Course list

In this course, you will examine security for computers and networked information systems. The focus is abstractions, principles, and defenses for implementing military and commercial-grade secure systems. Through this lens, you will explore security and survivability for computers and communications networks as well as policy issues such as the national debates on cryptography policy and the meaning of privacy. That journey will be informed by a survey of technical means for implementing the various properties that comprise "trustworthiness" in a computing system, including mechanisms for authorization and authentication along with cryptographic protocols.
  • May 6, 2026
  • Jun 17, 2026
  • Jul 29, 2026
  • Sep 9, 2026
  • Oct 21, 2026
  • Dec 2, 2026
  • Jan 13, 2027

Protocols for authenticating machines play an important role in systems security, and this course will focus on various aspects of this challenge. Using case studies of protocols that work and that have failed will help you to acquire the skill — and the skepticism — necessary to analyze and deploy authentication protocols successfully. In this course, you will investigate shared key and public key cryptography along with the trade-offs associated with these different types of keys. You will also examine some of the standard cryptographic building blocks and their use.

The following course is required to be completed before taking this course:

  • Systems Security
  • Apr 15, 2026
  • May 27, 2026
  • Jul 8, 2026
  • Aug 19, 2026
  • Sep 30, 2026
  • Nov 11, 2026
  • Dec 23, 2026

If an attacker can masquerade as an authorized user of a system, then many other defenses become irrelevant. This course addresses how a computing system can authenticate a human user, discussing implementations of mechanisms as well as their privacy implications. You will explore the protocols of passwords, biometrics, and tokens, along with their combination as multifactor authentication.

The following course is required to be completed before taking this course:

  • Systems Security

Additionally, you are required to have completed the following course or have equivalent experience:

  • Authenticating Machines
  • May 6, 2026
  • Jun 17, 2026
  • Jul 29, 2026
  • Sep 9, 2026
  • Oct 21, 2026
  • Dec 2, 2026
  • Jan 13, 2027

Access control mechanisms ensure that a user is able to read and/or update only certain objects. With discretionary access control, it is the creator of an object who decides which other users should have access. A broad set of mechanisms have been developed to enforce discretionary access control in a computing system. This course will survey the two approaches widely used in these mechanisms: access control lists and capabilities. Through the use of case studies, you will review the pragmatics of implementations in processor hardware, operating systems, and programming languages.

It is recommended to only take this course if you have completed “Systems Security,” “Authenticating Machines,” and “Authenticating Humans,” or have equivalent experience.

  • Apr 15, 2026
  • May 27, 2026
  • Jul 8, 2026
  • Aug 19, 2026
  • Sep 30, 2026
  • Nov 11, 2026
  • Dec 23, 2026

Sometimes the owner of an object is not, in fact, the one to determine who should get access to that object; rather, it is an institutional policy that dictates that decision. This form of access control is known as mandatory access control, and it is frequently used in business and military settings. In this course, you will review various forms of mandatory access control policies and their implementations, including multilevel security, commercial, and role-based access control schemes.

It is recommended to only take this course if you have completed “Systems Security,” “Authenticating Machines,” “Authenticating Humans,” and “Discretionary Access Control,” or have equivalent experience.

  • May 6, 2026
  • Jun 17, 2026
  • Jul 29, 2026
  • Sep 9, 2026
  • Oct 21, 2026
  • Dec 2, 2026
  • Jan 13, 2027

Vulnerable systems are made secure by employing enforcement mechanisms. Beyond enforcement mechanisms for authentication and for authorization, this course will explore the use of mechanisms for protecting the integrity of systems and, thus, preventing an attacker from circumventing controls. You will learn about the three primary classes of enforcement mechanisms — mediation/monitoring, isolation, and asymmetry — and discuss how they are deployed in systems today.

It is recommended to only take this course if you have completed “Systems Security,” “Authenticating Machines,” “Authenticating Humans,” “Discretionary Access Control,” and “Mandatory Access Control,” or have equivalent experience.

