Cyber Degrees

Top Cyber Security Schools for 2019

Editor’s Note: New cyber security degree programs launch every year, and we’ve updated our rankings to reflect the rapidly evolving field. This page was last updated on 11/8/2018 to cover the best cyber security programs for students in 2019.


When it comes to the “best of the best” in security, you’ve got options! Our list of the top 20 cyber security schools in the country includes many big names that you’ll recognize and plenty of great state choices. Skip ahead to view the rankings.

Methodology

To get you the most bang for your buck, we felt it was important to assess a school’s quality from a variety of angles. That means our rankings are based on a number of data sources, including:

  1. Integrated Postsecondary Education Data System (IPEDS) data on computer science program completions
  2. Integrated Postsecondary Education Data System (IPEDS) data on computer engineering program completions
  3. Ponemon Institute’s Report on Best Schools for Cybersecurity
  4. NSA CAE designations

To narrow down our finalists, we analyzed school listings that appeared in the first 3 data categories. We also noted whether or not they’re an NSA CAE designated school. Because we prioritized undergraduate completion rates, you’ll notice that big names in graduate programs (e.g. Carnegie Mellon) may be further down the list. Almost all of the schools in our top 20 were well-represented in each data category; all of the schools hold a CAE designation.

Best Cyber Security Colleges and Programs

  1. 1

    Georgia Institute of Technology

    Georgia Tech’s banner degree is its MS in Cybersecurity. With a 5-credit practicum and an emphasis on applicable skills, this program is available in 3 tracks:

    1. The Information Security track is run by the School of Computer Science and emphasizes technical issues in software, computer systems, and network security. Applicants are expected to have an undergraduate degree in computer science or the equivalent.
    2. The Energy Systems track is run by the College of Engineering and focuses on the security of the energy domain (e.g. cyber-physical systems security, smart grids, and power system protection).
    3. The Policy track is run by the School of Public Policy and explores topics related to policy, law, privacy, and management.

    If you’re a technical professional (e.g. IT, engineering, or product design) who’s looking to make the jump to security, you could also consider the Cyber Security Certificate. This flexible 5-course program gives you the choice of 4 electives.

    Research and Initiatives

    To accomplish its research work for military, government, and private industry, Georgia Tech’s Institute for Information Security & Privacy (IISP) draws on talent from a large number of cybersecurity labs and centers across the university and within the Georgia Tech Research Institute. In the process, Georgia Tech has become a University Affiliated Research Center (UARC) for the Department of Defense and the recipient of a DSS “Excellence in Counterintelligence” award. It has also garnered some stellar U.S. News & World Report rankings.

    In terms of initiatives, IISP has ongoing projects on everything from sensor systems and Machine Learning (ML) to privacy, smart cities, and side-channel attacks. It has also developed a Cybersecurity Fellowship Program, which supports PhD students who have ideas for unfunded & under-funded emerging research. Visit IISP’s Annual Cyber Security Summit or take an open enrollment course to see if Georgia Tech is the right fit for you.

    More Information

  2. 2

    Purdue University

    For graduate students, Purdue’s main campus is the land of opportunity. You can be a working IT pro, a research fanatic, or even a linguistics lover, and still find a solid program to suit your interests. Choices include:

    1. A standard MS or a standard PhD in a relevant department (e.g. Computer Science, Electrical & Computer Engineering, Political Science, etc.), with a focus on infosecurity topics. For example, if you’re pursuing an MS in CS, you can expect to take baseline courses in areas like operating systems and electives in topics like computer security, cryptography, cryptanalysis, and advanced security.
    2. An interdisciplinary graduate specialization in infosecurity (Masters’ and PhD), which is administered through CERIAS. These programs make a point of including graduate students from areas like the Departments of Philosophy and Communication, the Linguistics Program, and the College of Technology.
    3. An MS or PhD in Computer in Information Technology with a specialization in Cyber Forensics, which is run by the Cyber Forensics Lab in the Department of Computer and Information Technology. This program encompasses topics such as homeland security and infosecurity.

    Looking to move up the career ladder? The Department of Computer Science also offers an intensive, one-year Information Security for Computing Professionals (ISCP) program, which bears the official title of an MS in Computer Science with a concentration in information security. The ISCP program is deliberately geared toward IT professionals who have some on-the-job experience in programming and computer science and who aim to become infosecurity specialists. You may also want to check it out if you have a BS in a computing major or an undergraduate minor in computing science.

    Research and Initiatives

    Purdue is famous for its Center for Education and Research in Information Assurance and Security (CERIAS). Like MIT’s CSAIL and Carnegie Mellon’s CyLab, CERIAS is one of the top labs in the country. It prides itself on its multidisciplinary approach to cyber security research and it draws on faculty expertise from six different colleges and 20+ departments. Cyber security geeks probably already know that CERIAS emerged from the COAST Laboratory, founded by the one and only Gene Spafford!

