Looking for Online Programs?
You can find our comprehensive directory of online PhD programs in Cyber Security here.
Overview of PhD Programs in Cyber Security
A PhD in Cyber Security is rigorous, research-focused degree where you can devote yourself to a particular area of interest (e.g. human-centered computing, cyberinfrastructure, embedded systems, etc.). Doctoral degrees may take 5-7 years to complete.
A PhD is not required for most corporate cyber security careers. Instead, it is tailored towards students who are interested in research-based jobs such as:
- Corporate researchers
- University faculty
- Policy advisors
Take a deep breath before committing to a PhD program. It can be an expensive, difficult and frustrating process. The rewards are great, but so are the sacrifices.
Types of Cyber Security PhD Programs
PhD in Cyber Security
Cyber security is a relatively new field, so it’s rare to find a degree explicitly called “PhD in Cyber Security”. Instead, most universities choose to offer a PhD in Computer Science or Computer Engineering with the option to focus on security-related issues.
PhD in Computer Science – Security Focus
This is the most common PhD degree for cyber security researchers. It often examines technical and theoretical concepts of computer science and information security. With this degree, you could be expected to demonstrate your grasp of fundamental computational practice (e.g. algorithms, engineering, database management, architecture, artificial intelligence) before you’re allowed to attack your dissertation.
PhD in Information Assurance
Information assurance is concerned with every aspect of protecting information systems – from the legitimate use of system resources to the impact of regulatory changes. In consequence, PhD programs in Information Assurance may (but don’t always) have an interdisciplinary feel to them. For example, in additional to technical puzzles, PhD students could be investigating what kinds of effects law, policy and human behavior have on security measures.
Cyber Security PhD Curriculum
The standard format for a U.S. PhD program is two years of graduate classes and qualifying exams, followed by 3-5 years of independent research culminating in a detailed, scientific account of your work (i.e. your dissertation).
We’ve listed some sample courses for those first 2 years of study, but your individual curriculum will be unique to your research concentration. Most PhD students plan out their course of study and their choice of classes with a graduate advisor.
Years 1-2: Sample Courses
- Theory of Computation
- Computer Systems, Networks and Architecture
- Network Security
- Applied Cryptography
- Security Risk Management
- Cyber Law
- Homeland Security
- Advanced Algorithms
- Artificial Intelligence
- Software Engineering
- Graphics and Visualization
- Data Warehousing
- Machine Learning
- Information Theory
- Applied Probability
- Neural Networks
Years 3-5: Sample Format
These are the independent research years. During this time, you will be expected to submit (and defend) a dissertation proposal to the Dissertation Committee. They will decide whether:
- Your dissertation topic is original and will make a significant contribution to the field of cyber security
- You have the skills and background knowledge to complete your dissertation
- Your research plan is sound and your goals are realistic
While you are working on your dissertation, you may be required to write progress reports, teach undergraduate classes and present talks on your research. This process ends when you submit your dissertation for publication.
The very last hurdle is an oral examination (a.k.a. dissertation defense). You will once again stand in front of a Dissertation Committee to defend your work and its originality. The committee is often a mix of internal faculty members and external experts.
Cyber Security PhD Admission Requirements
Schools are interested in original thinkers with a burning interest in a specialized field of knowledge and the ability to complete significant and relevant research.
Universities take a variety of criteria into account when they’re making their decision. Here are some standard admission requirements:
- Bachelor’s degree from a regionally accredited institution
- GPA of 3.0 or more (Grade B or above) in computing/math courses
- Excellent GRE scores
- Relevant professional experience
- 3 letters of recommendation
- Statement of purpose
- Research work, including publications
International applicants will also need to provide their scores on the TOEFL examination.
Do I Need a Master’s Degree?
Probably not. A lot of universities will grant you a master’s degree after you’ve completed the first 2-3 years of graduate coursework.
Depending on your area of interest, you may be able to apply even if you don’t have a degree in CS or Cyber Security. However, schools will want to see that you have significant background expertise in the subject.
All On-Campus Doctorate in Cyber Security Programs
Below are all the matching programs we found in our directory, from 24 US schools.
