Master in
Cybersecurity with PwC España

Master in Cybersecurity with PwC España

This programme is designed to develop the skills and competencies required for the field of cybersecurity

Today, it is difficult not to be aware of the importance that has been placed on the risks linked to technology in our society. Companies, governments, public administrations and citizens in general are trying not to be next on a long list of incidents that is not only lengthening exponentially, but also continues to surprise us with new attacks that become more damaging with each occurrence. However, the future is even gloomier, as in addition to the growing business of criminal organisations and hacktivist struggles, new participants in the form of governments and terrorist groups have exploded onto the international scene with almost unlimited resources.


In this complex geopolitical scenario in which organisations operate, and where they increasingly depend more heavily on technology to survive in the midst of this digital transformation, it is necessary to establish rigorous protection measures to confront increasingly sophisticated threats. However, having already surrendered the defence of the perimeter in an interconnected world, the only viable step for survival is to focus on the development of capabilities for the anticipation, protection, response and recovery of the most essential assets through an effective governance framework that is increasingly conditioned by growing regulation.


The Master’s Degree in Cybersecurity developed together by OBS Business School and PwC España focuses on the development of the required knowledge and capabilities for the professional execution of cybersecurity management, through a focus that mixes business and academia while providing a comprehensive and pragmatic vision. The programme pays particular attention to the development of content from the initial strategy to the implementation, covering initiatives that comprise cybersecurity throughout its life cycle, and providing a management framework that enables integration with any other initiatives an organisation may have. Throughout the whole programme, the pulse is kept constant and regulatory innovations and relevant news are constantly evaluated, along with their effects on businesses and society. The programme is complemented with a series of practical workshops and a Final Project. Both elements allow the students to get familiar with the daily threats that every organisation is exposed to acquiring the most practical and functional dimensions. 


The Master’s Degree in Cybersecurity is constantly improving—through the contributions of its participants, the faculty and the trends of the sector—and always includes the most current and relevant topics that provide maximum added value to the training process.


Objectives and Benefits

The Master’s Degree in Cybersecurity is designed to fulfil the following objectives:

  • Deepening knowledge of the principal elements of identification, protection, detection, response and recovery when faced with a cybersecurity threat and aligning the resources provided by information technologies with business or institutional objectives.
  • With a comprehensive vision, directing the management of processes related to information security in business and administrative environments, understanding how to identify the keys to success for specific projects and contributing to the business strategy from an Information Security Management position.
  • Understanding how to optimise operational management flows through the consideration, selection and implementation of computer-based processes and the gathering of information that can provide awareness of cybersecurity performance.
  • Understanding how to protect sensitive data from threats that are created by our adversaries.
  • Acquiring an understanding of the principal tools, methodologies and services that are most appropriate for the management of information security projects.
  • Appreciating and acquiring a holistic vision of the trends in the information security sector, along with their practical applicability in business processes and commercial activities.


Professional prospects

According to sector analysts, qualified professionals are in high demand by companies for positions associated with cybersecurity and information security within their information technology (IT) departments.

This Master’s Degree in Cybersecurity from OBS Business School is focused on empowering professionals and managers to promote processes of innovation, competitiveness, productivity and ongoing improvement, which may lead to securing roles such as:

  • CISO – Chief Information Security Officer
  • LISO – Local Information Security Officer
  • DPO – Data Protection Officer
  • Director of Information Security
  • Director of Corporate Security
  • Director of Cybersecurity
  • Information systems auditor
  • Cybersecurity auditor
  • Specialist information security consultant
  • Director of the Project Management Office (PMO)
  • Information security consultant/advisor  
  • Head of risk management and regulatory compliance within the technology department
  • IT security architect
  • Information security analyst

Syllabus of the Master’s Degree in Cybersecurity

The syllabus of the Master’s Degree in Cybersecurity is divided into ten modules that correspond to the ten subjects of the degree. In addition to this there are two Training Workshops and a Final Project that is developed during the second half of the academic year.


Prior to the start of the academic year, there is an introductory module that covers the operation of the platform and establishes the foundations of the online learning model.

The modules are grouped in four thematic blocks around which the programme is structured, they are as follows:

  • Block 1 – Introduction to cybersecurity, where the framework for cybersecurity action in organisations is positioned and developed, along with its positioning with regard to strategy and governance.
  • Block 2 – Implementation of cybersecurity models, where the key initiatives that comprise the core of cybersecurity activities will be addressed, both from a governance and a more operational perspective.
  • Block 3 – Management and regulation framework, where the principal models and frameworks of cybersecurity and their application are reviewed. The impact of the increasing regulation of this matter and the models for responding to growing crime will also be assessed.
  • Block 4 – Cybersecurity today and future trends, where both the evolution of real-time systems and the complexity of defending them is the focus, including new technologies that explode onto the market to which we must be attentive from the start.


