Engineering (CISE) or a PhD in Electrical and Computer Engineering (ECE).
Fancy the idea of attending Syracuse as an undergraduate? Check out the 18-credit Undergraduate Cyberengineering Semester. It’s designed to teach CS and ECE juniors and seniors how to build and verify highly assured systems.
Research and Initiatives
Engineering is a big deal at Syracuse. For example, the Center for Advanced Systems and Engineering (CASE), an NYSTAR-designated Center for Advanced Technology (CAT) in complex information systems, has a huge stake in cyber security and network assurance. What’s more, the College of Engineering has a large number of cyber security research projects on the burner, with a great deal of emphasis on secure systems.
Syracuse also has the Institute for National Security and Counterterrorism (INSCT), a significant initiative devoted to research work on national & international security and counterterrorism. It hosts various conferences & events and offers a number of interesting CASs (as well as an online cybersecurity course). If you’re intrigued by the intersection of tech and global events, it’s worth a visit.
BU is a big university and its cyber security offerings are spread over a number of schools and colleges. The most “traditional” programs are the:
- BA in Computer Science with a concentration in Cryptography & Security, which is offered by the Department of Computer Science. Don’t be fooled by the name—this is a CS degree with a real emphasis on network security, cryptography, etc. Faculty from the BU Security Group (see below) are available to advise.
- MS in Computer Engineering with a specialization in Cyber Security, which is offered by the College of Engineering. It’s pretty flexible—you must take at least one 4-credit ECE course at the 700 level, but you can stack the degree with security credits and electives.
- MS in Computer Science (MSCS) with a specialization in Cyber Security, which is offered by the Department of Computer Science. You’ll cover 5 breadth courses and a variety of security electives (e.g. cryptography, digital forensics, network security, etc.). Security electives usually fulfill the “applications” breadth requirement.
But your second option is Metropolitan College (MET). MET programs are often tailored toward working professionals and place a heavy emphasis on job skills. Here you’ll find the:
- MS in Computer Science (MSCS) with a concentration in Security, which is aimed at folks with academic or work experience with programming, discrete mathematics, and computer systems. The security concentration consists of 5 courses (3 required and 2 electives) in typical areas (e.g. network security, cryptography, forensics, etc.).
- MS in Computer Information Systems (MSCIS) with a concentration in Security (online or blended), which is accredited by both the accredited by the PMI’s Global Accreditation Center (GAC) for Project Management and the Commission on Accreditation for Health Informatics and Information Management Education (CAHIIM). This program is a combo of technical training and managerial and organizational courses, and is open to those with a bachelor’s degree from a regionally accredited institution.
- Master of Criminal Justice with a concentration in Cybercrime Investigation & Cybersecurity (on campus or online), which is a 10-course, 40-credit program for students interested in the legal and investigative aspects of cybercrime.
- Graduate Certificate in Cybercrime Investigation & Cybersecurity (on campus or online), which is a 16-credit program that can be completed in as little as 8 months. The program is designed for current professionals, meaning anyone from law enforcement to computer scientists can enroll to gain the expertise needed for careers investigating cybercrime.
- Graduate Certificate in Information Security (online or blended), which is a 4-course, 16-credit program designed to help graduates develop and implement IT security in their own organizations.
Research and Initiatives
The BU Security Group in the Department of Computer Science is affiliated with the university’s Center for Reliable Information Systems and Cyber Security (RISCS). Under the command of the Hariri Institute for Computing (HIC), RISCS has become a multidisciplinary initiative with a smorgasbord of research projects (e.g. Modular Approach to Cloud Security (MACS)). It also hosts regular seminars & events, including the Charles River Crypto Day.
It’s important to remember that HIC has a close relationship with MIT’s Lincoln Lab, organizing joint Cybersecurity Workshops and collaborating on initiatives such as the Moving Target Defense and the Verificare project. HIC even funds exceptional undergraduates (UROP Summer Research Awards) and PhD students (Graduate Student Fellows Program) involved in computational research.
University of Houston
UH’s Department of Information and Logistics Technology is responsible for both the BS in Computer Information Systems (CIS) with technical electives in Security and the MS in Information System Security.
Choosing technical electives in the BS is a way to focus your strengths on Information Assurance (IA). You’re allowed to choose 4 courses from topics such as secure application design, digital forensics, and intrusion detection & incident response.
