PLEASE MAKE SURE THAT YOU READ THIS CAREFULLY. First, thank you for considering working with me! I'm always honored when I hear from prospective students who are thinking about doing a PhD or MSc with me. But before you contact me, please read this carefully. I receive a lot of email from prospective students, and I've always tried to answer every message. I understand how hard it is to find the right advisor and the right school; a PhD is a serious commitment, and everyone deserves an answer. Unfortunately, I can no longer reply to everything. There just isn't enough time, and I owe most of it to the students I already have, and to making sure they succeed. If you want to increase your chances of hearing back from me, please follow the instructions below. A note on the obvious: I know you probably have an AI assistant open in another tab. That's fine. I use these tools too, and I expect students to. Why not make use of a tool if it works well and increases your productivity? But please understand what that means for this email. A polished, generic, AI-written "I am deeply passionate about your groundbreaking research" message is now the easiest thing in the world to produce, which is exactly why it tells me nothing. If your email reads like it could have been sent to fifty other professors with the name swapped out, you will either not get a reply, or will get a generic reply from me. I'm looking to discover your thinking, your judgment, and your taste. Use AI to fix your grammar if you like... But don't use it to replace your brain. I work in systems security. If your primary interest is data mining, theory, networking, or some other CS discipline, I'm not the right person for you. We use plenty of techniques from across CS including machine learning and, increasingly, large language models, but we use them to solve security problems, not to advance those fields for their own sake. I'm also not a crypto person. I appreciate crypto deeply, I'm just not smart enough to keep up with the smart people there ;) A word on AI and security, since this is where most emails now land: yes, I'm interested in the security problems that this new world creates: things like the security of LLM-based and agentic systems, prompt injection and data exfiltration, malware and attacks that use AI, the supply chain around models and their tooling, and how attackers and defenders both change when generation is cheap. But "I want to do something with AI" is not a research direction, any more than "I want to do something with computers" was twenty years ago. If you write to me about AI, tell me what security problem you actually want to attack. Intrusion detection in the general sense no longer excites me scientifically. Attacks have become far more specific and sophisticated, so if you want to do classical IDS research, you'll be happier with someone else. What we do is related, but we go after narrow, concrete problems where an effective solution is actually possible. If your email tells me you're interested in "IDS," you'll probably not hear back. If you want to do a PhD in systems security, you need a real systems background. C and C++ shouldn't scare you. You should be comfortable building web applications, fluent on Linux/UNIX, and you should genuinely like to build things. Here's the part that has changed: a coding assistant can now make almost anyone look productive. I sincerely don't care whether you used one. However, I care whether you actually understand what you shipped. Can you read it, break it, debug it, and explain why it behaves the way it does? Can you reason about a system you didn't fully write? Can you be sure it does what it is supposed to do? If your code only works as long as the model keeps guessing right, and you couldn't defend a single line of it, then research in this area will be painful for you. Building should be a natural part of your life, not something you outsource and hope (or blindly trust). Let me also be honest with you about something: the AI age is radically changing what it means to do research, to build systems, and to do a PhD in this area. Even those of us who have worked in systems security for a long time can't really tell you how things will evolve, or how the publication process in this space will change. A PhD takes about five years, and things could shift dramatically between the day you start and the day you (hopefully) finish. I won't pretend otherwise, and I'd be suspicious of anyone who does. So part of what we're looking for are students who find that uncertainty exciting rather than terrifying. That is, folks who want to help figure out what good research even looks like in this new world, not someone waiting for a settled field to hand them a safe topic and a "ticket" to highly-paid job because their BSc does not cut it anymore. When you write to me, tell me honestly why you want a PhD and why you think you're qualified. Research is hard, often frustrating work, and you need to be self-motivated to push through it. Explain that motivation in your own words. And here is my filter. Please read it carefully, because the old one I had no longer works. The "three favorite papers" question I used to ask is, frankly, something a chatbot answers instantly, so I've retired it. Instead, do both of the following: If we have no connection in common (a former colleague, time spent in one of our sister labs, etc.), use the subject line: "Prospective student: read your instructions". In the body, tell me about one specific thing you personally broke, built, or figured out. A bug or vulnerability you found, a system you wrote and then attacked, a paper whose result you think is wrong or overrated (and why), or a moment where you understood something the easy way and the hard way. One concrete story, in your own voice, with enough technical detail that I could ask you follow-up questions about it and you'd light up rather than freeze. Please don't tell me why my papers are great. I don't need to hear that ;) That's it. If you've read this far and you have a real story to tell, we look forward to your email. Best regards, E. Kirda