Skip to main content

eServices scheduled downtime, July 11–July 13 | Fall 2025 Registration window now open. | Undergraduate Final Deadline is July 28 for fall term
Metropolitan State University (Home)
Secure
Professor pointing at computer screen with students using wearables

Cyber Operations (MS)

College of Sciences / Computer Science and Cybersecurity
Graduate degree / Master of Science

About The Program

The Master of Science in Cyber Operations (MSCyOps) at Metro State University is a 36-credit, cohort-based graduate program designed to prepare students for advanced roles in both offensive and defensive cybersecurity. The program features a cutting-edge, hands-on curriculum that immerses students in real-world adversarial tactics, threat intelligence, and cyber incident response. Students develop practical expertise in key operational areas such as malware analysis, reverse engineering, penetration testing, cloud security, and industrial control systems (ICS)—all essential to securing today’s complex and interconnected environments. The interdisciplinary approach integrates technical training with legal, policy, and human factors, offering a comprehensive understanding of the broader cyber operations landscape. Emphasis on critical thinking, ethical decision-making, communication, and teamwork ensures graduates can lead effectively, convey complex technical information to diverse audiences, and respond decisively in high-stakes scenarios. Whether entering the field or advancing an existing career, graduates are equipped with the technical depth, strategic insight, and leadership skills to safeguard national security and critical infrastructure in a rapidly evolving threat environment.

Program highlights

  • Flexible hybrid format with evening and weekend classes tailored to working professionals
  • Cohort-based structure that builds lasting professional networks and collaborative learning
  • NSA-aligned curriculum based on Cyber Operations knowledge units and performance-based assessments
  • Advanced technical infrastructure, including access to IT/OT cyber ranges and cloud-based virtual labs for realistic operational training
  • Hands-on experience in offensive and defensive tactics, including threat hunting, vulnerability assessment, and exploit development
  • Instruction from expert faculty with extensive government and industry experience
  • Career-connected learning with access to internships, employer networks, and cybersecurity events
  • Community engagement through cybersecurity awareness and cyber hygiene outreach in local K–12 schools

Learn more about the BS in Cybersecurity Program.

Learn more about the accelerated combined (BS + MS) degree in Cybersecurity Operations.

Seals of the DoD Cyber Academic Engagement Office, National Security Agency, National Centers of Academic Excellence in Cybersecurity, and the Centers of Academic Excellence in Cybersecurity Community, with the CAE-CD and CAE-CO cyber defense and cyber operations submarks

Metro State University is Minnesota’s only institution recognized by the National Security Agency (NSA) with dual designations as a National Center of Academic Excellence in Cyber Defense (NCAE-CD) and Cyber Operations (NCAE-CO).

The Master of Science in Cyber Operations is aligned with the NCAE-CO designation. This elite recognition underscores the program’s focus on the operational side of cybersecurity—emphasizing advanced technical skills, adversarial thinking, and mission-oriented training beyond traditional cybersecurity practices. The NCAE-CO designation affirms that the program meets the nation’s most rigorous standards for preparing professionals to conduct complex cyber operations in support of national defense, critical infrastructure protection, and intelligence missions.

As an active participant in the national CAE community, Metro State continues to lead in cybersecurity workforce development, education, and public service—equipping graduates to protect the digital assets of government, industry, and society.

Student outcomes

After earning the MS in Cyber Operations, students will:

  • Analyze and emulate the tactics, techniques, and procedures (TTPs) of threat actors to identify attack vectors, anticipate threat behavior, and enhance cyber defenses through offensive-informed methodologies.
  • Formulate and recommend strategic cybersecurity plans and countermeasures, and effectively communicate through technical documentation, formal reports, and presentations tailored to both technical and non-technical stakeholders, while operating within legal, regulatory, and operational constraints.
  • Apply advanced techniques—including malware analysis, reverse engineering, and exploit analysis—to gather actionable threat intelligence, correlate multi-source data to confirm breaches, and determine attack scope, vectors, and targets.
  • Evaluate the security of cyber-physical systems and embedded technologies—including ICS/SCADA, IoT, wireless, and cellular networks—by identifying vulnerabilities, attack surfaces, and mitigation strategies within critical infrastructure and operational technology environments.
  • Design and execute incident response strategies for sophisticated cyber breaches, leveraging effective team dynamics to coordinate technical and organizational efforts that contain threats, mitigate impacts, and restore operations.
  • Identify, analyze, and synthesize scholarly and professional literature in cyber operations to inform strategic decisions and stay current with evolving technologies, threats, and methodologies.
  • Demonstrate ethical and legal responsibility in cyber operations, applying sound professional judgment to navigate dilemmas in areas such as offensive security, data handling, and dual-use technologies, while adhering to accepted norms, laws, and policies.

Program educational objectives

Within a few years of graduation, alumni of the Master of Science in Cyber Operations program are expected to:

  1. Lead cyber operations efforts by identifying adversarial tactics and developing proactive defense strategies against advanced threats.
  2. Design and communicate effective security solutions to technical and executive stakeholders using data-driven insights.
  3. Apply advanced techniques, such as malware analysis and reverse engineering, to detect, analyze, and respond to sophisticated cyber incidents.
  4. Engage in lifelong learning and professional development to stay current in the evolving field of cyber operations.
  5. Demonstrate ethical leadership and teamwork, upholding professional responsibility while contributing to collaborative security efforts.

Program oversight

MN Cyber icon: Train. Test. Detect. Protect.

Housed within the College of Sciences, the MN Cyber Institute is a statewide initiative dedicated to positioning Minnesota as a national leader in cybersecurity education and workforce development. The Institute advances this mission through strategic public-private partnerships, interdisciplinary research, and community engagement.

Program oversight is provided by the MN Cyber Advisory Board, a group of cybersecurity leaders from industry, government, and academia. The board ensures the program remains responsive to current and emerging threats, provides strategic guidance, and helps align the curriculum with real-world workforce demands.

As a program aligned with the NCAE-CO designation, MSCyOps is structured to meet rigorous national standards, including the NSA’s Knowledge Units (KUs) in cyber operations. This alignment ensures that students receive a technically advanced, mission-focused education grounded in nationally recognized competencies and operational relevance.

Career prospects

Cyber operations professionals are in high demand as governments, industries, and critical infrastructure providers face increasingly sophisticated cyber threats. According to the U.S. Bureau of Labor Statistics, employment for information security analysts is projected to grow by 33% over the next decade—well above the national average for all occupations. The median salary for cybersecurity professionals exceeds $124,000, with specialized roles in offensive and defensive cyber operations offering even greater earning potential. Entry-level positions such as cyber threat analysts and incident responders typically start between $80,000 and $92,000 annually.

With a master’s degree in cyber operations, there is virtually no limit to what graduates can achieve. Metro State MSCyOps alumni are equipped to pursue high-impact roles in the military, government, and private sectors, including positions at the NSA, Department of Defense (DoD), Navy Space and Naval Warfare Systems Command, and national laboratories such as Sandia National Laboratories and Pacific Northwest National Laboratory.

Graduates are well-prepared for a wide range of advanced and mission-critical positions, including:

  • Cyber Operations Specialist
  • Malware Analyst
  • Vulnerability Researcher
  • Penetration Tester
  • Security Architect
  • Reverse Engineer
  • Threat Intelligence Analyst

With an NSA-aligned curriculum, hands-on experience, and access to state-of-the-art cyber ranges, graduates of the MSCyOps program are uniquely positioned to lead complex cyber missions, respond to evolving threats, and safeguard national security interests across public and private sectors.

Paulette Jones Cybersecurity Graduate Student Scholarship

This $1,250 scholarship is sponsored by ECMC Group, a nonprofit corporation that focuses on helping students succeed.

This scholarship was created with the goal of supporting students in cybersecurity careers. This scholarship is for graduate students enrolling in their first term and taking at least six credits in the Cyber Operations MS program. Students must have a 3.0 GPA and be admitted to the program. Applications are due by August 1 for the fall term.

Advance Your Education and Career

How to enroll

Program eligibility requirements

Admission to the Master of Science in Cyber Operations (MSCyOps) program is based on a comprehensive evaluation of the applicant’s academic background, professional experience in computing and cybersecurity, competency statement, and letters of recommendation. Final admission decisions, as well as assessments of transfer course equivalency, are made by the Graduate Program Director.

Meeting the minimum requirements outlined below does not guarantee admission. All applicants are evaluated holistically based on their demonstrated potential for success in graduate study.

Minimum Admission Requirements:

  • Academic Background:
    A bachelor’s degree—preferably in Cybersecurity, Computer Science, Information Technology, or Computer Forensics—with a minimum cumulative GPA of 3.00 on a 4.00 scale.
    Note: GPA requirements may be waived on a case-by-case basis for applicants who demonstrate strong potential for academic success through other achievements or qualifications.
  • Competency Statement (3-5 pages):
    Applicants must submit a written statement addressing the following:
    • Their knowledge of and interest in cybersecurity, particularly the influence of human factors on personal use policies and monitoring.
    • Their ability to analyze and solve problems, distinguish between relevant and irrelevant information, and develop logical, effective solutions to individual and organizational challenges.
    • Their communication skills, including the ability to deliver clear and persuasive oral presentations, actively listen, clarify complex information, and promote open and effective exchange of ideas.
  • Letters of Recommendation:
    Two letters of recommendation from individuals (e.g., faculty members, supervisors) qualified to assess the applicant’s readiness for graduate-level study in Cyber Operations.

  • English Language Proficiency:
    Applicants must demonstrate proficiency in English by meeting one of the following criteria:

    • U.S. citizenship or permanent residency.
    • A completed bachelor’s, master’s, or doctoral degree from an English-speaking institution in the United States, Canada, the United Kingdom, Ireland, Australia, or New Zealand.
    • A TOEFL score of at least 80 (internet-based) or 550 (paper-based), achieved within 24 months of the intended enrollment date.
    • An IELTS score of 6.5 or higher, earned within 24 months of the intended enrollment date.
    • Further details about other available tests and exemptions can be found at International Student Services graduate student admissions.

Additional Requirements for Applicants with Non-Technical Undergraduate Degrees:

Applicants holding a bachelor's degree in a non-technical field may still be considered for admission if they meet the following criteria:

  • Completion of undergraduate-level courses in Discrete Mathematics and Statistics, each with a minimum grade of B.
  • Successful completion of undergraduate coursework in Cybersecurity (minimum grade of B), and demonstrated proficiency in:
    • Python and C Programming
    • Assembly Language
    • PowerShell
    • Basic Data Structures and Algorithms
    • Systems Administration
    • Computer Networking
    • Linux Fundamentals
  • A minimum of one year of verifiable professional experience in the information technology or cybersecurity field.

Exceptional cases may be considered based on the overall strength of the applicant’s portfolio.

Application instructions

Metro State University is participating in the common application for graduate programs (GradCAS). Applications are only accepted via the CAS website.

CAS steps

  1. Select the term for which you are seeking admission (below), and navigate to the CAS website. Open applications include:
  2. Create or log in to your account and select the Cyber Operations (MS) program.
  3. Carefully review all instructions and complete all four sections of the application.

Specific application requirements for individual programs can be found on each program page in CAS. Carefully read the instructions that appear throughout the application pages. You can only submit your application once. If you need to update information you have submitted, please notify graduate.studies@metrostate.edu

Application fee

A nonrefundable $38 fee is required for each application.
Applications will not be processed until this fee is received.

Active-duty military, veterans, and Metro State alumni can receive an application fee waiver. Contact graduate.studies@metrostate.edu.

Courses and Requirements

SKIP TO COURSE REQUIREMENTS

Guidelines for completing the Cyber Operations MS Program

The Master of Science in Cyber Operations (MSCyOps) is a cohort-based graduate program emphasizing advanced technical training, ethical frameworks, and applied research in cybersecurity. Students move through the program as a unified group, following a fixed sequence of courses with no electives—each course is a required component of the degree. This structure fosters collaboration, continuity, and a shared learning experience.

Program Requirements

The MSCyOps program comprises 36 credits of graduate coursework, distributed as follows:

  • 29 credits in cyber operations and related technical subjects
  • 4 credits in risk assessment, cybersecurity law, policy, and ethics
  • 3 credits dedicated to the capstone experience, distributed across multiple semesters of the program

Capstone Experience

The capstone spans multiple semesters and serves as the culminating academic requirement of the program. Students must enroll in capstone courses throughout the cohort sequence—typically one credit per designated semester (Fall, Spring, Fall). The capstone requirement may be fulfilled through one of the following pathways:

  • Practical Research Project:
    Students complete a hands-on research or applied project, submit a formal written report for evaluation by a graduate committee, and present and defend their work in an oral examination during the final semester.
  • Advanced Industry Certification (Alternative Option):
    In lieu of a research project, students may fulfill the capstone requirement by earning an approved advanced industry certification such as CISSP, CASP+, or OSCP, subject to approval by the Graduate Program Director.

Regardless of the selected pathway, all students must participate in a set of common capstone activities and requirements during the first semester of the program. These shared experiences establish a foundation for the capstone process and include training in research methods, professional communication, and project planning.

Academic Standards

To maintain good academic standing, students must:

  • Hold a minimum cumulative GPA of 3.0
  • Achieve a grade of B or higher in all graduate courses

Advising and Course Planning

Students are encouraged to meet regularly with the Graduate Program Director to understand course sequencing, program expectations, and academic milestones.

Prerequisite Knowledge and Skills

Given the program’s technical rigor and accelerated pace, incoming students are expected to possess core competencies in the following areas:

  • Python and C programming
  • Assembly language
  • PowerShell scripting
  • Data structures and algorithms
  • Systems administration
  • Computer networking
  • Linux fundamentals

Students lacking proficiency in these areas should complete preparatory coursework or equivalent training before beginning the program to ensure their readiness for success.

Program Requirements (36 credits)

The 36-credit, cohort-based graduate program is structured across four semesters, as outlined below:

+ Fall Semester (Cohort Inauguration): 9 credits

Understanding the Operating Systems (OS) theory and the OS security concepts is required to perform critical roles in the cybersecurity and cyber operations fields. This course exposes the students to topics of the OS theory with an emphasis on security applications. The course begins with an introduction of low-level programming, including Assembly and C. It continues with the basic Unix-like operating system Application Programming Interfaces (APIs) along with the fundamentals of OS concepts.

Full course description for Secure System Programming and OS Theory

Cyber operations encompass both offensive and defensive security strategies, requiring a deep understanding of network security, system vulnerabilities, and operational tactics. This course provides a comprehensive foundation in cyber operations, focusing on security principles, network architecture, protocol analysis, and strategic cyber engagements. Students will analyze fundamental cybersecurity principles and evaluate how failures in security design lead to system vulnerabilities that can be exploited in offensive cyber operations. The course covers network traffic analysis, TCP/IP protocols, and cyber operations phases, including planning, execution, authority considerations, and post-operation assessment. Students will design defensive network architectures with multi-layered security controls, ensuring mission security objectives are met. Additionally, the course examines the balance between usability and security, addressing human behavior risks that undermine system security…

Full course description for Cyber Operations Fundamentals

The Cyber Operations Capstone Project is a culminating experience where students synthesize, apply, and critically evaluate cybersecurity concepts in a real-world context. Throughout the graduate program, students identify, formulate, and develop their capstone projects, producing a comprehensive, scholarly, and professional-level research project that reflects their advanced knowledge and technical expertise. This capstone follows a phased approach, where students solidify their project scope and research methodology in the initial phase and design, develop, and implement their solutions in the final phase. The project emphasizes evidence-based decision-making, integration of industry best practices, and rigorous academic research to address complex cybersecurity challenges. Students will critically analyze and synthesize relevant scholarly and professional literature, ensuring their work contributes meaningfully to the field of cyber operations. The capstone experience culminates in…

Full course description for Cyber Operations Capstone Project

+ Spring Semester: 9 credits

This course covers advanced topics of digital forensics procedures, legal issues, and scientific principles. The course addresses the current and new issues in digital forensics by offering various topics such as windows, smart phones, memory, network forensics, Macintosh forensics, and updated and expanded coverage on legal issues. Moreover, the students will learn how to report their findings to present them to the court using the state-of-the-art tools in digital forensics.

Full course description for Digital Forensics I

This course covers how to conduct successful digital forensic examinations in Windows, Linux, and Mac OS, the methodologies used, key technical concepts, and the tools needed to perform examinations. The required technical details of how each operating system works and how to find artifacts is also covered. Topics like File systems, data recovery, memory forensics, executable layouts are discussed in details. Moreover, Hands-On Network Forensics that starts with the core concepts within network forensics, including coding, networking, forensics tools, and methodologies for forensic investigations are covered.

Full course description for Digital Forensics II

The increasing interconnectedness of digital systems and the rapid evolution of malicious software (malware) pose significant threats to individuals, businesses, and critical infrastructure. As cyber threats grow more sophisticated, the ability to analyze, dissect, and reverse-engineer malware is essential for threat intelligence, incident response, and cybersecurity defense. This course provides an in-depth exploration of malware analysis and reverse engineering methodologies, equipping students with the technical skills to investigate, understand, and mitigate malicious software. Students will analyze the characteristics, propagation methods, and impact of various types of malware, assessing their persistence mechanisms and interaction with host systems and networks. Using modern forensic tools, students will apply advanced static and dynamic analysis techniques to deobfuscate and reverse-engineer malware samples. The course also covers attacker techniques designed to evade…

Full course description for Malware Analysis and Reverse Engineering

The Cyber Operations Capstone Project is a culminating experience where students synthesize, apply, and critically evaluate cybersecurity concepts in a real-world context. Throughout the graduate program, students identify, formulate, and develop their capstone projects, producing a comprehensive, scholarly, and professional-level research project that reflects their advanced knowledge and technical expertise. This capstone follows a phased approach, where students solidify their project scope and research methodology in the initial phase and design, develop, and implement their solutions in the final phase. The project emphasizes evidence-based decision-making, integration of industry best practices, and rigorous academic research to address complex cybersecurity challenges. Students will critically analyze and synthesize relevant scholarly and professional literature, ensuring their work contributes meaningfully to the field of cyber operations. The capstone experience culminates in…

Full course description for Cyber Operations Capstone Project

+ Summer Semester: 9 credits

Vulnerability analysis and its connection to exploit development are core skills for one involved in cyber operations. This course covers vulnerability discovery and exploitation. The focus is to understand the pattern of vulnerabilities and attacks to allow students to experience protection, risk mitigation, and identify vulnerabilities in new contexts. Topics will include buffer overflows, privilege escalation attacks, input validation issues, vulnerability discovery (fuzzing and crash dump analysis), exploit development, and mitigations (e.g., DEP, ASLR, ¿).

Full course description for Vulnerability Discovery and Exploitation

This course covers cryptography from both theoretical and practical perspective. The course provides details about advanced cryptography and its applications in the cybersecurity world. Students will learn various cryptographic algorithms and protocols and their relationships from both attack and defense perspectives. Various cryptographic tools to secure contemporary networks will be discussed as well. Students should be able to use advanced cryptographic algorithms based on elliptic curve cryptography.

Full course description for Applied Cryptography

In an era of sophisticated cyber threats, organizations rely on proactive threat intelligence and hunting strategies to defend against advanced network intrusions and data breaches. This course equips students with the knowledge and practical skills to collect, analyze, and apply Cyber Threat Intelligence (CTI) at tactical, operational, and strategic levels to enhance cyber threat-hunting operations and defensive cybersecurity mechanisms. Students will evaluate cyber threat intelligence frameworks, including MITRE ATT&CK, to identify adversary tactics, techniques, and procedures (TTPs) and detect advanced cyber threats. The course covers correlating Indicators of Compromise (IoCs) from multiple intelligence sources, including Open-Source Intelligence (OSINT), to strengthen proactive threat detection and response. Emphasis is placed on implementing intelligence-sharing frameworks and protocols to facilitate active cyber defense through threat-hunting and coordinated threat mitigation…

