Master of Engineering in Cybersecurity
University of Maryland - A. James Clark School of Engineering
College Park, USA
Distance learning, On-Campus
2 - 5 years
Full time, Part time
USD 4,021 / per course *
Earliest start date
* on campus tuition: $1,086.53 per credit hour / online tuition: $1,340.39 per credit hour
Government, industry, and consumers increasingly depend on secure networks and information systems for daily communications, transactions, and more. Vulnerabilities to cyber attacks could lead to critical disruptions in telecommunications, banking, utilities, data storage, and transportation. Addressing these growing cybersecurity threats requires highly educated and specialized engineers who can lead efforts to protect our critical infrastructure.
At the University of Maryland, you can advance your career or transition into this high-demand field. Offered in collaboration with the Department of Electrical and Computer Engineering, Department of Computer Science, and the Maryland Cybersecurity Center, our cybersecurity programs merge engineering applications with computer science principles. Our cybersecurity Master of Engineering and Graduate Certificate in Engineering degrees prepare engineers with the skills and knowledge that they can apply to their job in industry and government.
The U.S. Bureau of Labor Statistics projects a 28% growth in US employment for cybersecurity consultants from 2016 to 2026. This pace of growth is much higher than the average job growth. Meet the demand for cybersecurity professionals by getting your graduate degree and/or certificate in Cybersecurity from the University of Maryland.
Master of Engineering: 30 Credits or 10 Courses
Students earning a Master of Engineering in cybersecurity take four core courses, two Cybersecurity electives, and four technical electives. Any non-pre-approved technical electives must be approved by an academic advisor prior to registering. There is no research or thesis required for this degree.
Graduate Certificate in Engineering: 12 Credits or 4 Courses
Students are encouraged to choose four courses from the cybersecurity core courses and should consult with their advisor prior to registering.
- ENPM685, Security Tools for Information Security
- ENPM686, Information Assurance
- ENPM691, Hacking of C programs and Unix Binaries
- ENPM693, Network Security
- ENPM694, Networks, and Protocols
- ENPM695, Secure Operating Systems
ENPM634 Penetration Testing (3 Credits) | Elective
This course will give students a hands-on deep dive into penetration testing tools and methodologies. Starting with reconnaissance, open source intelligence, and vulnerability scanning we will move on to exploiting both clients and servers, moving laterally through a network while evading security measures. OWAP Top 10 will be covered and hands-on exercises will reinforce how to discover these types of vulnerabilities on a penetration test. We will also cover vulnerability disclosure and communicating the results of a penetration test with all levels of clients, from security engineers to C-level executives.
ENPM657 Applied Cryptography (3 Credits) | Elective
Formerly ENPM809A. The goal of this course is to provide students with a foundational understanding of cryptography as used in the real world. Students will learn about private-key encryption, message authentication codes, key-exchange protocols, public-key encryption, and digital signatures, in addition to learning about underlying primitives such as pseudorandom number generators, block ciphers, and hash functions. In addition, the course will cover the “cryptographic mindset,” including formal threat modeling and proofs of security. The course will emphasize real-world usage of cryptography by discussing standards and best practices, and through programming, assignments meant to reinforce the concepts covered in class. No prior background in cryptography will be assumed; however, students will be expected to have mathematical maturity and knowledge of C programming. Learning outcomes: Understanding of basic cryptographic primitives and schemes, and when they are appropriate. Ability to carry out basic security analysis of new constructions. Knowledge of current best practices and standards for the use of cryptography. Ability to implement basic cryptographic functionality.
ENPM664 Embedded System Hacking and Security (3 Credits) | Elective
Formerly ENPM809I. Computers pervade our everyday lives. However, desktops and laptops are just the tip of the iceberg representing just 2% of microprocessors produced. Hidden just beneath the surface is a substantial and diverse group of computers referred to as embedded systems. This massive category of machines represents the other 98% of processors produced today. This invisible but pervasive hardware underpins our society’s most critical functions and they are being hacked. The purpose of this course is to reveal the tools, techniques, and procedures (TTPs) employed by adversaries to exploit and subvert the security of embedded systems. This course will cover core concepts and techniques to analyze and characterize the behavior of embedded systems and platforms. Concepts will be introduced and discussed within the context of an adversary intent on altering or subverting the behavior of such systems. The course does not expect students to have any prior embedded systems experience. At the conclusion of this course, the student will be familiar with: Embedded system basics; Basic soldering techniques; Board analysis methodology; Identification of peripherals, data buses, diagnostic ports, and tap points; Device instrumentation; Bus monitoring and decoding; Development access via JTAG; Tools used for ARM & MIPS assembly/disassembly; How shellcode is formatted; Return oriented programming attacks; Attacks similar to x86 platform.
ENPM665 Cloud Security (3 Credits) | Elective
Summer 2023 W 5:30 pm - 8:45 pm Everett Daviage
Cloud computing has become a major force in the IT industry and enables anyone to quickly deploy an enterprise-ready IT environment with only a few clicks of a button. With all of that power comes great responsibility and significant risk. While many of the risks are the same risk a traditional IT environment faces there are many new risks in the cloud and we will explore options to mitigate those risks. This course will cover the fundamentals of securing cloud-based workloads from the ground up with many hands-on examples. Through these hands-on exercises, the course will demonstrate where the similarities and differences are when securing the cloud compared to securing traditional IT. Topics include cloud-specific issues when designing secure applications, managing identity and access, protecting data, handling incident response, conducting penetration tests, and forensics in the cloud. In addition to a final project, students will perform hands-on exercises as well as assignments to reinforce the lecture material. While we will primarily focus on Infrastructure-as-a-Service we will also discuss Platform-as-a-Service and Software-as-a-Service, specifically around security considerations for those services. Students taking this course should be familiar with a wide variety of security tools and will find it helpful to have an understanding of to decipher and write in a scripting language
ENPM685 Security Tools for Information Security (3 Credits) | Core
Students will perform host- and network-based security tasks relating to security, investigation, compliance verification, and auditing using a wide selection of commonly used tools on both Windows and Linux platforms, with an emphasis on open-source tools.
Previously offered as ENPM808D. Prerequisites: familiarity with Linux and Windows operating systems, as well as TCP/IP and basic networking concepts.
ENPM686 Information Assurance (3 Credits) | Core
The first half of the lectures provide an overview of cybersecurity. One-third of these lectures focus on the fundamentals of cybersecurity like authentication, access control, and security models. The second third focuses on the practice of cybersecurity using Unix and Windows NT as case studies. The last third is dedicated to security in distributed systems including network security, and World Wide Web security. The second half of the lectures focus on the information assurance process. First, information assets are enumerated and classified. Second, the main vulnerabilities and threats are identified. Third, a risk assessment is conducted by considering the probability and impact of the undesired events. Finally, a risk management plan is developed that includes countermeasures involving mitigating, eliminating, accepting, or transferring the risks, and considers prevention, detection, and response.
Previously offered as ENPM808E.
ENPM687 Digital Forensics and Incidence Response (3 Credits) | Elective
Summer 2023 W 5:30pm - 9:10pm Jonas Amoonarquah
Students will implement a robust incident response methodology, including proper forensic handling of evidence, and cover legal aspects of national and international law regarding forensics. The bulk of the course covers evidence acquisition, preservation, analysis, and reporting on multiple platforms.
Previously offered as ENPM808P. Prerequisites: Experience with both Windows and Unix-based operating systems, including using the command line. Intermediate Windows and Linux skills, familiarity with file system concepts.
ENPM691 Hacking of C programs and Unix Binaries (3 Credits) | Core
This course teaches the fundamentals of secure programming in C. An in-depth discussion on various security vulnerabilities (e.g., buffer overflows) in C applications will be taught with a hands-on demo of concepts during the class. Students will learn how a C program runs “under the hood”. The course will teach the nitty-gritty of C programs by analyzing them at the assembly level. The course discusses best practices (e.g., coding standards) and design principles for secure programming so that security can be built-in during design time. In addition to assignments, students are required to present papers related to this course.
ENPM693 Network Security (3 Credits) | Core
This course is an introduction to the diverse field of cryptography and network security. We start with an introduction to the principles of cryptography and review common encryption standards as the basis for many security protocols. We review current standards for cryptography, hash functions, message authentication, digital signatures, as well as certificates, and key management. The second part of the course reviews some of the well-known security protocols at different network layers (Application, Transport, IP, and MAC) as examples of how fundamental concepts are utilized for providing the corresponding security requirements. The course combines theoretical discussions and hands-on assignments to provide the students with a longer-lasting understanding of the concepts.
Prerequisite: An operating systems and/or network protocol course or equivalent. Formerly: ENPM808N.
ENPM694 Networks and Protocols (3 Credits) | Core
Provides an in-depth review of the Internet with a focus on the end-to-end effects of technologies and protocols that operate in different layers. All protocols and technologies are covered in a holistic framework with an emphasis on their effect on the network and application performance. The course also includes a brief introduction to more modern concepts in the field of networking such as SDN and NFV to encourage a deeper study of those topics.
Note: Previously offered as ENPM808A
ENPM695 Secure Operating Systems (3 Credits) | Core
Operating systems are the basic building block on which programmers build applications and on which security-minded professionals rely, whether they are monitoring activity on a computer, testing applications for security, or determining how malicious code affected their network. This course covers advanced topics in operating systems including process management and communication, remote procedure calls, memory management (including shared memory and virtual memory), checkpointing and recovery, file system, I/O subsystem, and device management, distributed file systems, and security. The course consists of reading and discussing research papers and includes a course project. Please note: This course assumes knowledge of C programming and a previous operating systems class or knowledge of various issues such as process management, process synchronization, the critical section problem, CPU scheduling, memory management, and secondary storage management.
Prerequisite: ENPM691 and CMSC106
ENPM697 Secure Software Testing & Construction (3 Credits) | Elective
As software gets more complex, there is even more potential for vulnerabilities to remain in the production version. While traditional and emerging software testing methods are very good at detecting a large majority of "bugs" in the software, modifications to the methods are necessary to ensure vulnerabilities related to security are discovered and mitigated prior to release. In industry, there is also a cost-benefit analysis that determines the limits to pre-release testing, further enforcing the need to uniquely identify security vulnerabilities, potentially prioritizing their correction over other vulnerabilities. This course will cover methods of building security from the beginning of development and testing the resulting software to ensure security vulnerabilities are detected. The course will use a mixture of textbook principles and research papers to cover the concepts. Students will also complete a course project.
Prerequisite: ENPM691 and CMSC106
ENPM809K Fundamentals for Artificial Intelligence and Deep Learning Framework (3 Credits) | Elective
This class will introduce fundamentals of machine learning techniques and deep dive into cutting-edge concepts that enabled neural networks to achieve state-of-the-art performance in many visual, textual, and biomedical problems. Fundamental concepts like feed-forward networks, convolution networks, recurrent neural networks, backpropagation, loss functions, batch gradient descent, and stochastic optimization will be studied. Students will have hands-on experience with state-of-the-art deep learning frameworks like Keras/TensorFlow/PyTorch to build, evaluate, use, and debug these networks for real-life applications.
ENPM809V Advanced Hacking of Linux and Embedded Systems (3 Credits) | Elective
This course provides an in-depth understanding of how to find flaws in Linux (both userspace and kernel space) and software within embedded devices (focusing on bare-metal software/firmware and hardware-focused techniques). Students will get an inside look at how modern operating systems and embedded devices protect their programs, flaws within the protection mechanisms, and how to exploit them. Although this is an offensive-focused course, mitigations to protect the programs will also be discussed.