A graduate-level information security project should make a timely, original contribution to an ongoing problem...
or debate in the field. The best cybersecurity thesis topics will therefore explore issues of current importance to the broader infosec community, ideally with some degree of both academic and practical utility. Topics should be timely -- grounded in current research, challenges and discourse -- and have relevance that promises to extend beyond immediate publication. A security analysis of an electronic voting application, for example, would likely generate both current and long-term interest within the IT community.
Rather than trying to find the ideal subject immediately, however, avoid analysis paralysis by drafting a working list of possible cybersecurity thesis topics, which you can then explore, research and refine as you continue to gather information. To start brainstorming, review recent course materials, academic papers and media articles to see what themes and patterns catch your attention. Certain topics, like security awareness training and testing, are of both perennial and growing interest. Others, such as biometrics and AI, are still emerging.
"If I were working on a thesis right now, I'd focus on the use of AI in security tools," said Andrew Froehlich, president of analyst firm West Gate Networks. In particular, he suggested exploring AI's ability to review multiple security information streams and form analytical opinions on difficult-to-solve data security issues.
"Another great topic is the concept of fully autonomous security tools that use AI to not only find a root cause, but also have the intelligence to automate the remediation of a security event," Froehlich added.
Håkon Olsen, security engineer and founder of cybersecurity firm Cybehave, weighed in on cybersecurity thesis topics in a recent forum on Quora, where he suggested tackling the subject of identity management.
"Investigate how to maximize security within each user's threshold for usability impact," Olsen wrote, adding that most users don't use two-factor authentication when it's available. "How much security can we inspire them to 'turn on' for a service?"
The evolving position of the CISO provides yet another rich and timely subject area: What is the scope of the CISO's role, relative to both IT and lines of business, and how has it changed? What are predictors of CISO success? How do turnover rates in CISO positions compare with those in other C-level positions? What are the CISO's responsibilities following a security breach? The list continues.
Still another resource for ideas, leads and inspiration is Cybersecurity Canon, a Palo Alto Networks project started in 2013 by then-CSO Rick Howard. Modeled after the baseball and rock-and-roll halls of fame, the Cybersecurity Canon committee recognizes a variety of must-read books for their timely and significant contributions to the infosec field. The group itself consists of security executives, analysts, consultants and practitioners.
Finally, students should think about their professional goals and consider how the right cybersecurity thesis topics could eventually help them land their dream jobs. Some projects might provide the opportunity to acquire deeper expertise in a given subject area, for example, or the chance to gain meaningful, proven experience using a particular toolset or coding language. Ask yourself how you might use this project to not just complete your degree, but also to advance your career. This line of thinking can also help identify potential cybersecurity thesis topics you find particularly interesting -- a prerequisite for a project of this magnitude.
Dig Deeper on Information security certifications, training and jobs
Related Q&A from Alissa Irei
Sockets, ports and port numbers have functional overlap, but the terms are distinct. A socket is part of a port, while a port number is part of a ... Continue Reading
Is there a difference between a wireless access point vs. a router? Yes -- while the two wireless devices are related, they meet different needs in a... Continue Reading
SDN and NFV are siblings but not twins -- while they have a lot in common, they aren't identical. Here's what you need to know about their ... Continue Reading