In-Depth Guide to Cyber Security Degrees [2021 Edition]

In-Depth Guide to Cyber Security Degrees [2021 Edition]
According to the Global Information Security Workforce Study, the cyber security workforce gap will hit 1.8 million by 2022. Image from Unsplash
Christa Terry profile
Christa Terry February 10, 2021

Hackers don't just drain bank accounts; they also cripple infrastructure and topple governments. Securing data and networks is more important than ever, but there aren't enough cyber security experts to keep everything safe. That makes getting a cyber security degree a low-risk proposition.

Article continues here

In 2020, the discovery of a successful Russian hacking campaign made headlines. The nine-month-long Sunburst hack, as it came to be known, trojanized IT contractor SolarWinds’ Orion software framework. Affecting more than 18,000 businesses and government agencies in North America, Europe, Asia, and the Middle East, Sunburst gave the attackers access to everything from proprietary information to state secrets. The Pentagon, US Treasury, Department of Homeland Security, and other federal agencies all fell victim to the attack.

Sunburst provides a cautionary tale of how crucial cyber security is. People and companies lose billions of dollars to cyber crime each year, but attackers aren’t just digital bank robbers. They’re also spies and terrorists looking to infiltrate and shut down the systems that sustain countries.

“The magnitude of this attack is hard to overstate,” former Trump Homeland Security Advisor Thomas Bossert told the New York Times. “The Russians have had access to a considerable number of important and sensitive networks for six to nine months… It will take years to know for certain which networks the Russians control and which ones they just occupy.”

Governments and businesses are getting better at responding to cyber threats and attacks, but there’s a long road ahead. Part of the problem these entities face is there aren’t enough qualified cyber security professionals. Large-scale, coordinated attacks like Sunburst happen because the manpower necessary to detect every attack doesn’t exist.

According to the Global Information Security Workforce Study, the cyber security workforce gap will hit 1.8 million by 2022. That’s bad news for organizations that deal in sensitive data, but good news for anyone looking at accredited cyber security degree programs or considering a cyber security career.

To join this field today, you’ll need a bachelor’s degree. However, it may not be long before a master’s in cyber security is the entry-level degree for security professionals. This guide to cyber security degrees can help you decide which academic pathway is right for you. It covers:

  • What is cyber security?
  • How hard is cyber security?
  • Why cyber security is important
  • Cyber security degrees
  • Subjects in cyber security
  • Cyber security fundamentals
  • Who should study/go into cyber security?
  • Cyber security career paths
  • Top cyber security master’s programs
  • Top online cyber security master’s programs

What is cyber security?

Cyber security is no longer a niche discipline, making this question hard to answer. It encompasses multiple fields that include network security, risk management, ethical hacking, and cyber operations—and it’s broader than most people realize. The National Initiative for Cybersecurity Careers & Studies (NICCS) has mapped out dozens of distinct specialty areas in cyber security and 52 career roles.

Cyber security isas hard to sum up in just a few words because it involves so much more than keeping devices and databases secure.. Professionals in this discipline are responsible for things like:

  • Auditing the relative security of digital systems
  • Detecting and responding to cyber espionage
  • Keeping malware out of robotic surgical systems
  • Preventing digital attacks that can harm physical infrastructure
  • Protecting the digital systems controlling power grids
  • Recovering digital information after an attack
  • Securing data embedded in IoT-connected devices
  • Tracking the activities of cyber criminals

Cyber security protects the digital interests of individuals, households, organizations, municipalities, and entire countries.

Cyber security definition

The simplest definition might be: cyber security is an umbrella term encompassing all the technology and processes used to prevent, detect, and respond to cyber attacks.

These attacks take many forms, whether criminals target individuals or organizations. Many people associate cyber security with phishing and identity theft, but the most common cyber attacks target not individuals, but information systems, infrastructures, and networks. These include:

  • Birthday attacks
  • Cross-site scripting (XSS) attacks
  • Denial-of-service (DoS) attacks
  • Drive-by attacks
  • Eavesdropping attacks
  • Malware attacks
  • Man-in-the-middle (MitM) attacks
  • Phishing and spear-phishing attacks
  • SQL injection attacks

Cyber security history

The history of cyber security begins in the late 1960s, when the first computer systems were networked. Curiosity drove the very first hacking event. In 1967, a group of high school students used Selectric teletypewriter-based terminals with dial-up connectivity (a gift to their school from IBM) to penetrate the then-experimental APL network. IBM ultimately credited “a number of high school students for their compulsion to bomb the system” in their system documentation for helping reveal the flaws in early networks.

