Engineer the Future of Information Security
This advanced curriculum combines information security, systems engineering and information networking to prepare graduates who are ready to meet tomorrow’s security threats.
Through the Master of Science in Information Security (MSIS), you can develop technical strengths, interdisciplinary training and applied experiences to sustain long-term career success. One of the first graduate programs in the United States dedicated to information security, this curriculum focuses on core courses in information security, systems engineering and information networking, with interdisciplinary courses in risk management and academic and professional development.
The MSIS program is nationally recognized for its excellence. It is the cornerstone of two of Carnegie Mellon’s designations as a National Center for Academic Excellence in Cybersecurity (NCAE-C) for both Cyber Operations and Cyber Defense.
This program is nationally recognized for its excellence. It is the cornerstone of two of Carnegie Mellon’s designations as a National Center for Academic Excellence in Cybersecurity (NCAE-C) for both Cyber Operations and Cyber Defense. These designations also allow the INI to participate in the National Science Foundation’s CyberCorps® Scholarship for Service (SFS), a highly competitive federal scholarship program that supports aspiring cybersecurity professionals SFS@CMU has graduated over 260 alumni who go on to careers in top federal agencies and national labs.
Scholarship for Service
We are proud to participate in the National Science Foundation's CyberCorps Scholarship for Service (SFS). This competitive federal scholarship program supports aspiring cybersecurity professionals passionate about national security.
20+ Years of SFS
Since 2003, we have graduated 60+ security professionals who go on to careers in top federal agencies and national labs.
Two INI alumni have been inducted into the SFS Hall of Fame to recognize their exceptional service: Elizabeth Schweinsberg (2025) and Samuel Edoho-Eket (2024).
Outcomes
Internship
Students gain real-world experience by interning at government agencies, major companies and startups.
Top Companies: White Knight Labs; Amazon; Microsoft
Top Role: Cybersecurity InternMedium Hourly Wage: $40
First-Destination Career
New graduates go on to hold positions in industry, government and academia.
Top Companies: Amazon; IBM; Lawrence Livermore National Laboratory
Top Roles: Software Engineer; Security Engineer; Cryptography ResearchAverage Salary: $144,214
Long-Term Career
MSIS alumni become trusted leaders across the technology industry and government.
Currently, MSIS alumni serve as:
- Senior Vice President of Security at PNC
- Senior Technical Advisor at the United States Department of Health and Human Services
- Head of Security Infrasturcutre at Stripe
Specialize Your Curriculum
The majority of the curriculum focuses on core courses in information security, systems engineering and information networking, in addition to interdisciplinary courses in risk management and academic and professional development.
You can specialize your curriculum through program electives that make up roughly one-third of your required courses. These electives can be fulfilled by courses at the INI like Introduction to Machine Learning with Adversaries in Mind or Mobile and IoT Security, or through top-ranked departments across Carnegie Mellon. You can also further specialize by pursuing certificates in Cyber Operations or Cyber Defense from the INI or Cyber Forensics and Incident Response (CyFIR) through CMU’s Software Engineering Institute’s CERT Division.
Learning Outcomes
- Demonstrate advanced knowledge of information security principles and challenges in networks and software systems
- Perform risk assessment and management of secure infrastructure development, acquisition and evolution
- Apply information security concepts to the design and implementation of networked, software and distributed systems technologies
- Evaluate trade-offs involving security, policy, business, economic and management principles in network and software systems
Certificates and Tracks
Cyber Defense Specialization
The Cyber Defense Specialization provides MSIS and MSAIE-IS students with a structured pathway to a focused set of skills that are highly relevant to careers in cybersecurity. Learn more
Cyber Operations Specialization
Cyber operations (Cyber Ops) is a specialization of information security that is in high demand within areas of the government and military, including the National Security Agency (NSA). MSIS students are able to earn the Cyber Ops certification as part of their degree pathway without taking additional coursework. Learn More
Cyber Forensics and Incident Response Track (CyFIR)
The CyFIR track prepares students in information security and digital investigations through a skill-based curriculum using state-of-the-art software. The CyFIR track is available to all CMU students and results in a CyFIR certificate issued by the Carnegie Mellon Software Engineering CERT Division. Learn More
Explore MSIS Courses
The core curriculum includes courses in systems engineering, information networking, security engineering and business and policy. These three courses are designed and taught by INI faculty, providing fundamental knowledge on the theory and applications of information security.
14-642: Introduction to Embedded Systems
This practical, hands-on course introduces students to the basic building-blocks and the underlying scientific principles of embedded systems. The course covers both the hardware and software aspects of embedded procesor architectures, along with operating system fundamentals, such as virtual memory, concurrency, task scheduling and synchronization. Through a series of laboratory projects involving state-of-the-art processors, students will learn to understand implementation details and to write assembly-language and C programs that implement core embedded OS functionality. And to write language that control/debug features such as timers, interrupts, serial communications, flash memory, device drivers and other components used in typical embedded applications.
14-760: Advanced Real-World Data Networks
Building upon an understanding of networking fundamentals, this course studies advanced concepts of telecommunications networks. This course explores the design and implementation of the network architecture and management services that compose modern and emerging network infrastructure. Topics include network configurations (DHCP, NAT, IPv6, routing, and forwarding), network emulation and simulation, network modeling and measurements, virtual networks, data center networks, wireless communications (including satellite, modern wireless at small- and -large scale, mesh, etc.), Software-Defined Networks, Network Function Virtualization, etc. In successfully completing this course, students will have the opportunity to design, deploy, and configure network devices in real-world (simulated) scenarios. In addition, students will have the opportunity to develop and code custom network applications to better analyze network protocols.
14-735: Secure Coding
This course will enable students to understand how software coding defects lead to software vulnerabilities, develop secure software and manage teams that develop secure software. This course provides a detailed explanation of common programming errors in C and C++ and describes how these errors can lead to code that is vulnerable to exploitation. The course covers secure software development tools and processes while focusing on low-level technical security issues intrinsic to the C and C++ programming languages and associated libraries. The course relies on "learning-by-doing", where students practice hands-on sophisticated secure coding concepts through continuous debugging and creative approaches. Many aspects of the assignments mimic the challenges developers face in a real-world software system. Some assignments will introduce students to a programming language that they might have never seen before such as JavaScript and Rust.