The emergence, evolution, and advancement of computer networks, digital media technologies, and the interconnected World Wide Web has had vast social, cultural, economic, and political impacts, profoundly reshaping the way we navigate and experience the world. These developments have given us access to new avenues of communication and social networking. They have fostered faster and more efficient modes of commercial, scientific, and political collaboration. They have also created an array of everyday conveniences, from online banking and shopping, to telecommuting and online learning.
Along with these benefits have come consequences, including serious and pressing concerns over information security and cyber criminology. The security risks that networked digital technologies present affect governments, financial institutions, businesses, and individual citizens. These risks are of chief concern to the computer programmers, software engineers, database administrators, and information technology (IT) specialists tasked with building secure digital systems and warding off attacks on the proliferating networks of servers, terminals, and devices that comprise the cyber world.
To put the situation in perspective, 90% of Americans now rely on home internet and/or broadband service, according to the Pew Research Center, which has been tracking internet usage in the US since 2000, when only 50% of Americans were online. The more recent growth in the use of smartphones and other networked wireless devices, often referred to as the Internet of Things (IoT), has created additional cyber vulnerabilities and opened new vectors of attack that can be exploited by hackers and other malicious actors. The Poneman Institute, an independent data protection research organization, recently found that 82% of respondents to its Study on Global Megatrends in Cybersecurity (2018) believe that IoT breaches pose a significant threat to their organizations. The estimated annual cost of cybercrime in the US rose 29% in 2018, from $21.2 million in 2017 to $27.4 million in 2018, according to a 2019 analysis of industry data conducted by the non-profit Insurance Information Institute. In November of 2019, the World Economic Forum published a report forecasting that as much as $5.2 trillion in global assets could be at risk from cyberattack up through 2023.
It is thus not surprising that the US Bureau of Labor Statistics (BLS) is forecasting that demand for information security analysts will grow by an estimated 33% in the coming decade. However, that almost certainly is not the full picture: information security analyst is just one of many job titles in cybersecurity, a field that encompasses a wide array of professional roles and responsibilities performed by trained specialists employed as computer, network, database, and information security administrators, architects, compliance officers, consultants, engineers, investigators, risk managers, and more. While the stereotypical image of the lone computer hacker toiling away at a computer terminal for hours on end to fend off cyberattacks may not be entirely inaccurate, it presents an exceedingly narrow picture of a field in which strategists, policymakers, governance officers, legal experts, and criminal and civil investigators are as important and integral as coders, technicians, and ethical hackers.
Background of Cyber Security Degree Programs
Cybersecurity is a relatively new field of academic and professional study that emerged as computer networks and internet technologies became increasingly commonplace and integral to social, economic, and governmental functions. The field grew out of work in computer programming, software engineering, and information science and technology, as well through information security/information assurance practices (e.g., cryptography, code-breaking, and information classification systems) employed by governments and the military. A timeline tracing the founding of three of the more prominent cyber and information security professional organizations offers an overview of how the field has evolved: the Electronic Data Processing Auditors Association was founded in 1967, changed its name to the Information Systems Audit and Control Association (ISACA) in 1994, and now goes solely by its acronym, ISACA; 1984 saw the founding of the Information Systems Security Association (ISSA International); and in the US, the National Cyber Security Alliance (NCSA) was founded in partnership with the Department of Homeland Security in 2001.
Dedicated information security and cybersecurity degree programs at US colleges and universities began to slowly emerge in the 1990s, mostly through computer science and engineering departments that had been conducting research and training in digital information security in the preceding decades. But with the proliferation of internet technologies, web-based commerce, and massive digital infrastructures that are vulnerable to cyber attack, colleges and universities have introduced a broad array of academic programs in cybersecurity in the past two decades, including bachelor’s and master’s degree programs, and post-baccalaureate and post-master’s certificate programs. In fact, the number of students graduating from cybersecurity degree programs has risen sharply in just the past six years.
Based on an analysis of data collected by the Department of Education for it Integrated Postsecondary Education Data System (IPEDS), the number of bachelor’s degrees conferred by US schools in cyber and information security fields grew almost 250% in the last ten years. For master’s degrees, the number grew over 340% in that same period. (IPEDS data was analyzed from the 2013/14 school year to the 2022/23 school year, which is the most recent data available.) The last five years of IPEDs data is included in the table below.