Arizona State University
Candidates pursuing a Ph.D. in Computer Science from Arizona State University can have a concentration in information assurance. The Ph.D. program is housed in the Ira A. Fulton School of Engineering at the Tempe campus. To earn the degree, students must complete 84 credits, a comprehensive written exam, comprehensive oral exam, a prospectus, and a dissertation. All students are required to take courses in three areas to cover a wide range of knowledge. They must take courses in applications, foundations, and systems. Applicants should have at least a bachelor’s degree in computer science, computer engineering, or a similar field. Most applicants have a master’s degree but ASU does admit some students directly from undergraduate programs. Applicants must submit GRE scores.
University of Arizona
The Eller College of Management at the University of Arizona grants a Management Information Science Ph.D. that allows students to choose an area of emphasis such as information assurance. Applicants should have an undergraduate degree from an accredited college with a GPA of 3.5 or higher, but no specific major is required. Applicants must submit GMAT or GRE scores, three recommendations, and a resume. Applicants do not need a master’s degree but they must be comfortable using a high level programming language. Doctoral students may only start the program in the fall term. Eller has been named among the top five MIS graduate programs on the U.S. News and World Report rankings for 28 years in a row. In 2017, it was ranked #5.
University of Arkansas
Students seeking an advanced degree in information assurance can earn a Ph.D. in Computer Engineering-Information Assurance or a Ph.D. in Computer Science-Information Assurance through the College of Engineering at the University of Arkansas. Students in either program join in faculty research and conduct independent study. Typically, applicants to either doctoral program already have a master’s degree in computer science, computer engineering, or a related field, but the university does accept some students who want to enter straight from undergraduate work. Applicants must have a GPA of 3.0 or higher on previous college work, and they must submit GRE scores. Ph.D. students may be eligible for fellowships, teaching assistantships, or research assistantships. Students may enter the program in the fall or spring semester.
Naval Postgraduate School
The Naval Postgraduate School has a Ph.D. in Computer Science that allows students to choose a specialization in computer systems and security as an area where they will develop a depth of understanding. The Naval Postgraduate School is for U.S. military officers, civilian employees of the federal government, or military officers or employees of a foreign government. All applicants should have a master’s in computer science or a closely related subject, with a high GPA. Additionally, applicants must submit GRE scores and material demonstrating research ability, such as a copy of their master’s thesis. The NPG requires students to spend at least one year in residence at the school, but students may travel to the school to take exams while working a full-time job elsewhere.
University of California-Davis
Students working towards a Ph.D. in Computer Science from the University of California Davis can choose a focus in information assurance. Admission to the program is highly competitive, with only about the top 10 percent of applicants admitted to the program annually, and admitted students almost always have an academic background in computer science. Applicants must have a bachelor’s degree, at the minimum, and must submit GRE scores and three letters of recommendation. They must demonstrate proficiency in math and four areas of computer science. Once in the program, students must pass classes to develop advanced proficiency in computer architecture, systems, theory, and applications. They must complete a dissertation and at least one semester of teaching.
University of Colorado Colorado Springs
Colorado Springs, Colorado
The College of Engineering and Applied Science at the University of Colorado, Colorado Springs allows students seeking a Ph.D. in Engineering to select a security specialty. The curriculum for this specialty covers cybersecurity, physical security, and homeland security, and allows students to conduct multi-disciplinary research. Applicants must have a bachelor’s or master’s degree in a STEM field, homeland security, or a closely related field. Applicants should have a GPA of at least 3.3. Students who enter the program with a bachelor’s degree must complete 30 credits in graduate level classwork. Students who enter with a master’s may be able to transfer up to 24 credits. All students must complete 30 dissertation credits and complete a three-month operational security experience (alternatives to an internship are accepted).
University of Idaho
Students who enroll in the Ph.D. in Computer Science Program at Idaho State University can focus on information assurance by following the curriculum outlined by the Center for Secure and Dependable Systems, housed in the College of Engineering. The program assumes students have already taken basic computer science coursework. Applicants to the program must have, at minimum, a bachelor’s degree from an accredited college with a GPA of at least 3.0. Students with a lower GPA will be considered if they have at least five years of professional experience in computer science or submit an essay explaining their experience and academic potential. GRE scores are not required. Students may enter in the spring or fall semester.