    When we say “multidisciplinary,” we’re talking about in-depth projects into areas such as network security, assured identity & privacy, and cryptology, and a long-running investigation into Natural Language Information Assurance and Security (NL-IAS). What’s more, CERIAS has tons of ties to industry partners (e.g. Intel, GM, Raytheon, Deloitte, etc.) and many connections with other on-campus research labs that are interested in security issues.

    You can get a taste of the CERIAS experience by attending the annual information security symposium or the two-month Research Experience for Undergraduates (REU). In the past, the REU has been funded by an NSF grant—check with CERIAS to see if it is being run in the current year.

    More Information

  3. 3

    University of Maryland-College Park

    As an undergraduate at UMD, you have an easy choice:

    For graduates, UMD offers an MEng in Cybersecurity that immerses students in core security courses (e.g. secure programming, networks & protocols, etc.) and hands-on technical electives. Alternatively, you can tailor the MS or PhD in Computer Science or the MS or PhD in Electrical and Computer Engineering to suit your interests.

    Lack the time and funds for a full degree? The Graduate Certificate in Engineering – Cybersecurity is a 4-course, 12-credit program that draws on the prerequisites for the MEng.

    Research and Initiatives

    The hub of UMD’s security efforts is the Maryland Cybersecurity Center (MC2). Created in 2010, this interdisciplinary center has the advantage of being located in the Maryland-DC-Virginia triangle—home of countless government agencies and security firms. It has strong ties to corporate partners such as Lockheed Martin, Cisco, and Northrop Grumman and research projects in everything from cryptography to behavioral and economic aspects of security. You can hobnob with many of these researchers at the MC2 Annual Symposium.

    UMD has also developed a number of excellent initiatives for cybersecurity undergrads. These include:

    • The immersive Advanced Cybersecurity Experience for Students (ACES)— a two year (optional four year) living-learning honors program funded by Northrop Grumman.
    • The super-active, student-run Cybersecurity Club, which runs weekly challenges and participates in national summits & competitions.
    • START Career Development programs, which provide scholarship money and career support to students studying in the Homeland Security Science, Technology, Engineering and Mathematics (HS-STEM) arena.

    More Information

  4. 4

    University of Illinois at Urbana-Champaign

    Money flows freely at UIUC courtesy of its unique Illinois Cyber Security Scholars Program (ICSSP). Funded by CyberCorps® Service for Scholarships and stacked with financial benefits, this program covers:

    UIUC also offers 3-course, 12-credit Graduate Certificate in Security and a 15-credit Undergraduate Certificate in Global Security. Students participating in the undergraduate certificate are eligible for scholarship opportunities from UIUC’s ACDIS program.

    Research and Initiatives

    The jewel in UIUC’s cyber security crown is the hugely active, interdisciplinary Information Trust Institute (ITI). Here faculty and fellows are working on research areas such as the power grid, health information, systems & networking, and data science. For example, ITI runs multiple government-sponsored centers in energy systems security, the Strategic Healthcare IT Advanced Research Projects on Security (SHARPS), and the Boeing Trusted Software Center (just to name a few!). Plus, on top of the ICSSP program, ITI also offers undergraduate internships, seminars & workshops, and a summer school for graduates & security professionals.

    But wait, there’s more! As an UIUC student, you may be interested in working for the Arms Control & Domestic and International Security (ACDIS) Program, which has devoted itself to research on international security issues (e.g. nuclear materials security). In the Department of ECE, faculty are also heavily involved in reliable and secure computing systems.

    More Information

  5. 5

    Rochester Institute of Technology

    Founded in 1929, Rochester Institute of Technology (RIT) is ranked #102 in National Universities by U.S. News! Although its Center for Cybersecurity is fairly new, RIT has long been part of the National Security Agency’s (NSA) and Department of Homeland Security’s distinguished National Centers of Academic Excellence in the Cybersecurity Education field.

    Under RIT’s College of Computing and Information Sciences, academic opportunities in cyber security include:

    • A Minor in Computing Science, offering students a core background related to information security. There are only two required courses (Fundamentals of Computing Security, and Cryptography and Authentication or Intro to Cryptography), plus three advanced electives. Participating students should have a basic computing background in order to be successful.
    • A BS in Computing Security, designed to address the demand for more high-tech, advanced studies within the field of network, mobile, database and web security, software development, and security science. It is highly encouraged that participating students possess solid math and science aptitudes. This major leans heavily on a hands-on, experiential curriculum with an emphasis on preparing students to become independent experts. Courses are designed to build and strengthen a rock-solid foundation in, “programming, scripting, databases, computing security, cryptography, security policy, networks, systems and network administration,” with another six security-focused courses. Senior year features a team- oriented capstone project to showcase what has been learned.
    • The Master of Science in Computing Security is a 30-credit program aimed at those who completed a computing-related degree. If a foundational background was not already completed, prerequisite “bridge” courses may be taken in order to prepare potential students for the rigorous study ahead. Students interested in learning about computer vulnerabilities, mitigating attacks, and protecting privacy data from criminals using networks of “compromised” computers will enjoy this program. It covers the latest breakthroughs in security concepts related to “software engineering, computer science, mobile computing, computer networking, policy and risk management, and systems administration.” The intent of the program is to enable graduates to transform into industry leaders or prep them for more in-depth academic research.
    • A combined BS/MS in Computing Security is a great way to kill two birds with one stone! Undergrads may take up to 9 semester hours in Computing Security, applied to both degrees, thus potentially giving students the unique ability to earn both in just five years! Admission requirements include a stringent minimum 3.25 GPA and 20 completed credits in computing coursework, among other criteria.
    • If you’re ready for a PhD Program, RIT features their Golisano College of Computing and Information Sciences (GCCIS) PhD as a research degree for budding scholars, researchers, and educators. Graduates of this challenging interdisciplinary program are well-prepared to launch into successful careers in academia or industry work. Requiring 60 post-baccalaureate credit hours, the GCCIS PhD ranks #68 on the U.S. News list of Best Doctoral Computer Science Programs. There are four stages to the admissions process, as outlined on their site.

    Research and Initiatives

    Rochester is renowned for its spectrum of well-funded research projects. Current RIT projects include: SIRA: Socio-Technical Approaches to Cybersecurity; SaTC-EAGER: A Criminology-Based Simulation of Dynamic Adversarial Behavior in Cyberattacks; Security Lablet: Impact through Research, Scientific Methods, and Community Development; and over a dozen more! Research and scholarly topics range from Cryptography, Cybersecurity Education, Security Technology, Usable Security, and others.

    Under the Center for Cybersecurity, there is also the Eaton Cybersecurity Security Assessment and Forensic Examination (SAFE) Lab, a “living laboratory environment” for students to get work on live industry partner issues, and to “operationalize” the Center’s impactful research efforts. In this space, students receive an unparalleled chance to gain paid work experiences which they can use to build their portfolios and resumes. Student involvement also extends to the RITSec club, which grooms members to “compete in security-related competitions,” with personal and team exercises on penetration testing, server hardening, web security, and other relevant topics.

    More Information

  6. 6

    University of Pittsburgh-Pittsburgh

    Pitt is one of only a few universities that hold five Committee on National System Security (CNSS) certifications, which means its degrees are extremely thorough when it comes to systems security. Programs are run by the School of Computing and Information and come in a variety of flavors:

    Pitt also has a 15-credit post-bachelor’s or a post-master’s Certificate of Advanced Study (CAS) in Security Assured Information Systems (SAIS) that will make you eligible for CNSS Certifications.

    Research and Initiatives

    Closely linked with the School of Computing, the Institute for Cyber Law, Policy, and Security is designed to be the core of Pitt’s work into cyber security. It was selected to run an Airforce Association (AFA) CyberCamp and it organizes a number of workshops and conferences where you can network with experts. The Institute was created in 2017, so we’re going to give it some time to grow.

    While you’re considering Pitt, we also recommend a look around the research labs and centers in the School of Computing and the university itself:

    More Information

  7. 7

    Texas A&M University-College Station

    Texas A&M opened its doors for business in 1876 under the name “Agricultural and Mechanical College of Texas.” The renowned university launched their Cybersecurity Center 139 years later. Falling under their illustrious College of Engineering, which U.S. News ranked 14th in the nation for undergrad programs, the Center focuses on cutting-edge research plus several educational options, including:

    • An undergraduate Cybersecurity Minor, for students who select an interdisciplinary engineering degree. Made to appeal to students regardless of their technical expertise, this minor provides a solid cybersecurity foundation, and incorporates 20 courses from across multiple colleges. The intent behind this broad curriculum is to enable the widest application of the cybersecurity core. In fact, A&M’s Cybersecurity minor can be applied to students majoring in either a science or arts degree. The minor is further broken down into 3 tracks: a Technology Track, Engineering Track, or an Interdisciplinary Track. Each requires 16 credits, a 2.5 minimum GPR (Grade Point Ratio), and 6 hours of 300-400 level courses. Course options include Cybersecurity and Digital Ethics, Cybersecurity Risk Management, Cybersecurity Law and Policy, to give a few examples.
    • A&M’s Master of Engineering in Engineering with a Specialization in Cybersecurity is a 30 credit hour program designed to help graduates and industry professionals hone their cybersecurity skills within their specific fields. Requirements for admittance include completion of a Bachelor of Science in Engineering or Computer Science, and a 3.0 minimum GPA. The three core classes are Foundations of Computing, Foundations of Cybersecurity Engineering, and Cybersecurity Law and Policy, with the remaining courses coming from a combination of directed electives and concentration areas.

    One huge selling point of A&M’s graduate degree is their convenient distance education option. Students can complete the program entirely online in as little as 20 months via A&M’s highly ranked Engineering Online graduate program.