Table: Cybersecurity Graduates by Degree Level by Year Based on Data from IPEDS
| Degree Level | 2018-19 | 2019-20 | 2020-21 | 2021-22 | 2022-23 |
|---|---|---|---|---|---|
| Bachelor's | 5291 | 5767 | 6546 | 8027 | 9631 |
| Master's | 5729 | 6421 | 6138 | 7439 | 8532 |
| Bachelor's plus Master's | 11020 | 12188 | 12684 | 15466 | 18163 |
While many cybersecurity degree and certificate programs are offered through schools and departments of computer science, engineering, and/or information science and technology, there are colleges and universities that have independent cybersecurity departments and/or institutes. As cybersecurity has emerged as an important issue in law enforcement, homeland security, business, government, and public policy, schools and departments of criminal justice, law, business, and public administration have begun offering programs as well.
Cyber Security Degrees and Specializations
Formal training and instruction in the theories and practices of cybersecurity, as well as in cybersecurity specializations such as digital and computer forensics and cybersecurity governance and policy, are offered in many forms by accredited colleges and universities and also by private companies and professional organizations. There are undergraduate programs in cybersecurity, including associate and bachelor’s degree programs that provide instruction in computer science, computer programming, and the fundamentals of information security. There are also graduate programs at the master’s and doctoral levels that offer advanced cybersecurity training and that typically allow students to specialize in a particular area of cybersecurity research and/or practice.
For students who are looking to gain practical skills without pursuing a full degree program, there are graduate certificate programs in cybersecurity designed for students who hold a bachelor’s, master’s, and/or doctoral degree. There are also computer training programs that are designed specifically for students interested in pursuing one of the many professional certifications in cybersecurity (e.g., CEH, CompTIA Security+, CISSP, CISM, CISA, etc.). Finally, there are cybersecurity bootcamps offered by colleges and universities as well as by private cybersecurity companies and professional groups. While many cybersecurity bootcamps are designed for students who have prior training and experience in computer coding, there are bootcamps for relative newcomers to the field of computer science, as well as bootcamps that cater to IT professionals with a moderate to strong technical background.
At this time, CyberSecurityDegree.com contains comprehensive directories of bachelor’s, master’s, and graduate certificate programs in the field of cybersecurity, and information about cybersecurity certificate programs and bootcamps. A brief overview of each type of degree is included below.
Bachelor’s in Cybersecurity Programs
A bachelor’s in cybersecurity program is an undergraduate program offered by a college or university that culminates in the conferral of a bachelor’s degree, and which provides students with a designated major in cybersecurity. Students in a bachelor’s in cybersecurity program complete general education requirements by taking courses in the arts, humanities, and social and physical sciences before completing courses specific to their major in cybersecurity, which typically include introductory computer science and programming courses followed by intermediate and upper-level courses that focus on the principles and practices of cybersecurity.
Master’s in Cybersecurity Programs
Master’s in cybersecurity is a designation for graduate degree programs that offer advanced training in cybersecurity and which confer a master’s degree, typically a Master of Science (MS) degree, although there are also Master of Applied Science (MAS), Master of Engineering (MEng), and Professional Science Master’s (PSM) programs in cybersecurity. At the master’s level, there are general cybersecurity degree programs, and programs that focus on a cybersecurity specialization, such as digital forensics or cyber law and policy. However, most programs provide general advanced training in the theories and practices of information systems security, computer network protection, malware, cryptography, data security management, penetration testing, and cybersecurity strategies. In addition, there are master’s programs in computer science, computer and software engineering, information technology, and business administration that offer a concentration or specialization in cybersecurity.
Graduate Certificate Programs
Cybersecurity graduate certificate programs are academic programs that provide specialized training in cybersecurity but which do not confer a degree. These programs are shorter than bachelor’s and master’s programs and typically consist of fewer credit/coursework requirements – four to six courses is common for a graduate certificate program, although the specific number varies by program. There are two general types of graduate certificate programs in cybersecurity: post-baccalaureate certificate programs, which require students to hold a minimum of a bachelor’s degree; and post-master’s certificate programs, which are designed for students who hold a master’s or doctoral degree, generally in a field related to cybersecurity such as computer science or engineering, although this too varies by program.
