You're applying for PhD programs: what an exciting time! (And maybe somewhat overwhelming.) This page is to help you understand what you might get out of working with me.
But before getting into all of that, let's make one thing very clear:
Your goal should be to find the place and advisor that will make you the strongest, most independent researcher you can be. Rank, prestige, or status should have little to no bearing on your decision: you should go to the place that will empower you to do your best work, wherever that might be.
That may very well mean working with me at the University of Maryland, just a stone's throw from Washington, DC. Read on to find out what that might mean for you!
To learn and hear more of me, you might also consider checking out this Packet Pushers podcast in which they interviewed me about how I got into academia and not my original love: Tuba!
I am passionate about problems that affect and involve real people's security, privacy, and ability to communicate freely and openly. This spans many different areas (see some of my research highlights below).
To get a sense of the kind of work I do, it's useful to consider some of the tools of the trade my students and I use—and that you would gain experience applying (to the extent that they serve your research goals):
I'm going to let you in on a little secret...
I do not have a research agenda. My students are my agenda.
My students are not my employees; you do not work for me to further my brand or add another line to my CV, or push forward some vision I have. On the contrary: if you are my student, I work to develop you: to shape you as a researcher, to establish and further your brand, and to help you develop and realize your vision.
As a result, "my" work goes in the direction of my students' passions, not the other way around. That's why you might see me simultaneously work in network security, Internet measurement, usable security, systems security, and gamification and game theory all at the same time. They're all fascinating to me, but more importantly they're passion areas of my students.
We have developed Geneva, which stands for "Gen"etic "Eva"sion: a genetic algorithm that trains directly against nation-state censors to automatically learn how to evade censorship. Geneva has discovered hundreds of novel evasion strategies, including the first that run strictly "server-side," without requiring clients to install any extra software whatsoever.
The public key infrastructure (PKI) is what allows us to know with whom we are communicating online. As with many of my group's research efforts, we approach the PKI with two goals in mind: Measuring it and Improving it by applying our measurement findings to develop new, better systems. Our CRLite certificate revocation system has been integrated into Firefox!
Tor is a powerful anonymity network, but notoriously difficult to extend. We developed Bento, an architecture that lets users safely and anonymously deploy small programs to willing Tor relays: much like SDN and NFV in the "non-anonymous" Internet. This work involved developing new systems primitives that use trusted hardware so that the Bento programs can safely run even on untrusted relays.
Breakerspace is a lab I started that is designed around having groups of undergraduate researchers work on real, challenging, publishable problems.
Not enough undergraduates try research! The fact that you are considering pursuing a PhD means you were likely the exception; you probably got to do research with one of your professors. Think about how much of an impact that experience had on you and your decisions for your next career step. Sadly, there are many students who want such an experience but when faculty only advise zero, one, or two undergrads, that leaves few opportunities available.
By having students work in groups, not only can more of them try research, but they can also work on much more challenging problems than they could alone. In fact, my Breakerspace undergrads often tackle problems that my PhD students alone cannot!
With Breakerspace, advising undergrads isn't some laborious service: it is the foundation of our group's productivity! This is because UMD undergraduates have an incredible amount of cybersecurity experience. Breakerspace students run the UMD Cybersecurity Club, they created and teach an undergraduate course on ethical hacking, and they've included some of the best reverse engineers and hardware hackers I've ever met. In Breakerspace, they channel those skills towards doing research, and it has resulted in many publications.
Breakerspace is not just an opportunity for the undergraduate researchers; it is also an incredible opportunity for my PhD students to gain experience mentoring others in research. Many of the projects in the Breakerspace lab are led by my PhD students. I am there for every step of the way, but I largely let my PhD students lead, advising them on how to effectively mentor, manage projects, encourage collaboration, and so on.
Wherever you end up going to get your PhD, you owe it to yourself to try mentoring others' research! You may find that you love it, in which case you should absolutely consider pursuing an academic job after you get your PhD. On the other hand, you may find that you are not too keen on it; that's OK too! It is important to learn what you like and dislike, and to allow that to inform your future job decisions.
Vern Paxson says that there are three things that separate great research groups from mediocre ones:
It is my opinion that (part of) the goal of a PhD is to become excellent at these three skills. Critical to doing so is practice (at asking research questions, running experiments, writing, etc.) and developing connections with the broader community. All of the three are improved by engaging with and getting feedback from colleagues. I work with my students to give feedback and help connect them with a broader network of collaborators.
I am a strong advocate of maintaining a healthy work/life balance. Health and safety are always the topmost priorities. And besides, a balanced life outside the lab leads to greater productivity inside the lab!
UMD is wonderfully situated for a fulfilling time during your PhD. It is just a few miles outside of Washington, DC (where I live), and close to three airports which makes travel easy.
Many of my students and I are into running; let's set up a running meeting!
So what am I looking for in a PhD student? As a necessity, I am looking for people who are motivated to solve big, challenging problems—and willing to pick up whatever skills are needed to solve the problems at hand. If you want your research to have impact on real people and if you are willing to learn what it takes to make that happen, then I want to hear from you.
I do not have some requisite set of skills or background knowledge; I can train you in just about anything. But you might be starting with a bit of an advantage if you know things like software development, network protocols/programming, reverse engineering, fuzzing, pen testing, user-centric security, hardware hacking, OS development, cryptography, or the law. (As you can tell, my group's interests cover a lot of ground.)
If after all of this you are still interested in working with me, then please apply to UMD and get in touch with me! This is not a decision you should enter into lightly, so let's talk, get to know one another, and see if I might be a good fit for you.
If you do apply, please drop me a line to let me know that you did, and mention this webpage:
As if coming to UMD weren't amazing enough as it is, there is an even better opportunity for those interested in spending time in Europe, as well. MMP (Maryland/Max Planck) is a joint PhD program with Germany's Max Planck Institute. Students admitted to this program get advisors both at UMD and MPI, and spend their time in both countries. I cannot imagine a better opportunity to expand your network, see the world, and have a blast during what should be every right be some of the best years of your life. Please consider it!