    Research and Initiatives

    A&M’s top-notch research programs have garnered multiple distinctions, paving the way for their recognition as a National Center for Academic Excellence from the National Security Agency (NSA) and the Department of Homeland Security. Research themes include: Malware Infrastructure Analysis, Resilient Adversary-Tolerant Systems, Predictive Cyber Modeling, Cryptography, Human Dimensions of Cybersecurity, and Analysis of the “Internet of Things.”

    GenCyber Camps is a free instructional session sponsored by the NSA and the National Science Foundation, to instruct teachers and students in cybersecurity “in support of the GenCyber principles and Texas Essential Knowledge and Skills (TEKS).”

    There’s also a strong focus on partnerships in both the public and private sector. The latest is with Facebook’s Cyber Security University Program, which offers a hybrid course in cybersecurity sponsored by the social media giant. Top students go on to intern with Facebook, apply for scholarships, and participate in exciting industry competitions.

    Another unique opportunity for A&M students is their access to exclusive internships. These positions are advertised on A&M’s internship page. Recent openings have been with the Secretariat of the Internet & Jurisdiction Policy Network in Paris, France, and the National Institute of Standards and Technology Student Pathways Program.

    Interested students may also join the A&M Cybersecurity Club, which welcomes all interested parties, regardless of major!

    More Information

  8. 8

    University of California-Davis

    UC Davis has a long-standing reputation as a major tech university and its Department of Computer Science allows you to customize your graduate computer science degree to include security work:

    Research and Initiatives

    UC Davis is one of only 3 universities in California that holds a CAE-R designation for excellence in cyber security research. (In the faculty list, you may recognize the name of Professor Matthew Bishop, author of Computer Security: Art and Science.) Professor Bishop is a co-director of the Computer Security Lab, which is responsible for a number of in-depth research projects.

    UC Davis is also a partner in the Cybersecurity Research Alliance, a multi-university partnership with the U.S. Army Research Laboratory to address threats, attacks, and risks in cyberspace.

    More Information

  9. 9

    Virginia Tech

    Virginia Polytechnic Institute and State University (Virginia Tech) is consistently ranked in the Top 100 of the U.S. News Best Colleges list. One of the reasons is their outstanding College of Engineering, which offers award-winning, multidisciplinary programs in the field of cybersecurity. Current opportunities include:

    • An Engineering Minor in Cybersecurity, which focuses on information security, network security, and computer system security, giving students the technical core needed to work in areas such as secure system design. The minor requires six courses, plus a seminar. Minor courses include Network Application Design, Internet Software Development, Telecommunication Networks, Applied Software Engineering, and Cryptography to name a few. For those who complete a BS in Computer Science or Engineering, they’ll be prepared to work in fields of software or embedded systems engineering, or information systems management.
    • The BS in Computer Engineering offers a Cyber Operations Track which is supported by the National Security Agency’s (NSA) National Centers of Academic Excellence (CAE), and offers a “technical, inter-disciplinary, higher education program firmly grounded in the computer science, computer engineering, and/or electrical engineering disciplines…” The best thing about this program is the focus on “hands-on” learning through labs and exercises. Completion of optional Knowledge Unit requirements can lead to a certification in Cyber Operations.
    • Virginia Tech will soon launch their Major in Networks and Cybersecurity, and they currently partner with the federal government for offer a BS/MS Program – CyberCorps Scholarship for Service. This amazing opportunity pays full in-state tuition plus a $22,500 a year stipend to undegrads (and $34,000 for grad students).
    • There’s even a MS or PhD in Computer Science with Cybersecurity Track, or online Masters of Information Technology with Cybersecurity Track for students who can’t attend classes on campus.
    • Finally, the school offers a four-course Graduate Certificate in Information Assurance Engineering.

    Virginia Tech is unique in regards to it’s optimal location, strategically centered for graduates looking for work with any number of large employers within the Washington DC area, in particular defense contractors, federal agencies, or even the DoD Information Assurance Workforce Improvement Program. The school serves as an efficient pipeline for successful grads who are ready to launch straight into a lucrative career, with countless organizations standing by to offer them a job!

    Research and Initiatives

    Virginia Tech is nationally recognized for its non-degree related programs and research work in the cybersecurity world. From Cyber-Physical System Security, Cybersecurity Policy and Governance, and Wireless Communications and Networking Security, their award-winning programs cover six centers and labs, garner an astounding $15 million a year in grants and contracts, and provide employment to 150 graduate research assistants.

    Virginia Tech hosts a popular cybersecurity club (VTCSEC) for students to stay engaged in out-of-the-classroom events related to their studies. VTCSEC has the stated aim to “develop awareness and expertise in all areas of cyber security including physical, social, hardware, and software.” “Hacking the planet since 2011,” the club provide a valuable extracurricular learning and social group for students to get ahead. There are no formal prerequisites to join, but they encourage members to come ready to learn.