The two-year MS, on the other hand, is explicitly designed for folks with undergraduate degrees in technology disciplines who want to be able to assess, implement, and manage security solutions for information and network systems. In addition to hands-on technical work, there’s a big push for project management expertise.
Research and Initiatives
Established in 2007, UH’s Center for Information Security Research and Education (CISRE) is the heart of UH’s cyber security efforts. In addition to the degrees we’ve mentioned, it operates security labs, liaisons with other universities & centers, and tackles various research projects.
Faculty in the Department of Computer Science also have a keen interest in security issues—CS runs its own Reasoning and Data Analytics for Security (ReDAS) Lab.
Oklahoma State University-Main Campus
Cyber security programs at OSU’s main campus are handled by the Department of Management Science and Information Systems in the Spears School of Business. That means programs often stress the real-world, business applications of IT and security.
For example, the BS in Business Administration with a major in Management Information Systems and an option in Information Assurance (yep, that’s the title) highlights hands-on analysis of organizational issues in IA and security. The MS in Information Assurance covers managerial topics such as telecommunications, risk, offensive and defensive practices, and legal issues.
Can’t commit to a degree? The short, 15-credit Graduate Certificate in Information Assurance will school you in telecommunications technology, industry trends, and management and security of telecommunications systems.
Research and Initiatives
One of the reasons why so many OSU programs deal with telecommunications is due to the Center for Telecommunications and Network Security (CTANS). This center pulls on faculty expertise from multiple departments, including electrical engineering, to investigate areas such as secure communications protocols. In addition to providing labs, CTANS also has ties to the super-active, student-run Information Security and Assurance Club (ISAC).
Hoping to improve your career contacts? Every April, the Spears School of Business hosts the OSU Cyber Security Conference.
Iowa State University
ISU has a hyper-flexible approach to cyber security degrees. If you’re considering on-campus programs, the:
- MS in Information Assurance (IA) allows you to pursue a degree from the Department of Electrical and Computer Engineering, Management Information Systems, Mathematics, or Political Science—you decide which department suits your expertise and interest! The MS is 30 credits in all, with a thesis option or non-thesis option. Each home department has its own course schedule & admission requirements.
- PhD in Computer Engineering or Computer Science or Math with a focus on Information Assurance is also administered by a home department. This is for folks interested in technical research—the Departments of Political Science and Management are not involved.
ISU has also developed a number of distance learning alternatives. However, these online degrees are only offered by the Department of Electrical and Computer Engineering, so keep in mind that the university is typically looking for applicants with a BS or MS in computer engineering (or a closely related field). For example, the:
- Online MS in Information Assurance (IA) includes core coursework such as network & computer security, cryptography, forensics, and information warfare, and comes with thesis or non-thesis options.
- Online MEngr in Information Assurance (IA) covers a lot of the same ground as the MS, but no thesis or creative component is required to graduate—the degree is based on coursework credits only.
- Online Graduate Certificate in Information Assurance is a 4-course, 12-credit program that is designed to help you become a better information system security specialist in government, the private sector, and/or educational institutions.
And if that isn’t enough, you also have the option to pursue an Undergraduate Minor in Cybersecurity.
Research and Initiatives
ISU’s poster boy for cyber security is the Information Assurance Center (IAC). Established in 2000, the IAC takes a multi-faceted approach to its research projects, but it’s particularly interested in real-world applications—ISU is the home of the U.S. DOE’s Ames Laboratory. IAC plays host to a security testbed called ISEAGE – Internet-Scale Event & Attack Generation Environment, leads the Iowa Cyber Alliance, and heads the ISU Information Assurance Research Consortium.
Once you’re on campus, you’ll find fellow security enthusiasts in the Information Assurance Student Group (IASG) and the Information Systems Security Laboratory (ISSL). ISU also runs 5 Cyber Defense Competitions each year.
University of Kansas
KU’s School of Engineering offers one graduate degree that’s specifically devoted to security—the MS in Information Technology (MSIT) with a focus in Cyber Security. The focus includes a traditional core (e.g. network security, IA, project management, etc.) and a large number of electives.
