Cyber Security (EPSRC Centre for Doctoral Training) | University of Oxford
Oxford skyline
The Oxford skyline in autumn
(Image Credit: Rob Judges / Oxford University Images)

Cyber Security (EPSRC Centre for Doctoral Training)

About the course

The CDT in Cyber Security is a four year interdisciplinary doctoral programme which looks at the topic from a range of angles including computer science, social science, business and international relations. The core research themes are cyber-physical security, real-time security, assurance and big-data security.

As the technologies of cyberspace come to inhabit all parts of everyday life, cyber security has become everyone’s problem. We face a growing collection of adversaries who are agile, opportunistic, and increasingly strategic, developing an ecosystem of suppliers involved in delivering elements of attack capability. They seek to defraud consumers, exploit their trust, or invade their privacy; to misappropriate corporate secrets and intellectual property; and/or to disrupt the operation of the state or critical infrastructure.

The CDT sets out to educate a new generation of research leaders as well as the highest tier of security professionals, who appreciate the real-world challenges which arise from security needs in existing and emerging contexts, equipped with both the expertise and adaptability to address those needs. You will need to become as agile in your thinking as the attackers are, and as resourceful in defence as their counterparts are in attack.

As a student in the CDT you will spend the first year in a group with the other CDT students in your cohort on an intensive programme of study designed to introduce the dimensions and nature of the challenge of cyber security from a range of academic perspectives.

These will include as a core, cyber security principles (systems and operations), usability, security risk management, system architectures and high-integrity systems engineering. There will also be a range of courses in research methods and tools. This understanding will be placed in the context of courses in business processes, policy and governance, international relations, and criminology. You will have access to leading thinkers and practitioners in cyber security.

Following this intensive education, you will spend the summer of the first year undertaking two mini projects in diverse areas, usually involving placement in a company or government organisation. You will normally choose these from a list proposed by supervisors and sponsors. One or both of these mini projects will typically form the basis for your long-term research project.

For this substantive project, you will be based in one of the departments contributing to the CDT, and undertake supervised research in the usual manner for a DPhil. The normal duration of this project will be three years, after which you will submit a thesis and be examined in the usual way.

During the three years of the individual research project, you will retain contact with the CDT, returning for skills training, an annual conference and other events.

The CDT programme also includes “Deep Dive Days” which are a supplement to the academic programme of classes, lectures, and seminars. They are an opportunity to interact with someone who practices cyber security daily: technologists, CISOs, security consultants, lawyers, government risk owners and more. Some of these are visits and field trips; others take the form of a master class in Oxford. Deep Dives allow the academic material to be illustrated, and challenged, by exposure to everyday practice. Sometimes, they can become the basis of ongoing project work too.

Graduate destinations

The CDT expects students to progress into diverse employment areas in line with the CDT's multidisciplinary approach. Future career destinations may include government or consultancy employment, furthering an academic career within the field or pursuing a cutting edge industrial research career. Graduates will leave the CDT with the skills necessary to succeed in their chosen career path.

Related courses

Multiple applications

In applying for this programme, you may submit further applications for up to two of the following associated programmes without paying an additional application fee.

You may only apply to one programme from Group B under this arrangement without paying further application fees.

Group A
Group B
Autonomous Intelligent Machines and Systems (EPSRC Centre for Doctoral Training)DPhil in Computer Science

For instructions, see Applying for more than one course in the Application Guide.

Changes to the course

The University will seek to deliver this course in accordance with the description set out in this course page. However, there may be situations in which it is desirable or necessary for the University to make changes in course provision, either before or after registration. For further information, please see our page on changes to courses.

Entry requirements for entry in 2018-19

Within equal opportunities principles and legislation, applications will be assessed in the light of an applicant’s ability to meet the following entry requirements:

1. Academic ability

Proven and potential academic excellence

Applicants are normally expected to be predicted or have achieved a first-class or strong upper second-class undergraduate degree with honours (or equivalent international qualifications), as a minimum, in computer science and related topics, social science and related topics, international relations, business, internet security, or public policy and related topics.

