Cyber Security (CSE)

Why study Cyber Security?

"There are over one million unfilled cyber security jobs in the world!!" (Forbes)

At EIT Digital we see cybersecurity as one of the cornerstones of creating a safe and inclusive digital society. The omnipresence of digital technology has made that cybersecurity has even become an essential ingredient in defending our democratic values, as this recent article in illustrates nicely.

Our Master School Programme Cyber Security has been developed to equip responsible cybersecurity specialists with the right knowledge and skills to be able to contribute to make the digital world a safer place.

The programme focuses on the study of the design, development and evaluation of secure computer systems, which are also capable of ensuring privacy for future ICT systems. The aim is to provide students with an understanding of the concepts and technologies for achieving confidentiality, integrity, authenticity, and privacy protection for information processed across networks.

Students will learn the fresh hot topics of the field including blockchain technologies, crypto currencies, practical (ethical) hacking, and quantum cryptography.

What are the career opportunities?

Graduates from the Cyber Security (CSE) master’s programme will qualify for jobs in international and local organisations in both technical and business roles. Typical titles are:

  • Cyber Security consultant
  • Security Analyst
  • Information Security Architect
  • Cyber Security Specialist
  • Computer forensics expert
  • Privacy-by-design consultant
  • Security Auditor

Cyber Security is also a burgeoning field for the design and development of new products and services. Graduates will easily find jobs within companies that provide value-added products and services, such as telecom companies, game companies, e-learning, web developers, and the entertainment industry.

Through their multidisciplinary attitude graduates are valuable in open innovation settings where different aspects (market, users, social aspects, media technologies) come together.

An entrepreneurial path is also open to those who seek to start their own company to provide product or technology development, media content, business development or consultancy services.

Why choose Cyber Security at EIT Digital?

The EIT Digital Cyber Security (CSE) Master’s degree offers:

  • Cutting edge technical content within the field of Cyber Security
  • Studies at two of Europe´s foremost technical universities leading to a double degree
  • A close integration with tailored business courses in Innovation and Entrepreneurship
  • A thesis work well grounded in industrial security and privacy problems
  • Access to the competence of eight EIT Digital innovation action lines, not least through a summer school between the two years.
  • Access to the co-location centres and innovation ecosystems of the EIT Digital nodes.

How is the programme structured?

All EIT Digital Master School programmes follow the same scheme:

  • Students study one year at an ‘entry’ university and one year at an ‘exit’ university in two of EIT Digital’s hot spots around Europe.
  • Upon completion, graduates receive degrees from the two universities and a certificate awarded by the European Institute of Innovation and Technology.
  • The first year is similar at all entry points with basic courses to lay the foundation for the chosen technical programme focus. Some elective courses may also be chosen. At the same time, students are introduced to business and management. During the second semester, a design project is combined with business development exercises. These teach how to turn technology into business and how to present a convincing business plan.
  • In between the first year and the second year, a summer school addresses business opportunities within a socially relevant theme.
  • The second year offers a specialisation and a graduation project. The gradation project includes an internship at a company or a research institute and results in a Master thesis with a strong innovation and entrepreneurship dimension.

To learn more about the structure of the programme, please click here.

To learn more about the I&E minor please click here.

Who can apply?

 Bachelor's degree holders in Computer Science and Information Technology as well as Mathematics, Statistics or Electrical Engineering, provided they demonstrate basic knowledge of programming and information technology.

Where can I study Cyber Security?

Entry - 1st year

  • University of Rennes 1 (UR1), France
  • University of Trento (UniTN), Italy
  • University of Turku (UTU), Turku, Finland
  • University of Twente (UT), The Netherlands

The first year is similar at all entry points with basic courses on Introduction to Computer Security, Network Security, System Security, Information Security Management, Cryptography and Privacy. In addition to that, some elective courses may be chosen to prepare for a specialisation.