Additionally, two practical workshops will take place where practical cyberattack scenarios will be simulated and the consequences arising from the response of each student will be evaluated.

Lastly, the programme will conclude with a Final Project which will reflect the content that has been covered, with the opportunity to conduct the work in a business environment.


BLOCK I. Introduction to cybersecurity

1. Introduction to cybersecurity, A comprehensive view

  • Digital transformation. The cybersecurity risks that digital transformation has created in an environment in which technology has infiltrated all business and societal processes.
  • Threat. Place the threat at the centre of the risk management strategy.
  • Adversaries. The identification of major adversaries is critical to the understanding of their motivations and modes of conduct, and subsequently facilitates the prediction of their main lines of attack.
  • IT vs. cybersecurity. New cybersecurity risks have created a need for expert understanding of this area and an evolution of capacities to address this new scenario.

2. Strategy, standards and indicators

  • Strategy definition. Positioning cybersecurity within organisations. Actions and initiatives that comprise a cybersecurity programme.
  • Valuable indicators for business. Placing value on the investment and measuring its progress as well as the associated risk reduction.
  • Reporting and monitoring cybersecurity. The necessity of monitoring the evolution of every initiative within the programme.
  • Organisational structure. Understanding the different organisational models that can be applied in real business environments, along with their dependencies and major advantages and incompatibilities.


BLOCK II. Implementation of cybersecurity models

3. Fundamentals of cybersecurity. Cybersecurity at its most operational level

  • Device patching. Activities and actions to keep devices updated and protected from known security flaws.
  • Hardening devices. Establish a baseline for device protection to maintain a homogeneous level of security that is aligned with the organisation’s appetite for risk.
  • Management of vulnerabilities. The identification of vulnerabilities is the first step to solving them. In this section we look at the life cycle of vulnerabilities and how they are dealt with.
  • Security operations centre (SOC). Establishing the principal operational security processes based on protection, detection and incident response.

4. Advanced protection mechanisms

  • Security architectures. The design of secure architectures from their inception, incorporating security from the initial phases (Security by Design).
  • Management of identities. Management of the permissions, access and authorisations of users and their levels of access.
  • Advanced mechanisms of channel and data encryption.
  • Security in the systems development life cycle (SDLC). Integration of information security in the varied development models of organisations.

5. Security and data protection strategies

  • Classification of data. Definition of data classification categories according to their nature, users and life cycle.
  • Data protection regulations. Regulations that apply to the protection of data (LOPD, GDPR, PCI-DSS, etc.) and determine their treatment.
  • Data protection mechanisms. Establish protection mechanisms according to the classification levels of the data.
  • Prevention of information leaks. Establish controls for data to avoid data leaks. Blocking controls, notifications, alerts, etc.
  • Management of information rights. Protection of confidential or particularly sensitive information.

6. Business processes and resilience

  • Definition of critical business processes. Recovery times and minimum recovery points for data related to critical processes.
  • Business continuity/IT contingency. Recovery strategies in accordance with the needs of the business.
  • Resilience. Global environments with 24/7 services which do not permit dips or recovery time for said services. Continuity of service in a downgraded mode.
  • Crisis management. Activities and duties in the event of a crisis. Simulations, crisis committees and continuous training.


BLOCK III. Management and regulation framework

7. The entire cybersecurity cycle. NIST and the maturity of its application within organisations

  • Identification. Understanding the organisation to facilitate the management of cybersecurity risks affecting systems, assets, data and capacities.
  • Protection. Implementing any appropriate safeguards to ensure the provision of critical infrastructure services.   
  • Detection. Implementing appropriate measures to identify the occurrence of a cybersecurity event.
  • Response. Establishing the corresponding actions when faced with the materialisation of an unwanted event.
  • Recovery. Implementing the corresponding measures to restore normality and restore the capacities or services that were affected by the incident.

8. e-Crime and Regulation

  • Forensic analysis. Obtaining evidence for the analysis of events that occur within information systems. Correlation of events and preparation for obtaining evidence.
  • e-Crime. Overview of economically motivated computer attacks. Review of related attacks (ransomware, Wannacry, Petya, email to the CEO, phishing, etc.).
  • Cybersecurity regulations. Governments and organisations get updated on cybersecurity (NIS, LPIC, BCE regulations, patriot act, etc.).


BLOCK IV. Cybersecurity today, future trends

9. The industrial world and activities in real time

  • Supervision, Control and Data Acquisition (SCADA). Security as an overlooked factor in the industrial environment.
  • Industrial architectures. Environments in which the availability and integrity of systems are prioritised over confidentiality. Isolated environments with specific characteristics.
  • Securing industrial environments. Necessary actions for securing industrial environments.

