A doctorate program in cyber security helps you to become one of the most highly qualified professionals in this field. You’ll be able to face ever more-complex cyber security challenges that are confronting businesses, financial and health institutions, and government agencies. A PhD prepares you to research some of the most difficult security problems now confronting the nation and the world. Once you graduate, you’ll be ready to work in either state, federal, or local government agencies; or you may choose to work for a private business.
Why Get a PhD or Doctorates?
Each field needs its researchers so that previously unknown information can be discovered, tested, and made public. A good program will combine a strong technical foundation, policies and perspectives in social sciences. Within the realm of research, you’ll be prepared to advance the state of the art in security matters, networks, and systems.
Excellent PhD programs are designated as National Centers of Academic Excellence in Information Assurance Research, Information Assurance/Cyber Defense, and Cyber Operations. This designation is provided by the DHS and NSA so that you know which programs provide government-approved certification.
Overview of Degrees Available
You’ll have a range of degree programs from which to choose. They all provide a solid technical foundation in computer science, exposing you to applied research in cyber security.
Expect a solid PhD program to take about three years to complete and for it to include research seminars that give you the opportunity to delve even more completely into the cyber security research field. If you are attending part-time, then you should be able to complete your program within seven years.
Some programs may put a stronger emphasis on technologies and techniques that are connected to specialized cyber security operations.
A PhD concentration is a closely related grouping of courses, which represents about one-third of a student’s major. These concentrations or “tracks” fall within a sub-specialization or emphasis. Students who plan to focus on this concentration can take the courses they need along with the courses they need to finish their PhD.
Cyber security concentrations focus on information security, minimizing cyber vulnerability, and hands-on research.
Concentrations within the Information Technology program may include Computer Systems and Network Administration, Cyber Security, and Web and Applications Development.
Individual universities and colleges offer their own concentrations, such as Security and Privacy, big data initiatives and cyber security, or a PhD in Computer Information Systems with a concentration in Information Security.
How Much Does a PhD in Cyber Security Cost?
Doctoral and PhD students should expect to pay more tuition for their degree programs. Because they are likely to spend more time in school, including working on their dissertations, this extended time will cause their school related costs to rise.
PhD students can expect to pay up to $3-4,000 per year. Of course, costs can be affected by many things including credits transferred from your master’s program, region, school, in-state vs. out-of-state costs, and more. At one school in the Southeastern US, doctoral students pay $1,185 per credit hour for their tuition. However, research and testing assistantships may help defray costs for some students, as will any grants or scholarships you receive.
PhD in Information Assurance (DIA)
If you’re looking to become a problem-solver in cyber security, the Doctorate in Information Assurance may be a good choice for you. You’ll focus on policy making, either as an analyst or consultant.
- Information Security Systems and Organizational Awareness
- Legal and Ethical Practices in Information Security
- Information Security and Organizational Change
- Business and Security Risk Analysis
- Certification and Accreditation
- Forensic Evaluation and Incident Response Management
- Strategic and Technological Trends in Information Security
- Research Topics in Information Security
- Research Topics in Information Security
- Designing Solutions to InfoSec Problems
- Research Foundations
- Research Foundations
- Qualitative and Quantitative Analysis
- Security Program and Implementation: Quantitative Application
- Legal and Ethical Management in Information Security: Qualitative Application
- Dissertation Proposal (IRB-Institutional Review Board)
- Final Dissertation Manuscript & Defense
PhD in Information Technology (IT), Cyber Security Emphasis
In this program, you’ll obtain advanced knowledge in information technology. You’ll also learn how to use the strategic leadership skills you need to guide organizations as they navigate critical IT-related challenges.
- Fundamentals of Information Systems
- Principles of Programming
- Systems Analysis and Design
- Operating System and Network Architecture
- Enterprise Data Design
- Enterprise Systems Architecture
- Applied Research Methods—Qualitative and Quantitative
- Quantitative Decision Making for Strategic Analysis
- Qualitative and Case Study Research for Strategic Analysis
- Seminar in Information Security
- Seminar in IT Systems, Software, and Management
- Seminar in Project Management
- Doctoral Study Mentoring
- Doctoral Study Completion (Students are continuously enrolled in this course for at least five 8-week terms until their doctoral studies are approved by the Chief Academic Officer)
PhD in Technology and Innovation Management
This research-based program helps to shape you into a leader who is able to step into a managerial position in both the public and private sectors. When you graduate, you will possess broad knowledge in technology management and business; you’ll also hold a good understanding within a specialization.