Alternatively, you might choose to pursue an MS or PhD in Computer Science or Computer Engineering and customize it with courses from the Security and Assurance cluster.
Not ready for a degree? KU’s 12-credit Graduate Certificate in Cybersecurity is designed for professionals with two or more years of practical experience in IT who want to hone their skills in advanced areas of information security.
Research and Initiatives
KU’s ranking is partly due to its dedicated faculty. For example, at the Information and Telecommunication Technology Center (ITTC), you’ll find the Information Assurance Laboratory (IAL)—focused on developing, verifying, and fielding high-assurance information systems—and research projects on areas such as communication & network systems security.
On top of this, KU supports the student-run KU InfoSec Club, helps to organize the Central Area Networking and Security Workshop (CANSec), and has made a public commitment to promoting diversity in engineering disciplines.
George Washington University
Handily based in Washington, D.C., GWU’s Department of Computer Science has 3 roads that lead toward cyber security expertise:
- BA/BS in Computer Science & MS in Cybersecurity in Computer Science: This accelerated program allows you to earn a conventional bachelor’s in computer science (with 2 graduate-level courses as electives) and an MS in just 5 years. This could save you a considerable amount of money.
- MS in Cybersecurity in Computer Science: The MS is a 30-credit, full-time or part-time program with a computer science core and a host of electives in security (e.g. computer security, network security, applied cryptography, forensics, cyber law, etc.). Thesis and non-thesis options are available.
- Graduate Certificate in Computer Security and Information Assurance (CSIA): This short, 4-course program is targeted at practicing computer scientists and other IT personnel who want to improve their security skills. You also have the option to transfer your certificate credits to the MS.
If you have already earned an associate’s degree or a non-technical bachelor’s degree, you can explore the Cybersecurity Bachelor’s Degree Completion Program. Offered by the College of Professional Studies, this two-year, 60-credit program is designed to get you quickly up to speed in core competencies (e.g. network security, digital forensics, incident response, etc.). Classes are held on GWU’s Virginia campuses.
Alternatively, you might consider distance learning, where GWU has developed strengths in management & leadership programs:
- Online Master of Engineering in Cybersecurity Policy & Compliance: The MEng CPC is aimed at seasoned professionals who aspire to manage their organization’s cyber practices (i.e. information security managers). It blends courses like cryptography, security systems, algorithms, and software paradigms, with credits in policy, project management, compliance, and risk management.
- Online Master of Professional Studies in Cybersecurity Strategy and Information Management: This MPS is well-suited to folks working in military, homeland security, and private sectors. It was designed in consultation with the DHS and law enforcement, and its courses are designed to combat the methods of hackers, terrorists, and cyber criminals.
Research and Initiatives
GWU is a CAE-R institution, and its Cyber Security and Privacy Research Institute (CSPRI) is involved in a number of research projects centered around issues like cyber surveillance, data collection, and supply chain safety. It’s a founding member of the National Cyber League and a supporter of the National CyberWatch Center.
But the fun doesn’t stop there. GWU also boasts a Center for Cyber and Homeland Security (CCHS), a nonpartisan “think and do” tank focused on homeland security, counterterrorism, and cyber security issues. (This is, after all, the land of D.C. and its government agencies). CCHS generates a vast quantity of research & publications and hosts many events with powerful speakers. Internships are available.
Meanwhile, over at the School of Law, the Cybersecurity Law Initiative is taking flight. It organizes regular events on law and technology that are open to students and members of the public. GW Law students who wish to study aspects of cyber security law are eligible for CyberCorps® scholarships.
Johns Hopkins University
JHU’s flagship security program is the MS in Security Informatics (MSSI). This full-time, 3-semester degree is administered by the School of Engineering and students must complete either the technology & research track or policy & management track. Both tracks include core technical courses, but the policy & management track is—understandably—more concerned with business issues. With the MSSI, you can also choose to pursue a dual degree in engineering in computer science, applied math & statistics, and health sciences, or even tack on JHU’s Certificate in National Security Studies (CNSS).
Trying to fit your degree in around work? Johns Hopkins Engineering for Professionals offers a flexible MS in Cybersecurity (10 courses) and a Post-Master’s Certificate in Cybersecurity (6 courses) in online or on-campus forms. In addition to traditional foundation courses, the MS allows you to choose a track of interest (e.g. systems, networks, or analysis).