10. News and trends

  • Process of securing Cloud services. Actions to consider.
  • Internet of Things (IoT). Technology moves faster than its own security.
  • Consumption technologies. Analysis of static and dynamic information in mobile devices. Information in the palm of your hand.
  • Blockchain. The future of services through an internet based on cryptography.


Practical Workshops:

  • Simulation of a crisis based on a cybersecurity incident through gamification. Working on a fictitious cybersecurity incident within an organisation. A number of possible actions to be taken, along with their consequences, will be assessed by means of a game.
  • Practical work on cyberattacks. Working on case studies aimed at identifying and exploiting vulnerabilities. Advanced attack (Red Team) and defence (Blue Team) exercises.


Cybersecurity Project (Final Project): Real/simulated case of a cybersecurity project


Additional activities

Talks, seminars and workshops

The Master’s Degree in Cybersecurity is complemented by talks, seminars and workshops that will be delivered as part of each module. These seminars will be delivered by recognised professionals from the sector who, through videoconferencing, will share their experiences and case studies with the students. To illustrate, some of the talks that will be delivered in each block may include:

  • Identity management
  • Organisational structures
  • Blockchain

Highlights from the seminars of this programme include, for example, those in which we are joined by CISOs from multinational companies, primarily from the retail, banking and insurance sectors. These directors will deliver talks in each block of the programme and the students will have the opportunity to debate and discuss the topics with them.


Simulations and case studies

The content of the programme has a heavy theoretical basis to give students the opportunity to strengthen their skills. However, we are aware that cybersecurity is an ever-evolving field in which agents make decisions in an environment where they encounter competitors, regulators and people with different profiles. Therefore, the practical element of this programme is crucial and completes the practical training side, which changes year to year. This is why, throughout the course, there will be discussions on current affairs and topics of interest included in every subject, decision-making simulations applied to real situations, and reviews of case studies from which to analyse—from an academic standpoint—the problems they pose, the solutions put forward and the criteria considered before implementing solutions.

Requirements for the Master’s Degree in Cybersecurity

OBS Business School’s Master’s Degree in Cybersecurity is aimed at professionals who wish to secure an executive role in cybersecurity, information security, information systems auditing or strategic consulting positions—including technological risks, cybersecurity and security solutions for businesses.

The programme modules are designed for those who wish to accelerate the development of their professional career while acquiring an understanding of the risks related to information technologies and the appropriate protection measures that are required to minimise or mitigate said risks, using the resources available to companies or organisations.

  • Profiles from different sectors who are taking on, or intend to take on, cybersecurity management responsibilities.
  • Managers and project leaders who wish to broaden their managerial skills to enable them to tackle projects related to cybersecurity.
  • Individuals with experience or vocation in the cybersecurity field who wish to further their academic training.
  • Consultants and experts from the cybersecurity sector who wish to train or update themselves and complete their profile, thereby ensuring their competitiveness in the marketplace.


The main purpose of our admissions process is to ensure the suitability of candidates. All participants should make the most of this learning experience through a context that enables them to build long-term relationships with classmates, lecturers and former students. 


The stages of the admission process are:

1. Prior requirements for admission
2. Admission request
3. Personal interview
4. Motivation letter
5. Assessment by the Admissions Committee
6. Enrolment

Faculty of the Master’s Degree in Cybersecurity

At OBS Business School, our faculty provides a learning experience that combines real business knowledge with academic rigour. All the lecturers from the Master’s Degree in Cybersecurity are active professionals working in leading companies and institutions. Both the proven programme-design experience of our directors and the personalised guidance of our lecturers throughout the year are a guarantee that this qualification provides the practical value that today’s companies demand.

Partner and Head of Cybersecurity at PwC.


Andrés de Benito

Senior Manager of Cybersecurity at PwC.

Juan Cobo

Global CISO at Ferrovial

Juan Carlos Díaz

Cybersecurity Director and Head of Innovation within Business Security Solutions at PwC

Jorge García Acosta

  • Manager Forensic Technology & eDiscovery Services en PwC España.

Juan Francisco Losa

Global Head of Security Architecture at BBVA

Pablo Navas

Digital Security Officer for the Mediterranean and Latin American Region at AXA

César Tascón

Cybersecurity Director and Head of the Energy Department within Business Security Solutions at PwC

Elena Barrantes

  • IT Infrastructure Services Management at SEAT.

Jesús Romero

  • Associated Parter of Business Security Solutions en PwC.

Gonzalo Vigo

  • Dedication60 ECTS
  • InitiationMay 2019
  • Term10 months
  • Price6.500 €
  • MethodologyOnline
  • LanguageSpanish