For applicants with a degree from the USA, the minimum GPA sought is 3.6 out of 4.0.

However, entrance is very competitive and most successful applicants have a first-class degree or the equivalent.

A master's degree is not essential but would be an advantage. Professional experience is not essential but is considered alongside academic ability. 

If you hold non-UK qualifications and wish to check how your qualifications match these requirements, you can contact the National Recognition Information Centre for the United Kingdom (UK NARIC).

No Graduate Record Examination (GRE) or GMAT scores are sought.

Other appropriate indicators will include:

Supporting documents

You will be required to supply supporting documents with your application, including references and an official transcript. See 'How to apply' for instructions on the documents you will need and how these will be assessed.

Performance at interview(s)

Interviews are normally held as part of the admissions process.  

Candidates are shortlisted on the basis of academic ability and usually based on a ratio of 2:1, interviews to offers. All shortlisted candidates will be invited to attend an interview either in person or via Skype (with video). 


Publications are not essential.

Other qualifications, evidence of excellence and relevant experience

You will also need to demonstrate:

  • a good awareness of and strong interest in cyber security
  • adequate skills in mathematics to cope with some of the technical material - typically this means you should have a good grade in A-level Mathematics, or something equivalent.

Research or working experience in areas related to cyber security may be an advantage. Evidence of training in cyber security or related topics may be an advantage. Professional experience is not essential but may also be an advantage.

2. English language requirement

Applicants whose first language is not English are usually required to provide evidence of proficiency in English at the higher level required by the University.

3. Availability of supervision, teaching, facilities and places

The following factors will govern whether candidates can be offered places:

  • The ability of the Department of Computer Science (and/or the Oxford Internet Institute, Said Business School, Oxford eResearch Centre and/or the Blavatnik School of Government, if appropriate) to provide the appropriate supervision, research opportunities, teaching and facilities for your chosen area of work. 
  • Minimum and maximum limits to the numbers of students who may be admitted to Oxford's research and taught programmes.

The provision of supervision, where required, is subject to the following points:

    • The allocation of graduate supervision is the responsibility of the Department of Computer Science (and/or the Oxford Internet Institute, Said Business School, Oxford eResearch Centre and/or the Blavatnik School of Government, if appropriate) and it is not always possible to accommodate the preferences of incoming graduate students to work with a particular member of staff. 
    • Under exceptional circumstances a supervisor may be found outside the Department of Computer Science (and/or the Oxford Internet Institute, Said Business School, Oxford eResearch Centre and/or the Blavatnik School of Government, if appropriate).

Where possible your academic supervisor will not change for the duration of your course. However, it may be necessary to assign a new academic supervisor during the course of study or before registration for reasons which might include sabbatical leave, maternity leave or change in employment.

4. Disability, health conditions and specific learning difficulties

Students are selected for admission without regard to gender, marital or civil partnership status, disability, race, nationality, ethnic origin, religion or belief, sexual orientation, age or social background.

Decisions on admission are based solely on the individual academic merits of each candidate and the application of the entry requirements appropriate to the course.

Further information on how these matters are supported during the admissions process is available in our guidance for applicants with disabilities.

5. Assessors

All recommendations to admit a student involve the judgment of at least two members of academic staff with relevant experience and expertise, and additionally must be approved by the Director of Graduate Studies or Admissions Committee (or equivalent departmental persons or bodies).

Admissions panels or committees will always include at least one member of academic staff who has undertaken appropriate training.

6. Other information

Whether you have yet secured funding is not taken into consideration in the decision to make an initial offer of a place, but please note that the initial offer of a place will not be confirmed until you have completed a Financial Declaration.


All first-year students will be provided with working space within the CDT. The Robert Hooke Building, where the CDT is based, provides 24-hour working and social space, including the CDT’s lecture facilities. This free access encourages CDT students of different cohorts to meet regularly and exchange ideas.

The student-led Cyber Security Café and first year CDT movie night also provides an opportunity for you to discuss your research with other CDT students and socialise outside lectures, including with the wider cyber security community.