The early 1970s were a time of experimentation. Bob Thomas created the first computer worm—a program that bounced between computers on the Advanced Research Projects Agency Network (ARPANET) and displayed, “I’m the creeper: catch me if you can” on the screens of infected devices. Ray Tomlinson, the inventor of email, wrote a counter program to chase and delete Thomas’ worm—the first antivirus software.

The first DoS attack wasn’t motivated by malice but ended up causing hundreds of thousands of dollars worth of damage. Robert Morris wrote a worm to highlight security vulnerabilities, but the program replicated excessively due to a programming error and crashed the internet as it existed at that time.

In the mid-70s, both computer science professionals and criminals started thinking seriously about cyber security. High-profile cyber attacks became more common in the 1980s, and hacking was acknowledged as an arrestable offense. The first ransomware (sent around by mail on a floppy disk) hit the scene, and nations began practicing cyber espionage. The first commercial antivirus applications were released in 1987.

When internet use became common in the 90s, hackers created malicious viruses that infected millions of computers and knocked out entire email systems. Antivirus software producers struggled to keep up. Netscape developed the SSL protocol in 1995, which helped usher in an age of secure e-commerce.

Vast quantities of personal, financial, scientific, and state-level data have been digitized since then, and cyber criminals have found ways to exploit it all, from infected websites to zero-day attacks. As cyber security evolves to respond to an expanding range of attack types, hackers find new ways to attack for fun and financial gain. It’s a never-ending back and forth.


“I’m ready for a degree!”

University and Program Name Learn More

How hard is cyber security?

Whether you find cyber security challenging in school will depend on your aptitudes, your tolerance for frustration, and the cyber security degree program you choose. This discipline is still new enough that there’s plenty of variation in what programs cover. Some on-campus and online programs treat cyber security as part of computer science and get very technical. In contrast, others treat it as part of IT and teach students about common attacks and how to avoid them.

Careers in cyber security run the gamut from simple and repetitive to insanely stressful, depending on the requirements of a given position. If you’re content to spend your days scrolling through Reddit in between putting out low-level fires, you can do that. But you can also earn your paychecks tracking cyber terrorists as part of high-stakes national security operations.

What makes studying and working in cyber security challenging may not be the subject matter itself but rather that the learning never ends. Earning one or more cyber security degrees is only the first step. For your entire career, you’ll have to keep up with the evolution of cyber attacks or risk becoming obsolete.

Why cyber security is important

The Department of Homeland Security sums up the answer to this question succinctly on its website:

“Our daily life, economic vitality, and national security depend on a stable, safe, and resilient cyberspace.”

Unfortunately, cyberspace is anything but safe, whether you’re talking about the sites that entertain you or the cloud systems where your data are stored. Every day, hackers and other criminals:

  • Destroy 780,000 digital records
  • Install hundreds of thousands of malware applications
  • Perform 80 billion malicious scans

The economic impact of cyber crime is huge. The personal impact can be just as profound for those individuals targeted by hackers. And cyber crime is a national security issue because tampering with digital systems allows foreign enemies to disrupt physical infrastructure vital to health and safety in the United States.

Cyber security degrees

This isn’t a field you can slide into without an education because companies and government agencies don’t want to hand off their sensitive data or network oversight to just anyone. Having a cyber security degree—whether it’s a bachelor’s, a master’s, or a doctorate—demonstrates you know what you’re doing and can handle the high stakes work common in this field.

Cyber security degree programs, as University of Tulsa puts it in its online master’s in cyber security program guide, prepare students to “master the theory, concepts and techniques of information assurance and network defense in real-world environments.”

How far you want to take your education is up to you. Most cyber security jobs are still open to bachelor’s degree holders because this discipline is so new. It may not be long, however, before this discipline sees an influx of professionals with advanced degrees and the barriers to entry shift.


Four-year, full-time Bachelor of Science in Cyber Security programs are common, though there are several degrees designed for aspiring cyber security professionals. You might earn any of the following degrees as you prepare to launch your career in cyber security:

  • Bachelor of Applied Science in Cyber Security
  • Bachelor of Science in Cyber Security and Digital Forensics
  • Bachelor of Science in Computer Networks and Cyber Security
  • Bachelor of Science in Cyber Security and Information Assurance
  • Bachelor of Science in Information Systems with a cyber security concentration
  • Bachelor of Science in Computer Science with a cyber security concentration

You might not need a cyber security bachelor’s, however. You can also launch a career in this field with a degree in computer science, software engineering, or data science, provided you spend some time outside of class brushing up on cyber security fundamentals.