Finally, if you really want to get stuck into the subject, you could also consider a PhD in Computer Science. The Department of Computer Science will be more than happy to help you customize your study plan.
Research and Initiatives
Founded by Gerald Masson, JHU’s venerable Information Security Institute (ISI) has been working on security issues since 2001. Researchers at ISI are particularly concerned with health and medical security (remembering that JHU has one of the best medical schools in the country) and cryptography & privacy. We should also mention that MSSI applicants are eligible for an Information Security Institute Fellowship (ISIF).
Mississippi State University
MSU’s cyber security offerings come courtesy of its Department of Computer Science & Engineering. Its MS in Computer Science with a concentration in Computer Security and PhD in Computer Science with a concentration in Computer Security have been around for quite some time, and both curricula draw on the security expertise of department faculty. In the MS, you can choose to complete a thesis, a professional project, or courses-only.
But that’s not all! In 2017, MSU created the MS in Cyber Security and Operations, a specialist degree with concentrations in either cyber defense or cyber operations (e.g. reverse engineering, wireless networks, malware analysis, etc.). Cyber defense graduates apply for jobs in private corporation or government organizations; cyber operations graduates often find work with the government or penetration testing firms.
Last but not least, MSU offers a 15-hour, 5-course Graduate Certificate in Information Assurance that stresses IA and data security.
Research and Initiatives
MSU is the only university in the state to hold the triple crown of designations: CAE-R, CAE-CO & CAE-CDE. Thanks to its Center for Computer Security Research (CCSR), it has developed major research strengths in AI, computer forensics, and cryptography. For example, MSU has its own National Forensics Training Center (NFTC), which is funded by the Department of Justice to train law enforcement officers to fight cyber crime. What’s more, CCSR is particularly committed to encouraging the participation of women in cyber security through internships, camps, and mentorship.
Another initiative we should highlight is MSU’s High Performance Computing Collaboratory (HPC²), which hosts the:
- Center for Cyber Innovation (CCI), where researchers have a hand in high tech projects that focus on global national security, homeland security, and peacekeeping operations and access to a top-ranked DOD-restricted supercomputer.
- Distributed Analytics and Security Institute (DASI), which receives funding from the Pacific Northwest National Laboratory (PNNL) and the federal government to work on a wide range of data-related security projects.
Choosing the Best Security Program
Your #1 choice will depend on your career aims. We made sure that each university in our list has fascinating research labs, whip-smart faculty, and ties to government & the private sector. But other factors to consider include:
- Scholarships & Grants: Money is pouring into programs! In addition to the CyberCorps® Scholarship for Service, you’re likely to find lots of security scholarships for both undergraduate & graduate students. Ask the department offering your degree (e.g. Department of Computer Science) for details on financial aid.
- Location: Strong cyber security schools often benefit from their proximity to tech areas (e.g. Silicon Valley), government defense agencies (VA/DC/MD area), and hubs of corporate activity (e.g. Atlanta or Chicago). Pay attention to sponsors & partners in research institutes—they often supply internships and job opportunities.
- Subject Expertise: Thanks to faculty and research connections, cyber security schools are usually known for certain areas of expertise (e.g. Norwich University & cyber defense). Explore options in our state lists as well as these rankings—you may find the ideal professor in an ideal program that’s not in our top 20.
- NSA CAE Designation: CAE designations are often considered a hallmark of quality, but the acronyms can be confusing to navigate. Since CAE is a factor in our ranking methodology, we talk a little more about this topic below.
NSA Centers of Academic Excellence in Cybersecurity (CAE-C)
What is an NSA CAE-CD School?
To promote higher education in cyber security, the National Security Agency (NSA) and Department of Homeland Security (DHS) teamed up to designate a number of institutions as National Centers of Academic Excellence in Cyber Defense (CAE-CD).
All regionally accredited two-year, four-year and graduate level institutions in the U.S. are eligible to apply for a CD designation. These designations include:
- CAE2Y: Awarded to community colleges, technical schools, and government training centers that offer two-year certificate and associate’s degree programs in cyber security
- CAE-CDE: Awarded to four-year universities and colleges that offer bachelor’s and graduate degree programs in cyber security
- CAE-R: Awarded to universities that offer higher-level doctoral research programs in cyber security
To qualify for a CAE-CD designation, schools must meet a number of general and academic requirements. The designation is valid for 5 academic years.
