"There are a variety of careers within this field that you can pursue after earning an M.S. in
Cyber and Information Security. Click here to learn more"
3. Cybersecurity is a field that is accelerating rapidly. As more
and more cybersecurity attacks occur, the demand for
professionals adept in preventing and protecting against
these attacks rises.
Cybersecurity professionals protect data, information, digital assets, and more from cyberattacks.
These professionals develop and implement the tools needed to save data from families,
organizations, communities, and governments safe.
With a Master of Science in Cyber and Information Security, you enter a thriving career field with
the right skills and theoretical knowledge to set you apart.
Expected Career Growth Trajectory 2021–31
35%+
Cybersecurity Job Openings
755,000+
Average Base Salary for M.S. Cybersecurity Graduates
$93,000
Total Employed Cybersecurity Workforce
1,112,410
4. Careers in Cybersecurity
There is no shortage of career opportunities or jobs available for M.S. Cyber and Information
Security graduates. Cybersecurity professionals work in almost every field and sector - both public
and private – including: banking, government, healthcare, technology, insurance, education, and
more. There are a variety of careers within this field that you can pursue after earning an M.S. in
Cyber and Information Security.
Entry-Level
• Cyber Crime Analyst
• Cybersecurity Specialist
• Incident & Intrusion Analyst
• IT Auditor
Mid-Level
• Cybersecurity Analyst
• Cybersecurity Consultant
• Penetration and
Vulnerability Tester
Advanced-Level
• Chief Information Security
Officer (CISO)
• (Cyber) Security Architect
• (Cyber) Security Engineer
5. Building a Career in Cybersecurity
To build a strong career in cybersecurity, there are several skills—both technical and soft—that
you’ll need to succeed. A base knowledge of programming and networking is essential. You
can demonstrate this knowledge through transfer coursework, undergraduate studies, work
experience, or industry certifications. If you don’t have a background knowledge in programming
and networking, St. John’s offers conditional admission where candidates can make up for these
deficiencies by taking undergraduate, graduate, or other comparable courses. Candidates may also
meet this requirement with certifications, bootcamps, or online certificates—given the content is
equivalent to approximately 40 hours coursework on similar topics.
Besides programming and networking, there are other skills areas you need to consider when
pursuing a career in cybersecurity:
Secure Coding and Secure Software Development Lifecycle (sSDL)
Secure software and secure scripting design knowledge helps you understand how software
and applications are created—as well as how cyber attackers can exploit them. Additional
languages such as Python, Powershell, Bash, Shell, SQL, C, C++, Java, Perl, KQL, Ruby,
Kotlin, and Javascript make you a more desirable employee after graduation.
Building and Deploying Secure Applications
By understanding how software and applications are built, configured, maintained, and
exploited, you are better prepared to test and remediate vulnerabilities during the secure
Software Development Life Cycle (SDLC).
Architecting, Deploying, and Managing Secure Systems
Operating and embedded systems are critical for cybersecurity professionals to understand.
By learning the unique aspects of desktop, embedded, and mobile systems, you can apply
what you learn across multiple systems.
6. Prerequisite Course Options
CUS 620 Programming I NET 510 Networks: Forms and Functions
This course focuses on programming
fundamentals, including problem solving
and algorithms. The focus is on designing
and implementing programs in the Python
programming language. Programming concepts
such as data types, control structures, functions,
recursion, and text manipulation are covered.
The course then continues to topics such as data
structures, classes, and algorithm analysis.
This course covers network standards and
concepts of network standards and concepts,
topology, and terminology, including LANs,
WANs, the OSI model, cabling, IP addressing,
networking hardware, and the LAN protocols. It
also covers an introduction to switched networks,
VLANS, routing concepts, access control lists,
OSI standard protocols, and IP addressing.
Cybersecurity professionals also require attention to detail and critical thinking skills. You need to be able to
prioritize complex situations and determine possible paths to address potential security risks.