Master’s level

A cyber security master’s degree can help you advance more quickly and boost your earning potential, whether you enroll in a two-year, full-time program or a part-time program that lets you keep working. If you don’t have any experience in this field, pursuing a Master of Science in Cyber Security can be the first step in a career transition. And if you do, a graduate degree may be your ticket into management positions.

The Master of Science in Cyber Security is just one possible degree of many. You might also pursue a:

  • Master of Science in Applied Information Technology with a cyber security concentration
  • Master of Science in Computer Engineering with a cyber security concentration
  • Master of Science in Computer Information Systems & Cyber Security
  • Master of Science in Computer Science with a cyber security concentration
  • Master of Science in Cyber Security
  • Master of Science in Cyber Security Engineering
  • Master of Science in Cyber Security Management
  • Master of Science in Cyber Security Operations and Leadership
  • Master of Science in Information Systems and Security Management
  • Master of Science in Security Informatics
  • Master of Science in Technology, Cyber Security, and Policy
  • Master of Information and Cybersecurity

Many cyber security master’s programs build certification qualifications into the core curriculum. A course on penetration-testing tools and techniques might prepare students to earn the Certified Ethical Hacker credential while a course on information technology and business systems gives them the skills and knowledge they need to pass the the Certified Information Systems Auditor exam. The best programs will help you build your professional network and give you the post-graduation support you need to reach the next stage of your career.

Doctoral level

PhD in Cyber Security programs are demanding and designed for students with significant professional experience in tech roles. Programs are typically highly customizable and tailored to each student’s needs. They may take courses in the first year of the program and then spend anywhere from four to seven years conducting original research in areas like:

  • Advanced threats
  • Automation in cyber security
  • Corporate responsibility in security
  • Differential privacy
  • Digital forensics
  • Emerging cyber security threats
  • Encryption and privacy
  • Ethical hacking
  • National security
  • Network defense
  • Operation security policy
  • Social engineering attacks
  • Vulnerabilities in biometrics

Subjects in cyber security

Cyber security degree programs teach students how to protect operating systems and networks and to keep sensitive information secure. Core coursework usually covers common threats, monitoring and mitigation techniques, and how to develop effective security policies for organizations. Programs differ, however, in terms of how technical they get and how deep they dive into different areas of the cyber security field.

Bachelor’s degree in cyber security courses

Cyber security bachelor’s degree programs cover topics like:

  • Cyber threats and defense
  • Cyber security policy
  • Data analysis
  • Ethical hacking
  • Ethics in computing
  • Forensics and digital investigations
  • Homeland security applications
  • Information assurance fundamentals
  • Information systems security
  • Introductory cryptography
  • Introductory programming
  • Intrusion analysis and response
  • IT security
  • IT systems components
  • Network security
  • Operating system security
  • Security scripting
  • System administration

Cyber security bachelor’s programs are often built around foundational material. Entire classes may be devoted to answering questions like ‘What is cyber security?’ and ‘What is hacking?’ Most schools don’t expect incoming freshmen to have a tech background or previous professional experience.

Master’s degree in cyber security courses

Master’s programs take one of two approaches. Some are geared toward students with little to no work experience in tech fields. These programs are very similar in scope to bachelor’s programs and attract career-switchers. The University of Tulsa’s MS in Cyber Security program, for instance, teaches foundational cyber security concepts. Students take core courses and elective courses like:

  • Cyber Security Law and Policy
  • Defensive Cyber Security Technologies
  • Foundations of Cyber Security
  • Hardware Security
  • Information Systems Assurance
  • Network Security Concepts and Applications
  • Organizational Cyber Security
  • Secure Systems Administration
  • Security Audit and Penetration Testing
  • Systems Security and Cryptography

Other programs are designed for students with relevant professional experience in cyber security who want to enhance their skills or advance into management positions. The curricula in these programs cover topics like:

  • Advanced cyber defense strategies
  • Algorithm analysis
  • Biometrics
  • Cyber security architecture
  • Digital forensics/Computer forensics
  • E-commerce security
  • Emerging cyber threats
  • Incident response strategies
  • Intrusion detection
  • Recovery planning
  • Risk management
  • Security code development

Doctorate in cyber security courses

The coursework in doctorate-level cyber security programs is often dictated by each student’s research focus or area of interest. A fixed 60- to 70-credit curriculum might emphasize theory and research or practical technical knowledge. Courses in doctorate programs cover topics like:

  • Advanced computer security
  • Computer engineering
  • Cryptography and communications security
  • Law, policy, ethics, and compliance
  • Machine learning
  • Managing cyber security risk in diverse settings
  • Software vulnerabilities

Besides taking classes, a student pursuing a PhD in Cyber Security must meet teaching requirements and work on original dissertation research or a culminating project.

