Why WashU

There are about 4,000 unfilled cybersecurity positions in St. Louis and 350,000 across the U.S. Cybersecurity Ventures estimates there will be 3.5 million unfilled jobs by 2021.

Request Information Upcoming Information Sessions Resources for International Students Expert Courses

 

Curriculum

The 30-unit master of cybersecurity management is a part-time program for working professionals.

A 15-unit graduate certificate in cybersecurity management is also offered and can be transferred into the degree program at any time. This program also offers the option to enroll in up to 9 units in program approved courses with the Computer Science Department. (*) Courses required to earn the certificate.

Pam Struttmann
Director of Student Recruiting
314-935-5484
sever@wustl.edu

Registration, Tuition Fees & Payment Policies

Qualified veterans: WashU McKelvey School of Engineering and the VA will cover 100 percent of your graduate tuition.

Courses

Required

Cybersecurity Technical Fundamentals (T83-560)*
3 Units
Required

This course presents a comprehensive survey of cybersecurity technology including basic theory and concepts. Students will gain hands-on familiarity of cybersecurity technology through lab exercises, in-class studios, and scenarios. Topics covered include security considerations surrounding operating systems, the web, email, databases, wireless, the cloud, and the Internet of Things. Also addressed are cryptography, secure software design, physical security, and human factors in cybersecurity.


Oversight for Excellence: Cybersecurity Management and Governance (T83-561)*
3 Units
Required

This course takes a comprehensive approach to the management of the organizational cybersecurity function. It also explores the principles of information technology governance. Coursework provides a deeper understanding of best practices for managing cyber security processes and meeting multiple needs of enterprise management by balancing the void between business risks, technical issues, control needs, and reporting metrics. Toward this end, the course addresses a range of topics necessary for success, including the elements of and how to establish a governance program, cybersecurity management frameworks, developing and implementing a cybersecurity strategy, deploying cybersecurity policy and controls, ensuring standards and regulatory compliance, functional and budgetary advocacy, interfacing with the C-Suite and Board, and talent acquisition and development. 


Efficient and Effective Cybersecurity Operations (T83-562)*
3 Units
Required

In this course, students will gain understanding of what it takes to manage the people, process, and technology for effective and efficient day-to-day cybersecurity operations. Using the Cybersecurity Operations Center (CSOC) as the fundamental exemplar, students will learn the functions and processes that comprise a typical CSOC with an underlying focus on continually optimizing operations for agility and performance. Options for structuring the CSOC will be examined along with core CSOC functions and processes such as threat intelligence; monitoring, detection, and threat assessment; vulnerability management; incident response; prevention, including awareness training; partner and third-party coordination; analytics, metrics, and reporting; training; and CSOC technologies and instrumentation.


Cybersecurity Risk Management (T83-566)*
3 Units
Required

In this course, students will gain deeper appreciation of the challenges faced by enterprises when addressing cybersecurity risks. The course will cover evolution of cyber threats, including attacker methods and their targets across different industries. Students will be able to understand the differences between enterprise, operational and cybersecurity risk management and the role that each play (or should play) in managing risks to an organization. Students will gain technical understanding of industry leading frameworks (COSO, ISO, NIST, FAIR) and become conversant with their strengths and weaknesses as well as the applicability and practicality of their implementation. 


The Hacker Mindset: Cyber Attack Fundamentals (T83-567)*
3 Units
Required

This course is designed to provide an introductory understanding of how offensive security techniques practically operate. During this course students will use hacking techniques to compromise systems, collect data, and perform other tasks that fall under the generally understood use of the term “hacker.” These techniques will be related to risk-based defensive security practices with a view toward enhancing the student’s understanding of what it takes to be a successful “defender.” By the conclusion of the course, students will have a baseline technical understanding of hacking techniques, will have executed offensive security operations, and will have increased technical understanding of what it takes to deal with cyber threats. 


Cloud Security (T83-587)
3 Units
Required

Today's organizations are more and more focused on delivering faster results and better products and services—and doing this securely—via an ever-evolving technological landscape. As a key component of the competitive landscape, cloud-based technologies have enabled critical capabilities, functionality, and innovations necessary to transform the way organizations survive and thrive in a competitive environment. As such, "The Cloud" requires cybersecurity practitioners to think differently about managing risk, producing resilient solutions, and dealing with 3rd party providers. In this course, students will learn best practices for cloud security to include methods for architecting and applying security-related features in a cloud platform. Through case studies, standards, best practices, and studio exercises, students will develop the necessary skills to identify security challenges of a cloud environment in support of the ongoing operations of the enterprise.


Leadership Seminar for Technology Professionals (T81-570)
3 Units
Required

This seminar is designed to develop the leadership capacity of professionals working in the information technology and cybersecurity fields. Although domain expertise plays an important role in the success of a technology professional, it’s when this expertise is integrated with the ability to lead people that transforms the merely competent into multi-dimensional force multipliers for the organization. In this course, students will participate in an immersive, seminar-based learning experience targeted toward professional and personal development on a range of essential leadership skills. Students will benefit from interaction with industry experts in the IT and cybersecurity fields and receive coaching support to achieve professional and personal goals. Each student will complete a series of self- and multi-rater assessments as well as a personal leadership development plan to gain insight and build competencies critical to effective leadership. Topics include creating a shared vision, strategy development, building and sustaining a healthy culture, essentials of finance and budgeting, driving results, energizing people for performance, innovation, emotional intelligence, navigating organizational politics, managing up, negotiations, stress resilience, talent coaching and development, effective communication, and time management.

