Since the internet went public in 1995, there has been a rapid increase in the number and sheer variety of cybercrimes committed across the world. Hackers’ targets have included secure government websites, credit card number databases, university research organizations, popular Twitter accounts, celebrity phones, and city infrastructure. In 2015, the most common forms of cybercrimes have involved state-on-state cyberattacks (e.g., economic espionage), ransomware, and compromising mobile payment systems.
Just how extensive are cyberthreats, and how much damage can they cause? To illustrate how widespread the threats have become, the Norse Corporation (2015) has created a real-time map of cyberattacks across the globe. The vast majority of attacks are leveled against companies and institutions across the US, and the damage from these cyberintrusions can be substantial. By illustration, Heimdal Security (2015) compiled a list of surprising research-backed facts about cybersecurity. Currently, the FBI’s most wanted cybercriminal is Evgeniy Mikhailovich Bogachev, the man responsible for malware called “Zeus” which infected 1.2 million computers and is responsible for $100 million in financial losses. Even more malicious was the virus MyDoom which appeared in January 2004 and is estimated to have caused $38.5 billion in damages!
So what can be done in response to these threats? A new generation of crime-fighters has emerged to protect the vulnerable security systems of the electronic age. According to the Bureau of Labor Statistics (BLS 2014), cybersecurity professionals such as information security analysts perform a wealth of preventative and proactive functions such as monitoring computer networks for security breaches; installing protective software; educating company personnel on best practices for guarding confidential information; and keeping abreast of the latest trends in the industry. Furthermore, these computer specialists are well-compensated. The BLS (2014) reports that information security analysts—one possible subfield of cybersecurity—make an annual average salary of $86,170, nearly double the average salary of all occupations ($47,230, BLS ). Finally, openings for this occupation are projected to swell 37 percent between 2012 and 2022, much faster than the average estimated growth for all jobs (11 percent).
The National Initiative for Cybersecurity Careers and Studies (2015) reports that in addition to information security analysts, there is a number of high-growth career paths open to cybersecurity specialists such as becoming a security engineer; vulnerability assessor; computer crime investigator; forensics expert; cryptanalyst; web penetration tester; cryptographer; disaster recovery expert; or for the leadership-inclined, a chief information security officer (CISO).
Read on to discover the range of cybersecurity degree and certificate programs—both on-campus and web-based—as well as to learn about professional certification and program accreditation.
According to the Bureau of Labor Statistics (BLS 2014), information security analysts—one possible branch of cybersecurity—typically need at least a bachelor’s degree to enter the profession, but there are exceptions for this dynamic field, particularly for those with extensive experience.
Here is a featured selection of cybersecurity degree and certificate programs across the country:
Colorado Technical University (CTU) offers a bachelor of science (BS) in cybersecurity through its Colorado Springs and Denver campuses. Recognized by the US National Security Agency (NSA) and Department of Homeland Security, this degree program has two distinct concentrations: computer systems security and information assurance. Both tracks feature courses such as introduction to computer security, security risk management, vulnerability assessment & management, computer forensics, and scripting with Perl. Finally, CTU has specialized instruction to prepare its graduates to pass CompTIA’s Security+ and Network+ certification exams.
Carnegie Mellon University (CMU)—designated as a National Center of Academic Excellence (CAE) in information assurance, research, and cyber operations—provides a variety of master’s degrees related to information technology and computer forensics. One standout option is the 16-month master of science in information security (MSIS) degree program designed for students seeking leadership positions. With a focus on data security, networks, and systems, the MSIS program cultivates expertise among its graduates with comprehensive coursework in the fundamentals of telecommunications & computer networks and secure software systems. Other programs at CMU include a master of science in information technology (MSIT), an MSIT in privacy engineering (MSIT-PE), an MSIT in information security (MSIT-IS), a master of science in information networking (MSIN), and a master of science in information security policy and management (MSISPM).
George Washington University (GWU) in Washington DC has a master of science (MS) of cybersecurity in computer science program. Boasting world-class faculty and located in the nation’s capitol—a prominent target of cyberattacks—GWU’s 30-credit program gives instruction in areas such as design & analysis of algorithms, advanced software paradigms, computer system architecture, and management of information & systems security. Please note that GWU also offers a PhD program in this discipline as well as a graduate certificate in cybersecurity and information assurance.
Syracuse University (SU) offers master of science (MS) and certificate of advanced study (CAS) in cybersecurity programs that provide the necessary foundations for the design and development of systems that are assured to be secure, focusing on two aspects of computing systems: design of secure systems that exhibit confidentiality, integrity, and availability through authentication, reference monitoring, and sound design and implementation; and design of assured systems, which are secure systems who properties are verified or proven. Designated as a Center of Academic Excellence (CAE) by the National Security Agency and Department of Homeland Security, Syracuse hosts those 12-credit (CAS), and 30-credit (MS) programs which include four courses: computer security, internet security, foundations of assurance, and building assured components. SU also offers a PhD in computer science that allows students to focus on research in cybersecurity.