- Changing Times: Leading Technology & Innovation in the 21st Century
- Scholarly Communication for Technology Leaders
- Managing Risk, Security, and Privacy in Information Systems (Specialization Course)
- Computer Networks & Mobile Computing (Specialization Course)
- Databases and Business Intelligence (Specialization Course)
- Statistics with Technology Applications (Specialization Course)
- Technology Policy & Strategy (Specialization Course)
- Introduction to Research Design & Methodology for Technology leaders (Specialization Course)
Choose from one of the following for specialization course 6:
- Quantitative Research Design & Methodology for Technology Leaders
- Directed Quantitative Research
- Qualitative Research Design & Methodology for Technology Leaders
- Directed Qualitative Research
- Constructive Research Design & Methodology for Technology Leaders
- Directed Constructive Research
- Pre-Candidacy Prospectus
- Components of the Dissertation
- The Dissertation Proposal
- Institutional Review Board (IRB) and Data Collection
- The Dissertation Manuscript and Defense
PhD in Computer Science
PhD students in the computer science program will work with top researchers as they learn about advancing state-of-the-art distributed systems, human computer interaction, AI, theoretical computer science, and computer graphics. Before entering this program, each student should already have a strong background in their field as they prepare for a teaching or research career.
PhD in Computer Engineering
Post-bachelor’s and post-master’s students have the opportunity to study in a wide range of areas. These disciplines may overlap with others within the College of Engineering.
Computer Engineering PhD students will have both empirical and theoretical studies in an area identified by their career interests. Students are also encouraged to collaborate externally with both industry and government laboratories.
PhD programs are created for students with a strong technical background, though some cater to students whose backgrounds are in a non-technical area. All students must commit themselves to working in an interdisciplinary environment as they work toward their PhD.
Prior to admission, students should have a minimum GPA of 3.0. If they don’t have the technical knowledge they need, they may be required to take courses such as Fundamentals of Information Assurance, Network and Systems, and Fundamentals of Computer Engineering.
Traditional - Online - and Hybrid Programs
Each class format has its own characteristics, advantages, and disadvantages. Online classes take place solely online. You are not required to commute to a physical campus to attend classes or take exams. If you are taking classes online, you can often choose when to access each class session, though some classes require you to be online at a specific time to be “present” for class. You’ll communicate with fellow students using discussion boards, forums, and chat rooms.
Hybrid courses are a blending of the online format and the on-campus format. You’ll take some classes online and combine these with other classes that you attend on-campus. Or, you may do most of your work from a personal computer but be required to show up for specific on-campus events, lectures, or networking opportunities.
Doctorate Sample Curriculum and Courses
Here is a realistic sample course schedule for a PhD student:
- Fundamentals of Computer Networking
You’ll study network protocols, modeling, analysis, and architectures as well as modeling concepts, queuing theory, and Little’s theorem. The class will also cover performance evaluation of computer networks, performance metrics, evaluation tools, and methodology.
- Information Security Risk Management
You’ll gain knowledge in how policies and procedures for information security are developed, including safety contingencies for networks and physical software. You’ll also learn about various malicious attacks (Trojan horses and computer viruses), methods of detecting cyberattacks, and ways to assess damage, plus steps to control such attacks.
- Cryptography and Communications Security
This course will teach you how new cryptography systems are designed and how cyber security specialists use them. You’ll cover what applications use these systems, such as e-commerce, talk about how cryptography systems were developed, and discuss the mathematical theories behind these systems, their design, and any vulnerabilities they may have. The course may also teach you how cryptographic systems can be broken into and discuss varieties of stream cyphers (block, shift register sequences, discrete logarithms, and public-key systems).
- Software Vulnerabilities and Security
In this course, you will gain awareness of the various issues in systems security and then develop knowledge of security overall. You’ll also learn about the principal types of software and associated applications used on the internet, talk about similar vulnerabilities, and how hackers exploit them.