Emerging Trends in Cybersecurity
Cybersecurity is a field that is always changing. With each new technology and development, the
needs and requirements evolve. With an advanced degree in cybersecurity from St. John’s, you stay
on top of the ever-changing aspects of the laws and regulations affecting the industry, as well as
cybersecurity evolutions and technology innovations.
Mobile and Cloud Computing
Cybersecurity focusing on mobile and cloud computing is dedicated to security and
protecting these cloud computing systems. Mobile and cloud security professionals keep data
private and safe across a number of online-based applications, mobile operations systems,
and infrastructures.
7.
Digital Forensics and Risk Management
Digital forensics focuses on cyber crime once it has occurred. They work to recover data
with legal compliance and identify the responsible party. Managing risk occurs at all phases
of the secure software/system development lifecycle (i.e. from architecting a system, through
responding to incidents, until the timeframe a system is decommissioned.)
Machine Learning and Artificial Intelligence
As the number of challenges facing cybersecurity professionals grow, machine learning can be
leveraged to scale security solutions and detect attacks in advance.
St. John’s University and The Lesley H. and
William L. Collins College of Professional
Studies provides faculty and students with
groundbreaking research opportunities
in many disciplines and interdisciplinary
domains related to cybersecurity. The annual
St. John’s University Student Research
Conference provides visibility into some of
the research undertaken by students at the
University.
8. The Impact of Cybersecurity
Imagine a world where all of your data—your personal, private, and sensitive data—was available
to anyone. No protection. No coverage. Now imagine that tenfold. Thousands of users’ data out
there for anyone to see.
That’s a world without cybersecurity. Cybersecurity protects all types of data against theft and
deletion. It also keeps digital services and applications running. Without cybersecurity, many of
your favorite apps and websites would be nearly impossible to run.
As more of our world becomes interconnected through the IoT (Internet of Things), developing
strong cybersecurity is more crucial than ever. Everything can be connected digitally, from lights to
washing machines to cars and more. If cyber attackers get hold of that data and the devices using
it, the implications are dire.
Take a look at cybersecurity even just decades ago—a virus could be placed on a floppy disk and
replicated. Now, the attacks are more elaborate and complex so the methods to stop them must
evolve accordingly. By applying rapidly evolving technologies such as artificial intelligence, machine
learning, and behavioral detection, cybersecurity professionals can work to stop attacks before they
start or put an end to them in minutes.
of organizations worldwide
expected to have attacks on
their software supply chains
by 2025
45%
Reduction in financial
impact of individual security
incidents by an organization
adopting cybersecurity mesh
90%
of corporate Board
members classify
cybersecurity as a
business risk
88%
9. Technology Innovations in Cybersecurity
The Internet Crime Complaint Center (IC3) has averaged 652,000 complaints per year over the last
five years. It’s likely you have been one of those 3.26 million complaints when you have received
an alert of a compromised password or account. The attack surface available to hackers continues
to expand as we create more data. Being able to quickly analyze data in order to minimize risk is
becoming an increasingly impossible task—but the situation is expected to improve with the help
of emerging technologies such as Artificial Intelligence (AI).
AI technology can quickly analyze millions of events happening at any given time and quickly
identify the likelihood of an attack. And since these technologies learn more over time, they are
able to adapt to new attack techniques to quickly detect possible cybersecurity risks by assessing
normal behavior and discover outliers that are indicators of an attack.
There are potential concerns with becoming so reliant on AI, however. This reliance may lead
to a false sense of security, causing cybersecurity professionals to overlook potential concerns.
Additionally, since so many of these assessments the AI is completing are done without human
oversight, it may not be able to fully assess all the potential risks as a human being.
There is also the possibility that AI is misused and there are a number of ethical considerations
with implementing this technology. AI is only as good as the data it receives, so it can learn to
showcase bias or cause harm when used by people with malicious intentions.
The importance of ethical cybersecurity practices becomes paramount as technology advances. St.
