The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Infosec Graduate Program

Page Content

Getting Your Degree

There are currently 5 different approaches to graduate study in InfoSec here:

  1. The interdisciplinary graduate specialization, both Masters’ and Ph. D
  2. A standard Masters degree in one of the involved departments, with a focus on infosec topics
  3. A PhD course of study in one of the involved departments, with a dissertation topic in infosec
  4. CNIT AOS in Cyber Forensics
  5. The CS Professional Masters in Cyber Security (ISCP) in CS

Note that if you are considering grad school at Purdue and want a tour, there are complementary tours available.

Admission requirements for the various graduate programs are available at this page.

image

Interdisciplinary Graduate Program in Information Security (INSC)

Program Head: Eugene H. Spafford
Graduate Administrator: advising@cerias.purdue.edu

About the Program

The overall space of information security/cybersecurity challenges is not confined to one traditional topic area such as computer science but encompasses issues of (at least) software, hardware, policy, education, finance, psychology, ethics, communication, and linguistics. Students graduating from the Interdisciplinary Information Security (INSC) program are well-prepared for a career in cybersecurity, information security, cybercrime investigation, privacy protection, security policy, or related topics. This degree program is structured around a central core of classes that give students a fundamental grounding in basic issues of cybersecurity and encryption, network security, and related topics; in technology policy issues; and in information ethics. Thereafter, students pick courses, in consultation with their advisors, to specialize in a subarea of the field, such as cyber forensics or incident response. They also select complementary courses in related fields to broaden their understanding of related topics (e.g., homeland security policy or general forensic science). A Masters thesis or Ph.D. dissertation is required, showing that the student understands how to apply the course material to a real problem and then communicate the solution effectively.

Graduates have senior positions with federal agencies including the SEC, NASA, DoD, DoE, and US Senate staff; with notable research institutions such as MITRE and Sandia; and at commercial firms such as Amazon, Google, and Microsoft.

The program offers both Masters (MA and MS) and Ph.D. degrees. While admission to the program is handled administratively by the Graduate Committee of the Program, based at CERIAS, the graduation is handled by a participating department of your choice.* The program is multidisciplinary and requires (and recommends) courses in Computer Sciences as well as other fields. The major designation on your transcript will read “Information Security,” independently of what department handles the graduation but it does not appear on the diploma.

In fall of 2023 we held an online information seminar on the INSC program. You can view a recording of that session via YouTube — it may help answer questions about the program.

  • Currently, the Departments of Philosophy and Communication, the Linguistics Program and the Purdue Polytechnic Institute graduate students from our program. The graduating programs have coordinated their plans of study such that InfoSec students can meet the degree requirements of the Interdisciplinary Program along with those of the graduating department. Note that these requirements differ somewhat from one graduating department to another in terms of restricting the available choices. You should review these requirements but you do not have to declare your choice of a graduating department at application time.

Students without a background in computing will need to complete courses in basic computer science/technology and possibly mathematics to meet prerequisites for the core cybersecurity courses. Applicants are advised to review the prerequisite chains before applying.

Interdisciplinary Masters’ Program in Information Security

Admission to the Interdisciplinary Masters’ Program

Please select “Interdisciplinary Program in Information Security” as your graduate program. Your default contact professor in the next field of the application can be left blank, or list the program head, Eugene H. Spafford. Feel free to mention in that field any other professor in information security that you would like to work with if you have established such a contact already.

Supporting documents must include:

  • Transcripts
  • GRE Test (Purdue grad school code is 1631, no department code necessary)
  • TOEFL Test - for degree-seeking whose native language is not English
  • Recommendation letters
  • Statement of Purpose - MUST include an essay addressing why you are applying to the interdisciplinary program instead of one of the departmental programs, e.g., CS or CNIT.
  • Writing sample - typically an A-graded paper, in English, from a college-level course

More detailed admission requirements are listed here.

You will eventually be contacted by the graduate school about your admission status. In the meantime, contact the Graduate Registration Advisor for the Program, at advising@cerias.purdue.edu, with any questions concerning the admission process not covered on this website. Read this website carefully before contacting the advisor!

Interdisciplinary Ph. D. Program in Information Security

The Ph. D. Program is an extension of the existing Interdisciplinary Masters’ Program in Information Security.

