We fuel leaders with the knowledge, network and cross-industry expertise to address complex global and industry-specific challenges.

You need broad vision and ability to innovate to address complex global and industry-specific cybersecurity challenges. Brown’s rigorous curriculum, world-class faculty and dynamic, diverse community create a unique learning experience designed to break down silos and integrate a diversity of perspectives to bring new ideas forward.

The Master of Science (ScM) in Cybersecurity offers a comprehensive and timely curriculum that prepares students with the conceptual framework and readiness to respond to cybersecurity's most pressing challenges. Outstanding faculty from the Department of Computer Science, the Watson Institute for International and Public Affairs and other university departments as well as highly accomplished practitioners bring diverse perspectives and expertise to the program.

With this program, students:

  1. Broaden their understanding of cybersecurity and privacy through comprehensive consideration of technology and policy, including economic, human, legal, organizational, and socio-political factors
  2. Address privacy and personal data protection concerns
  3. Discuss issues such as cyber intelligence and internet governance
  4. Develop a principled, forward-looking framework to protect organizations against cyber threats
  5. Understand the security and privacy implications of emerging technologies, such as big data, cloud computing, mobile computing, social networks, and the internet of things
  6. Gain proficiency in identifying vulnerabilities, anticipating attacks, using monitoring tools, and developing defensive strategies
  7. Build organizational resilience, and crisis management and response capabilities
  8. Develop a viable, actionable solution to an individual, work-related critical challenge
  9. Experience hands-on demonstrations of cyber vulnerabilities, attacks, and defenses for a concrete and direct understanding of the technological, human, and policy challenges in this field

"Although I expected and received world-class instruction and engagement from faculty and support staff, I wasn’t expecting the cohort to be both cohesive and stimulating. I am grateful to have made many lifelong friends in this program."

Ray Cotton, Class of 2018 VP, and Chief Operating Officer (COO) - I.T. Infrastructure, Risk, and Cybersecurity at Wells Fargo


Lead Instructor: Roberto Tamassia

This course covers selected advanced topics in computer security, and expands on some of the topics introduced in previous courses. Advanced security topics are introduced through real-life examples that are relevant to today’s organizations, from small business to global enterprises. The teaching style puts emphasis on independent learning activities for groups and individuals that are relevant to the students’ background.

Topics explored by the students upon completion of the course include: multifactor authentication frameworks and systems; mobile operating systems and apps security; malware detection and intrusion detection; security and privacy in cloud computing and storage; security, privacy, and fairness in machine learning; blockchain technologies and cryptocurrencies; certification, auditing, penetration testing, and stress testing; and physical security and internet-of-things.

Lead Instructor: Anna Lysyanskaya
Instructor: Roberto Tamassia

This course teaches the fundamentals of cryptography. In particular, we will go over the concepts of provable security and study basic cryptographic topics such as encryption, digital signature schemes, zero-knowledge proofs and differential privacy. We will explore a broad range of cryptographic applications, such as protecting the privacy of data, securing communications, cryptographic access control, cryptographic currencies and privacy-preserving technologies. After taking this class, students will be well-versed in past and present cryptography (that is, technologies and tools that are used today) as well as the future of cryptography (that is, technologies and tools that are possible today and likely to enter the marketplace in the future). The teaching style emphasizes the use of the right cryptographic tools to solve security and privacy challenges, and pitfalls that may arise in deploying cryptographic methods in real-life systems. Projects address applications of cryptography to application domains familiar to the students.

Lead Instructor: Tim Edgar

This course covers a variety of cybersecurity law and policy issues. Topics range from private sector information sharing and critical infrastructure protection to cyber crime, internet governance, and international law as it might apply in a cyber conflict. How can we address problems of network and computer insecurity effectively across organizational, national and international boundaries while upholding civil liberties and other fundamental values? The course serves as a case study in how governance structures affect cybersecurity decision making. Students will participate in scenarios in which they will consider cybersecurity policy issues from a variety of perspectives. From the corporate boardroom to the White House Situation Room, students will learn to bridge the law, policy and technology divide.

Lead Instructor: Shriram Krishnamurthi
Instructor: Ernesto Zaldivar

Instructor: Tim Nelson

Security is not solely, or sometimes even primarily, a technical problem; rather, the human aspects are at least as important, especially the ways they interact with the technologies. This course will communicate this point from many perspectives, ranging from behavioral issues to software construction topics to user interfaces and more. Students will emerge with a richer understanding of the strengths and weaknesses of human agents and their interaction with software systems, and thus how they are central to both the occurrence of and of solutions to cybersecurity problems. Projects include case studies on security as it relates to: business workflows, trade-offs with usability, system configuration, and the detection of insider threats.

