Is a Master’s in Cyber Security Worth It? [2021 Edition]

When hackers shut down the Colonial Pipeline in May of 2021, it highlighted a gaping hole in our national security, as did previous hacks of SolarWinds and JBS. Cyberattacks are becoming more common and sophisticated, leaving companies, governments, and individuals scrambling to ramp up their cyber defenses.

According to Yahoo Finance, 78 percent of surveyed senior information technology (IT) and computer security professionals lack confidence in their company’s current cyber security systems. Much needs to be done to shore up computer security in both the private and public sector. The demand for qualified cyber security professionals to do this crucial work has never been greater.

Currently, there are hundreds of thousands of high-paying cyber security jobs available to qualified professionals. The key word in that sentence, however, is ‘qualified.’ Half of the organizations surveyed by the
Information Systems Audit and Control Association (ISACA) report being understaffed, and 70 percent noted that a majority of applicants lacked the cyber security skills to fill the positions. According to CNN Business, the cyber security workforce gap is projected to widen by 20 to 30 percent annually for the next several years, even with the federal government investing billions into new cyber security training programs and initiatives.

This article on Is a master’s in cyber security worth it? outlines how the earning the right degree can prepare you for top jobs that command high salaries in the cyber security field. It covers:

• The ROI on a master’s in cyber security
• What is a master’s in cyber security?

The ROI on a master’s in cyber security

A master’s in cyber security is unquestionably worth it. The ROI on this degree has a high floor and an even higher ceiling. Of course, an advanced degree does not automatically qualify you for top positions. However, many of the top cyber security jobs require an advanced degree. That’s because graduate study is one of the most effective ways to upgrade your cyber security expertise and enhance your value to employers.

No single assessment tool can adequately quantify the ROI of a master’s in cyber security program. That said, graduating from a top program with good grades typically qualifies you for higher-level cyber security positions. Develop soft skills—such as leadership, communication, and management—and you will also be well-positioned for management roles. The threat of cyber attacks will be ever-present for the foreseeable future, making cyber security a safe career choice. Investing in your education now can pay huge dividends over the course of your career in cyber security for years to come.

Master’s in cyber security career paths (plus who’s hiring and what they’re paying)

Cyber security professionals can be divided broadly into two camps: managers and specialists. Management roles require candidates with excellent project management skills and the ability to successfully motivate teams of employees to complete projects. A master’s program can prepare you for management roles like:

• Chief information security officer (CISO)
• Computer information systems manager
• Consultant
• Cyber security administrator
• Cyber security director
• Cyber security manager

Cyber security specialist roles that you’ll be eligible for with your master’s include:

• Cybercrime analyst/investigator
• Cyber security architect
• Cyber security engineer
• Cyber security sales engineer
• Incident analyst/responder
• Information security analyst
• IT auditor
• Network architect
• Penetration tester
• Software developer

Cyber security professionals work across many different industries, since everyone needs more robust defense mechanisms these days. According to University of San Diego, top industries requiring cyber security experts include:

• Finance
• Government
• Healthcare
• Manufacturing
• Retail

Organizations can hire hundreds of cyber security professionals at a time; if you work for the United States Army, you may be one of thousands. Companies that employ substantial numbers of cyber security talent include:

• Accenture
• Amazon
• Apple
• Deloitte
• JP Morgan Chase
• Lockheed Martin
• Northrop Grumman
• Oracle
• PayPal

Cyber security jobs typically command high salaries. According to PayScale, those with a Master of Science in Cyber Security earn an average annual salary of over $93,000. However, many aforementioned positions come with six-figure salaries. Experienced cyber security professionals in management roles can expect to earn nearly $145,500 per year. The very best cyber security professionals—including high-end specialist hackers and CISOs of major corporations—can earn around $500,000 per year, especially if they work in metropolitan areas like San Francisco or New York.

What is a master’s in cyber security?