University of Illinois at Urbana-Champaign
Indiana University Bloomington
West Lafayette, Indiana
Students who are interested in information security can enter the interdisciplinary Ph.D. program in Information Security at Purdue University. The program is sponsored by the departments of communication and philosophy, College of Technology, and program in linguistics, which all have a master’s level major in information security. Applicants are required to have a strong computational background, but the admissions committee is flexible about undergraduate major. Applicants must also submit GRE scores. Another option for students interested in cybersecurity is to enter the regular Ph.D. in Computer Science program with an information security focus. Applicants should have a strong background in statistics, calculus, and linear algebra and should be able to program in an advanced language such as C++ or Java.
Iowa State University
Doctoral students at Iowa State University who are interested in cybersecurity have three options. They can focus on information assurance while pursuing a Ph.D. in Computer Engineering, Ph.D. in Computer Science, or Ph.D. in Math. At Iowa State, information assurance research is being conducted in areas such as artificial intelligence and data mining, cryptography, identity theft, intrusion detection, and cyber warfare. Students interested in any of these Ph.D. programs must apply through the home department. Applicants must submit transcripts of previous college work, GPA, a statement of purpose, and letters of recommendation. All three departments require applicants to submit GRE scores. Students may enter the math program in the fall only, the other programs admit students in the spring and fall semesters.
University of New Orleans
New Orleans, Louisiana
The University of New Orleans offers a Doctor of Philosophy in Engineering and Applied Science that allows students to concentrate in information assurance. The Ph.D. program is interdisciplinary and includes faculty members from the College of Engineering and the College of Science. This is a research-centered program and candidates are expected to perform advanced research in engineering or science. To earn the degree, candidates must complete at least 51 credits beyond a bachelor’s degree (up to 30 of those credits can come from a master’s degree program), and they must research and complete a dissertation. Applicants must have a master’s degree in engineering, computer science, math, or a related field. They will be admitted based on academic record, statement of purpose, GRE scores, and recommendations.
Northeastern University’s Ph.D. in Information Assurance is an interdisciplinary program that is presented by the College of Computer and Information Science, College of Engineering, and College of Social Sciences and Humanities. The curriculum combines technical classes with courses that focus on policy and social science aspects of cybersecurity. Students in the program have access to a wide variety of research opportunities. Applicants must have a bachelor’s degree or higher with a GPA of 3.0. Students without a technical background are accepted, but they may have to take prerequisite coursework. Applicants must submit a statement of purpose, three recommendations, and GRE scores. Students may only enter the program in the fall semester.
Worcester Polytechnic Institute
Doctoral students working on a Ph.D. in Computer Science or a Ph.D. in Electrical and Computer Engineering can take a cybersecurity focus at Worcester Polytechnic Institute. Students in the computer science program have access to well-equipped labs where they can take part in real-world research on cybersecurity conducted for agencies such as the U.S. Army. Engineering students also work with faculty in conducting research for federal and private organizations. Engineering students must have two minors and prepare a dissertation. Applicants for either program must submit transcripts from all colleges or universities attended, GRE scores, a statement of purpose, and three letters of recommendation. Students may enter either program in the fall or spring semester.
University of Minnesota-Twin Cities
The University of Minnesota has a concentration in computer and network security that is open to students working towards a Ph.D. in Computer Science. The Department of Computer Science and Engineering offers a variety of core courses in information assurance and other related courses doctoral students can take. To earn the Ph.D., students must complete 55 credits, including 31 course credits and 24 thesis credits. Applicants to the program must have a bachelor’s degree with a major in computer science or a closely related field. Applicants should have an undergraduate GPA of 3.45 or higher. Applicants are required to submit GRE scores. The program does not require students to attend class in the summer.
Mississippi State University
Mississippi State, Mississippi
The Department of Computer Science and Engineering at Mississippi State University has a Ph.D. program in computer science where students can concentrate in computer security, which is a major focus of research for the department. All doctoral students must complete a research dissertation. Doctoral students may be eligible for a teaching or research assistantship. Mississippi State allows students with a bachelor’s degree to apply for direct admission into the doctoral program. Applicants must submit GRE scores, three recommendations, transcripts from all colleges attended, and a statement of purpose. Students without a computer science background are required to take prerequisite courses before entering the program. Students may enter the program in the fall, spring, or summer semester.