    More Information

  10. 10

    University of Washington-Seattle

    Located deep in the heart of techville, UW Seattle’s BS in Informatics with an option in Information Assurance and Cybersecurity (IAC) pulls on faculty expertise from UW’s three campuses. You can choose electives from any campus (e.g. information assurance policy, secure coding, networking & systems administration, etc.) or tailor your concentration to your specific interests.

    Already working in the field? UW Seattle also offers a convenient online Certificate in Cybersecurity that’s designed for software developers & analysts and folks with system, database, security, or network administration experience.

    Research and Initiatives

    UW Seattle researchers are particularly good at assessing the broad picture. The Security and Privacy Research Lab in the School of Computer Science and Engineering has its research fingers in many traditional pies (e.g. cyber-physical systems, mobile device security, network security, etc.). But it also works closely with the interdisciplinary Tech Policy Lab on issues surrounding smart cities, the Internet of Things, robotics, and more.

    We should also mention the Cybersecurity Initiative in the International Policy Institute (IPI). The risks of using biometric data to help refugees? Issues with mobile and application insecurities? The threats of cyber-attacks on the nuclear industry? These are the kinds of questions being asked and answered by IPI faculty and fellows.

    More Information

  11. 11

    George Mason University

    Strategically located in Fairfax, VA—less than 10 miles from the Dulles Tech Corridor and Loudoun County’s data centers—GMU’s grand old Volgenau School of Engineering is overflowing with cyber security programs.

    As an undergraduate, you could consider the:

    As a graduate, you have the option of the:

    And as a budding security professional, you may wish to explore the:

    Alternatively, you could apply for a BS, MS, or PhD in Computer Science and tailor your concentration to your cyber security interests.

    If you’re interested in the corporate side of security, you can even choose to pursue an MS in Executive Management of Secure Information Systems from the Business School.

    Research and Initiatives

    Created in 1990, GMU’s Center for Secure Information Systems (CSIS) was the first academic center in security in the country. It has alliances with major government & corporate sponsors (e.g. NSA, Northrop Grumman, MITRE, etc.) and many of its research projects involve national defense—no surprise when you consider the university’s location.

    Cyber security faculty are also deeply involved in the:

    The cherry on the cake? Volgenau established the first student-run cybersecurity organization in the country.

    More Information

  12. 12

    Syracuse University

    Graduate programs are the specialty of the house at Syracuse. Although they’re run by the College of Engineering and Computer Science, these degrees include input from the College of Law, the iSchool, and the Maxwell School.

    Fancy the idea of attending Syracuse as an undergraduate? Check out the 18-credit Undergraduate Cyberengineering Semester. It’s designed to teach CS and ECE juniors and seniors how to build and verify highly assured systems.

    Research and Initiatives

    Engineering is a big deal at Syracuse. For example, the Center for Advanced Systems and Engineering (CASE), an NYSTAR-designated Center for Advanced Technology (CAT) in complex information systems, has a huge stake in cyber security and network assurance. What’s more, the College of Engineering has a large number of cyber security research projects on the burner, with a great deal of emphasis on secure systems.

    Syracuse also has the Institute for National Security and Counterterrorism (INSCT), a significant initiative devoted to research work on national & international security and counterterrorism. It hosts various conferences & events and offers a number of interesting CASs (as well as an online cybersecurity course). If you’re intrigued by the intersection of tech and global events, it’s worth a visit.

    More Information

  13. 13

    Boston University

    BU is a big university and its cyber security offerings are spread over a number of schools and colleges. The most “traditional” programs are the:

    But your second option is Metropolitan College (MET). MET programs are often tailored toward working professionals and place a heavy emphasis on job skills. Here you’ll find the:

    Research and Initiatives

    The BU Security Group in the Department of Computer Science is affiliated with the university’s Center for Reliable Information Systems and Cyber Security (RISCS). Under the command of the Hariri Institute for Computing (HIC), RISCS has become a multidisciplinary initiative with a smorgasbord of research projects (e.g. Modular Approach to Cloud Security (MACS)). It also hosts regular seminars & events, including the Charles River Crypto Day.

    It’s important to remember that HIC has a close relationship with MIT’s Lincoln Lab, organizing joint Cybersecurity Workshops and collaborating on initiatives such as the Moving Target Defense and the Verificare project. HIC even funds exceptional undergraduates (UROP Summer Research Awards) and PhD students (Graduate Student Fellows Program) involved in computational research.

    More Information

  14. 14

    University of Houston

    UH’s Department of Information and Logistics Technology is responsible for both the BS in Computer Information Systems (CIS) with technical electives in Security and the MS in Information System Security.

    Choosing technical electives in the BS is a way to focus your strengths on Information Assurance (IA). You’re allowed to choose 4 courses from topics such as secure application design, digital forensics, and intrusion detection & incident response.

    The two-year MS, on the other hand, is explicitly designed for folks with undergraduate degrees in technology disciplines who want to be able to assess, implement, and manage security solutions for information and network systems. In addition to hands-on technical work, there’s a big push for project management expertise.