A master’s in cyber security is a graduate-level degree focused on detecting and preventing cybercrime. It may be called a Master of Science in Cyber Security, but many different degrees prepare candidates for cyber security careers. A Master of Science in Computer Science with a focus on cyber security, network administration, or information security also lead to this career path, as do other degrees in business, engineering, and computing.

You don’t necessarily need a master’s degree to advance your cyber security career or to enter the field, but it’s helpful. Many professionals choose to complete skill certifications from Microsoft and Cisco. Top certifications include:

• CCNA Security
• CCNP Security
• CCSP
• CISSP

How long does it take to earn a master’s in cyber security?

Like most master’s degree programs, a master’s in cyber security typically takes two years to complete on a full-time basis—though you can shave off a year if you enroll in an accelerated program. The latter option typically requires an undergraduate degree in computer science or another cyber security-related field.

If you pursue your studies in a part-time program, it may take you between three and five years to earn your cyber security degree. Spending more time in school may be a good thing. Part-time programs allow you to work while you study, making it easier to pay for the program. You also can apply what you’re learning immediately, improving your career prospects. It’s also good to note that employers are more likely to provide tuition reimbursement for a part-time online program than a full-time on-campus one.

Online programs are typically more flexible in accommodating family and work obligations. For instance, at University of California, Berkeley, students are able to work through self-paced course content that is accessible 24/7, and complete the entire online program in 20 months.

Prerequisites

Prerequisites differ by school, but programs primarily seek students with computer science backgrounds and experience. SUNY Polytechnic Institute targets those “who have the equivalent of an undergraduate degree in network and computer security, computer science or systems, electrical engineering or a related field.” This doesn’t mean you must have a bachelor’s degree in one of those fields—just prove that you know the content. That said, the school does accept students without relevant backgrounds if they take “appropriate prerequisite coursework under the guidance of a faculty adviser.” Similarly, the University of Tulsa expects that applicants have taken calculus in addition to having basic computer science skills. In both instances, the school asks unprepared students to complete supplemental coursework before starting the program.

If you are planning to enroll in a cyber security master’s program, you should be well-versed in one or more programming languages, such as C++, C, Python, and Java, and have experience with information systems architecture. If you’re not already working in IT or don’t have a computer science background, completing undergraduate computer science courses in algorithms, computational theory, computer systems, and programing languages will help fill any gaps in your knowledge and fulfill master’s program prerequisites.

Admission requirements

Beyond cyber security-specific prerequisites, programs follow the common master’s degree admissions requirements. These include submitting:

• Graduate Record Examinations (GRE) scores
• Letters of recommendations
• Personal statement(s)
• Resume
• Undergraduate transcript (and transcripts from any previous graduate programs)

International students will need to complete the Test of English as a Foreign Language (TOEFL) test to demonstrate English proficiency.

If you lack the appropriate background and experience for admission, you’ll need to demonstrate in your statement of purpose that your previous academic or professional experience has adequately prepared you to pursue a course of study—and career—in this field. Ideally, you will have a few computer science classes on your undergraduate transcript. For this reason, students may find it beneficial to complete computer science courses and bootcamps prior to applying to a master’s program to demonstrate their knowledge and interest in cyber security.

Curriculum

There’s no universal master’s in cyber security curriculum, but many share common coursework, which may include:

• Assurance for information systems
• Cryptography
• Cyber law and ethics
• Defensive technologies
• Digital forensics
• Hardware security
• Network security
• Penetration testing
• Security auditing
• System administration
• System security

To a certain extent, what you learn depends on the focus of the program. Tulane offers a MS in Cyber Security Management that addresses many of these same subjects, but is for students who intend to fulfill managerial roles. For instance, you’ll learn to conduct digital forensics from a managerial standpoint—developing a plan of action and leading a team to implement it.

You can study these subjects in other programs as well. In an information security program, which can lead to many of the same careers, you’ll typically explore similar topics, like:

• Applied cryptography
• Computer networks
• Designing and implementing operating systems
• Digital forensics
• Network security
• Packet switching
• Risk modeling

(Last Updated on February 26, 2024)

Questions or feedback? Email editor@noodle.com