Master of Science in Cybersecurity - Portland

Program Overview

The Master of Science in Cybersecurity explores key issues in information security and how technology can help resolve them. You’ll acquire hands-on tools for cybersecurity plus relevant knowledge in law, the social sciences, criminology, and management.

Northeastern’s Khoury College has been designated by National Security Agency and Department of Homeland Security as a Center of Academic Excellence in fields including information assurance research and cyber operations.

All Roux Institute programs provide content relevant to the urgent and emerging needs of industry in Maine and the rapidly evolving regional, national, and global economy. Opportunities for experiential learning will be concentrated in Portland, the state of Maine, and the Northeast region. Students are encouraged to pursue co-ops and special virtual Experiential Network projects with the institute’s founding corporate partners, a group of leading employers in Maine.

  • Portland


  • Full-Time


  • 2-3 years

    Duration of Program

Unique Features

  • Northeastern University has been designated by the National Security Agency and the U.S. Department of Homeland Security as a Center of Academic Excellence in Information Assurance/Cyber Defense, in IA Research, and in Cyber Operations
  • Earn real-world experience through the capstone project, or through numerous co-op opportunities
  • Join an alumni network who work at leading institutions such as Cigital, Akamai, MIT Lincoln Laboratory, MITRE, and Partners Healthcare

Program Objectives

  • Build core knowledge surrounding computer system security and network practices
  • Plan and implement security strategies to reduce risk and enhance protection of information assets and systems
  • Understand legal and ethical issues associated with information security, privacy, and digital rights
  • Enhance communication skills for effective interaction with corporate management on IA-related issues

Career Outlook

Ever-increasing cyberattacks against companies and governments are creating unprecedented risks and tremendous need for trained cybersecurity professionals. In fact, according to Burning Glass, a labor market analytics firm, cybersecurity positions rose 73 percent in the five-year period ending in 2012—3.5 times faster than postings for computer jobs as a whole. As a result of mounting risks, knowledge and experience requirements, and demand exceeding available talent, cybersecurity specialists command premium salaries. For example, the median pay for a cybersecurity analyst—ranked #17 in CNN/Money’s “Best Jobs in America”—is $95,700. Our MS Cybersecurity graduates have found career success at a range of companies and government organizations, including:

  • Cigital
  • EMC Corporation
  • IBM
  • Microsoft
  • MITRE Corporation
  • Raytheon
  • U.S. Army, Navy, and Air Force
  • U.S. Department of Justice
  • U.S. National Security Agency

Scholarships and aid



Estimated Total Tuition

This is an estimate based on the tuition rates for Academic Year 2020-2021 and does not include any fees or other expenses. Some courses and labs have tuition rates that may increase or decrease total tuition. Tuition and fees are subject to revision by the president and Board of Trustees at any time. For more detailed information, please visit Student Financial Services.

Generous scholarships

The Roux Institute is currently offering generous scholarships to meet the financial needs of all students through its Alfond Scholars Initiative. Each award is determined by an individual assessment. And Northeastern alumni receive a Double Husky Scholarship —a tuition discount of 25 percent.

Learn more about the Alfond Scholars Initiative

Corporate tuition benefits

Many employers subsidize education for their employees. Speak with yours about any tuition benefits your company may offer.

Special military scholarships

For military veterans and servicemembers, a limited number of donor-funded scholarships are available even after all other aid has been awarded to help with commuting costs, childcare, and other costs of living.

Learn more about military scholarships

Federal aid

You can apply for federal aid grants and loans through the Free Application for Federal Student Aid, or FAFSA.

Learn about the FAFSA

Admission Requirements

  • Online application and fee
  • Unofficial undergraduate/graduate transcripts; you can submit official transcripts from all colleges/universities attended at the time of admission
  • Statement of purpose that should include career goals and expected outcomes and benefits from the program
  • Recent professional resumé listing detailed position responsibilities
  • Three confidential letters of recommendation
  • Unofficial GRE General Test scores – NOT REQUIRED FOR FALL 2021 and SPRING 2022

Admission Dates

  • Deadline for domestic applicants: December 15, 2021
  • Deadline for international applicants: October 26, 2021

Program Curriculum

Core Requirements

Master of Science in Cybersecurity Core Requirements

Courses and their associated credit hours are listed below.