As mentioned above, there is a variety of degrees and certificates for aspiring cybersecurity professionals. Here are the common entrance prerequisites (i.e., admissions materials), courses, and sample programs at each level:
In addition to ForensicsCollege’s online computer forensics programs, here are four additional distance-based cybersecurity programs to consider:
Pennsylvania State University (Penn State)—recognized as a Center of Academic Excellence (CAE) by the US National Security Agency (NSA)—provides an online bachelor of science (BS) in security and risk analysis with an emphasis on information and cyber security. Penn State has specialized instruction in information, people & technology; the organization of data; the legal & regulatory environment of information science & technology; and the threat of terrorism & crime. As part of the curriculum, students complete a supervised internship to put their newfound abilities to work on real-world case studies. Please note that Penn State also hosts an online BS in information sciences and technology.
Southern New Hampshire University (SNHU) provides an online bachelor of science (BS) in information technologies with a focus on cybersecurity. SNHU’s affordable program—organized into six 9-week terms—features instruction in how to protect sensitive data networks, operating systems (e.g., Linux/Unix), and cybersecurity fundamentals. The accomplished instructors cut their teeth dealing with real cyberattacks, and teach courses such as introduction to software development, fundamentals of information technology, and cyberlaw & ethics.
The University of Southern California (USC) offers a 27-unit online master of science (MS) in cyber engineering which typically takes two years to complete. Ideal for information technology professionals, this advanced degree program involves not only classes such as foundations of information security, secure systems engineering, and applied cryptography, but also boasts professionally designed, simulated laboratory experiences to put students’ burgeoning theoretical and technical knowledge to the test.
The University of Maryland University College (UMUC) offers a wealth of online bachelor’s, master’s, and certificate programs in cybersecurity, including one outstanding online graduate certificate in the foundations of cybersecurity comprising 12 semester hours of instruction in cyberspace & cybersecurity and human aspects of cybersecurity (i.e., ethics, legal issues, and psychology). Other degree options at UMUC include a bachelor of science (BS) in cybersecurity management and policy; a BS in computer networks and cybersecurity; a BS in software development and security; master of science (MS) in cybersecurity; an MS in cybersecurity policy; an MS in digital forensics and cyber investigation; and an MS in information technology (information assurance).
Following the completion of a degree or certificate program, many cybersecurity professionals choose to seek out certification. There is a wide variety of options available—including the popular Cisco Certified Network Associate (CCNA) and Certified Computer Forensics Examiner (CCFE) certifications—which test candidates’ knowledge of computer forensics and network security, ensuring that they are knowledgeable about techniques and learning in the field.
Many employers prefer job candidates who are professionally certified. In fact, Tom’s IT Pro (2015) created a data-driven spread of the most in-demand computer forensics certifications using data from popular job posting sources such as LinkedIn, SimplyHired, and Indeed.
The five hottest certifications in this field were the following:
The International Society of Forensic Computer Examiners (ISFCE) provides the certified computer examiner (CCE) certification. To qualify for the two-part exam—a multiple choice test and a hands-on forensic analysis of case studies—candidates must have proof of training in digital forensics.
The International Council of E-Commerce Consultants (EC-Council) provides the computer hacking forensic investigator (CHFI) V8 certification. To qualify for the four-hour exam, candidates must have at least two years of experience in information security. Please note that the EC-Council also provides the following specialty certifications: certified ethical hacker (CEH), EC-Council certified security analyst (ECSA), EC-Council certified incident handler (ECIH), and the licensed penetration tester (LPT).
The International Association of Computer Investigative Specialists (IACIS) offers the certified forensic computer examiner (CFCE) credential, catering to law enforcement personnel. To qualify for the two-step certification process comprising a comprehensive exam and a peer review, candidates must have completed 72 hours of training in the core concepts of computer forensics.
The Global Information Assurance Certification (GIAC) program has several four-year certifications including the intermediate GIAC certified forensic examiner (GCFE) and the senior GIAC certified forensic analyst (GCFA).
The CyberSecurity Institute of Monroe, Washington hosts the cybersecurity forensic analyst (CSFA) certification. Open to candidates with at least two years of experience in digital forensics, the CyberSecurity Institute’s CSFA exam is two-part, comprising both written and practical components.
Check certification websites for information on how to maintain credentials, a process which typically involves the completion of continued education (CE) hours.
Aspiring professionals in cybersecurity are encouraged to verify the accreditation status of their program. This process not only evaluates the faculty, curricula, and student outcomes of a program or institution, but also can serve as an indicator of program quality to prospective employers or graduate admissions committees.
Although there is no specific body which accredits programs in cybersecurity or digital forensics, there exist six regional accreditation organizations recognized by the US Department of Education. These agencies include: