One indicator of the growth and expansion of the cybersecurity industry is the number of new opportunities available to students interested in pursuing a Ph.D. in the field. As the scope of skillset for professionals in the cybersecurity space continues to evolve and expand, so do the various kinds of Ph.D. offerings. Moving beyond just the domain of computer science, cybersecurity professionals are now training in the fields of law, policy, management, and strategy — as well as many others.
This guide is designed to give prospective cybersecurity Ph.D. students a general overview of available cybersecurity Ph.D. programs. It will also outline some of the factors to consider when trying to find the right Ph.D. program fit, such as course requirements and tuition costs.
Like other cutting edge technology fields, until recently, cybersecurity Ph.D. programs were often training grounds for niche positions specialized research, often for government agencies (like the CIA, NSA, and FBI), or closely adjacent research organizations or institutions.
Today, however, as the cybersecurity field grows to become more pervasive and consumer-oriented, there are opportunities for cybersecurity Ph.D.s to work at public-facing companies like startups and name-brand financial, software, infrastructure, and digital service firms.
One trend that is emerging in the cybersecurity field is that cybersecurity experts need to be well-versed in a variety of growing threats. If recent headlines about cybersecurity breaches are any indication, there are a number of new attack vectors and opportunities for cybercrime and related issues. Historically, committing cybercrime took resources and a level of sophistication that required specialized training or skill. But now, because of the pervasiveness of the internet, committing cybercrime is becoming more commonplace. So training in a cybersecurity Ph.D. program gives students an opportunity to become an expert in one part of a growing and multi-layered field.
In fact, this trend of needing well-trained, but adaptable cybersecurity professionals is reflected by the move by cybersecurity graduate schools to offer specialized master’s degrees and many companies and professional organizations offer certifications in cybersecurity that focus on particular issues related to cybersecurity technology, law, digital forensics, policy, or related topics.
That said, traditional research-oriented cybersecurity positions continue to be in demand in academia and elsewhere — a trend that will likely continue.
One interesting facet of the cybersecurity field is trying to predict what future cybersecurity threats might look like and then develop tools and systems to protect against those threats.
As new technologies and services are developed and as more of the global population begins using internet services for everything from healthcare to banking — new ways of protecting those services will be required. Often, it’s up to academic researchers to think ahead and examine various threats and opportunities to insulate against those threats.
Another key trend coming out of academic circles is that cybersecurity students are becoming increasingly multidisciplinary. As cybersecurity hacks impact more parts of people’s everyday lives, so too do the academic programs that are designed to prepare the next generation of cybersecurity professionals. This emerging trend creates an enormous amount of opportunity for students that have a variety of interests and who are looking to create a non-traditional career path.
What is required to get a Ph.D. in cybersecurity?
Good news first: Obtaining a Ph.D. in a field related to cybersecurity will likely create tremendous employment opportunities and lead to interesting and dynamic career options.
Bad news: Getting a Ph.D. requires a lot of investment of time and energy, and comes with a big opportunity cost (meaning you have to invest four to five years, or longer, or pursuing other opportunities to obtain a doctoral degree.
Here’s a quick breakdown of what is required to get a Ph.D. in cybersecurity. Of course, specific degree requirements will vary by program. One growing trend in the field is that students can now obtain degrees in a variety of formats, including traditional on-campus programs, online degree programs, and hybrid graduate degree programs that combine both on-campus learning with online learning.
Frequently asked questions about cybersecurity Ph.D. programs
How many credits are required for a Ph.D. in cybersecurity?
Most traditional and online cybersecurity graduate programs require a minimum number of credits that need to be completed in order to obtain a degree
On average, it takes 71 credits to graduate with a Ph.D. in cybersecurity — far longer (almost double) than traditional master’s degree programs. In addition to coursework, most Ph.D. students also have research and teaching responsibilities that can be simultaneously demanding and really great career preparation.
What is the core cybersecurity curriculum?
Understanding At the core of a cybersecurity doctoral program is In a data science doctoral program, you’ll be expected to learn many skills and also how to apply them across domains and disciplines. Core curriculums will vary from program to program, but almost all will have a core foundation of statistics.
What kinds of exams are required during a Ph.D. program?
All Ph.D. candidates will have to take a series of exams that act as checkpoints during the lengthy Ph.D. process. The actual exam process and timing can vary depending on the university and the program, but the basic idea is that cybersecurity Ph.D. candidates generally have to sit for a qualifying exam, which comes earlier in the program (usually the winter or spring of the second year of study), a preliminary exam, which a candidate takes to show they are ready to start the dissertation or research portion of the Ph.D. program, and a final exam where Ph.D. students present and defend their research and complete their degree requirements.
What is a doctoral dissertation?
