In 2020, the discovery of a successful Russian hacking campaign made headlines. The nine-month-long Sunburst hack, as it came to be known, trojanized IT contractor SolarWinds' Orion software framework. Affecting more than 18,000 businesses and government agencies in North America, Europe, Asia, and the Middle East, Sunburst gave the attackers access to everything from proprietary information to state secrets. The Pentagon, US Treasury, Department of Homeland Security, and other federal agencies all fell victim to the attack.
Sunburst provides a cautionary tale of how crucial cyber security is. People and companies lose billions of dollars to cyber crime each year, but attackers aren't just digital bank robbers. They're also spies and terrorists looking to infiltrate and shut down the systems that sustain countries.
"The magnitude of this attack is hard to overstate," former Trump Homeland Security Advisor Thomas Bossert told the New York Times. "The Russians have had access to a considerable number of important and sensitive networks for six to nine months… It will take years to know for certain which networks the Russians control and which ones they just occupy."
Governments and businesses are getting better at responding to cyber threats and attacks, but there's a long road ahead. Part of the problem these entities face is there aren't enough qualified cyber security professionals. Large-scale, coordinated attacks like Sunburst happen because the manpower necessary to detect every attack doesn't exist.
According to the Global Information Security Workforce Study, the cyber security workforce gap will hit 1.8 million by 2022. That's bad news for organizations that deal in sensitive data, but good news for anyone looking at accredited cyber security degree programs or considering a cyber security career.
To join this field today, you'll need a bachelor's degree. However, it may not be long before a master's in cyber security is the entry-level degree for security professionals. This guide to cyber security degrees can help you decide which academic pathway is right for you. It covers:
Cyber security is no longer a niche discipline, making this question hard to answer. It encompasses multiple fields that include network security, risk management, ethical hacking, and cyber operations—and it's broader than most people realize. The National Initiative for Cybersecurity Careers & Studies (NICCS) has mapped out dozens of distinct specialty areas in cyber security and 52 career roles.
Cyber security isas hard to sum up in just a few words because it involves so much more than keeping devices and databases secure.. Professionals in this discipline are responsible for things like:
Cyber security protects the digital interests of individuals, households, organizations, municipalities, and entire countries.
The simplest definition might be: cyber security is an umbrella term encompassing all the technology and processes used to prevent, detect, and respond to cyber attacks.
These attacks take many forms, whether criminals target individuals or organizations. Many people associate cyber security with phishing and identity theft, but the most common cyber attacks target not individuals, but information systems, infrastructures, and networks. These include:
The history of cyber security begins in the late 1960s, when the first computer systems were networked. Curiosity drove the very first hacking event. In 1967, a group of high school students used Selectric teletypewriter-based terminals with dial-up connectivity (a gift to their school from IBM) to penetrate the then-experimental APL network. IBM ultimately credited "a number of high school students for their compulsion to bomb the system" in their system documentation for helping reveal the flaws in early networks.
The early 1970s were a time of experimentation. Bob Thomas created the first computer worm—a program that bounced between computers on the Advanced Research Projects Agency Network (ARPANET) and displayed, "I'm the creeper: catch me if you can" on the screens of infected devices. Ray Tomlinson, the inventor of email, wrote a counter program to chase and delete Thomas' worm—the first antivirus software.
The first DoS attack wasn't motivated by malice but ended up causing hundreds of thousands of dollars worth of damage. Robert Morris wrote a worm to highlight security vulnerabilities, but the program replicated excessively due to a programming error and crashed the internet as it existed at that time.
In the mid-70s, both computer science professionals and criminals started thinking seriously about cyber security. High-profile cyber attacks became more common in the 1980s, and hacking was acknowledged as an arrestable offense. The first ransomware (sent around by mail on a floppy disk) hit the scene, and nations began practicing cyber espionage. The first commercial antivirus applications were released in 1987.
When internet use became common in the 90s, hackers created malicious viruses that infected millions of computers and knocked out entire email systems. Antivirus software producers struggled to keep up. Netscape developed the SSL protocol in 1995, which helped usher in an age of secure e-commerce.
Vast quantities of personal, financial, scientific, and state-level data have been digitized since then, and cyber criminals have found ways to exploit it all, from infected websites to zero-day attacks. As cyber security evolves to respond to an expanding range of attack types, hackers find new ways to attack for fun and financial gain. It's a never-ending back and forth.
Whether you find cyber security challenging in school will depend on your aptitudes, your tolerance for frustration, and the cyber security degree program you choose. This discipline is still new enough that there's plenty of variation in what programs cover. Some on-campus and online programs treat cyber security as part of computer science and get very technical. In contrast, others treat it as part of IT and teach students about common attacks and how to avoid them.
Careers in cyber security run the gamut from simple and repetitive to insanely stressful, depending on the requirements of a given position. If you're content to spend your days scrolling through Reddit in between putting out low-level fires, you can do that. But you can also earn your paychecks tracking cyber terrorists as part of high-stakes national security operations.
What makes studying and working in cyber security challenging may not be the subject matter itself but rather that the learning never ends. Earning one or more cyber security degrees is only the first step. For your entire career, you'll have to keep up with the evolution of cyber attacks or risk becoming obsolete.
The Department of Homeland Security sums up the answer to this question succinctly on its website:
"Our daily life, economic vitality, and national security depend on a stable, safe, and resilient cyberspace."
Unfortunately, cyberspace is anything but safe, whether you're talking about the sites that entertain you or the cloud systems where your data are stored. Every day, hackers and other criminals:
The economic impact of cyber crime is huge. The personal impact can be just as profound for those individuals targeted by hackers. And cyber crime is a national security issue because tampering with digital systems allows foreign enemies to disrupt physical infrastructure vital to health and safety in the United States.
This isn't a field you can slide into without an education because companies and government agencies don't want to hand off their sensitive data or network oversight to just anyone. Having a cyber security degree—whether it's a bachelor's, a master's, or a doctorate—demonstrates you know what you're doing and can handle the high stakes work common in this field.
Cyber security degree programs, as University of Tulsa puts it in its online master's in cyber security program guide, prepare students to "master the theory, concepts and techniques of information assurance and network defense in real-world environments."
How far you want to take your education is up to you. Most cyber security jobs are still open to bachelor's degree holders because this discipline is so new. It may not be long, however, before this discipline sees an influx of professionals with advanced degrees and the barriers to entry shift.
Four-year, full-time Bachelor of Science in Cyber Security programs are common, though there are several degrees designed for aspiring cyber security professionals. You might earn any of the following degrees as you prepare to launch your career in cyber security:
You might not need a cyber security bachelor's, however. You can also launch a career in this field with a degree in computer science, software engineering, or data science, provided you spend some time outside of class brushing up on cyber security fundamentals.
A cyber security master's degree can help you advance more quickly and boost your earning potential, whether you enroll in a two-year, full-time program or a part-time program that lets you keep working. If you don't have any experience in this field, pursuing a Master of Science in Cyber Security can be the first step in a career transition. And if you do, a graduate degree may be your ticket into management positions.
The Master of Science in Cyber Security is just one possible degree of many. You might also pursue a:
Many cyber security master's programs build certification qualifications into the core curriculum. A course on penetration-testing tools and techniques might prepare students to earn the Certified Ethical Hacker credential while a course on information technology and business systems gives them the skills and knowledge they need to pass the the Certified Information Systems Auditor exam. The best programs will help you build your professional network and give you the post-graduation support you need to reach the next stage of your career.
PhD in Cyber Security programs are demanding and designed for students with significant professional experience in tech roles. Programs are typically highly customizable and tailored to each student's needs. They may take courses in the first year of the program and then spend anywhere from four to seven years conducting original research in areas like:
Cyber security degree programs teach students how to protect operating systems and networks and to keep sensitive information secure. Core coursework usually covers common threats, monitoring and mitigation techniques, and how to develop effective security policies for organizations. Programs differ, however, in terms of how technical they get and how deep they dive into different areas of the cyber security field.
Cyber security bachelor's degree programs cover topics like:
Cyber security bachelor's programs are often built around foundational material. Entire classes may be devoted to answering questions like 'What is cyber security?' and 'What is hacking?' Most schools don't expect incoming freshmen to have a tech background or previous professional experience.
Master's programs take one of two approaches. Some are geared toward students with little to no work experience in tech fields. These programs are very similar in scope to bachelor's programs and attract career-switchers. The University of Tulsa's MS in Cyber Security program, for instance, teaches foundational cyber security concepts. Students take core courses and elective courses like:
Other programs are designed for students with relevant professional experience in cyber security who want to enhance their skills or advance into management positions. The curricula in these programs cover topics like:
The coursework in doctorate-level cyber security programs is often dictated by each student's research focus or area of interest. A fixed 60- to 70-credit curriculum might emphasize theory and research or practical technical knowledge. Courses in doctorate programs cover topics like:
Besides taking classes, a student pursuing a PhD in Cyber Security must meet teaching requirements and work on original dissertation research or a culminating project.