  • Apr 15, 2026
  • May 27, 2026
  • Jul 8, 2026
  • Aug 19, 2026
  • Sep 30, 2026
  • Nov 11, 2026
  • Dec 23, 2026

eCornell Online Workshops are live, interactive 3-hour learning experiences led by Cornell faculty experts. These premium short-format sessions focus on AI topics and are designed for busy professionals who want to gain immediately applicable skills and strategic perspectives. Workshops include faculty presentations, breakout discussions, and guided hands-on practice.

The AI Workshops All-Access Pass provides you with unlimited participation for 6 months from your date of purchase. Whether you choose to attend one workshop per month, or several per week, the All-Access Pass will allow you to customize your AI journey and stay on top of the latest AI trends.

Workshops cover a range of cutting-edge AI topics applicable across industries, hosted by Cornell faculty at the forefront of their fields. Whether you are just getting started with AI, seeking to build your AI skillset, or exploring advanced applications of AI, Workshops will provide you with an action-oriented learning experience for immediate application in your career. Sample Workshops include:

  • Work Smarter with AI Agents: Individual and Team Effectiveness
  • Leading AI Transformation: Bigger Than You Imagine, Harder Than You Expect
  • Using AI at Work: Practical Choices and Better Results
  • Search & Discoverability in the Era of AI
  • Don't Just Prompt AI - Govern it
  • AI-Powered Product Manager
  • Leverage AI and Human Connection to Lead through Uncertainty

Request
more Info
by completing the form below.

Act today—courses are filling fast.

By providing your contact information, you consent to receive communications from Cornell University, including with the use of automated technology.  You can opt out at any time.  By selecting the text box, you consent to Cornell texting you.  You confirm this phone number belongs to you.  Message and data rates may apply.  You can reply STOP to opt out of texts at any time. Full Terms | Privacy Policy

How It Works

Completing a program from eCornell really has allowed me to think outside the box at work. It gave me the confidence I needed to take a seat at that table and say I am ready.
‐ Kasey M.
Kasey M.

Frequently Asked Questions

Security incidents are no longer rare or isolated, and the professionals who can explain risk clearly, spot weaknesses early, and choose the right defenses are increasingly valuable across industries. Cornell’s Cybersecurity Certificate helps you build that kind of practical literacy so you can participate in security decisions with confidence, whether you work in IT, software, analytics, or an adjacent role.

In this certificate program, authored by faculty from the Cornell Bowers College of Computing and Information Science, you will develop a structured way of thinking about secure systems, starting with precise security terminology and threat modeling, then moving into authentication, access control, and enforcement strategies. Along the way, you will practice analyzing real security failures and trade-offs, including how trust is established, how keys and credentials are managed, and how security choices intersect with privacy and public policy.

Because learning sticks when you apply it, the Cybersecurity Certificate uses multi-part projects that build from one decision to the next, plus expert-facilitated discussion and feedback to help you connect core principles to situations you recognize at work.

If you want a rigorous foundation in secure-systems thinking, hands-on practice designing defenses you can explain and justify, and the ability to make better security decisions in real environments, you should choose Cornell's Cybersecurity Certificate.

Many online cybersecurity options focus on passive content consumption or tool-first tutorials. Cornell’s Cybersecurity Certificate is built around the underlying principles that let you evaluate any system, protocol, or control even as technologies change.

You learn in a small cohort with expert facilitation, so you are not left to interpret complex security ideas on your own. The experience blends short, focused lessons with interactive checks for understanding, moderated discussions, and multi-part projects where you design and critique security choices such as threat models, authentication protocols, and access control policies.

Cornell’s Cybersecurity Certificate also treats cybersecurity as more than configuration. You will examine why designs fail, how assumptions create vulnerabilities, what it means for a system to be trustworthy under attack, and how real-world constraints like usability, privacy, and economic incentives shape what defenses are viable.

