New Specialisation:
Strategic Cybersecurity

Organisations face increasing cybersecurity challenges. Strategic Cybersecurity is a crucial asset that combines theoretical and managerial skills to address these effectively and efficiently. The University of St.Gallen's Master in Computer Science is an ideal environment to specialise in Strategic Cybersecurity, because of its strength in fostering integrative thought and its profile that fuses computer science with business topics.

Apply to the Master in Computer Science by 30th April 2025 and specialise in Strategic Cybersecurity! By joining the programme in Autumn 2025 you will be eligible to enter the Strategic Cybersecurity specialisation when it launches in Autumn 2026!

apply here

The purpose of the Strategic Cybersecurity specialisation is to prepare graduates who can design, evaluate, and manage secure systems—while understanding the broader strategic, organisational, and societal implications of cybersecurity.

Intersecting the technical perspectives of a computer scientist with business acumen creates a well-rounded, versatile, and highly-demanded  educational profile. With this background, our alumni can take on a variety of roles (see career prospects, below), and fill a market need that becomes more and more relevant: Bridging a strong technology-based view on cybersecurity with the business reality faced by organisations. The former includes the theoretical and practical knowledge of a fully-fledged computer scientist. The latter includes political and regulatory requirements, organisational behaviour and culture, incident management, crisis communication, multi-stakeholder perspective, organisational finance, and many other topics that rely on foundations in business and law. This integrative view on cybersecurity in organisations is particularly relevant, because lacking managerial support for cybersecurity and organisational understanding of cybersecurity leads to potentially catastrophic outcomes. Pushing a cybersecurity agenda as a priority for the top management is crucial, because of the potential implications for the business: Focusing only on product development, sales, and operational efficiency, may leave an organization vulnerable to cyberattacks that may put the organisation out of business. Yet, a decision in the cybersecurity strategy should be taken with a business perspective in mind, to ensure that it is sustainable for the organization and that it achieves a cost-effective level of protection.

Furthermore, the integrative organisational perspective of strategic cybersecurity fosters an embedding of security across organisations. Security can thus be addressed with a complex systems perspective that reaches beyond technology. People, strategy, and policy are examples of organisational sub-systems that are highly relevant to security and risk management. Integrating these perspectives adequately with the technological sub-system yields more comprehensive and therefore effective security.

The learning objectives of the specialisation in Strategic Cybersecurity extend the learning objectives of the MCS in three areas:

• Theoretical Foundations: Understand and apply theoretical instruments across the mathematical foundations of security, cryptography, and software/system verification.
• Technological Skills: Design and practically implement secure software and systems based on operating system, network, and database security, secure coding, usable security, SecDevOps.
• Organisational Skills: Have awareness for and the skills to integrate organisational considerations across topics in-cluding management, policies, regulations, privacy, incidence response, and governance.

Our educational profile for the specialisation in Strategic Cybersecurity equips students with a highly versatile and well-positioned range of career opportunities across industries. This blend of theoretical foundations, technical skills and organisational insight is highly sought after and our alumni may pursue careers in roles such as the following:

• Technical Security Roles: Focusing on the theoretical and technological aspects of the educational profile, our alumni may pursue careers as security engineers (design and implementation of secure systems), cryptographers, security analysts, or penetration testers / ethical hackers. Understanding of organizations and managerial considerations complement the technical aspect of such roles, increasing the value of contributions to organisations based on employees' improved ability in their organisational decision-making (business acumen)
• Strategic and Managerial Security Roles: Leveraging both deep technical knowledge and organizational skills, our alumni may position themselves as security architects (develop and oversee security architecture and system-wide risk controls), cybersecurity consultants (advising organisations on e.g., security strate-gies, policy alignment, risk management), information security specialists (security strategy, compliance and incident management) with a mid-term perspective of becoming a Chief Information Security Officer (CISO), security risk managers.
• Research and Development Roles: Those with particular interest in the theoretical aspects of security and wishing to advance the field may pursue a role as a cybersecurity researcher (in academia, governments, or private organisations' R&D labs). These alumni can also continue their education by pursuing a Ph.D. on a cybersecurity topic and may also remain in academia (in roles incl. research asso-ciate, lecturer, or professor).
• Cross-disciplinary, Policy-oriented Roles: Our alumni may choose to leverage the versatility of their educational profile at the intersection between the technical perspective on cybersecurity and the understanding of law, policy, and management perspectives. Roles in which they may excel include data protection specialists (ensure privacy controls and compliance with regulations such as GDPR, HIPPA), cybersecurity policy analysts (shaping cybersecurity policy, legislation, standards and international regulations), or incident response coordinators (e.g., managing and overseeing post-breach response, forensics, reporting).