Cybersecurity Management Emphasis (Choose 3)

Enterprise Network Security (T83-563)
3 Units
Elective

This course presents a detailed and comprehensive study of the architecture and defensive approaches to protect enterprise network environments against cyber threats. Students will gain practical experience in secure network architectures and design approaches. Using a building-block approach to case studies and design exercises, the course will establish the value of applied foundational security frameworks and system models. Specific topics include defensive network design, advanced treatment of appropriate security implementation tools and techniques, boundary defense, secure wireless and mobility solutions, remote and business partner access, and third-party and vendor interactions to ensure appropriate enterprise network solutions are implemented.


Access Control and Identity Management (T83-564)
3 Units
Elective

Business advancements due to technologies such as cloud, mobility, and the need to access information from anywhere using any device have made identity management and access control a critical component of cybersecurity. In this course, students will gain understanding of organizational and technical identity management and access control frameworks, learn central concepts such as least privileged access, authentication, and authorization that protect applications and systems from unapproved access. Topics covered include single sign-on, privileged account management, provisioning, role management, and directory services. Students will complete a “real-world” identity management and access control business case to identify risks and controls and create a strategy and roadmap to address challenges and propose solutions.


Cybersecurity Analytics (T53-565)
3 Units
Elective

This course provides an introduction to use of data analytics in support of an organization’s cybersecurity function. The course is designed to increase student understanding of how data analytics can be used to manage security and how data analytics can be used in support of risk-based assessment and decision making. Students who complete this course successfully will be able to apply data analytics techniques and tools to help organizations discover anomalies pertaining to cyber threats, implement, assess and monitor basic security functions, respond to emerging threats or prioritized requests as defined by organizational stakeholders, depict cybersecurity risk posture within the context of compliance and regulatory requirements, and construct a comprehensive cybersecurity analytics framework.


Emerging Issues and Technology in Cybersecurity (T53-568)
3 Units
Elective

Each new technology advancement brings with it promises and challenges. Will it be used for good or lead to disaster? This course examines contemporary and near-future cybersecurity threats and the potential security impact of new technologies. Topics include new forms of computing and communications and their implications for cybersecurity practitioners as well as incipient threat vectors. Historical security incidents will also be used to provide context and insight into the relationship of technology and security. Throughout the course, students will be challenged to develop strategies and responses to deal with emerging technologies and threats in ever-evolving cybersecurity domain.


Incident Response and Business Continuity (T83-569)
3 Units
Elective

This course focuses on the end-to-end process and methods to deal with cybersecurity incidents. Using recent examples of cyber breaches and incidents, students explore how CISOs react and respond to cyber breaches and incidents and learn best practices in doing so. Topics includes developing an incident response plan, organizing an incident response team, leveraging cyber intelligence and external partners to aid in response, handling public and private communications about the incident, and post-breach restoration. Particular attention will be paid to establishing a strong understanding of cybersecurity indicators and motives for espionage activities from both an external and rogue insider's perspective. Students will learn about host-based and network incident response tools and digital forensic tools including techniques and tactics for their effective use. This section of the course includes key "hands-on" activities typically used in post-breach analysis and investigations, such as forensic analysis of network storage, hard drives, and memory. Students will also become familiar with post-breach report construction and examine the proper drafting and use of such reports for submission to legal counsel, the courts, and to organizational leaders.


Introduction to Cybersecurity (T83-559)
3 Units
Elective

This course is intended as a comprehensive introduction to the cybersecurity field. It covers a broad range of cyber security terms, definitions, historical perspectives, concepts, processes, technologies, and trends with a focus on managing risk and the employment of cybersecurity as an organizational enabler.

Cybersecurity Design & Engineering Emphasis (Choose 3)

Network Security (E81 CSE 571S)
3 Units
Elective

A comprehensive treatment of network security. Topics include Security Overview, Classical Encryption Techniques, Block Ciphers and DES, Basic Concepts in Number Theory and Finite Fields, Advanced Encryption Standard (AES), Block Cipher Operations, Pseudo Random Number Generation and Stream Ciphers, Number Theory, Public Key Cryptography, other Public Key Cryptosystems, Cryptographic Hash Functions, Message Authentication Codes, Digital Signatures, Key Management and Distribution, User Authentication Protocols, Network Access Control and Cloud Security, Transport Level Security, Wireless Network Security, Electronic Mail Security, IP Security, Intrusion Detection, and Malicious Software.

