MSc Information Security @UCL

As the next programme director of UCL’s MSc in Information Security, I have quickly realized that showcasing a group’s educational and teaching activities is no trivial task.

As academics, we learn over the years to make our research “accessible” to our funders, media outlets, blogs, and the likes. We are asked by the REF to explain why our research outputs should be considered world-leading and outstanding in their impacts. As security, privacy, and cryptography researchers, we repeatedly test our ability to talk to lawyers, bankers, entrepreneurs, and policy makers.

But how do you do good outreach when it comes to postgraduate education? Well, that’s a long-standing controversy. The Economist recently dedicated a long report on tertiary education and also discussed misaligned incentives in strategic decisions involving admissions, marketing, and rankings. Personally, I am particularly interested in exploring ways one can (attempt to) explain the value and relevance of a specialist masters programme in information security. What outlets can we rely on and how do we effectively engage, at the same time, current undergraduate students, young engineers, experienced professionals, and aspiring researchers? How can we shed light on our vision & mission to educate and train future information security experts?

So, together with my colleagues of UCL’s Information Security Group, I started toying with the idea of organizing events — both in the digital and the analog “world” — that could provide a better understanding of both our research and teaching activities. And I realized that, while difficult at first and certainly time-consuming, this is a noble, crucial, and exciting endeavor that deserves a broad discussion.


Information Security: Trends and Challenges

Thanks to the great work of Steve Marchant, Sean Taylor, and Samantha Webb (now known as the “S3 team” :-)), on March 31st, we held what I hope is the first of many MSc ISec Open Day events. We asked two of our friends in industry — Alec Muffet (Facebook Security Evangelist) and Dr Richard Gold (Lead Security Analyst at Digital Shadows and former Cisco cloud web security expert) — and two of  our colleagues — Prof. Angela Sasse and Dr David Clark — to give short, provocative talks about what they believe trends and challenges in Information Security are. In fact, we even gave it a catchy name to the event: Information Security: Trends and Challenges.

Angela told us about why people don’t follow security advice (tl;dr it’s not always their fault!), Alec about the “normalisation of the subversive” and encouraged us to keep doing work that is deemed useless and outright controversial as history will prove us right. Then David explained how sometimes the “good guys are the bad guys” and gave a bird-eye overview of the malware ecosystem. The talks concluded with Richard, who told us how we should reason about security “beyond the perimeter” and never take the eye off the ball as lots of security principles we learn are easily bypassed with improper threat modeling.


There was some very interesting discussion, both during the panel and in the following reception (thanks UCL-CS and S3 for the organization!), and I am very happy about the format, the turnout, and the significance of this experiment, so I am looking forward to more of such events. Thanks again to everyone who organized, talked, and participated.


MSc Information Security Overview

During the event, I also gave a short presentation to overview our programme.

Why study Information Security at UCL?

That’s an easy question! 🙂

UCL (est. 1826) was the first English institution to welcome students of any race, class or religion, and female students on equal terms with men. Today it is a globally leading university with 29 Nobel Prize Winners and 3 Field Medalists. The Computer Science Department hosts 80 faculty and 300+ researchers, is recognized as Academic Centre of Excellence in Cyber Security Research, and hosts the Science of Security Institute, not to mention that it was ranked #1 in the recent REF.

UCL MSc ISec is a pool of renowned academics conducting world-leading, high-impact research on all aspects of information security, ranging from network and computer security to cryptography, human-centered security, privacy, and cyber crime.

Here’s our faculty:

Even if they are not teaching in the programme at the moment, the Information Security Group is extremely lucky to include:

  • Jens Groth: research in cryptography and zero-knowledge proofs
  • Sarah Meiklejohn: research in cryptography and crypto currencies
  • David Pym: research in security economics, policy, logic, access control

What do we teach?

The programme has four compulsory modules:

Then, the students choose four optional modules, typically from the following options:

However, students can choose up to two (out of the four optional) modules from other programs as well (e.g., Requirements Engineering and Software Architecture, Validation and Verification, Understanding Usability and Use, Human Computer Interaction, Communications and Networks, Entrepreneurship, etc.).

The programme also includes a thesis involving an independent piece of research (typically yielding a 50+ report), which can also be complete while working alongside a company.

Extracurricular Activities

We also organize:

Who can apply?

While you can find more details here, we are typically looking for applicants with a computer science, engineering, or maths background. A successful student will have the ability to understand basic theory, understanding of algorithms and programming, good English language skills, and, most importantly, an interest in Information Security!

More information and Social Media Presence

Relevant Contacts:

Relevant Links:



Leave a Reply

Your email address will not be published. Required fields are marked *