As the amount of information, critical services, and interconnected computers and “things” in the cyberspace is steadily increasing, the number, sophistication, and impact of cyberattacks are becoming more and more significant. In the last decades, governmental and non-governmental organisations have become aware of this problem. However, the existing cybersecurity workforce has not been sufficient for satisfying the increasing demand for qualified cybersecurity professionals, and the shortfall will increase in the next years. Meanwhile, to address the increasing demand for cybersecurity professionals, academic institutions have been establishing cybersecurity programs, particularly, cybersecurity master programs. This paper aims at analysing which cybersecurity topics are covered by existing cybersecurity master programs of top universities and how these topics are distributed through courses. It starts by reviewing the evolution and maturation of the cybersecurity discipline, focusing on the ACM efforts, which include the early addition of the Information Assurance and Security Knowledge Areas to the computer science curricula and, more recently, the development of curricular recommendations to support the definition of post-secondary cybersecurity programs. These latest guidelines are used to analyse and review 21 cybersecurity master programs, focusing on the contents of their courses, structure, admission requirements, duration, requirements for completion, and evolution.