    Research and Initiatives

    Established in 2007, UH’s Center for Information Security Research and Education (CISRE) is the heart of UH’s cyber security efforts. In addition to the degrees we’ve mentioned, it operates security labs, liaisons with other universities & centers, and tackles various research projects.

    Faculty in the Department of Computer Science also have a keen interest in security issues—CS runs its own Reasoning and Data Analytics for Security (ReDAS) Lab.

    More Information

  15. 15

    Oklahoma State University-Main Campus

    Cyber security programs at OSU’s main campus are handled by the Department of Management Science and Information Systems in the Spears School of Business. That means programs often stress the real-world, business applications of IT and security.

    For example, the BS in Business Administration with a major in Management Information Systems and an option in Information Assurance (yep, that’s the title) highlights hands-on analysis of organizational issues in IA and security. The MS in Information Assurance covers managerial topics such as telecommunications, risk, offensive and defensive practices, and legal issues.

    Can’t commit to a degree? The short, 15-credit Graduate Certificate in Information Assurance will school you in telecommunications technology, industry trends, and management and security of telecommunications systems.

    Research and Initiatives

    One of the reasons why so many OSU programs deal with telecommunications is due to the Center for Telecommunications and Network Security (CTANS). This center pulls on faculty expertise from multiple departments, including electrical engineering, to investigate areas such as secure communications protocols. In addition to providing labs, CTANS also has ties to the super-active, student-run Information Security and Assurance Club (ISAC).

    Hoping to improve your career contacts? Every April, the Spears School of Business hosts the OSU Cyber Security Conference.

    More Information

  16. 16

    Iowa State University

    ISU has a hyper-flexible approach to cyber security degrees. If you’re considering on-campus programs, the:

    ISU has also developed a number of distance learning alternatives. However, these online degrees are only offered by the Department of Electrical and Computer Engineering, so keep in mind that the university is typically looking for applicants with a BS or MS in computer engineering (or a closely related field). For example, the:

    And if that isn’t enough, you also have the option to pursue an Undergraduate Minor in Cybersecurity.

    Research and Initiatives

    ISU’s poster boy for cyber security is the Information Assurance Center (IAC). Established in 2000, the IAC takes a multi-faceted approach to its research projects, but it’s particularly interested in real-world applications—ISU is the home of the U.S. DOE’s Ames Laboratory. IAC plays host to a security testbed called ISEAGE – Internet-Scale Event & Attack Generation Environment, leads the Iowa Cyber Alliance, and heads the ISU Information Assurance Research Consortium.

    Once you’re on campus, you’ll find fellow security enthusiasts in the Information Assurance Student Group (IASG) and the Information Systems Security Laboratory (ISSL). ISU also runs 5 Cyber Defense Competitions each year.

    More Information

  17. 17

    University of Kansas

    KU’s School of Engineering offers one graduate degree that’s specifically devoted to security—the MS in Information Technology (MSIT) with a focus in Cyber Security. The focus includes a traditional core (e.g. network security, IA, project management, etc.) and a large number of electives.

    Alternatively, you might choose to pursue an MS or PhD in Computer Science or Computer Engineering and customize it with courses from the Security and Assurance cluster.

    Not ready for a degree? KU’s 12-credit Graduate Certificate in Cybersecurity is designed for professionals with two or more years of practical experience in IT who want to hone their skills in advanced areas of information security.

    Research and Initiatives

    KU’s ranking is partly due to its dedicated faculty. For example, at the Information and Telecommunication Technology Center (ITTC), you’ll find the Information Assurance Laboratory (IAL)—focused on developing, verifying, and fielding high-assurance information systems—and research projects on areas such as communication & network systems security.

    On top of this, KU supports the student-run KU InfoSec Club, helps to organize the Central Area Networking and Security Workshop (CANSec), and has made a public commitment to promoting diversity in engineering disciplines.

    More Information

  18. 18

    George Washington University

    Handily based in Washington, D.C., GWU’s Department of Computer Science has 3 roads that lead toward cyber security expertise:

    If you have already earned an associate’s degree or a non-technical bachelor’s degree, you can explore the Cybersecurity Bachelor’s Degree Completion Program. Offered by the College of Professional Studies, this two-year, 60-credit program is designed to get you quickly up to speed in core competencies (e.g. network security, digital forensics, incident response, etc.). Classes are held on GWU’s Virginia campuses.

    Alternatively, you might consider distance learning, where GWU has developed strengths in management & leadership programs:

    Research and Initiatives

    GWU is a CAE-R institution, and its Cyber Security and Privacy Research Institute (CSPRI) is involved in a number of research projects centered around issues like cyber surveillance, data collection, and supply chain safety. It’s a founding member of the National Cyber League and a supporter of the National CyberWatch Center.

