For Prospective Students

Updated ⋅ 1305 words ⋅ 7 min read
Information for prospective students interested in working with me at NC State.

Excited that you are considering working with me and being part of NC State’s Computer Science (CSC) research efforts.

I collected information and helpful resources below for common inquiries of prospective students, current PhD students, Master students, and school students interested in research experience.

On this page #

This page contains information for:

NC State’s Pages #

You can also find more information on the following NC State pages:

Prospective PhD Students #

NC State’s CSC PhD program does not require you to have a specific advisor at the time of application, so I encourage you to apply generally. Application deadline is usually Dec 15th (official page), Fall admission only.

My recruitment status for PhD students for the next admission cycle is as follows:

Selective
Fall 2026

I am not broadly considering incoming PhD students for the Fall 2026 start. I may make exceptions for candidates with exceptionally strong fit with my ongoing work. General or unspecific inquiries will likely not receive a response.

Helpful Resources #

The following links will be helpful: NC State CSC PhD Program, Application Prerequisites, Application Procedure, Financial Aid and Cost, CSC FAQs, Admission Resources for International Students

Process #

NC State’s CSC PhD program application process has multiple steps and stakeholders:

The Grad School and Department evaluate applications first for completeness and minimum qualifications and reject incomplete or unqualified applications.

Professors in the department (including me) then review applications and provide stack ranked recommendations to the department, which makes final admission and funding decisions.

Note that because of this multi-step process, individual professors (including me) usually:

  • Cannot guarantee admission or funding to anyone (just recommendations)
  • Cannot evaluate applications before the official review process
  • Cannot provide individual feedback on rejected applications

Working with Me #

In students, I am generally looking for motivated, talented, and curious PhD students to work with me on human-centered security research in my areas of interest (see below).

In terms of qualifications, I am looking for students who have:

  • Solid background in computer science, computer security, human computer interaction, or related areas
  • Some past touchpoint with security through classes, projects, or internships that show interest and some familiarity with the computer security landscape before committing to a multi year PhD.

In addition, I value:

  • Research experience (e.g., undergraduate research, Master’s thesis, publications in relevant venues)
  • Experience with user studies and human subjects research
  • Practical experience in software development and related ecosystems like open source communities, since much of my work includes developer-centered security

Applications can gain more visibility with me by:

  • Listing my name as primary or secondary faculty of interest in your application, I review all applications that list me.
  • Listing my name in your statement of purpose with a brief explanation of why you are interested in working with me, I generally try to look at all applications that mention me.
  • Reaching out via email if you plan to attend the CSC PhD campus visit in Spring, I generally try to attend and meet prospective students.

Restrictions for International Students: Be aware that (cyber) security research involves topics that might fall under US control regulations or other legal constraints. These might include but are not limited to:

  • Countries with International Trade and Arms Regulations (ITAR) Restrictions (e.g., Cuba, Iran, North Korea, Russia)
  • Countries under certain US Sanctions (e.g., Cuba, Iran, North Korea, Syria)
  • Countries impacted by the upcoming SAFE Research Act (which might include China, Russia, and others)

For prospective students from such countries, it will be very difficult to impossible to obtain a visa, conduct research, or be employed in the cyber security area in the US.

Research Interests #

My research focuses on computer security, particularly human-centered security. I examine how security mechanisms intersect with the practices, constraints, and decision-making of software professionals and end users.

Interests:

My recent publications are available on the publications page. Some of my main research interests include:

Human-Centered Security and Privacy. Investigating how developers, security professionals, and other stakeholders understand and respond to security concerns, especially in complex environments and systems [C19, C17, C16, C11, C9].

Software Supply Chain Security. Studying how software is packaged, built, and distributed, with focus on security-relevant issues such as reproducibility, dependency management, and vulnerability metadata [C20, J1, W3, C14, C13].

Open Source Security and Trust. Analyzing practices in distributed development environments, including contribution workflows, coordination mechanisms, and the handling of vulnerabilities or secrets [C18, C15, C12, C10].

Methods:
I leverage both qualitative and quantitative methods, often in a mixed-methods approach. This includes interviews [C19, C17, C14, C13, C12, C10], large-scale analyses of software ecosystems and repositories [C20, C18, C16, C14], user experiments [C11, C8], and surveys [C14, C6] to identify behavioral patterns, systemic risks, and the practical constraints software experts encounter when engaging with security mechanisms.
Outcome:
My research supports software professionals in navigating security challenges when building, maintaining, and distributing modern software systems.
Outside My Areas: My research does not include the physical goods supply chain, blockchain technologies, or foundational AI research. I am not the appropriate advisor for these areas and will likely not respond to inquiries related to them.

PhD Students at NC State #

If you are already a PhD student at NC State feel free to reach out to me with a brief email if you are interested in working with me on research.

Advising:
If you’re interested in getting to know me as a potential advisor, I welcome opportunities to work together through a short research internship (e.g., as part of CSC 801), an independent research study, or by taking one of my courses with research component. Feel free to reach out via email to discuss more concrete plans.
Co-Advising:
Professors at NC State’s Wolfpack Security and Privacy Research (WSPR) Lab frequently co-advise students interested in overlapping or adjacent research areas. Feel free to check out the other affiliated faculty for potential co-advising.

Master Students at NC State #

If you are a CSC Master student at NC State and are interested in doing research with me, I recommend you take one of my courses (or CSC 574 with one of my colleagues, and reach out about doing theresearch option with me).

Please note the following:

  • I do not offer GRA funding to MS students unless we have previously worked together, I prefer to work towards a thesis.
  • I do not have dedicated TA funding. TA positions in my courses are assigned by the department.
  • I am not the contact point for course graders; grader applications should go through the official process: CSC Student Graders

School Students #

If you are a school student interested in gaining (computer science) research experience, I recommend checking out the following NC State programs:

High School:

Online Research Academy (High School), a 4-week virtual program for high schoolers during Summer or Winter to learn research methods and work on projects with direct faculty mentoring (usually including computer science projects).

Residential Summer Program for high schoolers with a wide variety of workshops including computer science.

Engineering Summer Programs including Day camps for high schoolers in various engineering fields including computer security and cybersecurity.

Other Pre-college Programs at NC State.

Middle School:

SECURE IT Academy, a one-week, non-residential summer program for middle schoolers, teaching cybersecurity, Linux, networking, and adversarial thinking through design-based learning. Includes follow-up workshops during the academic year.

Engineering Summer Programs including Day camps for middle schoolers.

Other Full-time Positions #

  • I cannot employ individuals who are not currently enrolled students at NC State.
  • Full-time roles are posted publicly in accordance with state law and must be applied for through the university’s Jobs webpage.
  • If you are not currently enrolled at NC State, you could pursue research collaborations by applying to the PhD program or a postdoctoral position.