Executive master's programme Cyber Security

    The academic executive master’s programme Cyber Security is multidisciplinary; the programme covers technological as well as legal, administrative, economic and psychological aspects of digital security.


    This programme is developed by Leiden University, Delft University of Technology and The Hague University of Applied Sciences and various private partners. Leiden University is responsible for the programme. The programme has been accredited by the Accreditation Organisation of the Netherlands and Flanders (NVAO).


    Starting date is subject to a sufficient number of participants.


    This programme information is subject to change.

    Sign up for an intake>

    Target group
    professionals with a relevant master’s degree from a university (of applied sciences) and several years of professional experience who wish to broaden or deepen their knowledge of cyber security.
    February 2020 (open for application)
    part-time, 18 months (excluding master’s thesis)
    EUR 26.650 (for the full programme, price start February 2019)
    Study load
    840 hours per year, 15-20 hours per week, of which seminars one to one and a half days a week (every Friday, Thursdays occasionally, not during school holidays) and 8 - 12 hours self study
    Language of instruction
    Beatrixkwartier in The Hague (HSD Campus).
    MSc from Leiden University.
    Curriculum overview

    Upon completing the programme, you:

    • understand the complexity and interdependencies in cyber space,
    • can contribute to solutions to cyber risks both from a technological and policy and administrative approach,
    • can relegate cyber threats to acceptable risks,
    • can build a bridge between largely technical and more administrative oriented professionals in organisations,
    • can translate technical and operational issues to a strategic level,
    • are capable of reflecting critically on new developments and results of research into cyber security,
    • can offer an independent contribution to such research.


    Programme structure

    The programme consists of four phases: conceptualisation, specialisation, electives and thesis.



    In the first phase you will get a general introduction into cyber security based on the bowtie model.




    • The first module (Introduction to cyberspace) explores the characteristics and complexities of cyberspace. This module also covers the impact of digitalisation and interconnectivity on vital infrastructures, the resulting opportunities and the related risks.
    • The second module (Cyber Risk Management) offers a closer look at the technological and non-technological opportunities, risks and threats of cyberspace, digitalisation and interconnectivity, e.g., by analysing a few high-impact cyber security incidents. You will also examine the concept of “acceptable risks” and will gain an overview of potential technical and organisational preventative and repressive measures.
    • You will finish the first semester with Cyber Risk and the Social Sciences, This module complements the second module and provides students with a broader understanding of risk as conceived in the social sciences and helps students understand the strengths and limitations of common risk management approaches.



    The second semester starts with the compulsory modules Legal Perspectives on Cyber Security (capita selecta on legal aspects) and Cyber Security Economics (on the relation between economic theory and practice and cyber security). 

    After thise compulsory module you choose a specialisation: 1. the technical track or 2. the governance track.


    Technical track

    The technical track offers three specialised modules.

    • The first module (Measures and Interventions) covers available repressive and preventative technical security techniques, such as data mining and cryptography.
    • The second module (ICT Systems) focuses on more detailed characteristics of ICT systems and will provide participants with a deeper knowledge of technical security threats (‘hacking’), risks and their impact.
    • In the final module (Case Studies in Cyber Security) you will apply what you have learnt to a case study for which you should design an appropriate technical security solution and implementation plan taking non-technical perspectives into account.


    Governance track

    The governance track offers three specialised modules.

    • The first module (Cyber Security Governance) focuses on the governance theories related to cyber security. Who bears responsibility for cyber security and how do governments handle this? Different visions on cyber threats are also covered, as well as the implications of cyberspace on interstate and intrastate relations.
    • In the second module (Regulating Security in Cyberspace) you will explore issues of regulation and (inter)national law, which are the result of the global presence and rise of cyberspace. Moral and legal issues and dilemmas of interconnectivity and social media are covered, and potential intervention strategies are highlighted.
    • The final module of this track is focused on Cyber Security Management in Organisations. The current developments in the field of cyber security force businesses and organisations to review their idea of cyber security, moving from fear, insecurity and doubt to added value. Participants will learn to analyse their organisation and will be equipped with basic knowledge and skills to contribute successfully to the transformation process of their organisation.



    In this phase, you can broaden or deepen basic knowledge of cyber security obtained in previous phases. Four electives are offered of which you can chose two. Examples of electives in the past years are  Actors & Behaviour in Cyberspace, Data Mining, Industrial Control Systems & Critical Infrastructures, and Cyber Crisis Management & Communication.

    The number of electives can vary, depending on the number of participants, their interests and background. The subjects of the electives can vary, depending on current issues. For several electives admission may depend on prior education and knowledge.



    You will conclude your executive master’s programme with a thesis. You will identify a complex issue or case from practice in the field of digital security. You will then individually research a partial aspect that connects to your prior knowledge and interests. You will include your insights and reflections in an academic final project.


    See for an elaborate description of the different modules the  website of  Leiden University.


    Extra-curricular activities

    During the whole programme 4 to 6 extra-curricular activities will be organised on specific cyber security themes(for instance cyber forensics, cyber terrorism, cyber crisis communication) and current cyber security issues (for instance new developments in cybercrime, open data and big data, law enforcement) in accordance with the multidisciplinary character of the programme


    Entry requirements 

    • A completed master’s degree from a university (of applied sciences) in a relevant discipline,
    • Adequate proficiency of the English language,
    • Several years of relevant professional experience.

    When applying for the intake you will provide copies of your diplomas and a brief motivation letter in English as well as a CV. 


    Non-EU or non-EER students: Please note that this is a part time programme; according to Dutch law you are not allowed to study part-time while holding a residence permit for study, so you will need a different residence permit (e.g. work) if you would like to follow the programme.


    Intake procedure

    Admission takes place on the basis of an intake procedure:


    • For registration for an intake interview please email  us your cv and motivation letter  in English via mcs@fgga.leidenuniv.nl

    • The intake committee will determine whether you meet all the entry requirements and whether you are admitted to the programme.
    • You will be invited for an intake interview. During this interview we will discuss mutual expectations.
    • Should you not meet all of the entry requirements, you will be set an assignment so that the committee can determine if you are required to make up any deficiencies, and if so which ones, before you start the programme.
    • After the committee has determined you are admitted to the master’s programme, you can register at Leiden University.