SANS to offer graduate degrees in cybersecurity

Find opportunities — and win them.

The SANS Institute has received approval from the Maryland Higher Education Commission to offer graduate degrees in information security.

The SANS Institute has received approval from the Maryland Higher Education Commission to offer graduate degrees in information security.

The SANS Technology Institute will not be affiliated with any school or university, but will offer master's of science degrees in information security engineering and information security management. The first classes are scheduled to begin in February 2006. The programs are expected to take about two years for part-time students who are fully employed and will cost about $28,000.

"It is going to be an extremely difficult degree to get," Institute president Stephen Northcutt said of the engineering degree.

Students must be IT professionals with a bachelor's degree from an accredited school, with a minimum 3.0 grade point average, and be recommended by an employer.

The program will require original research and will emphasize writing and communications skills as well as technical know-how.

The Maryland commission, in approving the SANS application, noted that the Bethesda-based organization already has trained 30,000 security professionals in its immersion training programs.

"The institute has been working for three years to transform the best of these programs into solid academic courses for the master's of science degree," the commission said.

The chairman of the Computer Science Department of the University of Las Vegas, acting as a consultant to the commission, praised the SANS Institute's programs.

"The implications on homeland defense will be obvious to anyone who knows anything at all about SANS conferences," he reported. "The success of SANS conferences and its partnerships with law enforcement and military agencies attests to the fact that SANS has literally written the book on computing and network security instruction in the free world."

The SANS Technology Institute has been accredited as a separately incorporated graduate institute or center.

It joins a growing number of schools offering degrees in IT security. Alan Paller, SANS director of research and chairman of the new program, said there are about 180 degree programs now. Most of these are graduate degrees, although schools are beginning to offer undergraduate programs as well.

The Stevens Institute of Technology announced last month a new undergraduate degree program in cybersecurity, scheduled to begin in the fall 2006 semester. The program is an effort to integrate science, technology and management in the information security field.

The SANS Technology Institute has no plans to work at the undergraduate level. It is intended to professionalize what has been a largely ad hoc and inadequate area of practice.

"America's computers are being riddled by attackers," Paller said.

Although there are talented people working in IT security, there is a lack of formal training and standardized practices. A culture of secrecy and denial in both government and the private sector has undercut efforts to secure information systems.

Paller said the SANS program will be distinguished by the depth of the technical knowledge required and the emphasis on management.

"You're not doing this to make a computer safe," he said. "You're doing this to make an organization successful."

The program will require about 31 credit hours and will consist of both in-person and online training. Students will be required to attend three six- or seven-day training institutes that will be held in conjunction with SANS Institute conferences.

William Jackson is a senior writer for Washington Technology's sister publication, Government Computer News.