The result is a learning experience that helps you build durable security judgment, not just vocabulary, within Cornell’s applied, expert-guided online model.

Enrolling in Cornell’s Cybersecurity Certificate also provides you with a 6-month All-Access Pass to eCornell's live online AI Workshops, interactive sessions led by world-class Cornell faculty that combine Ivy League insight with practical applications for busy professionals. Each 3-hour Workshop features structured instruction, guided practice, and real tools to build competitive AI capabilities, plus the opportunity to connect with a global cohort of growth-oriented peers. While AI Workshops are not required, they enhance certificate programs through:

  • Integrating AI perspectives across most curricula
  • Responding to emerging AI developments and trends
  • Offering direct engagement with Cornell faculty at the forefront of AI research

Cornell’s Cybersecurity Certificate is designed for professionals who want to understand how secure systems are designed, attacked, and defended, and who need a clear way to reason about security trade-offs. The program is a strong fit for:

  • IT and infrastructure professionals responsible for system reliability, identity, and access
  • Software engineers, developers, and programmers who want to build security into architecture and implementation decisions
  • Analysts and technical product or operations professionals who need to evaluate security controls and communicate risk
  • Cybersecurity professionals who want a deeper grounding in authentication, access control, and enforcement mechanisms

Learners tend to be most successful with familiarity in programming and computer operating systems, since Cornell’s Cybersecurity Certificate regularly connects security concepts to how real computing systems behave.

Project work in Cornell’s Cybersecurity Certificate is designed to help you apply security principles to realistic systems, make defensible design choices, and explain the trade-offs behind them. Past learners have completed projects such as:

  • Designing a financial services portal login that screens breached passwords, hashes with Argon2id plus salt (and optional pepper), and uses time-limited reset tokens with strong notification and session revocation
  • Building a password manager authorization model that combines role-based access with signed, object-scoped capabilities and a central policy engine that enforces ownership rules, step-up authentication, and audit-ready administrative workflows
  • Architecting an online voting system that issues privacy-preserving, single-use voting credentials and enforces casting, mixing, and tallying through narrowly scoped capabilities backed by cryptographic proofs and tamper-evident audit logs
  • Designing a DMV-style identity system that layers passwords, RFID badges, and device-backed tokens with carefully scoped biometric use, explicit fallback paths for false rejects, and clear opt-out alternatives that maintain equivalent security
  • Securing a school IT environment by applying multi-level security labels to sensitive records, enforcing no-read-up and no-write-down data flows, and issuing signed admin tokens that gateways validate with revocation controls

You will leave Cornell’s Cybersecurity Certificate with artifacts that reflect how security work happens in practice: defining the system, modeling threats, choosing goals, and selecting controls that can be justified to technical and non-technical stakeholders.

Cornell’s Cybersecurity Certificate builds the security judgment and applied design skills you can use to contribute more credibly to system reviews, identity and access decisions, and risk conversations.

After completing the Cybersecurity Certificate, you will be prepared to:

  • Analyze the security of computer and networked information systems
  • Identify cybersecurity goals and create a threat model for a system
  • Identify protocol errors and recognize when a protocol may be vulnerable to security attacks
  • Develop schemes for authenticating users
  • Design discretionary access control schemes
  • Design mandatory access control schemes

Students commonly report that Cornell’s Cybersecurity Certificate is confidence building and practical, helping them connect foundations like authentication, encryption, and data protection to real scenarios they recognize. They also highlight the structured learning path, clear modules, and applied projects that reinforce how to think like a security professional rather than memorize terms, plus high-quality lecture videos and study aids that make it easier to retain and reuse what you learn.

What truly sets eCornell apart is how our programs unlock genuine career transformation. Learners earn promotions to senior positions, enjoy meaningful salary growth, build valuable professional networks, and navigate successful career transitions.

