For Prospective Students

Updated ⋅ 873 words ⋅ 5 min read
Information for prospective students interested in working with me at NC State.

Excited that you are considering working with me and being part of North Caroline State University’s (NC State) Computer Science (CSC) research efforts.

Helpful Resources #

Some helpful resources for prospective PhD students in computer science and for navigating the PhD journey in general:

PhD Applications:

PhD Journey:

PhD Students at NC State #

If you are already a PhD student at NC State feel free to reach out to me with a brief email if you are interested in working with me on research.

Advising:
If you’re interested in getting to know me as a potential advisor, I welcome opportunities to work together through a short research internship (e.g., as part of CSC 801), an independent research study, or by taking one of my courses with research component. Feel free to reach out via email to discuss more concrete plans.
Co-Advising:
Professors at NC State’s Wolfpack Security and Privacy Research (WSPR) Lab frequently co-advise students interested in overlapping or adjacent research areas. Feel free to also check out the other affiliated faculty for potential co-advisors.

Prospective PhD Students #

If you are a prospective PhD student interested in applying to NC State, I generally encourage you to apply to the CSC PhD program.

Application deadline is usually Dec 15th (official page), Fall admission only.

Applications gain more visibility with me in decreasing order of:

  1. Listing me as a primary or secondary faculty of interest in the application
  2. Mentioning my name in the statement of purpose
  3. Selecting (Cyber) Security as one of the research areas of interest in the application

Note that because of PhD admission being a multi-step process with multiple stakeholders (Gradschool, Professors, Department, …), individual professors (including me) usually:

  • Cannot guarantee admission or funding to anyone (just recommendations)
  • Cannot evaluate applications before the official review process
  • Cannot provide individual feedback on rejected applications

Helpful Links on the department’s website for prospective PhD students:

Restrictions for International Students: If you are an international student, be aware that (cyber) security research involves topics that might fall under US control regulations or other legal constraints. These might include but are not limited to:

  • Countries with International Trade and Arms Regulations (ITAR) Restrictions (e.g., Cuba, Iran, North Korea, Russia)
  • Countries under certain US Sanctions (e.g., Cuba, Iran, North Korea, Syria)

For prospective students from such countries, it will be very difficult to impossible to obtain a visa, conduct research, or be employed in the cyber security area in the US.

Working with Me #

I am generally looking for motivated, talented, and curious PhD students to work with me in the area of computer security, specifically human-centered security (see my research interests below for more details).
Outside My Areas: My research does not include the physical goods supply chain, blockchain technologies, or foundational AI research. I am not the appropriate advisor for these areas and will likely not respond to inquiries related to them.

In terms of qualifications, I am looking for students who have:

  • Solid background in computer science, computer security, human computer interaction, or related areas
  • Some past touchpoint with computer security through classes, projects, or internships that show interest and some familiarity with the unique security landscape before committing to a multi year PhD.

In addition, I value:

  • Research experience (e.g., undergraduate research, Master’s thesis, publications in relevant venues)
  • Experience with user studies and human subjects research
  • Practical experience in software development and related ecosystems like open source communities, since much of my work includes developer-centered security

Research Interests #

My research focuses on computer security, specifically human-centered security, software supply chain security, and open source development, with recent work examining the security implications of AI-assisted software development and autonomous agents.

My recent publications are available on the publications page.

Interests:

Some of my main research interests include:

Human-Centered Security and Privacy. Investigating how developers, security professionals, and other stakeholders understand and respond to security concerns, especially in complex environments and systems [C19, C17, C16, C11, C9].

Software Supply Chain Security. Studying how software is packaged, built, and distributed, with focus on security-relevant issues such as reproducibility, dependency management, and vulnerability metadata [C20, J1, W3, C14, C13].

Open Source Security and Trust. Analyzing practices in distributed development environments, including contribution workflows, coordination mechanisms, and the handling of vulnerabilities or secrets [C18, C15, C12, C10].

AI, Agents, and Software Security. Investigating how AI agents reshape software development, software supply chains, and open source security practices. This includes adversarial and defensive uses of autonomous agents, AI models as supply chain components, and the security and coordination challenges introduced by large-scale automated participation in open source projects.

Methods:
I leverage both qualitative and quantitative methods, often in a mixed-methods approach. This includes interviews [C19, C17, C14, C13, C12, C10], large-scale analyses of software ecosystems and repositories [C20, C18, C16, C14], user experiments [C11, C8], and surveys [C14, C6] to identify behavioral patterns, systemic risks, and the practical constraints software experts encounter when engaging with security mechanisms.