A cybersecurity Ph.D. dissertation the capstone of a doctoral program. The dissertation is the name of a formal paper that presents the findings of original research that the Ph.D. candidate conducted during the program under the guidance of faculty advisors. Some example cybersecurity research topics that could potentially be turned into dissertation ideas include:
- Policies and best practices around passwords
- Ways to defend against the rise of bots
- Policies around encryption and privacy
- Corporate responsibility for employee security
- Internet advertising targeting and privacy
- The new frontier of social engineering attacks
- Operation security (OpSec) strategy and policy
- Network infrastructure and defense
- Cybersecurity law and policy
- The vulnerabilities of biometrics
- The role of ethical hacking
- Cybersecurity forensics and enforcement
Preparing for a cybersecurity doctorate program
Cybersecurity is a relatively new formalized technology field, nonetheless, there are a number of ways that students or prospective Ph.D. candidates can get involved or explore the field before and during a graduate school program. A few examples of ways to start networking and finding opportunities include:
Join cybersecurity organizations with professional networks
Specialized professional organizations are a good place to find the latest in career advice and guidance. Often they publish newsletters or other kinds of information that provides insights into the emerging trends and issues facing cybersecurity professionals. A couple of examples include:
The Center for Internet Security (CIS) is a non-profit dedicated to training cybersecurity professionals and fostering a sense of collaboration. The organization also publishes information and analysis of the latest cybersecurity threats and issues facing the professional community.
The SANS Institute runs a number of different kinds of courses for students (including certification programs) as well as ongoing professional cybersecurity education and training for people working in the field. The organization has several options including webinars, online training, and live in-person seminars. Additionally, SANS also publishes newsletters and maintains forums for cybersecurity professionals to interact and share information.
Leverage your social network
Places like LinkedIn and Twitter are a good place to start to find news and information about what is happening in the field, who the main leaders and influencers are, and what kinds of jobs and opportunities are available.
Starting a professional network early is also a great opportunity. Often professionals and members of the industry are willing to provide guidance and help to students that are genuinely interested in the field and looking for career opportunities.
Cybersecurity competitions are a great way to get hands-on experience working on real cybersecurity problems and issues. As a Ph.D. student or prospective student, cybersecurity competitions that are sponsored by industry groups are a great way to meet other cybersecurity professionals while getting working on projects that will help flesh out a resume or become talking points in later job interviews.
The US Cyber Challenge, for example, is a series of competitions and hackathon-style events hosted by the Department of Homeland Security Science and Technology Directorate and the Center for Internet Security with the goal of preparing the next generation of cybersecurity professionals.
Internships also continue to be a tried and true way to gain professional experience. Internships in technical fields like cybersecurity can also pay well. Like the industry itself, cybersecurity internships are available across a wide range of industries and can range from academic research-oriented to more corporate kinds of work.
Things to consider when choosing a cybersecurity Ph.D. program
There are a number of considerations to evaluate when considering any kind of graduate degree, but proper planning is essential in order to be able to obtain a doctoral degree. It’s also important to note that these are just guidelines and that each graduate program will have specific requirements, so be sure to double-check.
What you will need before applying to a cybersecurity Ph.D. program:
- All undergraduate and graduate transcripts
- GRE scores
- A statement of intent, which is like a cover letter outlining interest
- Letters of reference
- Application fee
- Online application
- A resume or CV outlining professional and academic accomplishments
What does a cybersecurity Ph.D. program cost?
Obtaining a Ph.D. is a massive investment, both in terms of time and money. Obviously, cybersecurity Ph.D. students are weighing the cost of becoming an expert in the field with the payoff of having interesting and potentially lucrative career opportunities on the other side.
Most traditional, campus-based doctoral programs range between $1,300 and $2,000 per credit hour. Degree requirements are usually satisfied in 60-75 hours, so the cost of a doctoral degree can be well into the six-figure range.
The good news is that by the time students get to the Ph.D. level there are a lot of funding options — including some graduate programs that are completely funded by the university or academic departments themselves. Additionally, funding in the form of research grants and other kinds of scholarships are available for students interested in pursuing cybersecurity studies.
One example is the CyberCorps: Scholarships for Service program. Administered by the National Science Foundation, Ph.D. students studying cybersecurity are eligible for a $34,000 a year scholarship, along with a professional stipend of $6,000 to attend conferences in exchange for agreeing to work for a government agency in the cybersecurity space after the Ph.D. program.
A complete listing of cybersecurity Ph.D. programs
The following is a list of cybersecurity Ph.D. programs. The listing is intended to work as a high-level index that provides enough basic information to make quick side-by-side comparisons easy.
You should find basic data about what each school requires (such as a GRE score or prior academic work) as well as the number of credits required, estimated costs, and a link to the program.