Research Group Applicants

Information on joining our research group
Last updated

If you want to start a Ph.D. to solve real security problems and are thinking about applying to our group, we would love to talk to you! To get the ball rolling, here is some information on our group and what we are looking for in an applicant.

Our Research

Our group has broad interests in practical systems, network, and software security. And, we are always interested in working in new and exciting areas! But, our work tends to fall into one of the following general categories.

  • Software security (applications and operating systems)
  • Web and mobile security
  • Vulnerability discovery
  • Security measurement
  • Malware detection
  • User privacy

Hopefully there is some overlap with your personal research interests. There are, however, areas in which we aren’t interested in such as cryptography or differential privacy—not to say that they are bad topics of research, but one must draw a line somewhere. So, if your interests hew more towards these areas, you’d probably be better served inquiring with other groups.

Who Should Apply

Ph.D. students. We are interested in hiring full-time Ph.D.s as research assistants. Research is a (more than) full-time job, and doing significant work also requires extensive training that simply isn’t compatible with a shorter-term degree such as an M.S. So, you should first be convinced that a Ph.D. is for you!

Volumes can be written about why one should or shouldn’t do a Ph.D., far too much to do justice here. On the negative side, they pay poorly, and are not the best return on investment if the goal is to simply boost your salary. On the plus side, a Ph.D. will open doors that would otherwise be closed to you, qualifying you for research-oriented jobs in industry, government, and academia. It will give you the freedom to solve important, real-world problems instead of being completely product-driven. And, a Ph.D. will train you to be an independent researcher that is an expert in your field, someone who can recognize and crisply define a problem, formulate an algorithm or technique or methodology to solve that problem, and rigorously evaluate your solution. That sort of skill-set is valuable almost everywhere.

Practical skills. On our side, there are practical skills that we look for in applicants. Much of our research involves empirical evaluation of a proposed technique, or perhaps the collection of data for measurement or evaluation. Therefore, “programming maturity” in the sense of being able to independently write, deploy, and debug code is particularly valuable. This is especially true if those skills are applicable to problem domains relevant to your research interests (e.g., C or assembly for systems security, JavaScript for web security). Pointing to past projects hosted on GitHub or elsewhere is particularly helpful to support your application.

There are also techniques that we use or build upon in our work, for instance program analysis (on source and binary code) and machine learning. Expertise in either of these domains is also something we consider highly valuable in an application.

Our Group

Our research group is part of the Cybersecurity and Privacy Institute and is located in the Interdisciplinary Science and Engineering Complex (ISEC) in Boston, MA. Current members are drawn from a diverse set of backgrounds from around the world.

The institute has around ten members as well as many graduate students, postdocs, and research professors working on different aspects of security and privacy. Since we are located in Boston, there is also a larger community of researchers in the area to connect with. Boston is renowned for its academic density, hosting more than 100 universities and colleges in the metro area.

Next Steps

If you feel like there’s potentially a good fit and are up for the challenge of completing a Ph.D., let’s set up a call to talk. Email Prof. Kirda and myself and include [applicant] in the subject line. Tell us a bit about yourself, your research interests, and anything else you think we should know, and we’ll go from there!