An important part of the programme is the Innovation & Entrepreneurship (I&E) courses. The I&E basics course provides an introduction to business and management. The Business Development Lab extends media systems engineering projects by a market survey, a business model generation process, and a venture development exercise. The programme emphasises user driven innovation and holistic analysis of service, technology, organisation and financial perspectives, as new technologies are disruptive for existing business models and almost always have a significant impact on the culture and social relations. Society-relevant themes also are at the core of the summer schools, which bring students from the different entry points together.

Exit - 2nd year, specialisation

  • Advanced Cryptography at University of ELTE (ELTE), Budapest, Hungary
  • Applied Security at the University of Trento (UniTN), Italy
  • Cyber Security: High Tech, Human Touch at the University of Twente (UT), The Netherlands
  • Mobile and Cloud Security (EURECOM)
  • Security of Networked Systems at University of Turku (UTU), Finland
  • Software Security at University of Rennes 1 (UR1), France

What can I study at the entry and exit points?

Entry - 1st year, common courses

University of Rennes 1 (UR1)


  • Introduction to Security (semester 1 - 5 ECTS)
  • Software engineering and Security (semester 1 - 5 ECTS)
  • Operating Systems and Security (semester 1 - 5 ECTS)
  • Network Security (semester 1 - 5 ECTS)
  • Algorithmics for security (semester 2 - 5 ECTS)
  • Privacy (semester 2 - 5 ECTS)
  • System Security (semester 2 - 5 ECTS)
  • Software Security (semester 2 - 5 ECTS)


  • Introduction to Innovation and Business (semester 1 - 5 ECTS)
  • Knowledge and intangible assets management (semester 2 - 5 ECTS)
  • Business Development Laboratory 1 (semester 1 - 5 ECTS)
  • Business Development Laboratory 2 (semester 2 - 5 ECTS)
  • (EIT summer school, offered by EIT 4 ECTS)

University of Trento (UNITN)


* Security testing and Cyber Security Risk Assessment will swap semesters in 2017/2018.

Advanced and Eligible Courses

Innovation and Enterpreneurship Courses

University of Turku (UTU)


  • System and Application Security 5 ECTS
  • Network Infrastructure Technologies and Security 5 ECTS
  • Human Element in Information Security 5 ECTS
  • Management of Information System Security and IT Service Continuity 6 ECTS
  • Foundations of Cryptography 5 ECTS
  • Cryptography I 5 ECTS
  • Finnish for Foreigners 5 ECTS


  • Introduction to Innovation and Business 5 ECTS
  • Business Development Laboratory 7ECTS
  • Enterprise Architecture 6 ECTS
  • Business Management of Startups 3 ECTS
  • (EIT summer school, offered by EIT 4 ECTS)


Selected together with student from available courses during personal study planning.

University of Twente (UT)

11 mandatory subjects:

201500026 CRM: Cyber Risk Management 5 ECTS

201500027 Crp: Security and Cryptography 5 ECTS

201600051 SoS: Software Security 5 ECTS

191612680 CoE: Computer Ethics 5 ECTS

201700074 InS: Internet Security 5 ECTS

201500042 PET: Privacy-Enhancing Technologies 5 ECTS

201700086 SyS: System Security 5 ECTS

201700180 [I&E] Basics: Innovation and Entrepreneurial Finance EIT students 5 ECTS

201700119 [I&E] Business Development Lab I 5 ECTS

201700120 [I&E] Business Development Lab II 5 ECTS

*201400613 [I&E] EIT Summer School (external) 5 ECTS

One of the following elective I&E subjects:

201600155 [I&E] Global Strategy and Business Development 5 ECTS

194105070 [I&E] Information Systems for the Financial Services Industry 5 ECTS

201500008 [I&E] Empirical Methods for Designers 5 ECTS

One of the following elective Cybersecurity subjects:

201500028 EoS: Economics of Security 5 ECTS

192140122 SyV: System Validation 5 ECTS

201600070 MaL: Basic Machine Learning [only in combination with CDA] 5 ECTS

201500040 Bio: Introduction to Biometrics 5 ECTS

201500041 CSM: Cyber Security Management 5 ECTS

192130112 DiS: Distributed Systems [only in combination with BCT] 5 ECTS

201500036 STR: Software Testing and Reverse Engineering 5 ECTS

201700079 BCT: Blockchain & Distr. Ledger Tech. (req. DiS) [lim. avail.] 5 ECTS

201500039 SeV: Security Verification (req. SyV) 5 ECTS

201100022 CCS: Cyber Crime Science 5 ECTS

201500444 DiF: Digital Forensics 5 ECTS

201500037 CDA: Cyber Data Analytics (req. MaL) 5 ECTS

201500038 ELa: E-Law 5 ECTS

201700083 SSH: Security Services for Home Networks [lim. avail.] 5 ECTS

Exit - 2nd year, specialisation

Advanced Cryptography (ELTE)

Security and privacy are crucial issues for citizens and customers using IT-based systems. The specialisation focuses on the general ideas, techniques and methods of Applied Cryptography as well as on the theoretical background and solid knowledge, putting security in a wider context. Security and privacy are considered both from the technological and from the economical point of view, which supports decisions in many practical cases.

Applied cryptography serves as a base for most of the secure IT-systems (e.g. in Future Media and Content Delivery, Smart Spaces, Digital cities, Health and ICT-Mediated Human Activity, and Enabling the Internet of the Future).

Graduates are:

  • able to manage all the typical cryptographic challenges in IT-Systems,
  • able to develop cryptosystems under various circumstances,
  • aware of the theoretical and practical background, and
  • offered internships at our partner IT companies and research institutes.

Specialisation mandatory courses (24 ECTS):

  • Advanced cryptography (6 ECTS)
  • Cryptography and its applications (6 ECTS)
  • Cryptographic protocols (6 ECTS)
  • Economics of Security and Privacy (6 ECTS)

Specialisation electives:

  • Applied Cryptography Project Seminar (6 ECTS)

Programme coordinator: Prof Peter Sziklai:

Prof Peter SziklaiPeter Sziklai is Professor, Head of the Department of Computer Science at Eötvös Loránd University, Budapest , Research professor at the MTA-ELTE Geometric and Algebraic Combinatorics Research Group, Doctor of Science (D.Sc.) of the Hungarian Academy of Sciences, Head of the ELTECRYPT research group and also the coordinator of the EIT Digital Master School Cyber Security programme.



Applied Security (University of Trento)

In recent years, the most popular computing and communications platforms have changed dramatically from old desktops and personal computers to a myriad of new devices, often embedded and personal. New devices used not only to navigate the web, send email and write document but rather to support pervasively most of the activity users perform during their everyday life. This revolution has touched private, business and governmental domains (e.g., industry 4.0, Internet of Things, critical infrastructures, smartphones, smart cities, etc.). This in turn has created entire new ecosystems that include technical, social and economical factors.

The specialisation Applied Security focuses on addressing security and privacy for these new ecosystems trying a holistic approach that does not focus only on technical issues. It covers the technological aspects such as investigating and experimenting new class of threats and vulnerabilities that apply to these new systems or designing user authentication mechanisms for devices were passwords cannot be an option. It also covers the economic aspects that are crucial to understand attackers, their motivations and the best defense strategy (i.e., When is worth patching a vulnerability? Which vulnerability is worth patching? Are economic-related questions rather than technical-related ones).

Specialisation courses:

  • Multimedia Data Security (6 ECTS)
  • Offensive Technologies (12 ECTS)
  • Project course (6 ECTS)
  • Research course (12 ECTS)
  • Security Testing (6 ECTS)
  • Distributed systems 2 (6 ECTS)
  • Privacy and Intellectual Property Rights (6 ECTS)

The specialisation iis embedded in the Computer Science Master programme at the University of Trento. For more information (including scheduling and sample study plans), please click here.