Cornell’s Cybersecurity Certificate, which consists of 6 short courses, is designed to be completed in 5 months. Each course runs for 3 weeks, with a typical weekly time commitment of 5 to 8 hours.

Designed for working professionals, most work is completed asynchronously so you can log in when it works for you. Yet the schedule still has structure, including deadlines that keep you moving and interactive elements such as facilitated discussions and live sessions that help you test your understanding and learn from peers.

Because the learning is project centered, the time you invest translates into concrete practice designing and evaluating security controls, not just watching videos or completing auto-graded checks.

Students in Cornell’s Cybersecurity Certificate often describe the program as a practical, confidence-building way to understand modern security fundamentals and apply them to real workplace situations. They frequently highlight how the instruction connects core concepts like authentication, encryption, and data protection to scenarios they can recognize, and how the course design helps them steadily build skills through clear modules, strong examples, and applied projects.

Students commonly mention:

  • Clear explanations of cybersecurity foundations like authentication, encryption, and protecting data across digital systems
  • Real-world analogies and scenario-based assignments that make security concepts easier to apply on the job
  • A structured learning path that progressively introduces security topics in a logical sequence
  • Practical projects that reinforce how to think like a security professional, not just memorize terms
  • High-quality lecture videos paired with detailed slides, transcripts, and study aids for review and retention
  • Flexible pacing that works well for full-time professionals and busy schedules
  • A user-friendly online platform that makes it easy to find materials, track progress, and pick up where you left off
  • Knowledgeable, responsive facilitators who provide helpful feedback and support
  • A focused, efficient format that delivers meaningful learning in a relatively short timeframe
  • Content that feels directly relevant to roles in IT, information systems, healthcare, and other security-adjacent fields

Cybersecurity work often sits at the intersection of software behavior, networks, and human decision making, so the program is designed to be conceptually rigorous and technically grounded. In Cornell’s Cybersecurity Certificate, you will work with security models and mechanisms such as threat models, authentication protocols, access control policies, and enforcement strategies.

While no coding or programming is required for Cornell's Cybersecurity Certificate, you will be most successful if you’re comfortable with basic programming concepts and how operating systems and networked systems function. That foundation helps you follow protocol notation, reason about attacks like replay or man-in-the-middle, and evaluate implementation trade-offs in areas like password storage, key distribution, and isolation.

Even with prior experience, Cornell’s Cybersecurity Certificate can sharpen how you explain security clearly and make design choices that are defensible under realistic attacker assumptions.

The learning experience in Cornell’s Cybersecurity Certificate is designed to connect foundational security ideas to realistic system decisions. You will apply concepts through multi-part projects where you select a system or scenario, define security goals, model threats, and then choose and justify defenses.

Across the Cybersecurity Certificate, you will work with real mechanisms and trade-offs you see in practice, such as designing password authentication that resists online and offline guessing, evaluating multifactor approaches that include tokens and biometrics, and choosing between different access control models based on organizational needs.

You will also analyze why security breaks, using case studies of protocols and implementations that have succeeded and failed, which helps you develop the skepticism and clarity needed for real-world security reviews.

Strong security depends on how controls work together, not on any single mechanism in isolation. Cornell’s Cybersecurity Certificate is structured to help you connect the full chain from defining what “trustworthy” means for a system, to modeling threats, to selecting controls for authentication, authorization, and enforcement.

You will learn how machine authentication protocols can fail under realistic attacker capabilities, how human authentication choices affect usability and privacy, and how authorization models like discretionary and mandatory access control change what users and software are allowed to do. You’ll also explore enforcement strategies, including monitoring, rewriting, and isolation, and practice deciding which strategies can or cannot enforce a given policy.

By the end of Cornell’s Cybersecurity Certificate program, you will be better equipped to review a system end-to-end and explain why a particular combination of controls fits the threats and the organization’s goals.

Explore Related Programs