The Master of Science in Cybersecurity (MSC) is a one-year intensive program for working professionals as well as recent college graduates interested in cybersecurity management. Our MSC program develops leaders who can address people, process, technology, and vendor/supply chain aspects of strategic cybersecurity efforts by supporting and motivating collaboration across the organization and driving optimized solutions that enable the company to manage evolving risk and achieve its business goals. Our program allows participants to develop the necessary skills to make informed cybersecurity decisions by analyzing potential outcomes, benefits, and risks.
MS Cybersecurity Program Highlights
- Complete in one year
- Online, synchronous program
- Balance between business risk management and cybersecurity and IT requirements
- GRE or GMAT not required
- Access to self-paced online certification bootcamp
- A STEM-designated degree (STEM graduate programs are university degrees awarded in Science, Technology, Engineering, and Mathematics.)
Application Deadlines | Tuition Rate Per Unit | Number of Units | Format and Length |
Fall: Aug. 1 | $920/unit View Tuition and Financial Aid Information for details. | 36 Units | Online (Mondays and Wednesdays, 6-10 p.m. PST) One-year |
Attend an Online information session
Cybersecurity is a business enabler! Our MS in Cybersecurity Program addresses the most important elements of people, process, technology, data, partners and suppliers to ensure exactly that.
MSC Admissions and Financial Aid
A degree from a private university like »¨¶ùÖ±²¥ University of California is more accessible than you might think.
A Bachelor’s degree or its equivalent from a regionally accredited institution of higher education is required to apply to our graduate programs. GMAT and GRE Not Required.
- Completed Application&²Ô²ú²õ±è;—&²Ô²ú²õ±è;
- Official Transcript(s)
Official transcript of coursework from each college or university attended (undergraduate and graduate). Find complete instructions on how to submit your transcripts to »¨¶ùÖ±²¥ here.
Students who received their undergraduate degrees from an institution outside the United States must have credentials evaluated by a third-party evaluation service. The agency must submit an official report to »¨¶ùÖ±²¥ verifying credentials. Contact the Office of Graduate Admissions for further instructions. - Resume
- Statement of Purpose/Intent
A statement between 300 and 800 words describing why you are interested in pursuing a graduate degree in cybersecurity. - One Letter of Recommendation or Interview With The Dean
Letter of recommendation: Academic or professional, on letterhead. - International Applicants
International candidates must meet additional admissions requirements.
International MSC students are not eligible to live on campus or qualify for an F1 student visa due to the online nature of the degree. International students may take the program online in their home country.
»¨¶ùÖ±²¥ has a rolling admissions policy, which means we evaluate applications as they are received and will continue to evaluate applications until we’ve filled all the slots for our incoming class. We encourage you to apply as soon as possible.
If an application deadline falls on a weekend and/or holiday, applications will be accepted through the end of the next business day.
Fall Priority Deadline | July 1 |
Program Overview and Career Paths
There is an increasing awareness and concern over the growing cyber threats facing organizations, governments, and individuals. Cyber-crime is growing exponentially. According to Cybersecurity Ventures, the cost of cybercrime is and will grow to $10.5 trillion by 2025. According to , the current (US) national supply/demand ratio is 69%, meaning in the US only 69% of the cybersecurity jobs are filled. This is based on 663K total cybersecurity job openings. In California only, there are around 69K cybersecurity job openings. As a result the demand for cybersecurity professionals is very high regardless of the industry and the job outlook over the next decade is extremely positive as portrayed by , .
A master’s degree in Cybersecurity not only opens doors to new job opportunities and promotions, but it can also fast track your career in different industries too. A graduate degree in cybersecurity with a business focus is very valued in several industries such as healthcare, financial services, manufacturing, retail, higher education, telecom, construction, energy, government, and technology. It also provides current employees in the public and private sectors an opportunity to obtain advanced-level, high-quality training in the core business areas with an IT/Cybersecurity focus.