Programme coordinator: Prof Fabio Massacci

Prof Dr Fabio MassacciProf Dr Fabio Massacci received a M.Eng. in 1993 and PhD in Computer Science and Engineering at University of Rome La Sapienza in 1998. He visited Cambridge University in 1996-97 and was visiting researcher at IRIT Toulouse in 2000. He joined the University of Siena as assistant professor in 1999, and in 2001 he became a full professor at the University of Trento. His research interests are in security requirements engineering and verification and load-time security for mobile and embedded systems (Security-by-Contract). He co-founded the ESSOS with W. Jousen, Engineering Secure Software and Systems Symposium, which aims at bringing together requirements, software engineers and security experts. He was leading the Empirical Security Requirements and Risk Engineering Challenge (ERISE). He has been a scientific coordinator of multimillion-euro EU projects on security compliance, security engineering and secure evolution.

Cyber Security: High Tech, Human Touch (University of Twente)

Although cryptography has been around for quite some time, emerging concepts such as “Bring Your Own Technology”, the “Internet of Everything”, or “Crypto Currencies”, that increasingly exploit mobility and personalisation, put new requirements on security technologies; think about the e-cigarette USB-charger that infects a big corporation with malware. Today’s high diversity of Internet-connected systems and services led to a substantial increase of (new) cyber-attacks in the past years.

Such Internet-connected systems can be found in almost every domain, including critical infrastructures (e.g., water supply), as well as in large-scale services (e.g., hospitals) and embedded systems (e.g., in-car control systems). Notably, many risks for such systems are not solely technical but use the human factor as a characteristic element (e.g., through social engineering).

Our specialisation looks at the many risks in the above-mentioned settings and provides mitigations that can be used at design time and at operation time, while taking into account the specific requirements of the various systems and the impact that risks might have. As a distinguishing element, we include the “human touch” in our attack analysis and mitigation techniques (e.g., replacing password-checks with biometric-verification or raising situational awareness to mitigate social engineering attacks).

Specialisation courses:

  • Secure Data Management (5 EC)
  • Introduction to Biometrics (5 EC)
  • Economics of Security (5 EC)
  • Cyber Security Management (5 EC)
  • System Validation (5 EC)
  • Security Verification (5 EC)
  • Fundamentals of Quantum Information (4 EC)
  • Quantum Cryptography (5 EC)
  • Computer Ethics (5 EC)

The University of Twente (UT) holds the title of the most entrepreneurial university in Europe. As such, it has an extremely large network in industry that includes around 700 university spin-offs (e.g., was founded by a UT alumni). This provides excellent opportunities to connect to industry and access to a multitude of internship offers.

For more information (including scheduling and sample study plans), please visit:

Programme coordinator: Dr Andreas Peter (

Dr Andreas PeterDr Andreas Peter is an assistant professor at the University of Twente (The Netherlands) and the local node-coordinator of the EIT Digital Cyber Security specialization in Twente on “Cyber Security: High Tech, Human Touch”. His own research focuses on both fundamental and applied security and privacy aspects in IT systems with a focus on privacy-enhancing technologies and cryptographic protocol design & analysis. He served on the programme committees of several workshops and conferences devoted to information security and privacy. Since 2015, he serves on the Editorial Board of the MDPI Open Access Journal on Cryptography and the SpringerOpen EURASIP Journal on Information Security.

Mobile and Cloud Security (EURECOM)

The specialisation Mobile and Cloud Security focuses on mobile systems and the security and privacy issues thereof, with a strong focus on android based smartphones and wireless protocols.


  • Design analysis tools to identify and evaluate weaknesses in mobile devices and applications
  • Develop practical protection mechanisms to ensure the safety of mobile devices and applications and Cloud systems
  • Develop the ability to effectively communicate results and solutions to stakeholders

Compulsory courses (8 ECTS)

  • Mobile Systems and Smartphone Security (5 ECTS)
  • Security and privacy for Big Data and Cloud (3 ECTS)

This course will discuss all relevant aspects related to mobile systems security. Mobile devices have revolutionised users’ lives, and more than two billions mobile devices have been sold to date. Unfortunately, these devices, their operating systems, and the applications running on them are affected by security and privacy concerns. This course will be hands-on and will cover topics such as the mobile ecosystem, the design and architecture of mobile operating systems, rooting and jailbreaking, application analysis, malware reverse engineering, malware detection, vulnerability assessment, automatic static and dynamic analysis, and exploitation and mitigation techniques. While this course will mostly focus on Google’s Android OS (its open nature makes it possible to have more interesting exercises and projects), it will also cover details about Apple’s iOS as well.

