A Letter to Prospective Students

This letter contains only a fraction of my personal thoughts and is not intended to serve as instruction or to contain any form of discrimination.

Dear Prospective Student,

Thank you for being interested in me and my work.

I’m excited to share my passion for security research with you. This captivating field has consumed years of my life, and I am committed to dedicating many more.

Security research intrigues me for several reasons.

  • Ease of entry: Security research has the most readable papers. The community prefers to explain innovative ideas in plain language, sprinkled with practical examples, and appreciates real-world impacts. With this, one does not require much prior knowledge to begin reading papers from top conferences to understand the emerging trends.

  • Interdisciplinary: Security intersects with all other domains within computer science and computer engineering. It provides an ideal environment for conducting interdisciplinary research by blending expertise from various fields.

  • Human-oriented: Unlike pure system research, security involves the dynamics of attackers, defenders, and the concept of trust. This brings up sociological, psychological, and even philosophical quandaries and connects us to the intriguing world of hackers and white hats.

  • Growing community: The field has witnessed rapid growth in recent years, attracting substantial funding and promising potentials. I am eager to see emerging technologies that could change the world.

Nonetheless, certain challenges await anyone venturing into security research. While computer security is considered a sub-field of systems, a project usually begins by hacking into an existing system - a code base as large as 10K to 10M lines - and developing tools ranging from 2K to 20K SLOCs for different purposes. You will encounter countless bugs that have not been discussed on Github or Stackoverflow, and you might need to test and compare several potential solutions before choosing the most suitable one. If you struggle with promptly grounding things, it can become discouraging since a project set for one year may extend to three or more, causing significant peer pressure and a loss of motivation during the process.

At the same time, I can provide more hands-on help on some other challenges, compared to more established faculties. This includes developing ideas, proposing potential solutions to technical issues, and ultimately transforming a project into a publication. If you believe you require such assistance, then I might be the right choice for you.

Embarking on this journey will undoubtedly be challenging, but it will equip you with the necessary tools to establish your career path.

RIT is considered a central research institution in Cybersecurity, ranking 19th by U.S. News and 43th by CSRankings in 🇺🇸. The recently established ESL Global Cybersecurity Institute is home to a top-tier Cyber Range. A plethora of offense and defense contests, as well as security assessments delegated by different companies, take place here. This offers the perfect learning environment for mastering security attack and defense! The school boasts a CTF team that has triumphed in the US championship 🏆.

The PhD program admits 30-35 new students annually and receives $10-15M in new research grants each year. Of the 120 PhD graduates since 2009, about half have gone on faculty path (like Joanna Cecilia Da Silva Santos, Anthony Peruma, and Saad Hassan), while the rest have secured positions in major tech companies such as Google, Amazon, and Salesforce.

Thank you for reading through to the end. If you are still interested, please fill out this form, and I’ll get back to you via email if there is a good match.

Yinxi