A graduate degree is also a requirement for most management roles and definitely a must for senior management roles such as a Chief Information Security Officer, Executive Director of Cybersecurity, which demands an . According to labor market researcher Burning Glass Technologies, almost one-quarter of cybersecurity jobs require a graduate degree.
The increasing demand for cybersecurity professionals, the high earning potential of cybersecurity jobs, flexible work hours, the option to work from home, work-life balance, and increased job security are some of the reasons why a graduate degree in cybersecurity is worth pursuing whether you are new to cybersecurity, switching from a different job and/or role, or trying to move up the chain. Positions our graduates will be equipped to master include:
- Chief Information Security Officer (CISO)
- Deputy Chief Information Security Officer (DCISO)
- Information Security Officer (ISO)
- Business Information Security Officer (BISO)
- Cybersecurity Project Manager/Director
- Cybersecurity Manager/Director
- Manager/Director, Infrastructure & Cybersecurity
- Manager/Director, Governance, Risk, Compliance (GRC)
- Manager/Director, GRC
- Manager/Director, Security and Risk Services
- Manager/Director of Information Security Governance
- Manager/Director of IT Security
- Information Security Manager/Director
- Technical Program Manager/Director
- Cybersecurity Project/Program Manager/Director
- Customer Success Manager/Director (Cybersecurity)
- Cybersecurity Consultant
- Manager/Director of Cybersecurity, Governance and Advisory
- IT Auditor
The Barowsky School of Business (BSB) partners with Bay Area companies to provide experiential learning opportunities for students and job placement upon graduation. Students work closely with BSB Graduate Career Services to move forward in their careers and life beyond graduation. Our services include individualized one-on-one assistance and professional development events.
Students will acquire knowledge in several functional areas of business, including:
- Cybersecurity Fundamentals
This course covers the full spectrum of cybersecurity domains and topics, e.g., applications, software, network, physical/logical infrastructure, cloud. Students learn about contemporary and emerging technologies and how they provide secure platforms for applications, IoT, (digital) products and services. Introductory concepts include security and risk management, threat landscape, asset security, security operations and response, defense to hardware, operating systems, networks and applications in modern computing environments, software vulnerabilities, basic cryptography, operating systems protections, protections concepts across data, identity, and devices, network and cloud security, privacy, data mining, computer crime, techniques and tools including symmetric and asymmetric encryption algorithms, hashing, public key infrastructure, and how they can be used. - Cybersecurity Governance and Compliance
The course highlights the broad requirements for effective governance, the elements and actions required to develop a cybersecurity strategy and a plan of action to implement the corresponding cyber security program. The focus is on the alignment of security strategy with business goals, objectives, and corporate governance. Students will learn about the effective governance and management components of IT and cybersecurity. Topics include frameworks, standards, policies, procedures, organizational structures, enterprise architecture, risk management, protection of assets, maturity models, laws, regulations, IT resource management, IT service acquisition and management, quality management and performance management. The role of the Board of Directors (BOD), how to communicate with the BOD, the objectivity and independence of the various roles, e.g., where cybersecurity should be positioned in an organization, will also be covered in this course. - Cybersecurity Operations
This course builds on the foundations course and covers the day-to-day operational aspects of cybersecurity. It provides an understanding of the role and importance of various operations: from vulnerability and patch management, identity and access management, configuration and change management, log management, application security, data protection & privacy, data encryption, network security, asset management, endpoint security, physical security, incident management, cyber threat intelligence, digital forensics, disaster recovery and business continuity planning (DRP/BCP), to all other security operations center (SOC) functions, automation, artificial intelligence, threat intelligence, threat management. In this course students also get to learn and discuss the capture of relevant data and the use of operational data analytics including cybersecurity dashboards. Roles, skills, budgeting, and other operational issues will be covered in this course. - Information Security Risk Management