Security risks evolve, but the fundamentals of cyber security are fixed. The foundational elements of the discipline are:
Almost everything cyber security professionals do can be slotted into one of these basic categories.
You're probably already familiar with terms like malware and firewall, but you may not know these standard cyber security terms:
Some of the most pressing topics in cyber security today include password security, safe computing, and scams. While large-scale data breaches and government-level hacks make headlines, the really insidious vulnerabilities exist at the user level. Most people assume they're doing everything right when it comes to cyber security, but in reality, they have all kinds of bad habits that leave their devices and networks open to attackers.
There are certain principles organizations can look to for guidance when protecting their information and systems from cyber threats. The following cyber security principles provide a framework for keeping digital devices and information secure:
People who succeed in this field tend to be:
Companies across industries collect massive amounts of personal and proprietary data. Organizations and governments both rely on internet connectivity and database systems to stay up and running. And hackers are getting craftier, which has led to more job openings for cyber security professionals.
According to the University of Tulsa, 200,000 cyber security jobs in the United States go unfilled each year (more than three million worldwide). The 2020 (ISC)² Cybersecurity Workforce Study predicts the global cyber security workforce will need to grow by a whopping 89 percent to meet the needs of employers scrambling to secure digital assets as remote work becomes the norm.
Career paths in cyber security tend to fall into one of five categories:
These broad categories encompass numerous interconnected roles, making it hard to map out a typical career trajectory in cybersecurity. You might start as an IT tester and become a penetration tester or advance from cyber security analyst to cyber security consultant before becoming a cyber security engineer.
Demand in this field is high across the board, but some roles are harder to fill than others. These are the hot titles employers around the world are looking to fill:
If you're wondering whether a cyber security master's is worth it, the answer is yes. Employers looking to fill the highest-paying jobs in the field prefer to hire candidates with advanced degrees.
The top US companies hiring cybersecurity professionals include:
According to the University of San Diego, the five best cyber security companies to work for are:
There are also plenty of jobs for cyber security professionals in the US government. The National Security Agency (NSA) is a particularly rich source of cyber jobs related to national defense.
Cities where jobs are abundant and average salaries for cyber security professionals range from $115,000 to more than $130,000 include:
Many sources claim the average cyber security salary is about $113,000. Keep in mind, however, that figures for entry-level and mid-career roles are calculated using both the sky-high salaries common in tech hubs like San Francisco and more modest salaries typical in less expensive locales. That means graduating with one or more cyber security degrees won't automatically turn you into a top earner. There are things you can do, however, to boost your earning potential in this field, including:
Starting salaries are high in this field—even for freshly minted undergrads. The average entry-level salary in cyber security is about $73,000, which is over $20,000 more than the typical post-graduation salary for bachelor's degree holders in the US. With an undergraduate cyber security degree, you might earn $69,000 as a security analyst or $68,000 as a penetration tester, which isn't too shabby when you have little to no professional experience. Having a master's degree typically means earning more. With a master's in cyber security, you might earn around $87,000.
Experienced cybersecurity professionals in many roles earn well over $100,000. A security architect with ten or more years of experience, for instance, can earn $130,000.
Students graduate from the top cyber security schools with real-world experience and industry connections. These colleges and universities have relationships with government agencies and security firms, and their students are often recruited soon after graduation:
The top online cyber security programs are similar to, if not identical to, those offered on campus. The admission requirements, focus, faculty, core courses, and credit hours required to graduate are generally the same—even in affordable online cyber security degree programs. In the best ones, distance learners receive as much pre- and post-graduation career support as students pursuing this degree on campus.
Top cyber security schools with online programs include:
Why should you enroll in one of these programs? When sources say cyber security professionals are in high demand, they're not exaggerating. "If you know cyber security, then you have a job for life," Robert Herjavec, CEO of the $300 million cybersecurity firm, Herjavec Group, has said. There was zero percent unemployment in the field just a few years ago, and there's still a widespread shortage of qualified cyber security professionals. Getting a degree in cyber security is the first step on the road to the kind of job security—and salaries—most people can only dream about.
That said, one Reddit commenter on a thread about cyber security degrees made a great point when they wrote, "Don't look at cyber security or infosec just for the money. It is important to have a passion for what you do, no matter what it is… any of the security fields are going to be much closer to a 24/7 job since attackers don't stick to business hours." The pay and benefits are plentiful in this field, but you'll work hard for the money.
Questions or feedback? Email email@example.com