    But the fun doesn’t stop there. GWU also boasts a Center for Cyber and Homeland Security (CCHS), a nonpartisan “think and do” tank focused on homeland security, counterterrorism, and cyber security issues. (This is, after all, the land of D.C. and its government agencies). CCHS generates a vast quantity of research & publications and hosts many events with powerful speakers. Internships are available.

    Meanwhile, over at the School of Law, the Cybersecurity Law Initiative is taking flight. It organizes regular events on law and technology that are open to students and members of the public. GW Law students who wish to study aspects of cyber security law are eligible for CyberCorps® scholarships.

    More Information

  19. 19

    Johns Hopkins University

    JHU’s flagship security program is the MS in Security Informatics (MSSI). This full-time, 3-semester degree is administered by the School of Engineering and students must complete either the technology & research track or policy & management track. Both tracks include core technical courses, but the policy & management track is—understandably—more concerned with business issues. With the MSSI, you can also choose to pursue a dual degree in engineering in computer science, applied math & statistics, and health sciences, or even tack on JHU’s Certificate in National Security Studies (CNSS).

    Trying to fit your degree in around work? Johns Hopkins Engineering for Professionals offers a flexible MS in Cybersecurity (10 courses) and a Post-Master’s Certificate in Cybersecurity (6 courses) in online or on-campus forms. In addition to traditional foundation courses, the MS allows you to choose a track of interest (e.g. systems, networks, or analysis).

    Finally, if you really want to get stuck into the subject, you could also consider a PhD in Computer Science. The Department of Computer Science will be more than happy to help you customize your study plan.

    Research and Initiatives

    Founded by Gerald Masson, JHU’s venerable Information Security Institute (ISI) has been working on security issues since 2001. Researchers at ISI are particularly concerned with health and medical security (remembering that JHU has one of the best medical schools in the country) and cryptography & privacy. We should also mention that MSSI applicants are eligible for an Information Security Institute Fellowship (ISIF).

    More Information

  20. 20

    Mississippi State University

    MSU’s cyber security offerings come courtesy of its Department of Computer Science & Engineering. Its MS in Computer Science with a concentration in Computer Security and PhD in Computer Science with a concentration in Computer Security have been around for quite some time, and both curricula draw on the security expertise of department faculty. In the MS, you can choose to complete a thesis, a professional project, or courses-only.

    But that’s not all! In 2017, MSU created the MS in Cyber Security and Operations, a specialist degree with concentrations in either cyber defense or cyber operations (e.g. reverse engineering, wireless networks, malware analysis, etc.). Cyber defense graduates apply for jobs in private corporation or government organizations; cyber operations graduates often find work with the government or penetration testing firms.

    Last but not least, MSU offers a 15-hour, 5-course Graduate Certificate in Information Assurance that stresses IA and data security.

    Research and Initiatives

    MSU is the only university in the state to hold the triple crown of designations: CAE-R, CAE-CO & CAE-CDE. Thanks to its Center for Computer Security Research (CCSR), it has developed major research strengths in AI, computer forensics, and cryptography. For example, MSU has its own National Forensics Training Center (NFTC), which is funded by the Department of Justice to train law enforcement officers to fight cyber crime. What’s more, CCSR is particularly committed to encouraging the participation of women in cyber security through internships, camps, and mentorship.

    Another initiative we should highlight is MSU’s High Performance Computing Collaboratory (HPC²), which hosts the:

    More Information

Choosing the Best Security Program

Your #1 choice will depend on your career aims. We made sure that each university in our list has fascinating research labs, whip-smart faculty, and ties to government & the private sector. But other factors to consider include:

  • Scholarships & Grants: Money is pouring into programs! In addition to the CyberCorps® Scholarship for Service, you’re likely to find lots of security scholarships for both undergraduate & graduate students. Ask the department offering your degree (e.g. Department of Computer Science) for details on financial aid.
  • Location: Strong cyber security schools often benefit from their proximity to tech areas (e.g. Silicon Valley), government defense agencies (VA/DC/MD area), and hubs of corporate activity (e.g. Atlanta or Chicago). Pay attention to sponsors & partners in research institutes—they often supply internships and job opportunities.
  • Subject Expertise: Thanks to faculty and research connections, cyber security schools are usually known for certain areas of expertise (e.g. Norwich University & cyber defense). Explore options in our state lists as well as these rankings—you may find the ideal professor in an ideal program that’s not in our top 20.
  • NSA CAE Designation: CAE designations are often considered a hallmark of quality, but the acronyms can be confusing to navigate. Since CAE is a factor in our ranking methodology, we talk a little more about this topic below.

NSA Centers of Academic Excellence in Cybersecurity (CAE-C)

What is an NSA CAE-CD School?

To promote higher education in cyber security, the National Security Agency (NSA) and Department of Homeland Security (DHS) teamed up to designate a number of institutions as National Centers of Academic Excellence in Cyber Defense (CAE-CD).