Graduate certificate programs are generally designed for working professionals who are looking to gain advanced skills and training to either advance in their current position or to change careers and enter the field of cybersecurity.
Modes of Instruction in Cyber Security Programs: Campus, Hybrid and Online Programs
Internet-based distance-learning platforms have broadened the options for students who are interested in earning a degree or graduate certificate in cybersecurity, and have thereby extended the reach of cybersecurity programs beyond the vicinity of a school’s campus. While many cybersecurity programs are offered in a traditional, campus-based format, an increasing number of programs, especially at the master’s level, are leveraging online learning technologies to offer cybersecurity programs in formats that provide more convenience and flexibility than on-campus programs. For students, this means there are fewer barriers to higher education than ever before. Students who live near a college campus and prefer face-to-face instruction can still pursue a degree in the traditional way by enrolling in an on-campus program. Working students or students who do not live near a college campus can now pursue the same degree without having to relocate or schedule classes around their working hours. As detailed in the sections below, there are fully online programs that do not require any campus visits, traditional programs where students take all of their courses in person on-campus, and a range of hybrid programs that combine online with campus-based instruction.
Campus, Hybrid, and Hybrid-Online Programs
To help students easily identify different types of programs, CyberSecurityDegree.com classifies degree programs into four categories based on their mix of on-campus and online instruction. Programs classified as campus, hybrid, and hybrid-online programs are generally designed for students who reside on or near the campus at which a program is offered, as they require students to attend classes or in-person intensives on that campus. The differences between these three types of programs are delineated below:
Campus Programs: As the name suggests, campus programs require students to attend classes on a school’s campus. While some schools offer cybersecurity programs at satellite campuses that may be more convenient for some students than the school’s main campus, enrolling in a campus-based program means making a commitment to be physically present for classes held at a designated location.
Hybrid Programs: This designation refers to programs that offer a mix of campus-based and online courses and to programs in which one or more of the required courses hold a significant number of classes on campus. Hybrid programs are generally more convenient than fully campus-based programs for students who live or work near the campus at which classes are held but are usually not be a good fit for students who are not within commuting distance of the school.- Hybrid-Online Programs: These programs offer all or most of their courses online but require students to attend a significant number of campus visits per year. Programs that require more than three to approximately six separate campus visits per year are classified as hybrid-online programs. Examples of hybrid-online programs include programs that require students to attend two distinct campus-based sessions per semester or programs that require students to attend four separate face-to-face instructional workshops as part of a specific course. Due to the number of campus visits, these programs are also typically not a good fit for students who do not live near the school’s campus.
Fully Online Programs and Online Programs with Limited Campus Visits
Programs that are fully online or that require only a limited number of campus visits are largely accessible to any qualified student via a secure internet connection regardless of where that student resides. CyberSecurityDegree.com classifies both of these types of programs into one online program category. These programs offer all or most of their instruction and required coursework through online learning management systems (LMSs) and thus do not necessitate a significant amount of travel or commuting to a school’ campus.
Fully Online Programs: A fully online program is a program that offers all of its required coursework, including lectures, presentations, and exams, via online instruction. Some programs utilize real-time online instruction, a mode known as synchronous online instruction, while others rely solely on asynchronous instruction and thus do not have scheduled class meeting times.- Online Programs with Limited Campus Visits: These programs offer most of their required coursework online but may require one to three campus-based sessions per year. These campus visits, sometimes referred to as intensives or immersion sessions, can enhance the online learning experience. They may consist of orientations, workshops, seminars, networking opportunities, and other learning experiences that benefit from face-to-face interaction. Typically, these sessions last a long weekend to a full week and are classified as one session if they span continuous days. Examples of online programs with limited campus visits include programs that require one week-long intensive during the summer and programs that require students to attend one campus-based session per fall, spring, and summer semesters. These programs may be ideal for students who want or need the flexibility of an online program, but who wish to meet their instructors and classmates in-person during the program.