Cyber security fundamentals

Security risks evolve, but the fundamentals of cyber security are fixed. The foundational elements of the discipline are:

  • Application security
  • Business continuity planning
  • End-user education
  • Information security
  • Network security
  • Operational security

Almost everything cyber security professionals do can be slotted into one of these basic categories.

Cyber security terms

You’re probably already familiar with terms like malware and firewall, but you may not know these standard cyber security terms:

  • Advanced persistent threat: When someone invades a network for an extended period to steal data but doesn’t otherwise harm the network.
  • Attack surface: A measure of the amount of equipment and software in a network. Larger attack surfaces are more vulnerable because they offer more points of entry.
  • Attack vector: The methods attackers use to get into a device or network.
  • Botnet: A collection of private computers that have been hijacked using malicious software to do a hacker’s bidding.
  • Business impact analysis: A BIA determines acceptable levels of risk.
  • Fileless malware: Malicious software operating in RAM.
  • Logic bomb: Snippets of malicious code designed to execute when a specific event occurs, when certain actions are taken, or on a specific date.
  • Mitigation defense: Software designed to reduce the negative impacts of hacking.
  • Piggyback programs: Applications bundled into other downloadable programs in the hope users install them by force of habit.
  • Rootkit: Stealthy malware capable of controlling entire operating systems.
  • Scavenging: The act of searching through data residue to find sensitive information.
  • Threat model: A model describing a given threat and the harm it can do.

Cyber security topics

Some of the most pressing topics in cyber security today include password security, safe computing, and scams. While large-scale data breaches and government-level hacks make headlines, the really insidious vulnerabilities exist at the user level. Most people assume they’re doing everything right when it comes to cyber security, but in reality, they have all kinds of bad habits that leave their devices and networks open to attackers.

Cyber security principles

There are certain principles organizations can look to for guidance when protecting their information and systems from cyber threats. The following cyber security principles provide a framework for keeping digital devices and information secure:

  • Cyber security leadership
  • Incident management and mitigation
  • Malware prevention
  • Mobile network protections
  • Monitoring
  • Removable media control
  • Risk assessment and management
  • Secure network configuration
  • System and application protection
  • Timely threat analysis and response
  • User privilege management

Who should study/go into cyber security?

People who succeed in this field tend to be:

  • Enthusiastic: You have to be excited about what cyber security is versus how it’s portrayed in the media. The average day in the life of a cyber security pro doesn’t involve virtually chasing hackers through networks. Depending on your title, you may spend most of your time identifying potential risks, writing up reports, and trying to get your colleagues or clients to stop creating vulnerabilities.
  • Helpful: People in your professional and personal lives will come to you with questions about how to keep their data and devices safe and for help when they mistakenly leave those assets vulnerable. You have to be willing to listen actively to their concerns and walk them through concepts they may not understand.
  • Problem solvers: If you love playing detective and solving puzzles, this may be the field for you. When security incidents occur, it’ll be up to you to determine how they happened and how to prevent them from happening in the future.
  • Quick learners: The tools and processes you learn about when pursuing a cyber security degree will only be valid for a few years. As cyber criminals devise new ways to strongarm their way into networks, you’ll have to get comfortable with new tools and processes very quickly.
  • Tech savvy: You don’t necessarily need programming skills to work in cyber security, but you have to understand how computers and other digital devices communicate.

Cyber security career paths

Companies across industries collect massive amounts of personal and proprietary data. Organizations and governments both rely on internet connectivity and database systems to stay up and running. And hackers are getting craftier, which has led to more job openings for cyber security professionals.

According to the University of Tulsa, 200,000 cyber security jobs in the United States go unfilled each year (more than three million worldwide). The 2020 (ISC)² Cybersecurity Workforce Study predicts the global cyber security workforce will need to grow by a whopping 89 percent to meet the needs of employers scrambling to secure digital assets as remote work becomes the norm.

Career paths in cyber security tend to fall into one of five categories:

  • Networking jobs
  • Risk analysis jobs
  • Security intelligence jobs
  • Software development jobs
  • Systems engineering jobs

These broad categories encompass numerous interconnected roles, making it hard to map out a typical career trajectory in cybersecurity. You might start as an IT tester and become a penetration tester or advance from cyber security analyst to cyber security consultant before becoming a cyber security engineer.