All regionally accredited two-year, four-year and graduate level institutions in the U.S. are eligible to apply for a CD designation. These designations include:

  • CAE2Y: Awarded to community colleges, technical schools, and government training centers that offer two-year certificate and associate’s degree programs in cyber security
  • CAE-CDE: Awarded to four-year universities and colleges that offer bachelor’s and graduate degree programs in cyber security
  • CAE-R: Awarded to universities that offer higher-level doctoral research programs in cyber security

To qualify for a CAE-CD designation, schools must meet a number of general and academic requirements. The designation is valid for 5 academic years.

Students attending CAE-CD and CAE-R schools are eligible for scholarships and grants through the Department of Defense Information Assurance Scholarship Program and the CyberCorps® Scholarship for Service Program.

What is an NSA CAE-CO School?

The NSA has also developed a designation called the National Centers of Academic Excellence in Cyber Operations (CAE-CO). This designation is available to four-year colleges and graduate-level universities.

As you might expect, the CAE-CO designation is given to programs that focus on the operations side of cyber security (e.g. engineering, network defense, operating systems, and programming). In its list of academic requirements, the NSA stipulates that CO degrees should:

  • Be technical, inter-disciplinary, and firmly grounded in the computer science (CS), computer engineering (CE), and/or electrical engineering (EE) disciplines
  • Emphasize technologies and techniques related to specialized cyber operations (e.g. collection, exploitation, and response; malware analysis; reverse engineering, etc.)

Students attending CAE-CO schools are eligible for the CyberCorps® Scholarship for Service Program.

Do I Have to Go to a CAE School?

The short answer is no. The NSA CAE is a voluntary designation – some very well-respected schools have decided that it does not accurately reflect the requirements that a cyber security program needs. Others have issues with the time involved in the application process.

If you’re in any doubt about the reputation of a school, do your research and ask around. Guidance counselors, professional peers, and senior level colleagues should all be willing to give you advice.

Note: As of 2017, the Scholarship for Service program was still open to non-CAE institutions whose information assurance programs were deemed “equivalent” to those of certified schools.

History of NSA CAE Designation

The idea of creating an information assurance designations began in 1998. At that time, the government was looking for ways to increase the profile of cyber security and foster research & education initiatives.

In response, it developed a variety of projects, including the:

  • NSA National Centers of Academic Excellence in Information Assurance Education (CAE-IAE)
  • Scholarship for Service program

After the release of the President’s National Strategy to Secure Cyberspace in 2003, the Department of Homeland Security (DHS) joined the NSA as a partner in 2004.

The initiative continued to grow throughout the 2000s:

  • In 2008, the CAE in IA Research (CAE-IAR) program was established to promote higher-level doctoral research in cyber security.
  • In 2010, the CAE in Two-Year IA Education (CAE2Y) program was created to accommodate two-year institutions, technical schools, and government training centers.

In 2014, CAE-IAE designations were replaced by the CAE-CD program.

Note: CAE/IAE designations expired in January 2017, but you may still see this acronym on university websites.

NSA CAE-CD Requirements

General Criteria

The NSA has developed a broad set of criteria for its programs. In general, a CAE-CD school must:

  • Meet a set of core and optional knowledge units (KUs)
  • Demonstrate outreach and collaboration
  • Have a center for CD education
  • Foster a robust and active CD academic program
  • Ensure CD is a multidisciplinary science within the institution
  • Support the practice of CD throughout the institution
  • Encourage student and faculty CD research

Academic Criteria

According to the NSA’s Academic Criteria, a technical two-year program should include the following core knowledge units (KUs):

1.1 Basic Data Analysis
1.2. Basic Scripting or Introductory Programming
1.3. Cyber Defense
1.4. Cyber Threats
1.5. Fundamental Security Design Principles
1.6. Information Assurance Fundamentals
1.7. Intro to Cryptography
1.8. IT Systems Components
1.9. Networking Concepts
1.10. Policy, Legal, Ethics, and Compliance
1.11. System Administration

A four-year program (e.g. BS in Cyber Security) should include all of the above KUs and:

2.1. Databases
2.2. Network Defense
2.3. Networking Technology and Protocols
2.4. Operating Systems Concepts
2.5. Probability and Statistics
2.6. Programming

These are the “must-haves”. The NSA makes room for a large number of optional KUs (e.g. cloud computing, digital forensics, supply chain security, etc.).

Optional Focus Area

If they’re really keen, universities can also choose to apply for one or more CAE-CD Focus Area designations. These include:

  • Cyber Investigations
  • Data Management Systems Security
  • Data Security Analysis
  • Digital Forensics
  • Health Care Security
  • Industrial Control Systems – SCADA Security
  • Network Security Administration
  • Network Security Engineering
  • Secure Cloud Computing
  • Secure Embedded Systems
  • Secure Mobile Technology
  • Secure Software Development
  • Secure Telecommunications
  • Security Incident Analysis and Response
  • Security Policy Development and Compliance
  • Systems Security Administration
  • Systems Security Engineering

School Rankings



Useful Resources