Graham School News

MScTRM Concentration in Cyber Risk Management Trains Students to Manage Trouble in Today’s Cyber World

Philip Baker

In a world increasingly connected and dependent on electronic networks of digital information, the cost and risk of cyber threats, both for private corporations and for national security, have never been greater. Despite the rising scope of the threat, the number of professionals trained and prepared to manage the complex landscape of cyber risk today continues to lag. 

The University of Chicago’s Master of Science in Threat and Response Management (MScTRM) cyber risk management concentration serves to give workers across the public and private sectors a broad-based education in the varieties of risk that exist today as well as the cutting-edge tools and strategies used to counter them.

“This is a unique program that fills a niche because there’s a shortage of people who can do this sort of work,” said Bruce McConnell, a member of the concentration’s Advisory Board and executive vice president of the EastWest Institute. “It involves being able to think while straddling multiple disciplines and applying those various toolsets to the complicated world we live in.”


“This is a unique program that fills a niche because there’s a shortage of people who can do this sort of work. It involves being able to think while straddling multiple disciplines and applying those various toolsets to the complicated world we live in.” —Bruce McConnell, Executive Vice President of the EastWest Institute


With no other master’s program in the risk and threat management area currently offering a specific concentration in cybersecurity, graduates from the MScTRM program are set to become leaders in a field that impacts every corner of contemporary life.

“It’s still true that there are two kinds of companies—those that have been hacked and those that know they’ve been hacked,” said McConnell, who led the International Y2K Cooperation Center for the United Nations and the World Bank. “For the ones that know they’ve been hacked, they’re looking to hire the people they need. For the rest of them, they’ll be playing catch up. There’s still a lot of unmet demand.”

Whether it is a small town or a public utility, a mid-sized company or a university, institutions of all sizes are scrambling to find managers who understand the tools and techniques used in digital risk mitigation and who can translate those strategies across the isolated silos that make up the worlds of business and government today.

“We need people who can understand enough tech so they can be taken seriously by the tech people, but who also understand business or government well enough to be taken seriously by those people,” said Anita Nikolich, an Advisory Board member who served as program director for cybersecurity at the National Science Foundation (NSF). “There’s a translation role to be played here and someone who goes through this program, especially a non-technical person, is well-suited to play it, because they’ll emerge being able to understand both sides.”


“There’s a translation role to be played here and someone who goes through this program, especially a non-technical person, is well-suited to play it, because they’ll emerge being able to understand both sides.” —Anita Nikolich, Program Director for Cybersecurity at the National Science Foundation


Leaders across the fields of healthcare, higher education, finance, and government will graduate with the operational expertise required for proactively assessing and managing cyber risk.

As applicable to first responders looking to advance in their careers as to professionals moving into upper-level management, the degree’s curriculum is rooted in real-world case studies that will give students the breadth of experience and knowledge required to identify, as Bruce McConnell describes, the “supply chain of trouble” relevant to their sector. 

“The things we’re talking about go far beyond understanding what a firewall is or how to set up a router,” said Sherri Ramsay, a member of the Advisory Board and former director of the National Security Agency/Central Security Service Threat Operations Center (NTOC). “We’re literally talking about leading and managing and making decisions in a digital environment where there are challenges every single day. That’s what students will take from a concentration like this. Everyone could benefit from these skills.”

In the end, while the coursework will expose students to a broad range of digital risk management tools, the program’s purpose is to give students the framework of knowledge around digital risk management that will allow them to operate at the nexus of threat management, cyber risk, and disaster warning. 

“These jobs are hard, but not because you need to know deep technical things,” said Ramsay. “You need to know enough to know the language. The hard part is making complex decisions when you have so many factors involved, like privacy, money, and people’s lives. The program delivers the necessary set of foundational information along with the knowledge of the appropriate authorities, tools, and practice.”