Students attending CAE-CD and CAE-R schools are eligible for scholarships and grants through the Department of Defense Information Assurance Scholarship Program and the CyberCorps® Scholarship for Service Program.
What is an NSA CAE-CO School?
The NSA has also developed a designation called the National Centers of Academic Excellence in Cyber Operations (CAE-CO). This designation is available to four-year colleges and graduate-level universities.
As you might expect, the CAE-CO designation is given to programs that focus on the operations side of cyber security (e.g. engineering, network defense, operating systems, and programming). In its list of academic requirements, the NSA stipulates that CO degrees should:
- Be technical, inter-disciplinary, and firmly grounded in the computer science (CS), computer engineering (CE), and/or electrical engineering (EE) disciplines
- Emphasize technologies and techniques related to specialized cyber operations (e.g. collection, exploitation, and response; malware analysis; reverse engineering, etc.)
Students attending CAE-CO schools are eligible for the CyberCorps® Scholarship for Service Program.
Do I Have to Go to a CAE School?
The short answer is no. The NSA CAE is a voluntary designation – some very well-respected schools have decided that it does not accurately reflect the requirements that a cyber security program needs. Others have issues with the time involved in the application process.
If you’re in any doubt about the reputation of a school, do your research and ask around. Guidance counselors, professional peers, and senior level colleagues should all be willing to give you advice.
History of NSA CAE Designation
The idea of creating an information assurance designations began in 1998. At that time, the government was looking for ways to increase the profile of cyber security and foster research & education initiatives.
In response, it developed a variety of projects, including the:
- NSA National Centers of Academic Excellence in Information Assurance Education (CAE-IAE)
- Scholarship for Service program
After the release of the President’s National Strategy to Secure Cyberspace in 2003, the Department of Homeland Security (DHS) joined the NSA as a partner in 2004.
The initiative continued to grow throughout the 2000s:
- In 2008, the CAE in IA Research (CAE-IAR) program was established to promote higher-level doctoral research in cyber security.
- In 2010, the CAE in Two-Year IA Education (CAE2Y) program was created to accommodate two-year institutions, technical schools, and government training centers.
In 2014, CAE-IAE designations were replaced by the CAE-CD program.
NSA CAE-CD Requirements
The NSA has developed a broad set of criteria for its programs. In general, a CAE-CD school must:
- Meet a set of core and optional knowledge units (KUs)
- Demonstrate outreach and collaboration
- Have a center for CD education
- Foster a robust and active CD academic program
- Ensure CD is a multidisciplinary science within the institution
- Support the practice of CD throughout the institution
- Encourage student and faculty CD research
According to the NSA’s Academic Criteria, a technical two-year program should include the following core knowledge units (KUs):
1.1 Basic Data Analysis
1.2. Basic Scripting or Introductory Programming
1.3. Cyber Defense
1.4. Cyber Threats
1.5. Fundamental Security Design Principles
1.6. Information Assurance Fundamentals
1.7. Intro to Cryptography
1.8. IT Systems Components
1.9. Networking Concepts
1.10. Policy, Legal, Ethics, and Compliance
1.11. System Administration
A four-year program (e.g. BS in Cyber Security) should include all of the above KUs and:
2.2. Network Defense
2.3. Networking Technology and Protocols
2.4. Operating Systems Concepts
2.5. Probability and Statistics
These are the “must-haves”. The NSA makes room for a large number of optional KUs (e.g. cloud computing, digital forensics, supply chain security, etc.).
Optional Focus Area
If they’re really keen, universities can also choose to apply for one or more CAE-CD Focus Area designations. These include:
- Cyber Investigations
- Data Management Systems Security
- Data Security Analysis
- Digital Forensics
- Health Care Security
- Industrial Control Systems – SCADA Security
- Network Security Administration
- Network Security Engineering
- Secure Cloud Computing
- Secure Embedded Systems
- Secure Mobile Technology
- Secure Software Development
- Secure Telecommunications
- Security Incident Analysis and Response
- Security Policy Development and Compliance
- Systems Security Administration
- Systems Security Engineering