In an effort to produce the next generation of chief security officers and IT systems defense experts, an online training company is offering a new master's degree program in security science.

EC-Council University, a New Mexico-based distance learning company, has launched the program to help qualified workers advance their training and move to the next level of the security profession.

Founded in 2006, the school is a spin-off of the International Council of Electronic Commerce Consultants, an online trainer that claims to have certified more than 40,000 IT professionals already, including 12,000-plus security specialists.

With the growing need for highly skilled security experts among businesses, EC-Council founders say there's a scarcity of people who have all the know-how necessary to make the leap to CTO-level work.

"Traditionally, a lot of white hat hackers have been people with computer science backgrounds who taught themselves about hacking, but we're trying to change the surface of the industry because we can't leave this field of study up to chance," said Jay Bavisi, president of EC-Council.

"In researching the issue, we found that people had widely different standards of knowledge and varying levels of skill when applying for these types of high-level IT security jobs," he said. "We think that we can set a standard by which people worldwide can say, 'This is what you need to know to be considered a true ethical hacker.'"

Through the program, Bavisi said, the school is giving a handful of candidates -- all of whom have amassed significant amounts of IT security training and real-world experience before qualifying for the degree -- the chance to boost their overall understanding of many different types of security issues while improving their future job prospects.

The school is officially licensed and is seeking accreditation by the New Mexico Department of Education, and it claims that the "ethical hacker master's" program attracted more than150 candidates for its initial class, only six of whom were accepted.

All of the applicants who were accepted -- and are currently undergoing training -- had at least one other master's degree or an "enormous" amount of real-world experience, he said.

The school has previously offered professional certification in security fields including computer forensics, ethical hacking, and penetration testing, but under the master's program -- which is expected to take anywhere from one to three years to complete and cost more than $21,000 in tuition -- students will be forced to immerse themselves in nearly every area of IT systems defense and policy enforcement.

Upon demonstrating that they have accrued a degree in computer science or commensurate real-world experience, students who qualify for the program are required to take courses in ethical hacking and countermeasures, computer forensics, and network intrusion detection.

Candidates must then complete six electives to qualify for the degree, along with a master's thesis, with the option to choose courses from a list that includes secure network management, security analysis and vulnerability assessment, cyberlaw, principles of e-business security, disaster recovery, project management, penetration testing, secure programming, and wireless networking.

"Most chief security officers in the industry today joined at the low end and came up through the ranks, but we felt there was a need for a specific training regimen that went far beyond what was out there for systems administration-level professionals," Bavisi said. "Today's CTOs need to understand a wider range of attacks than ever before and how to help their organizations respond in a forward-thinking way in an organizational environment that is increasingly strained in terms of budget and the acquisition of new technologies."

Bavisi said that it took roughly two years to put the program together and gain licensing from the appropriate educational bodies.

One of the six current students, Dock Marshall Clavon, who currently works as a project management infrastructure analyst at oil exploration industry giant Chevron Global Upstream, said that he is taking the program to position himself for a management job in IT security down the road.

Having already completed a master's in business administration with a focus on IT security, along with a master's degree in project management, he said that there should be significant opportunities in the near future for those who aggressively expand their skills.

"A lot of the senior people who do this type of work are from the baby boomer generation, and they're going to start retiring soon, which should lead to a hiring rush for those who are qualified over the next three to five years," Clavon said. "And a lot of people in IT security aren't interested in managing people, which actually might be the hardest part of this type of work."

While Clavon said that he isn't looking to swap jobs today, he believes that completing the course could get him "fast-tracked" by his current employer or by other firms looking for management-level security expertise.

"In this field, there will always be work for the locksmiths, and as technologies move further into the electronic world, there will be job security for the people who have the right sets of skills," he said. "The tests in this program are hard, and the classes are allowing me to go deeper into this area of concentration, not just in terms of technology, but in terms of what it will take to lead others in a business environment."

Correction:
In this article, EC-Council is referred to as being accredited; in fact, the school is presently licensed and is in the process of attaining accreditation. InfoWorld regrets the error, which has been corrected throughout the story.