In many ways, the entire history of the cybersecurity profession goes back to The Worm. And the history of The Worm leads, inexorably, to Pittsburgh.
The Morris Worm, an infectious malware program exploiting flaws in the early Unix sendmail and finger programs, was released by Robert Morris, a student at Cornell University and son of an NSA cryptographer, in November of 1988. It quickly spread across the nascent internet at the time, a wake-up call taking down systems indiscriminately from coast to coast in what amounted to one of the first denial-of-service attacks ever launched. Ironically, Morris had crafted the Worm to highlight security inadequacies on the internet at the time; the DOS effect was simply a coding mistake.
The information technology community woke up, and one of their first responses happened in Pittsburgh as DARPA (the Defense Advanced Research Projects Agency, the driving force behind the early internet) tapped Carnegie Mellon to establish the first Computer Emergency Response Team Coordination Center (CERT/CC)… a valuable resource for public and private information security that continues to operate in that role and at that location even today.
That is part of what has led to modern Pittsburgh becoming a center for cybersecurity efforts in the United States and the world, and the location of the annual Pittsburg Cybersecurity Conference that brings great minds together to collaborate on issues concerning information security. CMU also hosts the CyLab Security and Privacy Institute, another information security think-tank.
According to Cyberseek, the state has a total cybersecurity workforce pushing 30,000 people today… and nearly half that number in unfilled cybersecurity job openings. That makes it a rich environment for both cybersecurity students aiming for a master’s degree, and graduates looking to establish a career in the industry.
Earning a Master’s Degree or Post-Bachelor’s Certificate in Cybersecurity in Pennsylvania
Most master’s degree programs in cybersecurity are evenly divided between 15-18 core credits of fundamental material and 15-18 elective credits that allow further specialization. Graduate certificate cybersecurity programs amount to around 15 credits, including 2 elective credits.
Online programs offer a level of flexibility that conventional campus-based programs can’t match, but with the same level student engagement through mock cyber threat response drills, online problem modules and open forum discussions with peers and professors on relevant and topical issues impacting information security and cyber defense.
Admissions prerequisites for graduate-level cybersecurity programs usually include:
- Holding a bachelor’s degree in computer science, information technology, engineering, or a related field
- Maintaining a minimum GPA of 3.0 in undergraduate coursework
- Some graduate schools require applicants to pass an entrance exam such as the Graduate Management Admission Test (GMAT) or the Graduate Record Exam (GRE)
- Three letters of recommendation from persons familiar with the applicant’s academic and cybersecurity background
- A written statement describing experience in and reasons for applying to the graduate cybersecurity program
- Completion of prerequisite coursework including:
- At least one year of calculus and addition higher mathematics courses such as differential calculus, discrete math, or linear algebra
- Courses in computer programming languages like C++ or Java
- Instruction in computer and legal ethics
- Courses in operating system and hardware and software architecture
Graduate programs may give applicants the opportunity to fulfill computer science and math prerequisites such as those listed above through undergraduate-level bridge courses. These courses are taken prior to the student beginning graduate cybersecurity coursework, often in the summer prior to the start of fall semester.
Core Courses and Electives Commonly Found in Cybersecurity Master’s Programs
Cybersecurity graduate programs typically require students to complete core coursework that includes:
- Networks and data communications
- Operating systems
- Software engineering
- Risk management
- Network security
- System administration and security
- Wireless network security
- Security tools for information security
Electives that students may take include:
- Software engineering
- Criminal justice topics (computer crime)
- Developing secure systems
- Cybersecurity and privacy regulation
- Legal issues and information ethics
- Cloud computing
NSA and DHS Designated National Centers of Academic Excellence in Pennsylvania
The National Security Agency and Department of Homeland Security offer two designation classifications applicable to schools that offer graduate programs in information security and cyber defense:
- CAE-CDE – National Center of Academic Excellence in Cyber Defense Education (qualifying colleges and universities offering bachelor’s, master’s, and graduate certificates)
- CAE-R – National Center of Academic Excellence in Cyber Defense Research (schools that participate in research initiatives and that integrate a strong research component into the curriculum of bachelor’s and graduate programs)
The following schools have met the rigorous criteria required to earn the NSA/DHS National Center of Academic Excellence in Cyber Defense Education (CAE-CDE) designation for their master’s and post-bachelor’s certificate programs:
Carnegie Mellon University, Computer Science Department AND School of Information Systems and Management (also holds the NSA/DHS National Center of Academic Excellence in Cyber Defense Research (CAE-R) designation)
- Master of Science in Information Technology Strategy–Information Security Concentration
- Master of Science in Information Security Policy and Management
East Stroudsburg University, Department of Computer Science
Pennsylvania State University, Cybersecurity and Information Assurance
- Master of Professional Studies in Cybersecurity Analytics and Operations
- Master of Professional Studies in Homeland Security – Option in Information Security and Forensics
University of Pittsburgh, School of Information Sciences (Also holds the NSA/DHS National Center of Academic Excellence in Cyber Defense Research (CAE-R) designation.)
