Cybersecurity@Berkeley FAQ

On this page we’ve assembled the questions students frequently ask us in class and in office hours. We are indebted to the students in FCRG and in particular to Arika Verma for assembling these materials.

I’m new to cybersecurity. What should I read and listen to?

Peter W. Singer and Allan Friedman’s Cybersecurity and Cyberwar: What Everyone Needs to Know, is a great place to start. Although already a bit dated, the National Academies’ report At the Nexus of Cybersecurity and Public Policy explains why cybersecurity is important, why it is a wicked problem, and the public policy issues in cybersecurity. … Continue Reading »

How can I find externships and internships?

In addition to the standard tools provided by your career services department, we recommend a direct-approach strategy. That is, if you find a cybersecurity company that deeply interests you, directly approach them and ask about opportunities. Many startups and smaller companies are too busy to run formal externship programs. They’ll be delighted to hear from … Continue Reading »

What is cybersecurity?

Everyone now has a stake in the healthy functioning of communications and control networks, in the devices and services dependent on these networks, and by implication, in all the complicated infrastructure required to keep networks, devices, and services operating. There is no simple answer to the question of what cybersecurity is. This is because both … Continue Reading »

What is Cybersecurity in Context and should I take it?

Cybersecurity in Context is a three-credit course housed in the School of Law and Information. As such, it is open to law and graduate students, and undergraduates by permission.  Based on a course in the I School’s online Masters of Information and Cybersecurity (MICS) program, Cybersecurity in Context is a podium lecture course (with discussion) … Continue Reading »

What Berkeley courses and labs are focused on cybersecurity?

Many faculty members at Berkeley teach privacy and cybersecurity related courses. Because there is no one single source for course information, you may have to do some digging to find the right match for you. We recommend that you focus on faculty members and investigate their webpages. Keep in mind that in addition to their … Continue Reading »

What websites should I check out?

There are so many. Here are just a few of our favorites that have a focus on policy: Lawfare, Just Security, Krebs on Security, CSO Online, and Schneier on Security.

What resources for improving my skills are available to me as a Berkeley student?

Luckily for you, dear Berkeley student, the campus has several fantastic resources for learning many of the skills we recommend that you develop.  LinkedIn Learning (formerly is available to the entire Berkeley community and it has good quality online, go-at-your-own-pace courses in the Bash command line, in cybersecurity management, the technical domains of cybersecurity … Continue Reading »

So you’re interested in studying or pursuing a career in cybersecurity and privacy?

That’s great. Berkeley has fantastic resources for your intellectual journey and career. This FAQ offers three pieces of high-level advice, and links to many resources and ideas.  First, keep in mind that “cybersecurity” is a relatively ill-defined and quickly changing field. This means that you’ll have to  think creatively in order to best develop your … Continue Reading »

How can I get involved with a public-private cybersecurity partnership?

If you work in a security role in the private sector, particularly if you work in one of the 17 areas designated as critical infrastructure, you can join one of the many public-private cybersecurity partnerships. These partnerships are a key place where knowledge transfer happens in cybersecurity. Many of these groups are coordinated by law … Continue Reading »

What is the FCRG and why should I take it?

The Future of Cybersecurity Reading Group (FCRG) is a discussion seminar that examines contemporary scholarship and policy entrepreneurship in cybersecurity. Hosted by the Law and Information Schools, FCRG is open to enrollment for all law, graduate, and undergraduate students. In our weekly discussions, students explore cybersecurity from different disciplinary perspectives, and with different depths of … Continue Reading »

Are there non-Berkeley skills tools available to me?

There are many options available for technical training. Here are a few suggestions. TryHackMe has excellent labs to build skills. Jetbrains offers free access to its coding and other teaching modules to those who have a university email account. The Federal Virtual Training Environment (FedVTE) provides free online cybersecurity training to U.S. government employees, Federal … Continue Reading »

Is there a place for me in the cybersecurity field?

We hear this question regularly and we are certain that many other students don’t even ask because they do not see cybersecurity as a field with a place for them. The answer is yes! There is a place for you. At the same time, a number of barriers can make the cybersecurity field unwelcoming to … Continue Reading »

How can I network in cybersecurity in the Bay Area?