- Cyberlaw: Privacy, Ethics and Digital Rights
This course discusses all ethical and legal issues that are attached to information security including system access; the use and dissemination of such systems. The emphasis is on laws that cover the protection of information: the Digital Millennium Copyright Act (DMCA) and the Telecommunications Decency Act. You’ll learn about new technologies that help organizations manage digital rights.
- Applied Probability and Stochastic Processes
Here, you’ll learn about the basics of probability and stochastic processes, discuss those applications that are connected to estimation and queuing theory, talk about the foundational rules of conditioning, probability and Bayes rule, and discuss random variables and their functions.
- Foundations of Formal Methods and Software Analysis
This will cover foundational math (first-order logic), as well as measure theory. You’ll learn formal methods in detail, discuss the current state-of-the-art practices in semantics of probabilistic, hybrid systems, and verification.
- Software Security Practices
Here, you’ll learn the basics and methodologies that help you to focus on software security risk issues confronted by organizations and develop new software solutions to address them. You’ll also learn about the information assurance requirements, U.S. and international laws, federal systems guidelines, best practices in industry, and directives and guidelines.
- Information Retrieval
This is the first course in information retrieval systems, as well as the approaches to information retrieval. You’ll learn the evaluation processes of information retrieval systems, language and inducing models, and retrieval, go into file organization, relevant feedback, and compression. You’ll also discuss metasearch and clustering distributed retrieval.
- Fundamentals of Computer Engineering
Here, you’ll learn about the foundational techniques in computer engineering utilized in the graduate curriculum, familiarize yourself with basic programming and analysis methods, and discuss the creation and solution of a diverse range of computer engineering issues.
- Information Theory
This course will teach you about the basics of entropy and mutual information, cover Shannon’s fundamental theorems about data compression and transmission by single users, covering lemmas and binning, rate distortion theory, Slepian-Wolf coding of correlated information sources, and feedback in one-way channels.
- Testing and Design for Testability
This course discusses theoretical and practical aspects of digital systems testing, talks about the makeup of easily testable circuits, defect and fault models, testing measures and costs, developing tests for combinational and sequential circuits, and functional and parametric test methods.
Here, you’ll go over mandatory readings under the supervision of a member of faculty. Another session of reading/research may end with a comprehensive examination.
- Dissertation / Dissertation Defense
- Department of Defense Information Assurance Scholarship Program
Doctoral students are encouraged to apply for a full-ride scholarship and a $30,000 stipend in order to focus on concentrated studies in cyber security. If you are chosen for this program, you will receive a full scholarship.
- Cyber Security Policy Fellowship
Amount: $179/Credit Hour
This fellowship requires students to be employed by a private company, as well as being enrolled in a Master’s or Doctorate cyber security degree program. The fellowship was established by the University of Fairfax (VA) to help support research intended to advance ongoing cyber security policy development. Pays $179/credit hour. No stated deadline.
- Cyber Security Crisis Fellowship
Amount: $250/Credit Hour - $4,500/Year
This funding is available for cyber security students beginning in 2019. Students must be enrolled in any cyber security degree program (bachelors through doctorate) or the MBA program. Fellowship is renewable throughout calendar year 2019 for students who are continuously enrolled, up to $1,500/semester and $4,500/year. No stated deadline.
The Bureau of Labor Statistics (BLS) states that the employment of information security analysts is expected to grow 32% between 2018 and 2028, which is much faster than the average of all other US occupations. Because of the increasing frequency of cyberattacks, the demand for analysts is expected to be very high.
Computer scientists will be needed in cyber security positions due to the threat of cyberattacks. The demand for information security analysts, computer scientists, and information technology occupations will be in higher demand due to the increasing use of cloud computing and collection and storage of big data.
Jobs/Salaries for PhD Holders
- Information Security Manager
Average Annual Salary: $112,900
Late-Career Average Annual Salary: $123,600
An information security manager oversees the maintenance of security protocols across an entire organization. They are responsible for developing strategies to help increase network and internet security which may be related to various projects.
- Director, Computing/Networking/Information Technology (IT) Security
Average annual salary: $132,500
Late-Career Average Salary: $146,800
A director of information security for an organization that uses computers, the internet, and possibly an intranet will usually head a dedicated information technology department. The director in charge of this department is responsible for maintaining the integrity and security of the online assets of the company. They establish and maintain policies and procedures that relate to the interdepartmental communications.