The University of Pennsylvania School of Engineering and Applied Science (Penn Engineering) has announced a new master’s degree program that responds to a defining challenge of modern software engineering: Systems have grown so complex, and the threat landscape so demanding, that organizations need dedicated experts who can design strong defenses into a system’s very architecture.

The Master of Science in Engineering in Software Systems and Cybersecurity (MSE-SSC) prepares engineers for exactly that role. Integrating advanced training in software systems and cybersecurity into a single, rigorous degree, the program is offered in both online and residential formats and equips graduates to build and defend the systems that power modern life, from cloud infrastructure and financial networks to electronic medical records.

“The MSE-SSC reflects Penn Engineering’s commitment to addressing real-world challenges at the technology infrastructure level,” said Boon Thau Loo, the RCA Professor in Computer and Information Science (CIS) and Senior Associate Dean for Graduate Education and Global Initiatives in Penn Engineering. “By integrating software systems and cybersecurity, this program prepares engineers not just for technical roles, but for the strategic leadership required to protect the digital foundations of our global economy.”

The program is co-directed by Michael Hicks, the Cecilia Fitler Moore Professor in CIS, director of the Schlein Center for Cybersecurity, and an Amazon Scholar; and Andreas Haeberlen, a professor of CIS, who has received two honors for teaching, Penn Engineering’s Ford Motor Company Award for Faculty Advising and Penn’s Lindback Award for Distinguished Teaching.

“This program helps students move beyond surface-level understanding to develop a deep, foundational knowledge of both systems and security,” said Dr. Hicks. “You’re not just learning how to respond to threats, you’re learning how to build secure systems from the ground up.”

Too often, cybersecurity is treated as a downstream concern, something to be addressed after systems are built and deployed. The MSE-SSC emphasizes a different approach, elevating systems thinking and security-by-design.

“Security isn’t something you wrap around a finished product–it’s something you design into the system from the start,” said Dr. Haeberlen. “Today’s engineers are working against motivated, resourceful adversaries who are constantly developing novel attacks. Designing effective defenses against them requires the deep expertise offered by the MSE-SSC program, which is far more than typical programs in computer science or cybersecurity alone can provide.”

The job market for engineers with combined expertise in software systems and cybersecurity continues to expand. According to the U.S. Bureau of Labor Statistics, employment of information security analysts is projected to grow at a substantially faster rate than other occupations over the next decade, resulting in about 16,000 job openings per year, on average.

As AI-driven technologies and large-scale digital infrastructure become more deeply embedded in everyday systems, the attack surface of these systems expands, increasing the risk that small design flaws and implementation mistakes can snowball into serious security failures. Yet few graduate programs are structured to prepare engineers for the hybrid role of blending software systems and cybersecurity.

The MSE-SSC addresses this gap, serving professionals working in compliance or operations roles as well as engineers who are seeking to design large-scale, secure systems with real-world impact. The program will prepare graduates for roles such as security engineer, incident response specialist, cybersecurity architect, cybersecurity consultant, and secure software or systems engineer across industries including technology, finance, healthcare, defense, and critical infrastructure.

Designed for engineers at various career stages, the MSE-SSC supports both research-focused students pursuing advanced academic and technical depth and working professionals seeking flexible, applied training to deepen their expertise and advance their careers.

The availability of both online and residential formats allows students to pursue advanced training while balancing professional and personal commitments. “We designed this program for people who want to elevate their careers,” said Dr. Hicks. “The MSE-SSC prepares you to design, defend, and lead with the confidence of a Penn Engineer.”

The program is supported by Penn Engineering’s Schlein Center for Cybersecurity—located in Amy Gutmann Hall, Penn’s hub for AI and data science—which focuses on developing science- and engineering-based solutions informed by data and policy and on delivering practical, high-impact defenses for a safer digital world.

“We established the Schlein Center to bring together world-class faculty and practitioners to educate and enable the next generation of cyber talent,” said Ted Schlein, C’86, the center’s namesake and a leading venture capitalist, cybersecurity expert and Penn Trustee. “This program will engage some of the best and brightest students in the country and equip them to build and protect our most critical infrastructure.”

The widespread adoption of generative AI tools has only made security-by-design, and those trained to apply it, more essential. “Generative AI tools are remarkably capable,” said Dr. Hicks. “But they can only help you build a secure system, not do it for you; they can’t reason about how all the pieces fit together and the sometimes subtle interactions between them, which is where vulnerabilities often emerge. Meanwhile, these same tools may help attackers find new vulnerabilities. In short: Deep security expertise is more needed than ever.”

Through partnerships with Penn Engineering’s ASSET Center for Trustworthy AI and the Schlein Center, the program connects students to cutting-edge research in AI-enhanced security tools and defenses and will continue to respond to emerging threats.

As software systems evolve, so do the threats they face. “This is a field that’s always changing,” said Dr. Haeberlen. “Every time a new defense is built, attackers find new ways to challenge it. The best engineers embrace that challenge, and the MSE-SSC program prepares them to do exactly that.”