University of Missouri-Columbia
The Department of Computer Science and IT at the University of Missouri offers a Ph.D. in Computer Science where students may focus on information assurance. To earn the Ph.D., students must complete all the requirements for a Master of Science in Computer Science or already have such a degree with a 3.0 GPA, pass a qualifying exam to be admitted to candidacy for the Ph.D. program, and earn at least 72 credits in coursework and research beyond their bachelor’s degree. Students must pass a comprehensive exam within five years of enrolling in the doctoral program. They must also complete a doctoral dissertation that they defend in an oral exam and have at least one paper published in a journal approved by an adviser.
Stevens Institute of Technology
Hoboken, New Jersey
Students seeking a Ph.D. in Computer Science from Stevens Institute of Technology can have a computer security focus. The program requires full-time, on-campus study and prepares students for a career in computer science research. All Ph.D. students are fully funded. To earn the degree, students must complete 84 graduate credits, and up to 30 credits from a master’s degree can be applied to the program. Students can earn up to 30 credits in coursework, and between 30 and 60 credits for research work. All candidates must complete a dissertation. Applicants must have at least a bachelor’s degree and must submit GRE or GMAT scores, transcripts, three recommendations, a personal statement of research experience and interest, and a resume.
Rochester Institute of Technology
Rochester, New York
The Rochester Institute of Technology offers a Ph.D. in Computing and Information Sciences that is a use-inspired basic research degree. The doctoral program requires students to complete at least 60 credits of graduate-level coursework, including credit for seminars and research. Students are required to take 18 credits of foundation and core elective courses, and they must also take a teaching skills course. All doctoral students must conduct original research and write and defend a dissertation. Applicants must have a bachelor’s degree, and must submit GRE scores, a statement of purpose, resume, and two recommendations. RIT does not specify an undergraduate major, but applicants must have at least a year of coursework in programming and computing, and classes in discrete math and probability and statistics.
University of North Carolina at Charlotte
Charlotte, North Carolina
The Department of Software and Information Systems at the University of North Carolina at Charlotte offers a Ph.D. in Computing and Information Systems with an SIS track. Applicants for this program must have a bachelor’s degree in a related field with a GPA of at least 3.0. Applicants must submit GRE or GMAT scores, an essay discussing their motivation and areas of research interest, and three letters of recommendation. Applicants must have college-level coursework in statistics, calculus, discrete math and linear algebra. To earn a Ph.D., students must complete at least 72 credits beyond bachelor’s level, including at least 18 credits of dissertation research. The program requires doctoral students to be in residency for at least two consecutive semesters after entering the program.
Carnegie Mellon University
Carnegie Mellon University has a Ph.D. program in electrical and computer engineering that focuses on the areas of mobility, security, wireless sensors, and networking. The program is offered in collaboration with Carnegie Mellon Silicon Valley, home to the Mobility Research Center, and students in this program can live in Silicon Valley while working on the degree. They can also take some courses on the main CMU campus in Pittsburgh. Current research areas at the Mobility Research Center include resilient networking, sensor platforms, and next-generation network architecture. Students may apply for spring or fall admission to the program. The program has a breath requirement and requires students to pass qualifying exams, perform a teaching internship, and prepare a thesis and defense.
University of Pittsburgh-Pittsburgh Campus
Students seeking a Ph.D. in Information Science from the University of Pittsburgh can specialize in computer and network security, which is one of the major areas of research for the faulty of the School of Computing and Information. Applicants must have a master’s degree with a GPA of 3.3 or higher. They must also submit an essay outlining their academic and professional goals. Applicants must have taken graduate-level courses in statistics or discrete math, cognitive psychology, systems analysis and design, data structures, and database management. GRE scores are required from all applicants. The doctoral degree requires students to complete 60 credits, including a research project and paper, comprehensive exam, and dissertation. The university offers doctoral students a variety of funding options.
The University of Tennessee
Sam Houston State University