Research Group Applicants

If you want to start a Ph.D. to solve open problems in security, I would love to talk to you! To get the ball rolling, here is some information about the group and what I look for in an applicant.

Our Research

Our group has broad interests in practical systems, network, and software security. We are always interested in working in new and exciting areas! That said, our current research and hiring priorities involve several specific areas:

• Binary analysis, including both classical program analysis as well as AI models for disassembly, code similarity, and vulnerability detection
• Software hardening across the development, compilation, deployment, and sustainment phases
• Interactive tools for reasoning about binary software for hardening and vulnerability research
• Formal methods for secure systems design and vulnerability mitigation

Who Should Apply

Ph.D. students. I am interested in hiring full-time Ph.D. students as research assistants. Research is a (more than) full-time job, and doing significant work also requires extensive training that simply isn’t compatible with a shorter-term degree program such as an M.S. So, you should first be convinced that a Ph.D. is for you!

Volumes can and have been written about why one should or shouldn’t do a Ph.D., far too much to do justice here. On the negative side, Ph.D.s pay poorly, and are not the best return on investment if the goal is to simply boost your salary. On the plus side, a Ph.D. will open doors that would otherwise be closed to you, qualifying you for research-oriented jobs in industry, government, and academia. It will give you the freedom to solve important, big picture problems instead of being completely market and product-driven. And, a Ph.D. will train you to be an independent researcher that is an expert in your field, someone who can recognize and crisply define a problem, formulate an algorithm or technique or methodology to solve that problem, and rigorously evaluate your solution. That sort of skill-set is valuable almost everywhere.

Practical skills. There are a number of practical skills that I look for in applicants. Much of the group’s research involves empirical evaluation of a proposed technique, or perhaps the collection of data for measurement or evaluation. Therefore, “programming maturity” in the sense of being able to independently write, deploy, and debug code is particularly valuable. This is especially true if those skills are applicable to problem domains relevant to your research interests (e.g., C or assembly for systems security, JavaScript for web security). Pointing to past projects hosted on GitHub or elsewhere is particularly helpful to support your application.

There are also techniques that the group often uses or builds upon in our work, for instance program analysis (on source and binary code) and machine learning. Expertise in either of these domains is also something considerede highly valuable in an application.

The Group

The Diverge Lab is part of the Cybersecurity and Privacy Institute and is located in the Interdisciplinary Science and Engineering Complex (ISEC) in Boston, MA. Current members are drawn from a diverse set of backgrounds from around the world.

The institute has around ten faculty members as well as many graduate students, postdocs, and research professors working on different aspects of security and privacy. Since we are located in Boston, there is also a large community of researchers in area to connect with. Boston is renowned for its academic density, hosting more than 100 universities and colleges in the metro area.

Next Steps

If you feel like there is potentially a good fit and are up for the challenge of completing a Ph.D., let’s set up a call to talk. Email me and include [applicant] in the subject line. Tell me a bit about yourself, your research interests, and anything else you think I should know, and we will go from there!