The weekly Cyber Security Seminar Series attracts speakers from diverse backgrounds giving anyone interested in the topic an opportunity to listen and debate key cyber security topics with speakers ranging from industry leaders to cutting edge researchers.


There are over 1,100 full graduate scholarships available across the University, and these cover your course and college fees and provide a grant for living costs. If you apply by the relevant January deadline and fulfil the eligibility criteria you will be automatically considered. Over two thirds of Oxford scholarships require nothing more than the standard course application. Use the Fees, funding and scholarship search to find out which scholarships you are eligible for and if they require an additional application, full details of which are provided.

This programme has a dedicated stream of funding, and the majority of students on the programme are funded. Eligibility restrictions apply. Further details can be found on the CDT webpage.


Annual fees for entry in 2018-19

Fee status

Tuition fee

College fee

Total annual fees

(including Islands)

The fees shown above are the annual tuition and college fees for this course for entry in the stated academic year; for courses lasting longer than one year, please be aware that fees will usually increase annually. For details, please see our guidance on likely increases to fees and charges.

Tuition and college fees are payable each year for the duration of your fee liability (your fee liability is the length of time for which you are required to pay tuition and college fees).

Following the period of fee liability, you may also be required to pay a University continuation charge and a college continuation charge. The University and college continuation charges are shown on the Continuation charges page.

For more information about tuition fees, college fees and fee liability, please see the Fees section of this website. EU applicants should refer to our dedicated webpage for details of the implications of the UK’s plans to leave the European Union.

Additional information

There are no compulsory elements of this course that entail additional costs beyond fees (or, after fee liability ends, continuation charges) and living costs. However, please note that, depending on your choice of research topic and the research required to complete it, you may incur additional expenses, such as travel expenses, research expenses, and field trips. You will need to meet these additional costs, although you may be able to apply for small grants from your department and/or college to help you cover some of these expenses.

Living costs

In addition to your tuition and college fees, you will need to ensure that you have adequate funds to support your living costs for the duration of your course.

For the 2018-19 academic year, the range of likely living costs is between c. £1,015 and £1,555 for each month spent in Oxford. Full information, including a breakdown of likely living costs in Oxford for items such as food, accommodation and study costs, is available on our Living costs page.

How to apply

As students on the CDT in Cyber Security do not commence their research until year two, it is not necessary to contact potential supervisors before applying. 

However, you are encouraged to contact the CDT administration team initially in order to refine your application using the contact details provided on this page.

The set of documents you should send with your application to this course comprises the following:

Official transcript(s)

Your transcripts should give detailed information of the individual grades received in your university-level qualifications to date. You should only upload official documents issued by your institution and any transcript not in English should be accompanied by a certified translation.

More information about the transcript requirement is available in the Application Guide.


A CV/résumé is compulsory for all applications. Most applicants choose to submit a document of one to two pages highlighting their academic achievements and any relevant professional experience.

Statement of purpose/personal statement:
1,000 to 1,500 words

You should provide a statement, written in English, on your experience to date of cyber security and how you believe an interdisciplinary approach is beneficial in this context.

Your statement should focus on your interest and understanding of cyber security rather than personal achievements, interests and aspirations. A research proposal is not required.

This will be assessed for:

  • your reasons for applying
  • evidence of motivation for and understanding of the proposed area of study
  • the ability to present a reasoned case in English
  • commitment to the subject, beyond the requirements of the degree course
  • preliminary knowledge of research techniques
  • capacity for sustained and intense work
  • reasoning ability
  • ability to absorb new ideas, often presented abstractly, at a rapid pace.

References/letters of recommendation:
Three overall, all of which must be academic

Whilst you must register three referees, the department may start the assessment of your application if two of the three references are submitted by the course deadline and your application is otherwise complete. Please note that you may still be required to ensure your third referee supplies a reference for consideration.

All references are expected to be academic. If you believe there is good reason for you to include a professional reference, please contact the CDT Programme Administrator before you apply.

Your references will support intellectual ability, academic achievement, motivation, ability to work in a group.

Was this page useful?*