Question: How long does it take to earn a master’s degree in cybersecurity?

Answer: Qualified students who have a quantitative background and foundational computer science and information technology knowledge can typically earn a cybersecurity master’s degree in two years of full-time study. However, the specific time to completion for a master’s in cybersecurity program depends on several important factors, including the structure of the specific program and the number of hours per week an individual student is able to devote to coursework. For example, full-time students may be able to earn their degree in 12 to 16 months of accelerated study if they enroll in classes all year-round. In contrast, students who opt for part-time enrollment generally earn their degree in three, four, or five years, depending on how many courses they take per academic term.

A typical master’s program in cybersecurity, information security, IT governance, digital forensics, and other cybersecurity specializations consists of between 30 and 36 credits of graduate coursework, or the equivalent of ten to twelve courses. A student enrolled on a full-time basis in such a program commonly takes two or three courses per semester in order to graduate in four semesters, or two years. In a program with a traditional academic calendar, that translates to two or three courses over the span of two 15-week fall semesters and two 15-week spring semesters. For a student who is working full-time or has other significant commitments outside of school, a part-time schedule might involve taking one or two courses per semester and thus graduating in three or four years.

There are also cybersecurity master’s programs with a similar 30- to 36-credit curriculum in which courses are offered on using a quarter system (e.g., four ten-week quarters per year) or a modified academic calendar with five or six terms. Schools that employ a modified academic calendar often offer courses in five-, seven-, or eight-week blocks. With these programs, full-time students may complete one course per five-week term, thereby completing three courses over 15 weeks, which would be equivalent to a full-time student taking courses using a traditional semester schedule.

In addition, programs using modified academic calendars may provide students who are able to take two courses per modified term with the opportunity to complete their degree in as few as 12 months (assuming a student enrolls in classes year-round). Students in such a program can also typically earn their degree on a part-time basis in just two years by taking one course per term.

Finally, it is important to note that some master’s in cybersecurity programs require students to have taken one or more college-level prerequisite courses as a foundation for a master’s-level curriculum in cybersecurity. As a result, depending on a student’s educational and professional background, it may take longer to earn a degree in cybersecurity for students who did not major in computer science or a technology field during their undergraduate degree.

Master’s in Cybersecurity Program Requirements

As noted above, a typical master’s in cybersecurity curriculum consists of ten or more courses that can be completed in four semesters by full-time students. These courses cover topics that are central to cybersecurity theory and practice and may also include required and/or elective courses in specialized areas of the field. In addition, some programs require students to complete an applied capstone or master’s thesis in which they apply what they have learned in the program to an independent research project that draws on the skills and knowledge they have acquired. These projects can then serve as artifacts for a student’s portfolio as they seek to enter the field or advance to more senior level positions in cybersecurity.

The core subjects covered in most cybersecurity programs can be divided into three basic categories: computer programing and IT systems; theories of information assurance and cybersecurity strategy; and the application of general IT knowledge, computer programming skills, and theories of cybersecurity to the design and maintenance of secure systems, the testing and protection of existing systems, and tactical responses to common cyberattacks and network incursions. Common courses that cover these topics include:

• Foundations of Information Security
• Operating Systems Design
• Principles of Computer Network Security
• Penetration Testing and Vulnerability Assessment
• Applied Cryptography
• Cybersecurity Incident Response

There are numerous areas of professional specialization in the field of cybersecurity, many of which are addressed by cybersecurity master’s programs in core and/or required courses. For example, some master’s programs focus on digital or computer forensics, which is the investigative function of cybersecurity, and there are also formally designated master’s in digital forensics programs that fall under the larger umbrella of cybersecurity master’s programs.

Similarly, there are crucial administrative functions that are integral to the field and that are addressed at the master’s level in courses that focus on cybersecurity management, policy, and governance. Finally, many master’s programs include coursework in secure software design, object-oriented programming, algorithm design and analysis, wireless and mobile systems security, and/or human factors/social engineering.

A student in a typical master’s in cybersecurity program may be required to complete four, five, or six core courses, three electives chosen from among one or more areas of cybersecurity specialization, and an applied capstone project. Thus, core courses can typically be completed in two to three semesters, while elective coursework and the capstone project take an additional one to two semesters, leading to a two-year plan for completion.

Students who do not have an undergraduate degree or prior training in a STEM area such as computer science, engineering, information technology, or mathematics, may need to take one or more prerequisite courses and some programs even have bridge programs to address these needs. Common prerequisites for master’s in cybersecurity programs include:

• Introduction to Computer Networks and Operating Systems
• Data Structures and Algorithms
• Programming in C++ and Python

Note: While some master’s in cybersecurity programs require applicants to hold an undergraduate degree in computer science or a related field, many programs are designed for students who come from a variety of academic backgrounds and do not require applicants to hold a bachelor’s degree in a particular field or fields of study.

Full-Time vs. Part-Time Enrollment in a Cybersecurity Master’s Degree Program

Enrollment policies for master’s in cybersecurity programs vary by school and by program. While some programs require students to commit to a full-time schedule and to be prepared to devote up to 40 or more hours per week to their studies when school is in session, many programs are designed to accommodate working professionals who may not be able to commit to full-time enrollment and to others who would prefer to earn a master’s degree on a part-time basis. It is thus advisable to research program enrollment policies carefully prior to submitting an application.

Programs that accommodate part-time enrollment may or may not require students to take a minimum number of courses per semester/term. Programs that have flexible enrollment policies – i.e., enrollment policies that place fewer restrictions on the number of courses students must take per semester/term – generally cap the number of years that students are allotted to complete their degree. Typically, programs require students to finish their degree within five, six, or seven years from initial enrollment. Students who enroll in a flexible part-time program should consult with an academic advisor to ensure that they are meeting the program’s enrollment and graduation requirements.

The clear advantage of full-time enrollment in a cybersecurity master’s program is that it allows students to graduate in one to two years and move on to the next phase of their career. However, full-time enrollment takes focus away from work, family, and other responsibilities outside of school. The advantage of part-time enrollment is that it allows students to continue working while earning their degree and it gives them the opportunity to focus on just one or two courses at a time. The disadvantage of part-time enrollment is that it extends the time it takes to finish a degree and reap the rewards of entering or reentering the job market with a master’s degree and the advanced skills associated with master’s-level training in cybersecurity.

---