First, thank you for considering to work with me! I am always honored when I
receive requests from prospective students who are thinking about working with
me! However, before you contact me, you should read this:

I receive a lot of emails from prospective PhD candidates and MSc students who
tell me that they are very interested in working with me. To date, I have always
tried to answer every email that I receive. I understand how challenging it can
be to find the right advisor, and the right school. Doing a PhD is a serious
commitment. It really pains me because EVERYONE deserves an answer, but
unfortunately, I am no longer able to answer all emails from prospective
candidates that are sent to me. I just cannot keep up with the requests anymore
-- and I need the time to advise the students I already have, and to make sure
that they succeed.  If you want to increase the chance of an answer from me,
please follow the instructions I have defined here.

I work in systems security. If you are interested in data mining, theory,
networking, or any other computer discipline, I am not the right person for you.
I am not interested, or active in these areas. Although we do use all sorts of
different CS techniques (e.g., machine learning) in our work, we are interested
in solving security problems, and not interested in advancing the field in these
other areas. Also, note that I am not interested in crypto. Crypto is an area
that I appreciate, but I am not smart enough to understand the problems and
research issues there ;) I leave that to the smarter people ;)

Intrusion Detection in the general sense is not interesting for me any more
(scientifically). The attacks are more sophisticated and specific, so if you are
interested in general IDS research, you might want to work with someone else.
What we do is related to IDS, but we attack more specific problems to have more
effective solutions (e.g., botnet detection, spyware detection, etc). If you
send me an email and tell me that you are interested in working on IDS, you'll
likely not get a response from me.

If you want to do a Ph.D. in systems security, you need to have a good systems
background. Languages such as C, C++ should not be an issue for you. You should
be able to develop web applications, you should be a proficient user of Linux /
UNIX systems, and should be passionate about coding. Programming should not be a
challenge for you, it should be a normal part of your life. Of course, if you
don't enjoy coding, or if it is a big hurdle for you, then you are not a good
fit for us...

When you apply, it is important for you to say why you want to do a Ph.D. and
why you think you are qualified. Research is tough business, and you need to
explain why you want to do it. You need to be self-motivated to do research.
When you contact me, if I don't know anyone that you know (e.g., a former
colleague, you've spent time in one of our sister labs, etc.), as the subject
line, choose "Prospective student: Have read your instructions".  Also, in your
email, tell me which three academic papers are your favorite, and explain to me
in a paragraph why. These papers should not be my papers (i.e., I don't need to
hear why you think my papers are great :)).

Best regards,