Cyber security is currently a seller's market, the result of a substantial shortfall in cyber security management talent.
Image description
Mairead Kelly
Noodle Expert Member

March 11, 2021

Applying to cyber security master's programs is a complex process, but it doesn't have to be stressful. Here's everything you need to know about the most common degree prerequisites, from standardized test scores to application fees.

Technology permeates our lives more and more every day. The significant conveniences and advantages this brings are accompanied by equally significant dangers posed by hackers and other cyber threats. In 2019 alone, the FBI's Internet Crime Complaint Center (IC3) recorded more than $3.5 billion in losses to victims across the United States as the result of cyber crime.

Cyber security has become critical in effectively detecting and responding to data privacy risks. That's why small businesses, mid-sized corporations, government agencies, and educational institutions alike are expanding their pool of cyber security professionals with deep expertise in information security and risk management. They understand that their survival depends on protecting themselves from all kinds of cyber attacks.

Cyber security is currently a seller's market, the result of a substantial shortfall in cyber security management talent. In 2018, the MIT Technology Review reported that the number of unfilled cyber security jobs should grow by 250 percent, from one million in 2013 to 3.5 million in 2021. Of the candidates applying for these positions, fewer than one in four is qualified.

Cyber security has long embraced people with nontraditional backgrounds. Even so, you need expertise to succeed in this field. Those with a master's degree and the right amount of work experience will find that career opportunities are vast, with high-paying job prospects across almost every sector, both private and public. A master's in cyber security qualifies you for many of the best jobs available in the field. As the website for the University of Tulsa's MS in Cyber Security program notes, with this degree students "master the theory, concepts and techniques of information assurance and network defense in real-world environments."

If you're considering completing a cyber security master's degree, you'll need to know how to gain admission to a program. Fortunately, the admission requirements (i.e., prerequisites) for cyber security masters programs tend to be similar, although the application process may differ slightly from one school to the next.

Our guide to masters in cyber security prerequisites covers:

  • Application fee
  • Bachelor's degree
  • Official transcripts
  • Minimum GPA
  • Personal statement
  • Letters of recommendation
  • Additional criteria

Application fee

Cyber security master's degree program applicants must complete and submit an application for admission along with a nonrefundable application fee. On average, application fees cost around $100. Some programs charge higher fees. Others may require prospects to pay for additional testing to confirm their readiness to attend.

When researching programs, you may also come across graduate-level programs that don't charge an application fee. Others provide application fee waivers to students based on criteria like financial hardship or active military status. Some schools waive fees for students who visit their school before applying or provide all required materials by the school's application deadline. In other cases, waivers may be granted to students who simply ask for them. It never hurts to ask.

Bachelor's degree

Applicants typically need an undergraduate education to qualify for graduate school—and masters-level cyber security degree programs are no different. Some schools' admissions requirements may highlight a preference for students who hold a bachelor's degree in engineering, computer science, or other information technology-related fields.

Other programs may outline more general requirements, such as a bachelor's degree (in any discipline) from an accredited US higher education institution or, for non-US applicants, the equivalent of a US undergraduate degree from an accredited institution in their home country.

It's common for graduate schools to prefer applicants with foundational knowledge in essential areas such as programming languages and information systems architecture. Some candidates may prove their aptitude through relevant coursework completed at the undergraduate or graduate level.

Prospective graduate students who lack this expertise are usually required to complete a series of foundation courses either before starting a program or within the first couple of semesters of graduate school. Bridge programs are another option for candidates to gain the expertise needed to continue on to master's programs in the field.

The Tandon Bridge Program at New York University, for example, provides applicants who lack a STEM background with the requisite knowledge. The program covers candidates to master of science in cyber security programs as well as other select master's degree programs at the school. An added benefit, this program is certified by the Center of Academic Excellence (CAE), which was created by the National Security Agency (NSA) and the Department of Homeland Security (DHS) to recognize schools that offer rigorous degree programs in information security.

Minimum GPA

The minimum undergraduate grade point average (GPA) varies from program to program. Most schools require applicants to submit official transcripts demonstrating a minimum cumulative undergraduate GPA of 3.0. More competitive programs may require an even higher minimum.

In other cases, schools are more flexible and admit students with a lower minimum GPA, or may not even have a GPA "cutoff" at all. Some, such as the online master of science in cyber security at the University of Arizona, offer students with a low GPA "probationary" admission status. This changes to unconditional admission once they achieve a cumulative GPA of 3.0 or higher in their first round of non-degree seeking classes at the school.

Statement of purpose

Most cyber security program degree programs require a statement of purpose. Submitted in essay form, this document provides an in-depth look at a your education, professional experience, skills, and interests in the program. Your goal in writing this is to convince the admissions committee of your potential to succeed in graduate study.

If necessary, the statement of purpose may also address any blemishes, gaps, or weaknesses in your academic record. Detail how you overcame these obstacles. Also, make sure to explain how the experience helped you become a better student and/or professional.

Letters of recommendation

Most cyber security graduate programs also require two to three letters of recommendation. Some schools limit recommenders to employers, supervisors, or others who can comment on a candidate's personality, strengths, and professional potential. Others may stipulate that at least one letter must be penned by a former professor or related academic faculty members.

Your goal is to demonstrate that you have impressed others with your skills and responsibility. That's why these letters should be written by someone who has supervised or taught you. Letters from family members are a bad idea: they signal that you haven't impressed anyone outside your family.

Additional criteria

Cyber security masters degree programs may also require students to meet additional requirements as part of the admissions process. These may include:

Relevant work experience

Many schools prefer applicants who have both an undergraduate degree and a designated amount of relevant professional experience. Your work experience could include jobs in information assurance, digital forensics, penetration testing, or other niche areas of IT or cyber security.

Candidates with extensive industry experience may have the option to pursue an accelerated cyber security program. These programs, pursued full-time, can be completed in as few as 14 months.

In some cases, programs in the field may accept working professionals who lack formal undergraduate education but have work experience in computer security. Other programs may consider applicants from a range of professional backgrounds and note that although prior work experience is preferred, it is not required for admission.

GRE scores

Many master's programs require standardized test scores. Cyber security programs typically ask for GRE scores. The GRE tests math (nothing beyond high-school level), English language, and logic.

Not every school requires applicants to submit their scores. Some issue waivers to students with sufficient previous work experience. Others waive the requirement for those who meet minimum undergraduate GPA requirements. Some waive the requirement for alumni.

Proof of English proficiency

When applying to cyber security masters programs in the United States, prospective students whose native language is not English typically need to certify their English language ability. They're usually required to submit TOEFL scores to confirm they have the English-language skills necessary to succeed in an academic setting.

Like GRE waivers, schools may allow students to skip this requirement if they hold a degree from an accredited institution where English is the primary language of instruction. Others may allow international students to bypass the TOEFL prerequisite if they complete an intensive English language program that's either recognized by, or affiliated with, their program of choice.

Questions or feedback? Email