WISP: Women in Security & Privacy has many Berkeley alumna and provides meaningful mentoring opportunities and interesting programming The Mozilla Foundation has a major commitment to privacy and security of its users, and sponsors a mailing list of privacy events. The Bay Area chapter of the Open Web Application Security Project (OWASP) organizes meetups. SF … Continue Reading »

What Bay Area events are relevant to cybersecurity?

San Francisco is home to one of the biggest industry conferences on cybersecurity: RSA. This is a massive event that is great for networking, and it has a student event known as College Day. We regularly receive free RSA passes for enrolled students, so check in with us about it. CLTC also maintains a RSA … Continue Reading »

What podcasts focus on cybersecurity?

Many podcasts cover cybersecurity. Some of our favorites are Darknet Diaries, Steptoe’s Cyberlaw podcast, Cyber from the Start by CSIS:, CSIS Cybersecurity and Technology, Beers with Talos, Rational Security, Privacy, Security & OSINT Show, and Berkeley Technology Law Journal (student podcast).

I want to develop a few/improve my technical skills. What should I focus on?

Work in privacy and cybersecurity can result in many different responsibilities–from leadership to compliance, to a focus on particular hardware or software. One cannot predict these responsibilities and so we recommend that you focus on basic skills that have utility in almost any environment. It’s important to know that colleges and universities don’t typically teach … Continue Reading »

What opportunities are there to learn about machine learning and cybersecurity?

Machine learning, sometimes called “AI,” is at the cutting edge of cybersecurity research. The fundamentals of machine learning are in statistics and knowledge of python is generally necessary to use machine learning. Thus, focus on Python and statistics first.  There are exciting research opportunities on campus exploring machine learning from several lenses. One is in … Continue Reading »

How should I make sense of all these security certifications?

Security and privacy certifications do have value, but one has to be smart about them. Certifications have two primary sources of value: first, they signal your interest and commitment to a field. That signal can move your resume into the right pile. Second, some certifications also signal expertise in specific skillsets, but these are variable … Continue Reading »

What research and grant funding is available?

As a member of the Berkeley community, you can access ProQuest Pivot, which we have found to be the most comprehensive, one-stop-shop for finding funding.  Closer to home, remember that the CLTC (Cal Cybersecurity Research Fellowship, Annual RFP), CTSP (CTSP Research Fellows) and UC Berkeley Big Ideas Contest are regular supporters of research here.

How can I become familiar with the academic literature in cybersecurity?

The academic literature in cybersecurity is vast because it can be found in so many disciplines, from law to computer science to international relations and economics. Here are some starting points: First, searching for “cybersecurity” might be too narrow. You may need to use terms such as “privacy.” For searching the legal field, the SSRN … Continue Reading »

What about jobs?

Careers in cybersecurity run the gamut from highly technical to highly policy oriented. Careers include work from policy, compliance, risk, middle management, product management, developer ops, to the programming of software and hardware. Our efforts have focused on incubating students who live at the intersection of policy and technology: policy people who understand the development … Continue Reading »

What scholarships are available?

There are many scholarships in the cybersecurity field. Here are some starting points: The Computing Research Association provides Scholarships for Women Studying Information Security (ISC)2 Women’s Scholarship  (ISC)2 Undergraduate Scholarship (ISC)2 Graduate Scholarship ESET Women in Cyber Technology Scholarship Department of Defense SMART Scholarship-for-Service Program For I School students, the Curtis Smith Scholarship

What are the ethics of cybersecurity?

Santa Clara University’s Markkula Center for Applied Ethics has done excellent work in explaining ethical frameworks and applying those frameworks to cybersecurity. We suggest that you start with a grounding in ethics itself. The Markkula Center’s Framework for Ethical Decision Making explains what ethics is, what it is not, and provides several methods one could … Continue Reading »

What campus groups are involved in cybersecurity?

Because security touches so many disciplines, you’ll find student and faculty groups in a range of departments active on cybersecurity. The best place to start is the Center for Long-Term Cybersecurity (CLTC). Established in 2015, CLTC is a research and collaboration hub in the School of Information. CLTC funds research, hosts speakers and conferences, and … Continue Reading »

How can I read what CISOs are reading? (And what are CISOs?)

“CISO” stands for “Chief Information Security Officer,” the executive in charge of protecting an organization’s information assets: in other words, the head cybersecurity person. CISOs often are also responsible for customer privacy, compliance with data protection regulations, and other related issues. The position has grown and evolved rapidly in the last 15 years or so; … Continue Reading »