Before the inauguration of this Interdisciplinary Infosec Ph.D. Program, Masters’ graduates at Purdue University interested in purely computational and/or technological research in information security were referred to the Doctor of Philosophy programs in the Department of Computer Science, School of Electrical and Computer Engineering, and the Purdue Polytechnic Institute, and this practice continues. The new Interdisciplinary major prepares students who are interested in enriching their technical and scientific background in information security and combining it with preparation in a number of other disciplines. Each participating department or program has the option of specifying its own requirements by shaping and/or narrowing the general requirements and options available to the Program’s students.

The Interdisciplinary Ph.D. Program is currently sponsored by the Departments of Communication and Philosophy, the Polytechnic Institute, and the Program in Linguistics, each of which has established a concentration in Information Security at the Masters’ level and has now extended it to the Ph.D. level. Other graduate programs are considering sponsorship at this time.

The Interdisciplinary Information Security Masters and Ph.D. majors are the first programs in this field in the State of Indiana and the region and are the first truly multidisciplinary residential programs in the nation (if not the world).

Admission to the Interdisciplinary Ph. D. Program

Admissions are vetted by the Program’s Graduate Committee, composed of a selection of the participating faculty. The Graduate Record Examination (GRE) is required unless the applicant has obtained a masters degree from a U.S. university, in which case it is waived. Recognizing that interest, as well as practical experience in information security, may emerge from a wide variety of undergraduate and graduate backgrounds, the program has a reasonably flexible policy concerning preparation required for admission. Namely, it is desirable but not mandatory for candidates to have completed the equivalent of an undergraduate major in one of the areas represented by participating departments. A strong computational background is necessary, however.

  • Apply for the Program electronically Read the material at that web site for details of minimum requirements. The program includes significant amounts of reading and writing, so if you are not comfortable in English you should not apply

Please select “Interdisciplinary Program in Information Security” as your graduate program. Your default contact professor in the next field of the application can be left blank, or list the program head, Eugene H. Spafford. Feel free to mention in that field any other professor in information security that you would like to work with if you have established such a contact already.

Supporting documents must include:

  • Transcripts
  • GRE Test (Purdue grad school code is 1631, no dept code necessary)
  • TOEFL Test - for degree-seeking whose native language is not English
  • Recommendation letters
  • Statement of Purpose - MUST include an essay addressing why you are applying to the interdisciplinary program instead of one of the departmental programs, e.g., CS or CNIT.
  • Writing sample - typically an A-graded paper, in English, from a college-level course

More detailed admission requirements are listed here.

You will eventually be contacted by the graduate school about your admission status. There are no TA positions associated with the Interdisciplinary program and very limited fellowship opportunities. The program is therefore unable to offer any financial support to its students.

You will eventually be contacted by the graduate school about your admission status. In the meantime, contact the Graduate Registration Advisor for the Program, at advising@cerias.purdue.edu, with any questions concerning the admission process not covered on this website. Read this website carefully before contacting the advisor!

You need to take the general GRE test, if you have not done it recently for your Masters’ application or if you are unsatisfied with the previous results.

Standard Grad Programs

Students can also receive graduate degrees in existing programs with a specialization in infosec areas. To do this, the students enroll in a traditional major, take a core of common courses, and then are able to take electives related to their interests. Masters students may choose to research and write a Master’s thesis that involves further study in a particular area of interest, or they may simply take 30 or more credit hours of coursework. PhD students must choose a specialized topic for their dissertation research. The most common major for students interested in information security is Computer Sciences, but degrees are also associated with Electrical & Computer Engineering, Management, Philosophy, Political Science, and many other departments associated with CERIAS.

Note that specific requirements for individual department degrees are given on departmental WWW pages. What follows is a summary of the requirements for a CS graduate degree, serving as an example of what is expected. You need to consult one of the definitive references to get the whole picture. (CS graduate degree requirements are available on the WWW; information on other graduate programs can be found by starting at the grad school www page.)

Professional Master’s Degree in Information Security

The Professional Master’s degree programs, on-campus and online, are designed for IT professionals in industry or government who want to advance in technical cybersecurity and privacy positions.

MS in CS Program

MS students are required to take a course in operating systems or networks (CS 50300 or CS 53600), one in programming language design or compilers (CS 56500 or CS 50200), and algorithm analysis (CS 58000), plus another 7 courses of electives, or 5 courses and the thesis option. Normally, for infosec study, MS (and PhD) students would take CS 50200 and CS 50300, plus the courses in computer security (CS 52600) and cryptography (CS 55500) as electives, and consider taking the advanced security (CS 62600) and cryptanalysis courses (CS 65500), too.