This course focuses on the importance of information security risk management as a tool for meeting business needs and developing a security management program to support these needs while managing information risk to an acceptable level to meet the business and compliance requirements of the organization. Special emphasis is provided on business alignment based on the risk appetite and tolerance. Students in this course will learn the skills of risk identification, IT risk assessment, risk response and mitigation, and risk and control monitoring and reporting. Topics include; information security and risk frameworks and standards, data classification, information asset classification and ownership, risk assessment process, third party risk management, threat and vulnerability identification, supply chain risk, risk of noncompliance, gap analysis, security controls and measures, return on investment and cost justification, information risk reporting, business skills associated with how to advise the c-suite and board of directors on cyber risks, risk management lifecycle, data capture and analysis for making data-based risk management decisions. - Managing Human Risk: Building a Security-Based Culture
In this course, students will confront the reality that people are often the weakest link in the security chain, serving as the primary target for social engineering and phishing attacks. This course offers essential lessons and a roadmap to construct a mature awareness program for organizations and workforces, generating measurable impact. Students will acquire key concepts and skills to cultivate a secure culture through a robust awareness security program that transcends mere compliance, focusing on tangible behavior change. The curriculum provides a comprehensive understanding of the human element in organizations and its profound impact on cybersecurity. Discussions will explore associated challenges and opportunities, addressing various
technology groups including users, developers, supporters, and administrators. Topics span human risk, insider threat, maturity models and levels, awareness, education, training, and the prevalent tactics, techniques, and procedures employed in today's human-based attacks. - Secure Coding and Application Security
This course provides comprehensive guidance and insight into secure software coding, development, and overall application security with a dedicated emphasis on cybersecurity. Students will acquire foundational principles and best practices, emphasizing secure programming techniques. The course will also cover threat modeling, risk assessment, and architectural approaches to fortify (web) applications' security postures. The course navigates the integration of security into the DevOps pipeline (DevSecOps), utilizing continuous integration and continuous development (CI/CD) workflows, agile development, and APIs to automate processes. Recognizing the pivotal role of coding in cybersecurity, the curriculum goes beyond proficiency in secure coding practices, fostering the ability to scale lean and agile methodologies. Students will emerge adept at addressing evolving cybersecurity challenges throughout the software development lifecycle (SDLC). - Cybersecurity Strategy, Leadership and Management Competencies
This course allows the students to understand and address the fundamental leadership challenges and benefit from the competencies by focusing on leading the organization, leading the self, and leading others. Topics include strategy, program development, leadership and management, motivation factors, soft skills, leadership styles, creating
and leading effective teams, team dynamics, team engagement and performance management, strategic communication process, leading and managing change using models and frameworks and understanding the psychology of change. In this course, students will improve the business and interpersonal skills necessary to be a competent and successful cybersecurity leader and professional while also working on the cyber strategy. - Defenders vs. Attackers - Bridging Perspectives
Students on this course embark on a dynamic exploration of cybersecurity where defenders and attackers converge. The course provides a holistic understanding of the hacker's and defender's mindset, covering MITRE - ATT&CK (Adversarial Tactics Techniques, and Common Knowledge) framework, penetration testing, threat hunting, and attacks and countermeasures. Use of NIST Cybersecurity Framework will be emphasized. Students engage in hands-on simulations with red, blue, and purple teams, emphasizing collaboration and information sharing. The curriculum includes proactive threat hunting, automation in defensive solutions, and collaborative efforts to enhance security postures. Students will learn to find vulnerabilities in assets, identify modes of access, and remove existing threats. The course not only equips students with the skills to protect assets but also empowers them with ethical hacking techniques to uncover vulnerabilities. This course provides a learning experience to bridge perspectives, fostering a resilient cybersecurity ecosystem against evolving threats. - IT/IS and Cybersecurity Auditing
