The Master of Information and Cybersecurity (MICS) is an online, part-time professional degree program that provides the technical skills and contextual knowledge students need to assume leadership positions in private sector technology companies as well as government and military organizations. The interdisciplinary program offers students mastery of core technical skills and fluency in the business, political, and legal context for cybersecurity, as well as managing cyber risk in the service of strategic decision making.
Students attend weekly live ("synchronous") sessions with classmates and instructors via an online platform as well as engaging with online ("asynchronous") videos and assignments on their own time.
The core MICS curriculum includes cryptography, secure programming, systems security, and the ethical, legal, and economic framework of cybersecurity. In addition, students may select from a wide variety of electives covering topics such as privacy engineering, managing cyber risk, and usable security. MICS features a project-based approach to learning and encourages the pragmatic application of a variety of different tools and methods to solve complex problems.
Graduates of the program will be able to:
Understand the ethical and legal requirements associated with cybersecurity and data privacy;
Know how to build secure systems and applications;
Prepare to lead, manage, and contribute to building cybersecurity solutions; and
Gain hands-on, practical cybersecurity experience.
The Master of Information and Cybersecurity is designed to be completed in 20 months. Students will complete 27 units of course work over five terms, taking two courses (6 units) per term for four terms and a one 3-unit capstone course in their final term. MICS classes are divided into foundation courses (9 units), a systems security requirement (3 units), advanced courses (12 units), and a synthetic capstone (3 units). Students will also complete an immersion at the UC Berkeley campus.
As a Master of Information and Cybersecurity (MICS) student, the immersion is your opportunity to meet faculty and peers in person on the UC Berkeley campus. You will have the opportunity to gain on-the-ground perspectives from faculty and industry leaders, meet with cybersecurity professionals, and soak up more of the School of Information (I School) culture. Offered once a year, the two- to three-day immersion will be custom-crafted to deliver additional learning, networking, and community-building opportunities.
Thank you for considering UC Berkeley for graduate study! UC Berkeley offers more than 120 graduate programs representing the breadth and depth of interdisciplinary scholarship. The Graduate Division hosts a complete list of graduate academic programs, departments, degrees offered, and application deadlines can be found on the Graduate Division website.
Prospective students must submit an online application to be considered for admission, in addition to any supplemental materials specific to the program for which they are applying. The online application and steps to take to apply can be found on the Graduate Division website.
Admission Requirements
The minimum graduate admission requirements are:
A bachelor’s degree or recognized equivalent from an accredited institution;
A satisfactory scholastic average, usually a minimum grade-point average (GPA) of 3.0 (B) on a 4.0 scale; and
Enough undergraduate training to do graduate work in your chosen field.
For a list of requirements to complete your graduate application, please see the Graduate Division’s Admissions Requirements page. It is also important to check with the program or department of interest, as they may have additional requirements specific to their program of study and degree. Department contact information can be found here.
Applications are evaluated holistically on a combination of prior academic performance, work experience, essays, letters of recommendation, and goals that are a good fit for the program.
The UC Berkeley School of Information seeks students with the academic abilities to meet the demands of a rigorous graduate program.
To be eligible to apply to the Master of Information and Cybersecurity program, applicants must meet the following requirements:
A bachelor’s degree or its recognized equivalent from an accredited institution.
Superior scholastic record, normally well above a 3.0 GPA.
A high level of quantitative ability as conveyed by significant work experience that demonstrates your quantitative abilities and/or academic coursework that demonstrates quantitative aptitude
A high level of analytical reasoning ability and a problem-solving mindset as demonstrated in academic and/or professional performance.
An understanding of – or, a proven aptitude for and commitment to learning – data structures and discrete mathematics which can be demonstrated by at least one of the following qualifications: Completed coursework in data structures and discrete mathematics; work experience that demonstrates understanding of data structures and discrete mathematics; proven technical aptitude, demonstrated by high level technical work experience or academic coursework; and/or proven commitment to learning concepts, demonstrated by review of MICS self-assessment and preparatory resources, and clear indication in application of progress made towards gaining this foundational knowledge.
The ability to communicate effectively, as demonstrated by academic performance, professional experience, and/or strong essays that demonstrate effective communication skills.
Knowledge of at least one, and ideally two, programming languages, such as C, C++, Python, Java, Javascript, or machine/assembly language as demonstrated by work experience or coursework. Applicants who lack this experience in their academic or work background but meet all other admission requirements will be required to take the Programming Fundamentals for Cybersecurity course in their first term.
Terms offered: Spring 2025, Fall 2024, Summer 2024
This course explores the most important elements beyond technology that shape the playing field on which cybersecurity problems emerge and are managed. The course emphasizes how ethical, legal, and economic frameworks enable and constrain security technologies and policies. It introduces some of the most important macro-elements (such as national security considerations and interests of nation-states) and micro-elements (such as behavioral economic insights into how people understand and interact with security features). Specific topics include policymaking, business models, legal frameworks, national security considerations, ethical issues, standards making, and the roles of users, government, and industry. Beyond the Code: Cybersecurity in Context: Read More [+]
Rules & Requirements
Prerequisites: MICS students only
Hours & Format
Fall and/or spring: 14 weeks - 3 hours of lecture per week
Summer: 14 weeks - 3 hours of lecture per week
Additional Details
Subject/Course Level: Cybersecurity/Graduate
Grading: Letter grade.
Formerly known as: Information and Cybersecurity W200
Terms offered: Spring 2025, Fall 2024, Summer 2024
This course focuses on both mathematical and practical foundations of cryptography. The course discusses asymmetric and symmetric cryptography, Kerchkoff’s Principle, chosen and known plaintext attacks, public key infrastructure, X.509, SSL/TLS (https), and authentication protocols. The course will include an in-depth discussion of many different cryptosystems including the RSA, Rabin, DES, AES, Elliptic Curve, and SHA family cryptosystems. This course also introduces advanced topics of applied cryptography, including a brief introduction to homomorphic encrypted computation and secure multi-party computation to protect sensitive data during arbitrary computation, cryptocurrency and its cryptographic building blocks, and quantum computing. Cryptography for Cyber and Network Security: Read More [+]
Credit Restrictions: Students will receive no credit for CYBER W202 after completing CYBER 202. A deficient grade in CYBER W202 may be removed by taking CYBER 202.
Hours & Format
Fall and/or spring: 14 weeks - 3 hours of lecture per week
Summer: 14 weeks - 3 hours of lecture per week
Additional Details
Subject/Course Level: Cybersecurity/Graduate
Grading: Letter grade.
Formerly known as: Information and Cybersecurity W202
Terms offered: Spring 2025, Fall 2024, Summer 2024
The course presents the challenges, principles, mechanisms and tools to make software secure. We will discuss the main causes of vulnerabilities and the means to avoid and defend against them. The focus is on secure programming practice, including specifics for various languages, but also covering system-level defenses (architectural approaches and run-time enforcement). We will also apply software analysis and vulnerability detection tools in different scenarios. Software Security: Read More [+]
Objectives & Outcomes
Course Objectives: *Apply and manage secure coding practices throughout software project development
*Gain a good comprehension of the landscape of software security vulnerabilities, with specifics for various programming languages and types of software applications
*Gain the ability to analyze the security of a software system and convincingly advocate about the significance of vulnerabilities
*Know representative tools for software security analysis and testing, use them in practice and understand their capabilities and limitations
*Recognize insecure programming patterns and know how to replace them with secure alternatives
Student Learning Outcomes: Students will be able to apply and manage secure coding practices throughout software project development
Students will be able to recognize insecure programming patterns and know how to replace them with secure alternatives
Students will gain a good comprehension of the landscape of software security vulnerabilities, with specifics for various programming languages and types of software applications
Students will gain the ability to analyze the security of a software system and convincingly advocate about the significance of vulnerabilities
Students will know representative tools for software security analysis and testing, use them in practice and understand their capabilities and limitations
Credit Restrictions: Students will receive no credit for CYBER W204 after completing CYBER 204. A deficient grade in CYBER W204 may be removed by taking CYBER 204.
Hours & Format
Fall and/or spring: 14 weeks - 3 hours of lecture per week
Summer: 14 weeks - 3 hours of lecture per week
Additional Details
Subject/Course Level: Cybersecurity/Graduate
Grading: Letter grade.
Formerly known as: Information and Cybersecurity W204
Terms offered: Spring 2025, Fall 2024, Summer 2024
This course is designed to provide students with the foundational math and programming skills required to be successful in the Master of Information and Cybersecurity (MICS) program. Upon completion of this course, students will be able to write programs in Python and will gain experience reading and interpreting C programs. Students will receive a comprehensive overview of algebraic principles and will explore quantitative concepts needed for cryptography. Additionally, this course will prepare students to apply logical thinking and decompose complex problems to create programmatic solutions. Programming Fundamentals for Cybersecurity: Read More [+]
Rules & Requirements
Prerequisites: MICS students only
Hours & Format
Fall and/or spring: 14 weeks - 3 hours of lecture per week
Summer: 14 weeks - 3 hours of lecture per week
Additional Details
Subject/Course Level: Cybersecurity/Graduate
Grading: Letter grade.
Formerly known as: Information and Cybersecurity W206
Terms offered: Spring 2025, Fall 2024, Summer 2024
Machine learning is a rapidly growing field at the intersection of computer science and statistics concerned with finding patterns in data. It is responsible for tremendous advances in technology, from personalized product recommendations to speech recognition in cell phones. This course provides a broad introduction to the key ideas in machine learning, with a focus on applications and concepts relevant to cybersecurity. The emphasis will be on intuition and practical examples rather than theoretical results, though some experience with probability, statistics, and linear algebra will be important. Applied Machine Learning for Cybersecurity: Read More [+]
Credit Restrictions: Students will receive no credit for CYBER W207 after completing CYBER 207. A deficient grade in CYBER W207 may be removed by taking CYBER 207.
Hours & Format
Fall and/or spring: 14 weeks - 3 hours of lecture per week
Summer: 14 weeks - 3 hours of lecture per week
Additional Details
Subject/Course Level: Cybersecurity/Graduate
Grading: Letter grade.
Formerly known as: Information and Cybersecurity W207
Terms offered: Spring 2025, Fall 2024, Summer 2024
Introduction to networking and security as applied to networks. Exercises cover network programming in a language of the student's choice, understanding and analyzing packet traces using tools like wireshark and mitmproxy, as well as applying security principles to analyze and determine network security. After this course, the student will have a fundamental understanding of networking, TLS and security as it applies to networked systems. Network Security: Read More [+]
Credit Restrictions: Students will receive no credit for CYBER W210 after completing CYBER 210. A deficient grade in CYBER W210 may be removed by taking CYBER 210.
Hours & Format
Fall and/or spring: 14 weeks - 3 hours of lecture per week
Summer: 14 weeks - 3 hours of lecture per week
Additional Details
Subject/Course Level: Cybersecurity/Graduate
Grading: Letter grade.
Formerly known as: Information and Cybersecurity W210
Terms offered: Spring 2025, Fall 2024, Summer 2024
This survey of operating system security compares approaches to security taken among several modern operating systems. The course will teach how to conceptualize design issues, principles, and good practices in securing systems in today’s increasingly diverse and complex computing ecosystem, which extends from things and personal devices to enterprises, with processing increasingly in the cloud. We will approach operating systems individually and then build on them so that students learn techniques for establishing trust across a set of interoperating systems. Operating System Security: Read More [+]
Credit Restrictions: Students will receive no credit for CYBER W211 after completing CYBER 211. A deficient grade in CYBER W211 may be removed by taking CYBER 211.
Hours & Format
Fall and/or spring: 14 weeks - 3 hours of lecture per week
Summer: 14 weeks - 3 hours of lecture per week
Additional Details
Subject/Course Level: Cybersecurity/Graduate
Grading: Letter grade.
Formerly known as: Information and Cybersecurity W211
Terms offered: Spring 2025, Fall 2024, Summer 2024
Security and privacy systems can be made more usable by designing them with the user in mind, from the ground up. In this course, you will learn many of the common pitfalls of designing usable privacy and security systems, techniques for designing more usable systems, and how to evaluate privacy and security systems for usability. Through this course, you will learn methods for designing software systems that are more secure because they minimize the potential for human error. Usable Privacy and Security: Read More [+]
Credit Restrictions: Students will receive no credit for CYBER W215 after completing CYBER 215. A deficient grade in CYBER W215 may be removed by taking CYBER 215.
Hours & Format
Fall and/or spring: 14 weeks - 3 hours of lecture per week
Summer: 14 weeks - 3 hours of lecture per week
Additional Details
Subject/Course Level: Cybersecurity/Graduate
Grading: Letter grade.
Formerly known as: Information and Cybersecurity W215
Terms offered: Spring 2025, Fall 2024, Summer 2024
This course offers valuable perspective for both the non-technical business manager and the technical cybersecurity or IT manager. It is the vital connector between the technical world of threats, vulnerabilities, and exploits, and the business world of board-level objectives, enterprise risk management, and organizational leadership. Now more than ever, managers have a need and responsibility to understand cyber risk. Just as financial risks and other operational risks have to be effectively managed within an organization, cyber risk has to be managed. It spans far beyond information technology, with broad implications in the areas of organizational behavior, financial risk modeling, legal issues, and executive leadership. Managing Cyber Risk: Read More [+]
Objectives & Outcomes
Student Learning Outcomes: Compare and employ approaches to cyber risk management and measurement.
Develop a basic cybersecurity strategic plan and understand how it aligns with the core business value of the company.
Navigate corporate structures to create a strong cyber security program and obtain senior leadership buy-in.
Understand security product verticals, identify common use cases for those products, and define requirements for acquiring solutions relevant to a business use case.
Understand the basic principles and best practices of responding to a cybersecurity incident
Credit Restrictions: Students will receive no credit for CYBER W220 after completing CYBER 220. A deficient grade in CYBER W220 may be removed by taking CYBER 220.
Hours & Format
Fall and/or spring: 14 weeks - 3 hours of lecture per week
Summer: 14 weeks - 3 hours of lecture per week
Additional Details
Subject/Course Level: Cybersecurity/Graduate
Grading: Letter grade.
Formerly known as: Information and Cybersecurity W220
Terms offered: Spring 2025, Fall 2024, Spring 2024
This course surveys privacy mechanisms applicable to systems engineering, with a particular focus on the inference threat arising due to advancements in artificial intelligence and machine learning. We will briefly discuss the history of privacy and compare two major examples of general legal frameworks for privacy from the United States and the European Union. We then survey three design frameworks of privacy that may be used to guide the design of privacy-aware information systems. Finally, we survey threat-specific technical privacy frameworks and discuss their applicability in different settings, including statistical privacy with randomized responses, anonymization techniques, semantic privacy models, and technical privacy mechanisms. Privacy Engineering: Read More [+]
Objectives & Outcomes
Student Learning Outcomes: Students should be able to implement such privacy paradigms, and embed them in information systems during the design process and the implementation phase.
Students should be familiar with the different technical paradigms of privacy that are applicable for systems engineering.
Students should develop critical thinking about the strengths and weaknesses of the different privacy paradigms.
Students should possess the ability to read literature in the field to stay updated about the state of the art.
Credit Restrictions: Students will receive no credit for CYBER W233 after completing CYBER 233. A deficient grade in CYBER W233 may be removed by taking CYBER 233.
Hours & Format
Fall and/or spring: 14 weeks - 3 hours of lecture per week
Summer: 14 weeks - 3 hours of lecture per week
Additional Details
Subject/Course Level: Cybersecurity/Graduate
Grading: Letter grade.
Formerly known as: Information and Cybersecurity W233
Terms offered: Spring 2025, Fall 2024, Summer 2024
Cybersecurity is a primary national security and public policy concern. The government, military and private sector have various roles and responsibilities with regard to the protection of the cyber domain. In this course, students critically evaluate these roles and responsibilities, the manner in which government networks, systems, and data are secured, and the ability of national and international cybersecurity strategies and partnerships to mitigate the security risks introduced by society’s increased reliance on information. New Domains of Competition: Cybersecurity and Public Policy: Read More [+]
Objectives & Outcomes
Course Objectives: Critically assess national and international cybersecurity strategies Describe and evaluate national and international public-private partnerships. Discuss the developments in the cyber domain and and its protection within the context of national security.
Identify lessons learned and recommend ways to improve national and international approaches to cybersecurity. Identify the roles and responsibilities of the military, government, and the private sector in cybersecurity. Utilize an evidence-based approach to analyze the security of government networks and systems and privacy of retained data.
Credit Restrictions: Students will receive no credit for CYBER W242 after completing CYBER 242. A deficient grade in CYBER W242 may be removed by taking CYBER 242.
Hours & Format
Fall and/or spring: 14 weeks - 3 hours of lecture per week
Summer: 14 weeks - 3 hours of lecture per week
Additional Details
Subject/Course Level: Cybersecurity/Graduate
Grading: Letter grade.
Formerly known as: Information and Cybersecurity W242
Terms offered: Spring 2025, Fall 2024, Summer 2024
This course will focus on understanding key areas within Security Operations from a management perspective. Upon completion of this course, students will understand implementation and maintenance best practices for security operations services such as incident response, internal investigations, security analysis, threat intelligence and digital forensics. Students will not only get hands-on experience within each discipline but will also understand how to recruit and train others within a security operations center or security team. Security Operations: Read More [+]
Objectives & Outcomes
Course Objectives: Demonstrate data analysis as it pertains to identifying and responding to cyber-attacks. Effectively apply knowledge in simulated real-world conditions to protect and defend complex networks and infrastructures, including in the cloud. Implement incident response and digital forensics techniques.
Terms offered: Spring 2025, Fall 2024, Summer 2024
Web applications play a vital role in every modern organization. If an organization does not properly test its web applications to identify security flaws, adversaries may be able to compromise these applications damaging functionality and accessing sensitive data. The focus of this course is on developing practical web application security testing skills required to assess a web application's security posture and convincingly demonstrate the business impact of discovered vulnerabilities, if exploited. The course includes both lectures and a variety of demonstrations and hands-on exercises in finding web application security vulnerabilities. During the course, students learn about assessment tools and methodologies. Web Application Security Assessment: Read More [+]
Objectives & Outcomes
Course Objectives: Develop skills in writing web application security assessment reports Discover and exploit key web application flaws Gain a good comprehension of web application security vulnerabilities Learn to apply a repeatable methodology to deliver enterprise-level web application security assessment Learn to explain potential impact of web application vulnerabilities
Terms offered: Spring 2025, Fall 2024, Spring 2024
This course provides students with real-world experience assisting politically vulnerable organizations and persons around the world to develop and implement sound cybersecurity practices. In the classroom, students study basic theories and practices of digital security, intricacies of protecting largely under-resourced organizations, and tools needed to manage risk in complex political, sociological, legal, and ethical contexts. In the clinic, students work in teams supervised by Clinic staff to provide direct cybersecurity assistance to civil society organizations. We emphasize pragmatic, workable solutions that take into account the unique needs of each partner organization. Public Interest Cybersecurity: The Cybersecurity Clinic Practicum: Read More [+]
Rules & Requirements
Prerequisites: MICS students only
Credit Restrictions: Students will receive no credit for CYBER W289 after completing CYBER 289. A deficient grade in CYBER W289 may be removed by taking CYBER 289.
Hours & Format
Fall and/or spring: 14 weeks - 3 hours of lecture per week
Summer: 14 weeks - 3 hours of lecture per week
Additional Details
Subject/Course Level: Cybersecurity/Graduate
Grading: Letter grade.
Formerly known as: Information and Cybersecurity W289
Terms offered: Spring 2025, Fall 2024, Summer 2024
This capstone course will cement skills and knowledge learned throughout the Master of Information and Cybersecurity program: core cybersecurity technical skills, understanding of the societal factors that impact the cybersecurity domain and how cybersecurity issues impact humans, and professional skills such as problem-solving, communication, influencing, collaboration, and group management – to prepare students for success in the field. The centerpiece is a semester-long group project in which teams of students propose and select a complex cybersecurity issue and apply multi-faceted analysis and problem-solving to identify, assess, and manage risk and deliver impact. Capstone: Read More [+]
Objectives & Outcomes
Student Learning Outcomes: Engage in a highly collaborative process of idea generation, information sharing, and feedback that replicates key aspects of managing cybersecurity in an organizational setting.
Learn or reinforce communication, influencing, and management skills.
Practice using multi-faceted problem-solving skills to address complex cybersecurity issues.
When you print this page, you are actually printing everything within the tabs on the page you are on: this may include all the Related Courses and Faculty, in addition to the Requirements or Overview. If you just want to print information on specific tabs, you're better off downloading a PDF of the page, opening it, and then selecting the pages you really want to print.