Successful students will acquire a solid foundation, for both the theoretical and technical aspects, to independently understand and critically think about topics related to mobile security systems. Students will be able to independently perform malware analysis, reverse engineering of closed-source apps, vulnerability assessments, and develop simple program analysis tools. Students will also have a chance to tamper with the internal of Android OS, so that they can develop and run custom versions of the OS on their devices.

Elective courses (10 ECTS)

  • Mobile Applications and Services (5 ECTS)
  • Mobile Communication Systems (5 ECTS)
  • Distributed Systems and Cloud Computing (5 ECTS)
  • Machine Learning and Intelligent System (5 ECTS)

I&E courses (6 ECTS)

  • I&E Study (6 ECTS)

Language course

French or another foreign language for French speakers (1 ECTS)

Semester project (6 ECTS)

Semester Projects are supervised by faculty professors and are based on real-case studies of industrial relevance. They combine a blend of theoretical and practical work such as developing new prototypes and tools, testing new technologies and assessing current systems and solutions. They provide students with hands-on skills by allowing them to put concepts into practice. Students can work individually or in group of 2 students. The expected workload is 120 hours of individual work per semester. Students are graded according to a written report and a defense at the end of each semester.

Example of recent past projects:

  • IoT Security and Privacy based on Blockchain
  • Implementing wireless attacks exercises
  • Security and Privacy for Internet of Things
  • Private Photo Sharing using Smartphones and WebDav Personal Clouds
  • Infection risks of a Samsung gear fit watch

Master thesis (30 ECTS)

EURECOM provides students with access to a huge database of Master’s thesis in partner companies. Examples of recent thesis topics and companies in the field of cyber security:

  • SAP: Cloud Accountability Enforcement Tool - Sophia antipolis, France
  • AMADEUS: Role Designer Tool for Amadeus Security Management application - Sophia Antipolis, France
  • ARM: Self-modifying code random generation - Sophia Antipolis, France
  • IABG: Wireless Channel-Simulation Testbed for Mobile Receivers in Airborne Environments - Munich, Germany

Administrative programme coordinator: Philippe Benassi (

Refik Molva (PhD Paul Sabatier University) is a Professor and Head of the Digital Security Department at EURECOM. He teaches courses on network security, applied cryptography, protocols and networking at EURECOM. He heads a Study Track in Digital Security. His major interests are applied cryptography and design of security protocols and privacy-preserving mechanisms for networks and distributed systems.

Yanick Fratantonio (PhD UC Santa Barbara) is an Assistant Professor in the department of Digital Security where he teaches Smartphones security. His research focuses on mobile systems security and privacy. In particular, his work aims at keeping users of mobile devices safe, and it spans different areas of mobile security, such as malware detection, vulnerability analysis, characterisation of emerging threats, and the development of novel practical protection mechanisms.

Aurélien Francillon (PhD INRIA/INP Grenoble) is an Assistant Professor within the Digital Security Department where he teaches system security. His principal research interest focuses on the security of embedded devices, from low-end microcontrollers to high-end smartphones. His research includes several topics such as software security, architecture support for security, wireless and wired network security and privacy.

Security of Networked Systems (University of Turku)

The specialisation Security of Networked Systems focuses on researching cyber security technologies for networked systems and applications of the communication-intensive future. The technological topics covered include system and network security, security of communication systems and applications, and designing secure systems.

The goal of this specialisation is to give its students profound and substantial education and expertise in the field.