There are many electives available to graduate students, including graphics, databases, numerical methods and distributed systems. Each year, several faculty also offer special topic courses in their areas of interest. Opportunities for directed reading or research courses are also available. In the last few years, we will have had seminars in Intrusion Detection and Incident Response, Penetration Analysis, Firewalls, Electronic Commerce, Network Security, and Security Tools. Additionally, we have had seminar courses in Wireless Networks, Advanced Operating Systems, and Internetworking.

PhD in CS Program

Normally, a PhD program starts with at least 1 year of graduate study, including some required courses. The candidate then decides on an area of study, chooses an advisor, and takes an in-depth exam in the area of specialization (the “preliminary exam”). Next, the candidate performs in-depth research under the guidance of the advisor for a period of time ranging from 6 months to as many as 5 years. Finally, the candidate writes a detailed scientific account of his or her research (the dissertation) and defends it in a public exam before a committee of faculty, visitors, and members of the community. The average time to complete a PhD in CS at Purdue (assuming the student already has a good undergraduate background in CS) is approximately 5 years.

Required courses for PhD students in CS include courses in operating systems and algorithm analysis, plus (perhaps) some courses in their area of specialization; this is a subset of the courses required for the MS degree, and almost all PhD candidates obtain their MS degree during their candidacy for the PhD.

Computer Science Professional Master’s Degree in Information Security

This Computer Science degree program is designed for IT professionals in industry or government who want to advance in technical cybersecurity and privacy positions. It prepares students to grow into the role of an information security specialist, while learning foundational principles, relevant systems, and acquiring proficiency in using the cutting-edge software tools. The program differs from a traditional, academic Computer Science Master’s degree through its specialized area of focus and its suitability for professionals whose undergraduate bachelor’s degree may not have been in CS. The program is intended to serve professionals with programming and computer science experience acquired either during their professional career or by having at least an undergraduate CS minor. The program will also be a natural progression for recent B.S. graduates in a computing major. The on-campus program is designed so that it can be completed in as few as 12 months, though students typically take three or four semesters. There is also an online offering for this degree starting summer of 2021.

MS & PhD Research

Currently, there is a large range of projects being conducted in information security at Purdue. We have almost 100 projects involving over 30 faculty in a dozen different academic departments. You can get a more complete picture of the faculty and research projects via the CERIAS WWW pages. Most of these projects are normally open to graduate students and can be used to satisfy research requirements towards MS and PhD thesis work. Not all infosec projects are offered through CERIAS, either, and there is no requirement that students work on a CERIAS project to get an infosec-related degree.

Special Notes for CS degrees

Students coming in to the graduate program are expected to be ready to pursue the degree upon arrival. There are limits as to how many semesters may be spent in residence before completing each of the steps towards the degree. In particular, students are expected to:

  • have strong, basic skills in mathematics, including working knowledge of statistics, calculus and linear algebra
  • know how to write programs in some advanced computer language (C/C++/Java are languages of choice; Perl is also encouraged)
  • have mastery of spoken English sufficient to understand lectures and presentations, and to discuss assignments with faculty and TAs
  • have mastery of written English sufficient to document programs and write grammatically correct research papers. This is especially critical for MS and PhD students who need to write a thesis and research papers.

Students without adequate preparation, or who fall behind in assignments, may be tempted to take “shortcuts” on assignments to keep up. Cheating, plagiarism, and falsifying work are severe violations of both the student code of conduct and academic honesty, and discovered incidents are dealt with particularly harshly by faculty in the infosec arena. Graduate students in violation of these rules are routinely recommended to the dean of students for expulsion from the university; foreign students in this situation will lose their visas. Thus, it is strongly recommended that applicants be sure they have mastery of these basic skills prior to applying to graduate school at Purdue.

Admission

For admission to any of the standard departmental programs, see the appropriate departments’ websites.

Financial Aid

Financial aid for graduate students is based on both scholarship and need. Some fellowships are available to exceptional incoming students. Others are supported by the departments or by research projects. It is unusual that a new student will get support from a faculty member’s research funding; indeed, most faculty do not support students prior to their completing some of the qualifying exams. Some incoming students do, however, qualify for selection as teaching assistants. Other information about financial aid is in the graduate student information documents for each program.

For financial aid, contact the admitting department and not individual faculty members.

Note about CERIAS

CERIAS is a research center, and not an academic department, and therefore does not offer degrees. However, the programs described above allow you to get your degree and to be associated with CERIAS.

Disclaimer

The above is not an official document of Purdue University, but Professors Spafford’s and Raskin’s interpretation of Purdue policy. Interested parties should consult official University documents, available through the graduate school.


Current Interdisciplinary Students


Get Your Degree with CERIAS