CY 5010 - Foundations of Information Assurance4.00
Presents an overview of basic principles and security concepts related to information systems, including operating system security, communications and network security, and software security. Introduces information security via concepts of confidentiality, integrity, and availability. Discusses ethical, legal, and privacy ramifications while reviewing various laws such as the Patriot Act, GLBA, and Global Data Privacy regulation. Covers security methods, controls, procedures, economics of cybercrime, criminal procedure, and forensics. Describes the use of cryptography as a tool, software development processes, and protection.Seeks to build a common cross-disciplinary understanding in the foundations of information assurance and cybersecurity.

Technical Track

Complete 8 semester hours from the following:

CY 5120 - Applied Cryptography4.00
Surveys the principles and the practices of cryptography. Overviews the core cryptographic algorithms: symmetric encryption schemes (e.g., DES and AES); public key cryptosystems (e.g., RSA and discrete logarithm); and hash functions (e.g., the SHA family). Discusses core information assurance building blocks, such as authentication, digital signatures, key management, and digital certificates. Finally, applies these concepts to important security architectures, including the IP network stack (e.g., IPsec and SSL/TLS), the cellular system, and broadcast media. Restricted to students in the College of Computer and Information Science and in the College of Engineering or by permission of instructor.
CY 5130 - Computer System Security4.00
Offers a practical overview of enterprise computer security, operating systems security, and related topics. Applies concepts such as authentication, access control, integrity, and audit to the modern operating system. Discusses and demonstrates system, process, memory, and file system-level defenses—and the attacks against them. Also discusses topics in data security and virtualization. Uses hands-on labs to reinforce skills and provide practical experience.
CY 5150 - Network Security Practices4.00
Explores issues involved in the security of computer networks. Topics include firewalls, viruses, virtual private networks, Internet security, and wireless security. Includes case studies and laboratory exercises. Restricted to students in the College of Computer and Information Science or by permission of instructor.
CY 5770 - Software Vulnerabilities and Security4.00
Seeks to help students to become aware of systems security issues and to gain a basic understanding of security. Presents the principal software and applications used in the Internet, discussing in detail the related vulnerabilities and how they are exploited. Also discusses programming vulnerabilities and how they are exploited. Examines protection and detection techniques. Includes a number of practical lab assignments as well as a discussion of current research in the field.
CY 6120 - Software Security Practices4.00
Explores the fundamentals of software security issues from a practical perspective. Takes a deeper dive into the low-level mechanisms used in a variety of most prevalent software security issues and discusses some of the industry best practices needed to address the issues. Offers students an opportunity to learn both an attacker’s and defender’s perspectives when it comes to software security issue exploitation, detection, and mitigation. Incorporates a number of practical C and assembly coding and lab assignments. Includes an overview of some of the state-of-the-art software security issue exploitation and mitigation techniques used in the field.
CY 6740 - Network Security4.00
Studies the theory and practice of computer security, focusing on the security aspects of multiuser systems and the Internet. Introduces cryptographic tools, such as encryption, key exchange, hashing, and digital signatures in terms of their applicability to maintaining network security. Discusses security protocols for mobile networks. Topics include firewalls, viruses, Trojan horses, password security, biometrics, VPNs, and Internet protocols such as SSL, IPSec, PGP, SNMP, and others.

Contextual Track

Complete 8 semester hours from the following:

CY 5200 - Security Risk Management and Assessment4.00
Creates the opportunity for competency in the development of information security policies and plans including controls for physical, software, and networks. Discusses different malicious attacks, such as viruses and Trojan horses, detection strategies, countermeasures, damage assessment, and control. Covers information system risk analysis and management, audits, and log files. Uses case studies, site visits, and works with commercial products.
CY 5210 - Information System Forensics4.00
Designed to allow students to explore the techniques used in computer forensic examinations. Examines computer hardware, physical and logical disk structure, and computer forensic techniques. Conducts hands-on experiences on DOS, Windows operating systems, Macintosh, Novell, and Unix/Linux platforms. Builds on basic computer skills and affords hands-on experience with the tools and techniques to investigate, seize, and analyze computer-based evidence using a variety of specialized forensic software in an IBM-PC environment.
CY 5240 - Cyberlaw: Privacy, Ethics, and Digital Rights4.00
Describes the legal and ethical issues associated with information security including access, use, and dissemination. Emphasizes legal infrastructure relating to information assurance, such as the Digital Millenium Copyright Act and Telecommunications Decency Act, and emerging technologies for management of digital rights. Examines the role of information security in various domains such as healthcare, scientific research, and personal communications such as email. Examines criminal activities such as computer fraud and abuse, desktop forgery, embezzlement, child pornography, computer trespass, and computer piracy.
CY 5250 - Decision Making for Critical Infrastructure4.00
Focuses on the art and science of security program management leadership in the context of critical infrastructure protection programs. Includes selected readings, review of decision-making models in crisis, lectures and insights from accomplished leaders in infrastructure protection, and examination of the students’ own unique background and experiences. Trains students on the interaction of vulnerabilities, threats, and countermeasures and how to apply this knowledge to the protection of critical infrastructure using research and analysis of national and global strategies, historical and current legislation, and policies. Also seeks to give students a working knowledge of federal, state, and private-sector critical infrastructure protection resources and programs.
CY 6200 - Special Topics in IT Security Governance, Risk, and Compliance1.00 - 4.00
Offers various topics in IT security governance, risk, and compliance. May be repeated for up to 8 total credits.
CY 6240 - Special Topics in Privacy Law1.00 - 4.00
Offers various topics in privacy law. May be repeated for up to 8 total credits


CY 7900 - Capstone Project4.00
Draws together candidates from diverse backgrounds (technical, legal, and/or law enforcement) in a collaborative activity to address one or more security issues from an integrated perspective. Requires a project proposal, generally industrially oriented, to be submitted and accepted prior to the semester in which the project is to be undertaken.


Complete 8 semester hours from the following*:

CS 5200 - Database Management Systems4.00
Introduces relational database management systems as a class of software systems. Prepares students to be sophisticated users of database management systems. Covers design theory, query language, and performance/tuning issues. Topics include relational algebra, SQL, stored procedures, user-defined functions, cursors, embedded SQL programs, client-server interfaces, entity-relationship diagrams, normalization, B-trees, concurrency, transactions, database security, constraints, object-relational DBMSs, and specialized engines such as spatial, text, XML conversion, and time series. Includes exercises using a commercial relational or object-relational database management system.
CS 5500 - Foundations of Software Engineering4.00
Covers the foundations of software engineering, including software development life cycle models (e.g., waterfall, spiral, agile); requirements analysis; user-centered design; software design principles and patterns; testing (functional testing, structural testing, testing strategies); code refactoring and debugging; software architecture and design; and integration and deployment. Includes a course project where some of the software engineering methods (from requirements analysis to testing) are applied in a team-based setting. Requires admission to MS program or completion of all transition courses.
CS 5600 - Computer Systems4.00
Studies the structure, components, design, implementation, and internal operation of computer systems, focusing mainly on the operating system level. Reviews computer hardware and architecture including the arithmetic and logic unit, and the control unit. Covers current operating system components and construction techniques including the memory and memory controller, I/O device management, device drivers, memory management, file system structures, and the user interface. Introduces distributed operating systems. Discusses issues arising from concurrency and distribution, such as scheduling of concurrent processes, interprocess communication and synchronization, resource sharing and allocation, and deadlock management and resolution. Includes examples from real operating systems. Exposes students to the system concepts through programming exercises. Requires admission to MS program or completion of all transition courses.
CS 5610 - Web Development4.00
Discusses Web development for sites that are dynamic, data driven, and interactive. Focuses on the software development issues of integrating multiple languages, assorted data technologies, and Web interaction. Considers ASP.NET, C#, HTTP, HTML, CSS, XML, XSLT, JavaScript, AJAX, RSS/Atom, SQL, and Web services. Each student must deploy individually designed Web experiments that illustrate the Web technologies and at least one major integrative Web site project. Students may work in teams with the permission of the instructor. Each student or team must also create extensive documentation of their goals, plans, design decisions, accomplishments, and user guidelines. All source files must be open and be automatically served by a sources server.
CS 5700 - Fundamentals of Computer Networking4.00
Studies network protocols, focusing on modeling and analysis, and architectures. Introduces modeling concepts, emphasizing queuing theory, including Little’s theorem, M/M/1, M/M/m, M/D/1, and M/G/1 queuing systems. Discusses performance evaluation of computer networks including performance metrics, evaluation tools and methodology, simulation techniques, and limitations. Presents the different harmonizing functions needed for communication and efficient operation of computer networks and discusses examples of Ethernet, FDDI, and wireless networks. Covers link layer protocols including HDLC, PPP, and SLIP; packet framing; spanning tree and learning bridges, error detection techniques, and automatic repeat request algorithms; sliding window and reliable/ordered services; and queuing disciplines including FQ and WFQ. Introduces flow control schemes, such as window flow control and leaky bucket rate control schemes, and discusses congestion control and fairness. Requires knowledge of probability theory.
CS 6710 - Wireless Network4.00
Covers both theoretical issues related to wireless networking and practical systems for both wireless data networks and cellular wireless telecommunication systems. Topics include fundamentals of radio communications, channel multiple access schemes, wireless local area networks, routing in multihop ad hoc wireless networks, mobile IP, and TCP improvements for wireless links, cellular telecommunication systems, and quality of service in the context of wireless networks. Requires a project that addresses some recent research issues in wireless and mobile networking.
CS 7580 - Special Topics in Software Engineering4.00
Offers various topics on software engineering. May be repeated up to two times.
CS 7805 - Complexity Theory4.00
Covers core topics in computational complexity, including NP-completeness, time and space complexity, polynomial hierarchy, circuit complexity, probabilistic computation, interactive proofs, and hardness of approximation. Moves to more advanced topics that may include lower bounds, pseudorandomness, cryptography, and communication complexity.
CY 5040 - Introduction to Cyberspace Programming 24.00
Offers students an opportunity to obtain a systematic understanding of cyberspace programming languages and methods. Trains students in Python, C, and assembly languages using command-line-interface-based editors and compilers; integrated development environments, with industry-standard operating systems running on virtual machines; and the implementation of programming principles and methods spanning the evolution of computer systems.
CY 5120 - Applied Cryptography4.00
Surveys the principles and the practices of cryptography. Overviews the core cryptographic algorithms: symmetric encryption schemes (e.g., DES and AES); public key cryptosystems (e.g., RSA and discrete logarithm); and hash functions (e.g., the SHA family). Discusses core information assurance building blocks, such as authentication, digital signatures, key management, and digital certificates. Finally, applies these concepts to important security architectures, including the IP network stack (e.g., IPsec and SSL/TLS), the cellular system, and broadcast media. Restricted to students in the College of Computer and Information Science and in the College of Engineering or by permission of instructor.


Choose one from the following:

CRIM 7200 - Criminology4.00
Provides an overview of the current understanding of the causes of crime from an interdisciplinary perspective. Focuses on the major theories of crime and causation developed over the past two hundred years. Emphasis is on integrating criminological theory and research, assessing the implications of this knowledge base for policies relating to crime control and prevention. Also presents and discusses the most current data regarding the nature and extent of crime in the United States.
CRIM 7202 - The Criminal Justice Process4.00
Introduces graduate students to the criminal justice process. Identifies important issues confronting the administration of justice. Offers an overview of the empirical research addressing these challenges. Through engagement with the course materials, exposes students to a variety of theories that explain the functioning of the justice system and predict its outcomes. Offers students an opportunity to identify and consider changes in institutional responses to crime and justice issues that have occurred over time and across cultural contexts.

Experiential Learning

Learning integrated with professional experience is a hallmark of Northeastern and the Roux Institute. Students gain a clear understanding of real-world industry needs in Portland, the state of Maine, and the Northeast—and valued workplace skills like communication and teamwork—through assignments at companies and nonprofit organizations. Students can complete a six-week virtual project relevant to their studies through the university’s Experiential Network (XN) of employers, or even for their own company. Or they can apply for four- and six-month, full-time co-op positions. All opportunities enable students to build their resumés, expand their professional networks, and chart a path to in-demand careers.

Contact us to explore your options.

Sometimes it helps to talk things through. Complete the form and our team will connect with you to discuss your questions and options.