Optional studies selected personally for each student build a special individual information security expertise profile. The curriculum consists of both theoretical and hands-on study modules. Also a large group project module called “Capstone project” can be included in the studies.

The graduates of this specialisation will have strong technological, theoretical and practical understanding in security of networked systems. With their new knowledge and skills the graduates can proceed to building a successful career in securing the information and communication technology in the industry.

Specialisation mandatory courses (15 ECTS):

  • Firewall and IPS Technology (5 ECTS)
  • Security Engineering (5 ECTS)
  • Protocol Processing and Security (5 ECTS)

Specialisation electives:

  • Communication Technologies and Security in IoT (5 ECTS)
  • Secure Sensor Network Systems (5 ECTS)
  • Capstone Project (in a cyber security topic) (15 ECTS)
  • Cryptography 2 (5 ECTS)
  • Algebraic Structures in Cryptography (5 ECTS)
  • Advanced Sensor Networking (5 ECTS)
  • Additional specialization courses may be available annually. Electives are chosen individually for each student when their personal study plan is made.

Programme coordinator: Dr Seppo Virtanen

Dr Seppo VirtanenDr Seppo Virtanen is an adjunct professor (docent) at University of Turku, Finland, where he also heads the Master’s Degree Programme in Information Security and Cryptography. Dr Virtanen received his MSc degree in electronics and information technology in 1998 and DSc (Tech.) degree in Communication Systems in 2004 from the University of Turku. He serves regularly as a programme committee member and referee for international journals and conferences. Currently the focus in his research is on information security issues in the communication and network technology domain, specifically focusing on design and methodological aspects of reliable and secure communication systems and secure communication for IoT. He has acted as the supervisor or the examiner of 5 PhD theses, 85 Master’s theses and 34 Bachelor’s theses.

Software Security (University of Rennes 1)

Although cryptography has solved many problems concerning the security of communication channel, the main challenges that cryptography tries to address nowadays concern the security of the computations. For instance, side-channel is a real issue on smart cards and embedded systems. Today these attacks have also been mounted on classical PC and more recently, cache attacks have also been devastating on smartphone. Moreover, the security of database access and symmetric searchable encryption show that applied cryptography has many practical applications and the software security is a real and important challenge.

The specialisation Sofware Security looks at the many risks in the above-mentioned settings and provides mitigations that can be used at design time and at operation time, while taking into account the specific requirements of the various systems and the impact that risks might have.

Specialisation courses:

  • Software Security (5 ECTS)
  • Vulnerabilities Studies (5 ECTS)
  • Security of embedded cryptographic implementations (5 ECTS)
  • Security Verification for Protocols (5 ECTS)
  • Security for Web Applications (5 ECTS)
  • Supervision for Security (5 ECTS)

The University of Rennes (UR1) is a partner of the Cyber Security Excellence hub (Pôle d’Excellence en Cybersécurité) a French national defense initiative. Click here for more information. The region also counts a very dense network of security industry. This provides excellent opportunities to connect to industry and access to a multitude of internship offers.

For more information (including scheduling and sample study plans), please visit: (work in progress)


Pr. Pierre-Alain FouquePr. Pierre-Alain Fouque is a Professor at the University of Rennes (France) and the local node-coordinator of the EIT Digital Cyber Security specialisation in Rennes on “Software Security”. His own research focuses on both cryptography and applied cryptography aspects in IT systems with a focus on cryptanalysis, side-channel attack and cryptographic protocol design & analysis. He served on the programme committees of several IACR conferences.

Interested? Learn more
about the application process

Any other questions? Click on the button 'Contact us to learn more!' on the top right-hand side of the page.

Are you interested to apply? Check out or application guidelines. Deadlines for a start in September 2018 are February 1 for non-EU citizens and April 15 EU/EEA/CH citizens.

Any questions about the technical content of the programme?

Contact the programme lead: Dr Viktoria Villanyi

© 2010-2018 EIT Digital IVZW. All rights reserved. Legal notice