John’s University embraces these ethical considerations and promotes their importance throughout
our curriculum.
Global artificial intelligence
(AI) in cybersecurity market
size evaluation in 2022
17.4B
Expected compound growth
rate of AI cybersecurity
technologies through 2027
23.6%
organizations spending
more on AI and machine
learning for cybersecurity
71%
10. Cybersecurity Laws and Regulations
Legislation around cybersecurity has struggled to keep pace with the
continuing evolutions of cyberattacks. However, as the focus on digital
security grows, more countries and regions are adapting new and
updated cybersecurity regulations to try and protect businesses, people,
and their data.
In the US, cybersecurity laws and regulations provide a framework
for businesses and organizations on how to protect and secure
their systems and networks. These regulations also ensure there’s a
framework for holding businesses and entities accountable if they fail
to protect the data they house—as well as giving victims some type
of legal recourse if they are victim to cyber crime. There are several
federal level entities that play a role in cybersecurity regulation.
• Department of Homeland Security (DHS)—protects the critical
infrastructure of the United States such as power grids and financial
systems
• Federal Bureau of Investigation (FBI)—FBI’s Cyber Division
investigates cybercrime and espionage and partners with federal,
state, and local authorities in these investigations as necessary
Experts report the
global existence
of approximately
1.35 million tech
startups with the
expected number
of smart devices
collecting, analyzing,
and sharing data
reaching 50 billion
by 2030, furthered by
500+ billion devices
connected to the
internet. Overall, the
world is projected to
produce 463 exabytes
of data by 2025 with
more than 5 billion
people connected
to the internet. This
rapid growth of
technology innovation
appears to outpace
the international
privacy and security
regulations.
11. • Cybersecurity and Infrastructure Security Agency (CISA)—a subset of the DHS that protects US
critical infrastructure and provides technical assistance and guidance to organizations to identify
and mitigate potential threats
• National Institute of Standards and Technology (NIST)—conducts research and provides
industry-standard measurements and reference materials to ensure accuracy and reliability of
measurements
• Government Accountability Office (GAO)—conducts audits and investigations of federal agencies
to assess compliance with cybersecurity regulations and operation efficiency
At St. John’s University, understanding these ever-changing regulations and entities at play is a
core part of our curriculum. One of the main courses in the M.S. degree program in Cyber and
Information Security is Cybersecurity Laws, Regulations, and Best Practices, which introduces these
entities and how they interact and inform cybersecurity work.
Pursuing an Advanced Degree in Cyber
and Information Security
While not necessarily required to enter the field of cybersecurity, an advanced degree prepares
you for the complex and evolving world of cybersecurity. For an increasing number of jobs,
an advanced degree may even be a requirement. Aside from the requirements, by enrolling in a
master's degree program, you are exposed to a variety of topics in the information security and
cyber security sector and get hands-on experience using data.
Cybersecurity and information security are specialized fields, but there is a skills gap where
not enough qualified people are able to find the right positions. In fact, 95 percent of cyber
professionals believe the skills shortage has not improved over the past years and 44 percent believe
it has gotten worse.
With an advanced degree, you master the skills that you need to succeed in the cybersecurity
industry. Additionally, you develop a network of professionals and make yourself a more desirable
employee—especially for the specialty roles that are difficult to fill.
St. John’s University leads the way in innovation in this field by staying ahead of the emerging
trends and incorporating these trends into our curriculum. Our faculty and students are involved in
some of the most cutting-edge research and featured in prominent publications worldwide.
12. • “United States and Territories 3rd-Party COVID-19 mHealth Contact Tracing: What are Security
and Privacy Risks. International Journal of Internet of Things and Cyber-Assurance”—
International Journal of Information Technology, Control and Automation 2023 | Dr. Schmeelk,
Shannon Roth, Julia Rooney, Mughees Tariq, Khalil Wood, John Kamen, Prof. Denise Dragos
• “Personalized Outsourced Privacy-Preserving Database Updates for Crowd-Sensed Dynamic
Spectrum Access”—IEEE MELECON22 interdisciplinary international flagship conference | Dr.
