Applications open for CMU Ph.D. programs in cybersecurity and privacy

Here’s what prospective students need to know to choose where to apply

Michael Cunningham

Nov 13, 2024

Photo of CyLab student presenting a research poster

Carnegie Mellon University offers several Ph.D. programs that attract students interested in pursuing research careers in security and privacy. Although security and privacy Ph.D. students are distributed across a number of CMU colleges and departments, they all have opportunities to actively engage in research at the university-wide CyLab Security and Privacy Institute.

“CyLab faculty members work across all of CMU’s Ph.D. programs where students do security and privacy research,” said Lorrie Cranor, CyLab director. “In choosing a Ph.D. program, it's often best for a prospective student to look at which faculty members you'd be interested in working with, and apply to the programs where those faculty members are appointed.”

Beyond working with their advisors in their home department, CyLab PhD students join our vibrant community of security and privacy researchers and participate in CyLab seminars and events, student activities, and interactions with CyLab partners.

The Programs

While there are a variety of PhD programs in which CyLab students enroll, there are many similarities between the programs. Many of our faculty have interdisciplinary interests, hold multiple appointments, or advise students in more than one PhD program.

Carnegie Mellon’s College of Engineering offers two Ph.D. programs that feature CyLab faculty members as advisors and research collaborators: Electrical and Computer Engineering and Engineering and Public Policy.

  • CyLab students and faculty associated with the Electrical and Computer Engineering Ph.D. program often study the security of systems, e.g., web security or IoT security; network security; and software security. Many students also examine how to use AI to make systems more secure, as well as how to make AI more secure. Students enrolled in this program take mostly computer systems courses in the process of obtaining a Ph.D. degree.
  • Engineering and Public Policy Ph.D. students tend to be interested in both the technical issues surrounding security and privacy, and the policy decisions that incorporate this research with the goal of protecting and empowering consumers. CyLab students enrolled in this program take courses in technical engineering, quantitative and qualitative policy analysis, economics, and statistics.

    “For example, I’ve had Engineering and Public Policy students that have explored consumer privacy issues and the ability of users to make privacy choices and opt out of data collection, and they have simultaneously looked at what the privacy laws say about this, and how their research findings could potentially encourage policymakers to change laws to help people better protect their privacy,” said Cranor.

Carnegie Mellon’s School of Computer Science (SCS) offers three Ph.D. programs that feature CyLab faculty members as advisors and research collaborators: Computer ScienceSocietal Computing, and Software Engineering.

  • Offered through Carnegie Mellon’s Computer Science Department, the Computer Science Ph.D. program gives students an opportunity to cultivate a broad foundation and awareness of core concepts in computer science, while focusing on a narrower research area within computer science.
  • The Societal Computing Ph.D. program is offered through CMU’s Software and Societal Systems Department (S3D). Societal Computing students focus on issues involving the impact of computing on society, which includes issues related to privacy and security. There is also a joint program between the Societal Computing and Engineering and Public Policy Ph.D. programs, allowing students to pursue both
  • The Software Engineering Ph.D. program is also offered through S3D. Software Engineering trains students to solve problems associated with building large-scale and critical software systems.

CyLab Ph.D. students also pursue doctoral degrees in the following programs offered at Carnegie Mellon University:

Within all of these programs, Ph.D. students enjoy unique opportunities to conduct groundbreaking research alongside CyLab faculty members, share their research with CyLab industry and government partners, and present their work at the world’s foremost conferences that help shape the future of best practices in security and privacy.

The Faculty

Prospective Ph.D. students are encouraged to apply to the program or programs that feature CyLab faculty members with whom they would most like to work as doctoral students. Applicants also have the option of applying to more than one program. Admitted students will be invited to visit the programs in person to decide which program suits them best before enrolling.

To learn more about CyLab’s core and affiliated faculty members, their current research, and the departments in which they are appointed, applicants can consult CyLab’s searchable directory as a resource.

Several CyLab faculty members are currently recruiting Ph.D. students for specific projects and research areas. Some examples include:

  • Lujo Bauer, professor in the Electrical and Computer Engineering Department and S3D,  is interested in working with students on research at the intersection of machine learning and security, including the security of ML as it's applied for cyber defense, self-driving vehicles, and more. Learn more about Professor Bauer’s work in adversarial machine learning.
  • Riccardo Paccagnella, assistant professor in S3D and Electrical and Computer Engineering (by courtesy), is recruiting students in the area of system and hardware security.
  • Bryan Parno, Kavčić-Moura Professor of Electrical & Computer Engineering and Computer Science, is seeking P.h.D students who want to build provably correct and secure systems. Professor Parno’s work is of interest to students who enjoy building systems but want to reason more explicitly about their correctness/security, or to students who enjoy reasoning about programs but want to build more concrete systems. “Beyond specific topics, if you enjoy puzzles, you’ll likely fit right in,” said Parno.
  • Corina Pasareanu, principal systems scientist at CyLab, is preparing for a project on vulnerabilities and defenses for LLMs for coding tasks that will start early next year. Pasareanu and her research team, which features several CyLab faculty members, are looking into hiring new Ph.D. students for the project.
  • Norman Sadeh, professor in S3D, co-director of the Privacy Engineering Program, and co-founder of the Societal Computing Ph.D. Program, is recruiting students to conduct research on Cybersecurity Question Answering Assistants, the  Internet of Things (IoT) Privacy Infrastructure, User-Centric Privacy Threat Modeling and Mitigation, and AI Governance.
  • Sarah Scheffler, assistant professor in the Department of Engineering and Public Policy and S3D, is recruiting students who have a strong background or interest in cryptography and its intersection with societal, legal, and policy issues.
  • Elaine Shi, professor in the Computer Science Department and Electrical and Computer Engineering Department, and co-director of CMU’s Secure Blockchain Initiative, is recruiting grad students who work on cryptography and/or mechanism design.

How to Apply

Application deadlines for fall enrollment in all of our Ph.D. programs are in December. You can learn more about application details and apply to each program via the college or research center that administers the program. Below are the Ph.D. application deadlines and application links for each of the CyLab-affiliated Ph.D. programs at Carnegie Mellon University: