Engineer the Future of Information Security
This advanced curriculum combines information security, systems engineering and information networking to prepare graduates who are ready to meet tomorrow’s security threats.
Through the Master of Science in Information Security (MSIS), you can develop technical strength in security and systems engineering, with applied experiences that sustain long-term career success. The MSIS was founded in 2003, one of the first graduate programs in the United States dedicated to information security. Its interdisciplinary curriculum is designed to address the evolving landscape of security, privacy and risk.
The MSIS program is nationally recognized for its excellence. It is the cornerstone of two of Carnegie Mellon’s designations as a National Center for Academic Excellence in Cybersecurity (NCAE-C) for both Cyber Operations and Cyber Defense.
Scholarship for Service
25+ Years of SFS
We are proud to have participated in the National Science Foundation's CyberCorps Scholarship for Service (SFS) since 2001. This competitive federal scholarship program supports aspiring cybersecurity professionals passionate about national security.
In addition to graduating 250+ SFS alumni, two INI alumni have been inducted into the SFS Hall of Fame: Elizabeth Schweinsberg, right (2025) and Samuel Edoho-Eket, left (2024).
Outcomes
Internship
Students gain real-world experience by interning at government agencies, major companies and startups.
Top Companies: White Knight Labs; Amazon; Microsoft
Top Role: Cybersecurity InternMedium Hourly Wage: $40
First-Destination Career
New graduates go on to hold positions in industry, government and academia.
Top Companies: Amazon; IBM; Lawrence Livermore National Laboratory
Top Roles: Software Engineer; Security Engineer; Cryptography ResearcherAverage Salary: $144,214
Long-Term Career
MSIS alumni become trusted leaders across the technology industry and government.
Currently, MSIS alumni serve as:
- Senior Vice President of Security at PNC
- Senior Technical Advisor at the United States Department of Health and Human Services
- Head of Security Infrastructure at Stripe
Specialize Your Curriculum
The majority of the curriculum focuses on core courses in information security, systems engineering and information networking, in addition to interdisciplinary courses in risk management and academic and professional development.
You can specialize your curriculum through program electives that make up roughly one-third of your required courses. These electives can be fulfilled by courses at the INI like Introduction to Machine Learning with Adversaries in Mind or Mobile and IoT Security, or through top-ranked departments across Carnegie Mellon. You can also further specialize by pursuing one of the below certificates.
Learning Outcomes
- Demonstrate advanced knowledge of information security principles and challenges in networks and software systems
- Perform risk assessment and management of secure infrastructure development, acquisition and evolution
- Apply information security concepts to the design and implementation of networked, software and distributed systems technologies
- Evaluate trade-offs involving security, policy, business, economic and management principles in network and software systems
Certificates and Tracks
Cyber Defense Specialization
The Cyber Defense Specialization provides MSIS and MSAIE-IS students with a structured pathway to a focused set of skills that are highly relevant to careers in cybersecurity. Learn more
Cyber Operations Specialization
Cyber operations (Cyber Ops) is a specialization of information security that is in high demand within areas of the government and military, including the National Security Agency (NSA). MSIS students are able to earn the Cyber Ops certification as part of their degree pathway without taking additional coursework. Learn More
Cyber Forensics and Incident Response Track (CyFIR)
The CyFIR track prepares students in information security and digital investigations through a skill-based curriculum using state-of-the-art software. The CyFIR track is available to all 麻豆村 students and results in a CyFIR certificate issued by the Carnegie Mellon Software Engineering CERT Division. Learn More
Explore Select MSIS Courses
14-642: Introduction to Embedded Systems Taught by Dr. Patrick Tague
This practical, hands-on course introduces students to the basic building-blocks and the underlying scientific principles of embedded systems. The course covers both the hardware and software aspects of embedded procesor architectures, along with operating system fundamentals, such as virtual memory, concurrency, task scheduling and synchronization. Through a series of laboratory projects involving state-of-the-art processors, students will learn to understand implementation details and to write assembly-language and C programs that implement core embedded OS functionality. And to write language that control/debug features such as timers, interrupts, serial communications, flash memory, device drivers and other components used in typical embedded applications.
14-760: Advanced Real-World Data Networks Taught by Dr. Pedro Bustamante
Building upon an understanding of networking fundamentals, this course studies advanced concepts of telecommunications networks. This course explores the design and implementation of the network architecture and management services that compose modern and emerging network infrastructure. Topics include network configurations (DHCP, NAT, IPv6, routing, and forwarding), network emulation and simulation, network modeling and measurements, virtual networks, data center networks, wireless communications (including satellite, modern wireless at small- and -large scale, mesh, etc.), Software-Defined Networks, Network Function Virtualization, etc. In successfully completing this course, students will have the opportunity to design, deploy, and configure network devices in real-world (simulated) scenarios. In addition, students will have the opportunity to develop and code custom network applications to better analyze network protocols.
14-735: Secure Coding Taught by Dr. Hanan Hibshi
This course will enable students to understand how software coding defects lead to software vulnerabilities, develop secure software and manage teams that develop secure software. This course provides a detailed explanation of common programming errors in C and C++ and describes how these errors can lead to code that is vulnerable to exploitation. The course covers secure software development tools and processes while focusing on low-level technical security issues intrinsic to the C and C++ programming languages and associated libraries. The course relies on "learning-by-doing", where students practice hands-on sophisticated secure coding concepts through continuous debugging and creative approaches. Many aspects of the assignments mimic the challenges developers face in a real-world software system. Some assignments will introduce students to a programming language that they might have never seen before such as JavaScript and Rust.