Erald Troja, Dr. Nikhil Yadav, student Laura M. Truong '22 CCPS
• “MobSF: Mobile Health Care Android Applications Through The Lens of Open Source Static
Analysis”—2020 IEEE MIT Undergraduate Research Technology Conference (URTC) | G.
LaMalva and S. Schmeelk
• “Machine Learning Architecture for Signature-Based IoT Intrusion Detection in Smart Energy
Grids”—IEEE MELECON22 interdisciplinary international flagship conference | Dr. Yadav, Dr.
Troja, and student Laura M. Truong '22 CCPS
• “Personalized Outsourced Privacy-Preserving Database Updates for Crowd-Sensed Dynamic
Spectrum Access”—IEEE MELECON22 interdisciplinary international flagship conference | Dr.
Erald Troja, Dr. Nikhil Yadav, student Laura M. Truong '22 CCPS
• “Python Cryptographic Secure Scripting Concerns: A Study of Three Vulnerabilities”—Advances
in Information and Communication. FICC 2023 | LaMalva, G., Schmeelk, S., Dinesh, D.
• “Ambient Intelligence Security Checks: Identifying Integrity Vulnerabilities in Industry
Scripts”—Intelligent Systems and Applications. IntelliSys 2022 | Dr. Schmeelk, Shannon Roth,
Julia Rooney, Mughees Tariq, Khalil Wood, John Kamen, Prof. Denise Dragos
• “Locating the Perpetrator: Industry Perspectives of Cellebrite Education and Roles of GIS Data
in Cybersecurity and Digital Forensics”—Intelligent Computing. Lecture Notes in Networks and
Systems, 2021
• “Defending android applications availability”—IEEE 28th Annual Software Technology
Conference (2017) | Dr. Schmeelk and Dr. Aho
• “Android Malware Static Analysis Techniques”—Proceedings of the 10th Annual Cyber and
Information Security Research Conference (CISR '15) | Dr. Schmeelk and Dr. Aho
St. John's Cyber and Information Security
Research
Exciting cybersecurity research is transpiring at St. John’s University. Below are some highlights of
previous published research.
13. St. John’s Cyber and Information Security,
Master of Science
Specializations and Electives Offered
from St. John’s University
St. John’s innovative approach to cybersecurity and information security curriculum adapts to
every student including their industry, field of interest, and unique needs. Even if you do not
have a dedicated background in cybersecurity or IT, you can still pursue a master's degree in this
growing field. St. John’s offers conditional acceptance upon completion of two prerequisite courses:
CUS 620 Programming I and NET 510 Networks: Forms and Functions. Students in these courses
benefit from learning from our esteemed faculty who are on the cutting-edge of research and
technologies. Additionally, they establish a close relationship with each student to act as a mentor
on their journey.
The expansive curriculum covers a number of industries, fields, and technologies needed for a
successful career in cybersecurity. The M.S. degree program requires all students to complete 30
credits according to the following degree requirement: core courses (12 credits), specialization (9
credits), elective course (3 credits), option of either capstone with additional elective (6 credits) or
thesis (6 credits).
Students can specialize in the following areas with the
associated required courses:
Cyber Security Data and Analytics IT Enterprise
• CYB 711: Intrusion
Detection and Analysis
• CYB 715: Penetration
Testing and Ethical
Hacking
• DFR 711: Cyber-Forensic
and Malware Analysis
• CUS 510: Database
System Design and Data
Warehousing
• CUS 680: Distributed Big
Data Analytics
• CUS 610: Data Mining
and Predictive Modeling
• IT 711: Enterprise
Architecture and IT
Governance
• IT 715: System Analysis and
Process Re-engineering
• IT 721: IT Project
Management and Agile
Methodologies