Westchester University of Pennsylvania, Information Security Center
Drexel University, Electrical and Computer Engineering
Attending a Cybersecurity Bootcamp in Philadelphia or Online to Qualify for a Master’s Program or Prepare for Your Career
It’s not easy to get into master’s degree programs in cybersecurity with all the educational requirements, and it can take a lot of time and money to complete them as well.
If you need to build up your expertise before applying, or don’t have the deep pockets or time it takes to get through such a program, you do have other options. One of the most popular today is attending a cybersecurity bootcamp.
Bootcamps take conventional training programs and put them on steroids. Typically lasting anywhere between a few days and a handful of months, these sessions are jammed full of practical information and hands-on practice with tools that are currently being used in real-world cyberdefense scenarios. Instructors often work in the industry themselves, and the examples used for training are torn from the pages of real incidents… in some cases, using them as identical replays of attacks for a complete reproduction of real breaches.
Cybersecurity bootcamps are aimed at every specialization and every level of expertise in the industry and have qualifications and entry requirements to match, ranging from requiring advanced certifications and a graduate degree, to entry-level programs with virtually no requirements at all.
That’s where the Penn Cybersecurity Boot Camp falls, offered both online and in Philadelphia to anyone with basic problem-solving skills who can pass a phone interview. It’s part of a trend with existing higher education institutions starting to open some of their expertise and resources to new training venues outside the traditional classroom. In six-months of part-time study, you’ll learn about:
- Cloud cybersecurity
- Botnet detection and responses
- Python programming and shell scripting
- Tools like Hashcat and Kali that are regularly used in the industry
- Encryption and authentication issues
Students also receive hands-on training in networking, systems, web technologies, databases, and defensive and offensive cybersecurity. All this is wrapped up with career advising and networking services to help you get a placement in the industry or polish up your application for a master’s program. And many of the skills are also designed to prepare you for the Security+ or CEH (Certified Ethical Hacker) certifications, which are also highly valued in the field.
Opportunities Available to Master’s-Prepared Cybersecurity Experts in Pennsylvania
Pennsylvania is home to major public and private sector employers that prefer graduate-educated cybersecurity professionals, whether in academia, healthcare, business, local government or finance. According to the Pennsylvania Department of Labor and Industry, state-wide, the number of jobs for cyber security professionals is expected to grow by 25.6% during the ten-year period leading up to 2026. Nationally, research firm Burning Glass Technologies found in 2020 that cybersecurity roles had expanded almost 100 percent since 2013, leading to dramatic shortages and higher pay rates in the field.
That’s particularly true for those holding master’s degrees; the Bureau of Labor Statistics showed information security analysts in Pennsylvania in 2019 in the top 10% of the profession earning $149,810 annually.
The following job listings reflect the kind of opportunities available to master’s-prepared cybersecurity graduates in Pennsylvania, but are not intended to provide any assurance of employment:
Corporate Information Security Officer, PPL Corporation – Allentown, PA
- Responsible for enterprise-wide cybersecurity in a geographically diverse workforce
- Direct all security functions associated with information technology applications, communications, social media, company websites, and computing for the enterprise
- Oversee and coordinate cybersecurity across the enterprise to identify security standards and initiatives
- Develop and oversee comprehensive cybersecurity and risk management program
- Bachelor’s degree in information security, computer science, engineering or business required; master’s degree preferred
- Ten years of IT security experience
- Two years of information security leadership experience at a Fortune 500 corporation
- CISSP or CISM certification preferred
IT Security Risk Consultant, PNC Bank – Pittsburgh, PA
- Manage daily operations and effectiveness of security-related programs and initiatives
- Assess costs associated with potential security threats and solutions required to eliminate threats
- Lead development, implementation and enforcement of organization-wide security risk assessment and control standards, procedures and policies
- Manage activities for IT risk control in business operations
- Bachelor’s degree in cyber security or related field; master’s degree preferred
- Five years of industry-related experience
- Industry security certifications preferred
Command Cyber Readiness Inspection Cybersecurity Analyst, SecureStrux LLC –Lancaster, PA
- Perform various security assessments using DoD Security Technical Implementation Guides and DISA security content automation protocol compliant tolls
- Perform CCRI inspections
- Perform vulnerability scanning using eEye Retina and ACAS Suite
- Perform various manual network and HBSS related software assessments
- Bachelor’s degree in computer science or related field required; graduate degree preferred
- Two years of relevant experience
- Current security certifications required (such as Security+, GSLC, GISF, CAP)
- U.S. citizenship and ability to obtain DoD clearance required
Director of Cybersecurity External Policy, Xfinity – Philadelphia, PA
- Review and facilitated approval for all policies and security awareness initiatives
- Advise senior leadership on external cybersecurity landscape conversions and integrations in supporting business goals
- Build and enhance secure application design and development policies and practices across all cable footprint
- Ensure that security awareness programs and content are relevant and executed in a timely fashion
- Bachelor’s degree in a computer science related field required; master’s degree preferred
- Twelve years of technology leadership experience, with at least six years in IT security
- CISSP, CISM certifications preferred