Lead Instructor: Bernardo Palazzi
Instructor: Patrick Laverty

This course provides a broad introduction to privacy and security issues for computers, mobile devices, and networks. The course also covers principles and skills useful for making informed security decisions and for understanding how security interacts with the world around it. Topics include cryptography, access control, operating systems security, and web and network security. The course aims to balance theory and practice, and focuses on providing live demos and hands-on experience in dealing with current security threats and available countermeasures.

On completion of this course, students will understand security threats to organizations and individuals. Further, they will acquire the right mindset to manage the cybersecurity tradeoffs required to improve the security in their companies and in their digital lives in a sustainable way. Throughout this course, students collaborate on assignments and on peer review as they explore practical applications.

Lead Instructor: Bernardo Palazzi

This course analyzes the practical challenges facing executives of business organizations in managing information technology systems and cyber risks. It focuses on the costs and tradeoffs that are involved in all security and privacy decisions. The teaching style is based on role modeling and students are coached on how to develop operational skills and apply their security background to strategic planning and day-to-day decision making. Projects aim at increasing the students’ confidence about the security decisions they make and at deepening their understanding of globally-accepted security best practices and heuristics.

Lead Instructors: Deborah Hurley, Linn Freedman

Students will learn about and gain practical experience with: the development of modern privacy law around the world; the current US legal and regulatory framework, including protection of personal health, financial, educational, workplace, and other personal data; protection of personal data and privacy around the world, including the European Union General Data Protection Regulation; the relevant institutions, such as the Federal Trade Commission and the Data Protection Authorities; personal data breaches; the privacy and autonomy of the individual in relation to the state, as well as corporations; standards; Privacy by Design; and emerging privacy and data protection issues arising from technological developments, such as drones and driver-less cars.

Upon completion of this course, students will be able: to identify privacy and data protection issues; to apply an analytical framework, based on thorough training, to assess and resolve privacy issues; to communicate effectively about privacy and data protection issues, measures, and solutions to all relevant constituencies, including customers, end users, suppliers, vendors, administrative and regulatory authorities, colleagues, and superiors; and to protect personal data and privacy in a global, robust, sustainable manner.

Lead Instructor: Alan Usas
Critical Challenge Project Advisors: All EMCS Faculty

The Critical Challenge Project (CCP) is central to the Executive Master in Cybersecurity. The project identifies a critical cybersecurity challenge for an organization, drawing from the student’s own work experience. Under the direction of a faculty member, the student analyzes this critical challenge from multiple perspectives and develops a comprehensive plan for addressing it. The CCP draws upon the knowledge and skills gained by the student from each of the EMCS courses, with particular emphasis on integrating technology, policy, and human factor aspects, considering ethical implications, and developing innovative, transformative, and viable solutions. The CCP is expected to be relevant to the student in terms of background, interests, current job, and future aspirations. Also, it should have practical applicability to the field of cybersecurity and take into account multiple stakeholders, such as consumers, developers, policymakers, and government and industry executives.

Program Structure

Brown’s cybersecurity master’s degree is designed to be completed in 16 months, spread over four consecutive academic terms. The program blends residential and online learning, allowing participants to work full time and to apply new knowledge and skills immediately in their work settings. Students who successfully complete the program are awarded a master’s degree from Brown University. Visit the Program Schedule page for more information and details.

Program Schedule Details

The chart below illustrates a student’s academic progression through the program. After completion of the second term courses, students register to complete the required Critical Challenge Project during the summer or final term.

Fall Term

Courses 1 and 2
12 weeks of Online Instruction
1 week in Residence
1 week of Post-Work
Ends in late December

Winter Break

Approximately 1 month

Spring Term

Courses 3 and 4
10 weeks of Online Instruction
1 week in Residence
2 weeks of Post-Work
Ends in late May

Summer Break Approximately 1 month
Summer Term

Course 5
4 weeks of Online Instruction
1 week in Residence
2 weeks of Post-Work
Ends in late August

Fall Term

Courses 6 and 7
10 weeks of Online Instruction
1 week in Residence
2 weeks of Post-Work
Ends in late December