Cyber, Universiteit Leiden, Leiden University, TU Delft, Delft University of Technology, Executive, Technical, Governance
Edu type:
Formal education
Den Haag
Master (EQF 7)
Start date:
Study Load:
2700 hrs
18 months
More information


Executive master's programme Cyber Security

The academic executive master’s programme Cyber Security is multidisciplinary; the programme covers technological as well as legal, administrative, economic and psychological aspects of digital security.


This programme is developed by Leiden University, Delft University of Technology and The Hague University of Applied Sciences and various private partners. Leiden University is responsible for the programme. The programme has been accredited by the Accreditation Organisation of the Netherlands and Flanders (NVAO).


Starting date is subject to a sufficient number of participants.


This programme information is subject to change.

Sign up for an intake


Target group
professionals with a relevant master’s degree from a university (of applied sciences) and several years of professional experience who wish to broaden or deepen their knowledge of cyber security.
February 2020 (open for application)
part-time, 18 months (excluding master’s thesis)
EUR 26.650 (start February 2019)
Study load
840 hours per year, 15-20 hours per week, of which seminars one to one and a half days a week (every Friday, Thursdays occasionally, not during school holidays) and 8 - 12 hours self study
Language of instruction
Beatrixkwartier in The Hague (HSD Campus).
MSc from Leiden University.
Curriculum overview

Upon completing the programme, you:

  • understand the complexity and interdependencies in cyber space,
  • can contribute to solutions to cyber risks both from a technological and policy and administrative approach,
  • can relegate cyber threats to acceptable risks,
  • can build a bridge between largely technical and more administrative oriented professionals in organisations,
  • can translate technical and operational issues to a strategic level,
  • are capable of reflecting critically on new developments and results of research into cyber security,
  • can offer an independent contribution to such research.


Programme structure

The programme consists of four phases: conceptualisation, specialisation, electives and thesis.



In the first phase you will get a general introduction into cyber security based on the bowtie model.


 Bowtie model website

  • The first module (Introduction to cyberspace) explores the characteristics and complexities of cyberspace. This module also covers the impact of digitalisation and interconnectivity on vital infrastructures, the resulting opportunities and the related risks.
  • The second module (Cyber Risk Assessment) offers a closer look at the technological and non-technological opportunities, risks and threats of cyberspace, digitalisation and interconnectivity, e.g., by analysing a few high-impact cyber security incidents. You will also examine the concept of “acceptable risks”.
  • During the final module of this phase (Cyber Risk Mitigation) you will gain an overview of potential technical and organisational preventative and repressive measures.



The second semester starts with two compulsory modules. First, you follow the compulsory module Legal Perspectives on Cyber Security. Then, following your background, either the compulsory module Social Science Perspectives on Cyber Security (capita selecta of social sciences) or Technological Perspectives on Cyber Security (a survey of technical aspects of cyber security) for cross-over knowledge. After this compulsory module you choose a specialisation: 1. the technical track or 2. the governance track.


Technical track

For participants with a scientific background the technical track offers three specialised modules.

  • The first module (ICT Systems) focuses on more detailed characteristics of ICT systems and will provide participants with a deeper knowledge of technical security threats (‘hacking’), risks and their impact.
  • The second module (Measures and Interventions) covers available repressive and preventative technical security techniques, such as data mining and cryptography.
  • In the final module (Case Studies in Cyber Security) you will apply what you have learnt to a case study for which you should design an appropriate technical security solution and implementation plan taking non-technical perspectives into account.


Governance track

The governance track offers three specialised modules.

  • The first module (Cyber Security Governance) focuses on the governance theories related to cyber security. Who bears responsibility for cyber security and how do governments handle this? Different visions on cyber threats are also covered, as well as the implications of cyberspace on interstate and intrastate relations.
  • In the second module (Regulating Security in Cyberspace) you will explore issues of regulation and (inter)national law, which are the result of the global presence and rise of cyberspace. Moral and legal issues and dilemmas of interconnectivity and social media are covered, and potential intervention strategies are highlighted.
  • The final module of this track is focused on Cyber Security Management in Organisations. The current developments in the field of cyber security force businesses and organisations to review their idea of cyber security, moving from fear, insecurity and doubt to added value. Participants will learn to analyse their organisation and will be equipped with basic knowledge and skills to contribute successfully to the transformation process of their organisation.



In this phase, you can broaden or deepen basic knowledge of cyber security obtained in previous phases. Four electives are offered of which you can chose two. Examples of electives are Actors & Behaviour in Cyberspace, Data Mining, Industrial Control Systems & Critical Infrastructures, and Cyber Security Economics & Insurance.

The number of electives can vary, depending on the number of participants, their interests and background. The subjects of the electives can vary, depending on current issues. For several electives admission may depend on prior education and knowledge.



You will conclude your executive master’s programme with a thesis. Together with your fellow participants, you will identify a complex issue or case from practice in the field of digital security. You will then individually research a partial aspect that connects to your prior knowledge and interests. You will include your insights and reflections in an academic final project.


See for an elaborate description of the different modules the  website of  Leiden University.


Extra-curricular activities

During the whole programme 4 to 6 extra-curricular activities will be organised on specific cyber security themes(for instance cyber forensics, cyber terrorism, cyber crisis communication) and current cyber security issues (for instance new developments in cybercrime, open data and big data, law enforcement) in accordance with the multidisciplinary character of the programme


Entry requirements 

  • A completed master’s degree from a university (of applied sciences) in a relevant discipline,
  • Adequate proficiency of the English language,
  • Several years of relevant professional experience.

When applying for the intake you will provide copies of your diplomas and a brief motivation letter in English as well as a CV. 


Intake procedure

Admission takes place on the basis of an intake procedure:


  • You can apply via the intake form. This form is submitted together with the required attachments. 
  • The intake committee will determine whether you meet all the entry requirements and whether you are admitted to the programme.
  • You will be invited for an intake interview. During this interview we will discuss mutual expectations.
  • Should you not meet all of the entry requirements, you will be set an assignment so that the committee can determine if you are required to make up any deficiencies, and if so which ones, before you start the programme.
  • After the committee has determined you are admitted to the master’s programme, you can register at Leiden University.


In addition to the information above 

In May 2018, dcypher made an analysis of the curriculum of the Executive Master Cyber Security at the Cyber Security Academy. The curriculum at that time was comprised of technology (33%), organisation (33%) and human & behaviour (33%). More details of the analysis can be found on the website of dcypher.