Systems Security (E81 CSE 523S)
3 Units
Elective

This course examines the intersection between computer design and information security. While performance and efficiency in digital systems have improved markedly in recent decades, computer security has worsened overall in this time frame. To understand why, we will explore the role that design choices play in the security characteristics of modern computer and network systems. Students will use and write software to illustrate mastery of the material. Projects will include identifying security vulnerabilities, exploiting vulnerabilities, and detecting and defending against exploits.


Introduction to Computer Security (E81-433S)
3 Units
Elective

This course teaches the fundamentals of secure software development using C++. Within the context of a secure software design process, students will learn enduring principles for secure programming, coding standards and best practices, and how to deal with security vulnerabilities that arise during software development. Students will operationalize their knowledge through hands-on exercises, labs, and projects. Students should be able to program in C++ and be familiar with basic constructs such as control flow, loops, arrays, structures, pointers, and file I/O.


Advanced IoT, Real-Time and Embedded Systems Security (E81 CSE 569S)
3 Units
Elective

The aim of this course is to provide students with knowledge and hands-on experience in understanding the security techniques and methods needed for IoT, real-time, and embedded systems. Students complete an independent research project which will involve synthesizing multiple security techniques and applying them to an actual IoT, real-time, or embedded system or device.


Software Security (E81 CSE 637S)
3 Units
Elective

In this course, students will be introduced to the foundations of software security. We will be exploring different classes of software vulnerabilities, analyzing the fundamental problems behind these vulnerabilities, and studying the methods and techniques to discover, exploit, prevent and mitigate these vulnerabilities. Topics of interest include buffer overflow, integer overflow, type confusion, use-after-free, etc. Throughout the course, we take a defense-in-depth mentality and see how systems can be protected. Students are expected to have a solid understanding of assembly language, C/C++ and operating system. Prerequisites: CSE 361

Bridge Course (counts as 1 elective if taken)
Introduction to Cybersecurity (T83-559)
3 Units
Elective

This course is intended as a comprehensive introduction to the cybersecurity field. It covers a broad range of cyber security terms, definitions, historical perspectives, concepts, processes, technologies, and trends with a focus on managing risk and the employment of cybersecurity as an organizational enabler.

Meet our faculty

Che Bhatia VP Stroz Friedberg, 20 years of IT, security and risk management experience

Che Bhatia

  • Adjunct Instructor
Bill Blankenship Expert in Security Operations. United States Air Force Veteran

Bill Blankenship

  • Adjunct Instructor
Craig Byrkit Craig has expertise directing complex computer intrusion network incident response for global corporations.

Craig Byrkit

  • Adjunct Instructor
Eric Kruse Diverse background in the Fortune 500, Government, and Military leading information security teams and complex technical product security strategies

Eric Kruse

  • Adjunct Instructor
Mike Jenkins Former Chief Information Security Officer at the United States Transportation Command. ISC2, CISSP, ISSEP, ISSMP and ITIL certified

Mike Jenkins

  • Adjunct Instructor
Rehman Khan Cloud Security, Data Analytics and Technology Innovator with experience in Financial Services, Biotechnology, & Hospitality Domains. Speaker at RSA Conference, CISSP & CCSP, MSSE, BSCS

Rehman Khan

  • Adjunct Instructor
Jarrett Kolthoff President/CEO of SpearTip, former Special Agent – U.S. Army Counterintelligence

Jarrett Kolthoff

  • Adjunct Instructor
Scott Krause Senior Consultant, Security Risk Management, Mastercard – CISSP, CISA

Scott Krause

  • Adjunct Instructor
Anatoli Lataria Cybersecurity professional with comprehensive record of managing risk, governance, data protection and strategy for a variety of Fortune 500 companies

Anatoli Lataria

  • Adjunct Instructor
Steve Loftus Professional white hat hacker

Steve Loftus

  • Adjunct Instructor
Mike McDermid Retired Air Force Lieutenant Colonel, IT leadership speaker

Mike McDermid

  • Adjunct Instructor
Lamont Orange Chief Information Security Officer for Vista Equity Partners and member of the Security Advisor Alliance (SAA) and the Cybersecurity Forum Initiative

Lamont Orange

  • Adjunct Instructor
Gil Schmitt Senior manager of Network Engineering within Enterprise Holdings, Inc. (formerly Enterprise Rent-A-Car) IT Department

Gil Schmitt

  • Adjunct Instructor
Rick Sunner Strategy and Technology Consultant in Cybersecurity for the United States Air Force

Rick Sunner

  • Adjunct Instructor

Graduate Tuition

Full-time student 
(9-21 units)

$28,150/semester ($56,300/year)

Enrolled in more than 21 units

$28,150 (plus $2,346 per unit over 21 units)

Full-time student, 
enrolled in 8 or fewer units

$2,346/unit

Part-time student, 
enrolled in 8 or fewer units 

$1,994/unit (applies to SI and TG Prime, not GR)

Graduate Student Activity Fee 
(full-time students)

$15/semester

Health & Wellness Fee 
(full-time students)

$524/year

 

Contact

Johanna Sengheiser
Graduate Financial Aid Analyst & Accountant
314-935-6183

Engineering Graduate Admissions
314-935-5830
engineeringgradadmissions@wustl.edu

 

Free Lectures & Webinars 

Learn more