Full course description for Cyber Threat Hunting and Intelligence

Virtualization technology has rapidly expanded to become a core feature of various components of enterprise environments. It allows efficient use of physical IT infrastructure by sharing its capabilities among many users or environments. Virtualization is also an integral element to cloud computing and key technology in cybersecurity. Cloud computing provides organizations the ability to create and use IT services efficiently and rapidly without spending capital resources upfront. This course will discuss the capabilities and limitations of modern approaches to virtualization and the variety, complexity, and capabilities of modern cloud platforms and cloud security. The course will include hands-on lab exercises using leading Cloud infrastructure providers (ex. Amazon Web Services and Microsoft Azure). The course will review the applied concepts and techniques with end-to-end Cloud security architecture with real-world case studies using Web/Mobile based applications, and Internet…

Full course description for Virtualization and Cloud Security

+ Fall Semester (Cohort Adjournment): 9 credits

As wireless and mobile technologies continue to evolve, they play an increasingly critical role in global communications, cybersecurity, and cyber operations. This course provides an in-depth exploration of cellular and wireless network architectures, emphasizing their security features, vulnerabilities, and risk mitigation strategies. Students will analyze the core architectures and security mechanisms of various generations of cellular networks, assessing operational differences and security challenges unique to wireless environments. The course covers modern encryption standards, authentication protocols, and access control policies, equipping students with the skills to design and implement secure wireless networks. Additionally, students will assess security protocols used in wireless communications to ensure authentication, data integrity, and confidentiality. Through hands-on exercises, students will investigate and mitigate threats to wireless and mobile networks, identifying…

Full course description for Securing Wireless and Mobile Technologies

This course provides a comprehensive exploration of Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems, which serve as the backbone of critical infrastructure across manufacturing, energy, transportation, and utility sectors. Students will develop an in-depth understanding of ICS/SCADA architectures, their operational environments, and the evolving cybersecurity threats targeting these systems. The course examines the vulnerabilities inherent in industrial automation, the complexities of embedded systems, and the security frameworks designed to mitigate attacks. Through hands-on exercises, case studies, and industry-standard tools, students will gain practical experience in securing and assessing ICS environments.

Full course description for Industrial Control Systems Security and Resilience

The Cyber Operations Capstone Project is a culminating experience where students synthesize, apply, and critically evaluate cybersecurity concepts in a real-world context. Throughout the graduate program, students identify, formulate, and develop their capstone projects, producing a comprehensive, scholarly, and professional-level research project that reflects their advanced knowledge and technical expertise. This capstone follows a phased approach, where students solidify their project scope and research methodology in the initial phase and design, develop, and implement their solutions in the final phase. The project emphasizes evidence-based decision-making, integration of industry best practices, and rigorous academic research to address complex cybersecurity challenges. Students will critically analyze and synthesize relevant scholarly and professional literature, ensuring their work contributes meaningfully to the field of cyber operations. The capstone experience culminates in…

Full course description for Cyber Operations Capstone Project

Any IT development project contains significant risks. However, keeping the status quo is also risky in rapidly changing technological and competitive environments. This course is designed to familiarize the student with risk analysis concepts derived from many sources including financial, actuarial and statistical studies, insurance and risk analysis, software quality assurance methodologies, management and audit trails and many others. Student will learn to assess the risk in an information systems portfolio and develop strategies for managing the many risk types discussed: Prerequisites: MIS 600.

Full course description for Risk Analysis in Information Technology

With Information Technology playing an ever greater role in organizations, and the widespread availability of technology with the ability to collect and create information on everyone, many new ethical issues have been created. This course will frame many current ethic issues in IT and help the student develop methods of analyzing and dealing with these issues in real world situations. Topics may include issues such as privacy, copyright and intellectual property, employee monitoring approaches, multinational information flows, corporate intelligence and others. Hacking, computer security, viruses and other acts of destruction will be reviewed from an ethical perspective.

Full course description for Cyber Ethics