Determining whether information systems are protected, controlled, and provide value to the organization is an essential part of the auditing process. This course focuses on the standards, principles, methods, guidelines, practices, and techniques that an auditor uses to plan, execute, assess, and review business or information systems and related processes also impacting cybersecurity. Various forms and levels of assurance such as assessments, certifications, continuous monitoring, and audits will be covered in this course. Students will learn the distinct roles of entities like internal audit, cybersecurity management and external third parties, how to conduct an audit in accordance with IS audit standards and a risk based IS audit strategy, communicate progress, findings, results, and recommendations, and conduct an internal & external audit follow-up to evaluate whether risks have been sufficiently addressed. Identifying opportunities for process improvement in the organization's policies and practices is also covered during this course. - Ethical, Legal and Professional Issues
Every facet of human endeavor is being profoundly changed by pervasive digitalization. This course provides a broad overview of key issues at the intersection of cybersecurity and privacy and serves as a reference on laws, regulations, and professional approaches while addressing ethical and compliance issues through policies. Students will learn to differentiate between laws and ethics, about ethical conduct and compliance with the regulations, industry standards, or internal policies as well as the role of culture as it applies to ethics in cybersecurity. Legal frameworks governing cybersecurity will be analyzed, with a focus on international, national, and industry-specific laws and regulations. Case studies and real-world scenarios will be employed to stimulate critical thinking and ethical decision-making skills. Additionally, the course will cover dilemmas related to privacy, data integrity, the responsible use of technology, emerging trends, such as the ethical implications of artificial intelligence and the global impact of cybersecurity breaches. - Emerging Technologies and Special Topics in Cybersecurity
This course offers a comprehensive introduction to the fundamental concepts, applications, and challenges posed by emerging technologies in the realm of cybersecurity. It empowers students with the essential knowledge and skills necessary to navigate the complex intersection of cybersecurity and cutting-edge technologies, preparing them for the ever-evolving digital landscape. Exploring both defensive andoffensive perspectives, the course delves into transformative domains such as Artificial Intelligence (AI), Machine Learning (ML), and Zero Trust architecture. Students will investigate the practical application of the latest cloud technologies and their profound impact on cybersecurity strategies. The curriculum spans a diverse range of topics including Blockchain, Internet of Things (IoT), cryptocurrency, quantum computing, critical infrastructure, drones, robots, and wearables, highlighting their significance in securing the digital ecosystem. Students will gain valuable insights into the integration of these technologies across various industries and proactively engage in long-term strategic thinking for their widespread adoption and protection of organizational assets. - Practicum
In this capstone course, students will work individually or in teams and use the full range of skills, techniques, and concepts gained throughout the program to make a Board presentation. They will design, execute, and present a cybersecurity project/program of a selected company that had a major security issue over the past 5 years. Using publicly available information, students will go through the security life cycle of assessing their current strategy, identifying gaps, and developing a new strategy advocating for a significant investment, restructuring of cybersecurity, and making a few difficult choices/trade-offs. Project will cover management of strategy, policy, technology, people, best practice, and frameworks as well as compliance requirements. Students are evaluated based on the quality of their work, their ability to collaboratively develop and communicate in both written and verbal form, along with a question-and-answer session. It is recommended that students select their case study early in the program so that they can apply what they learn in each course as they move through the course.
Students enrolled in the MS in Cybersecurity, a business-oriented management program, will receive complimentary access to an optional, self-paced online cybersecurity certification bootcamp and one free exam voucher. The content covers the following industry-recognized certifications:
- ISACA Certified Information Security Manager - CISM
- ISACA Certified in Risk and Information Systems Control – CRISC
- ISACA Certified Information Systems Auditor - CISA
- ISACA Certified in Governance of Enterprise IT - CGEIT
- ISACA Cybersecurity Fundamentals - CSXF
- ISACA Control Objectives for Information Technologies - COBIT
- ISC2 – Certified Information Systems Security Professional - CISSP
- CompTIA Security+
What to expect:
- Students will have access to the self-paced online bootcamp for a minimum of one year and will be able to schedule their exam within another year.
- Faculty will advise students on the certification(s) best suited to their career goals.
- Some courses in the MS program align with bootcamp certification content.
- We recommend that students take the exam toward the end of the program to ensure best preparation for passing the exam(s).
Program Contact
Assistant Director of Admissions, Barowsky School of Business