In-demand jobs

Demand in this field is high across the board, but some roles are harder to fill than others. These are the hot titles employers around the world are looking to fill:

If you’re wondering whether a cyber security master’s is worth it, the answer is yes. Employers looking to fill the highest-paying jobs in the field prefer to hire candidates with advanced degrees.

Top employers

The top US companies hiring cybersecurity professionals include:

  • Apple
  • Boeing
  • Capital One
  • Cisco
  • Federal Reserve Bank of New York
  • General Motors
  • Intel
  • Lockheed Martin
  • Northrop Grumman
  • Patient First

According to the University of San Diego, the five best cyber security companies to work for are:

  • Check Point Software Technologies LTD
  • FireEye
  • Herjavec Group
  • Rapid 7
  • Symantec

There are also plenty of jobs for cyber security professionals in the US government. The National Security Agency (NSA) is a particularly rich source of cyber jobs related to national defense.

Top cities for cyber security jobs

Cities where jobs are abundant and average salaries for cyber security professionals range from $115,000 to more than $130,000 include:

  • Arlington, VA
  • Boston, MA
  • Chicago, IL
  • Fairfax, VA
  • Minneapolis, MN
  • New York City, NY
  • Sacramento, CA
  • San Francisco, CA
  • San Diego, CA
  • San Jose, CA
  • Stamford, CT

Average salary

Many sources claim the average cyber security salary is about $113,000. Keep in mind, however, that figures for entry-level and mid-career roles are calculated using both the sky-high salaries common in tech hubs like San Francisco and more modest salaries typical in less expensive locales. That means graduating with one or more cyber security degrees won’t automatically turn you into a top earner. There are things you can do, however, to boost your earning potential in this field, including:

  • Getting a master’s degree. Having an MS in Cyber Security can give you more bargaining power when you’re negotiating salaries.
  • __Earning one or more cyber security certifications. Credentials like the Global Industrial Cyber Security Professional and Offensive Security Certified Professional certifications make your resume stand out, so plan to take at least a couple certification exams.
  • Having the right skills. Employers may pay more if you have experience in analytics and data science, project management, technical writing, or law enforcement. According to Burning Glass, the most in-demand skills are related to public cloud security and the Internet of Things, but the highest salary premiums are tied to automation skills.

Starting salary

Starting salaries are high in this field—even for freshly minted undergrads. The average entry-level salary in cyber security is about $73,000, which is over $20,000 more than the typical post-graduation salary for bachelor’s degree holders in the US. With an undergraduate cyber security degree, you might earn $69,000 as a security analyst or $68,000 as a penetration tester, which isn’t too shabby when you have little to no professional experience. Having a master’s degree typically means earning more. With a master’s in cyber security, you might earn around $87,000.

Salary with 10+ years of experience

Experienced cybersecurity professionals in many roles earn well over $100,000. A security architect with ten or more years of experience, for instance, can earn $130,000.

Top cyber security master’s programs

Students graduate from the top cyber security schools with real-world experience and industry connections. These colleges and universities have relationships with government agencies and security firms, and their students are often recruited soon after graduation:

Top online cyber security master’s programs

The top online cyber security programs are similar to, if not identical to, those offered on campus. The admission requirements, focus, faculty, core courses, and credit hours required to graduate are generally the same—even in affordable online cyber security degree programs. In the best ones, distance learners receive as much pre- and post-graduation career support as students pursuing this degree on campus.

Top cyber security schools with online programs include:

Why should you enroll in one of these programs? When sources say cyber security professionals are in high demand, they’re not exaggerating. “If you know cyber security, then you have a job for life,” Robert Herjavec, CEO of the $300 million cybersecurity firm, Herjavec Group, has said. There was zero percent unemployment in the field just a few years ago, and there’s still a widespread shortage of qualified cyber security professionals. Getting a degree in cyber security is the first step on the road to the kind of job security—and salaries—most people can only dream about.

That said, one Reddit commenter on a thread about cyber security degrees made a great point when they wrote, “Don’t look at cyber security or infosec just for the money. It is important to have a passion for what you do, no matter what it is… any of the security fields are going to be much closer to a 24/7 job since attackers don’t stick to business hours.” The pay and benefits are plentiful in this field, but you’ll work hard for the money.

(Last Updated on February 26, 2024)

How useful is this page?

Click on a star to rate it!

Since you found this page useful...mind sharing it?

Questions or feedback? Email

About the Editor

Tom Meltzer spent over 20 years writing and teaching for The Princeton Review, where he was lead author of the company's popular guide to colleges, before joining Noodle.

To learn more about our editorial standards, you can click here.


You May Also Like To Read

Categorized as: CybersecurityInformation Technology & Engineering