The ASU SEFCOM/CDF Security Research Apprenticeship Program!

Are you interested in cybersecurity research? Do you want to visit the hottest up-and-coming security lab around, work on cool projects, and CTF on the side? You have come to the right place. The ASU research lab Security Engineering for Future Computing (SEFCOM) is looking for hackers to come and do research apprenticeships with us. This page has some frequently asked questions about the process.

• What is an apprenticeship?
• Why should I do an apprenticeship?
• Who will I be supervised by?
• How long is the apprenticeship?
• Where does the apprenticeship take place?
• Will I be paid?
• Where will I live?
• What will I work on?
• What is the end-goal of the apprenticeship?
• How will my progress be measured?
• Can I open source my work?
• What about CTF?
• What about life?
• So what is expected of me, really?
• Sounds great! How do I apply?

What is an apprenticeship?

The apprenticeship is a full-time research position to a) get exposure to academic research in cybersecurity, b) help advance the state-of-the-art, and c) have an amazing time!

The apprenticeship is a full-time, local position. Unfortunately, we cannot support remote work (and it doesn't work for this type of position anyways). Because it is full time, it is intended for people who are either not students or who can take full time from their studies to pursue research.

Why should I do an apprenticeship?

A research apprenticeship serves several purposes:

1. The apprenticeship exposes you to the environment of a world-class cybersecurity research lab and conveys what it means to conduct impactful research.
2. Because you will be carrying out cutting-edge academic research, the apprenticeship can act as a "preview" of a PhD program for those that are curious about graduate school, but not yet ready to commit.
3. The apprenticeship exposes you to prominent researchers in the field, giving you valuable interpersonal connections for future pursuits within and outside of academia.
4. Because your work will be on the cutting edge, you will be exposed to emerging concepts and technologies (for example, binary analysis and angr at a more fundamental level than just by cloning them on github).
5. For students in programs that encourage some amount of research (for example, a Master's thesis) to be done as a visiting scholar in an external institution, the apprenticeship provides a place to do that under the supervision of experienced advisors.

Who will I be supervised by?

Apprenticeships are carried out under the guidance of Yan Shoshitaishvili (known in the CTF scene as Zardus), Adam Doupé (known in the CTF scene as adamd), Ruoyu (Fish) Wang (known in the CTF scene as fish), and Tiffany Bao. Yan, Adam, Fish, and Tiffany are prominent researchers (with dozens of top-tier cybersecurity publications between them) and avid CTF players (having played and hosted CTFs with Shellphish, the pwndevils, and the Order of the Overflow). They are always pushing into new avenues of research, and Yan, Adam, and Tiffany are also currently organizing DEF CON CTF.

How long is the apprenticeship?

The length of the apprenticeship is very flexible. Our experience is that 6 months is the optimal length, but apprenticeships have lasted everywhere from 3 months through 1 year, although other durations (shorter or longer) are possible with good reason. This is largely up to you. Obviously, the longer you are here, the more ambitious and awesome projects you can undertake.

Where does the apprenticeship take place?

The apprenticeship takes place on-site in the SEFCOM lab at Arizona State University in sunny Tempe, AZ. The address of our building is Brickyard Engineering, 699 S Mill Ave, Tempe, AZ 85281. This is an on-site apprenticeship only—we don't really have a way to carry out apprenticeships remotely.

Will I be paid?

Yes, this is a paid apprenticeship! To properly set expectations: academia has less money to leverage than industry. Though it varies slightly by funding availability, an intern is usually supported at a rate around $1,800 per month. To put that into perspective in terms of Arizona's cost of living, ASU's furnished guest housing starts at $750.

Where will I live?

You will be responsible for finding your own place to live! There are several useful routes to doing so:

• Depending on availability, ASU provides guest housing at prices ranging from $750–$1350 per month, depending on the specific amenities that you desire.
• You can often find short-term room rentals using Craigslist.
• You can find entire apartments on PadMapper.
• Students in the lab and hackers in our CTF team sometimes have spare rooms available as well. Once you are accepted into the apprenticeship program, we can add you to the relevant slack workspaces and mailing lists to get in touch with them.

If you don't have housing figured out before you arrive, don't panic! Airbnb and the numerous hotels in the area provide temporary lodging opportunity.

Public transportation is fairly well-developed in Tempe. You have several options:

• Tempe runs a series of frequent free shuttles between ASU and surrounding areas. This vastly expands the range of areas where it is reasonable to live without a car.
• Tempe and the surrounding areas operate a light rail system that reaches across much of the Greater Phoenix Area. From ASU, it takes about an hour to go all the way northwest on the rail and about 30 minutes to go all the way east. The rail is not free.

What will I work on?

You will have a lot of freedom (and also much guidance) in terms of what to work on. Some possibilities are:

1. Senior PhD students in the lab often have brilliant project ideas that they simply do not have the bandwidth to pursue. Upon your arrival, students will pitch such projects (vetted by the professors) to you.
2. The professors always have project ideas that they simply do not have the bandwidth to pursue. They will also pitch these ideas to you.
3. You might (though this is rare and by no means required) arrive with ideas of what you want to work on. If this is the case, the professors will work with you to vet that the project has enough depth for an apprenticeship.

After the professors and students discuss possible projects with you, you should carefully deliberate on which ones interest you the most. This should not be done fast—taking several weeks to choose a project is perfectly okay. Take your time, clarify any uncertainties, and then dive in with confidence!

You will almost always be paired with a PhD student who will act as a research mentor (in addition to the SEFCOM professors). This will usually be the student whose brilliant idea you choose to turn into a reality. If you choose an idea pitched by a professor, or come up with your own, and feel that you work better with just the professors, that's fine as well (of course, keep in mind that our time is limited).

What is the end-goal of the apprenticeship?

Usually, your project will end up being a self-contained project that results in an academic publication. Writing academic papers is an awesome experience, and your student mentor and the professors will help you through the process. This does not absolutely have to be the case. If you are very passionate about doing a project focused fully on implementation (i.e., developing some awesome CTF tool as opposed to an awesome new program analysis approach), and have no external requirements to produce a paper (such as a Master's thesis), this is fine as well.

It is important to note that, in the end, this apprenticeship is more for you than it is for us. A good outcome (and we will strive to help you get there) is awesome for everyone. A bad outcome (and these, unfortunately, do happen) is not the end of the world. Bad outcome here means that no progress is made and nothing is produced. This is not to make the apprenticeship seem insignificant, but to relieve the pressure: our lives do not hang on your performance—don't panic! Of course, if you're looking for a letter of recommendation from us, shoot for the good outcome.

How will my progress be measured?

We have weekly meetings of the whole lab where everyone presents their progress, along with on-demand as-needed one-on-one sessions. You should be present at these meetings (or let us know of your absence in advance) even when you have not made progress. Research sometimes progresses in bursts, and you sometimes need to sit back and think on things for a while. This is fine, and we are absolutely accepting of it, but we like to know what's going on so that we can help if you're blocked.

Can I open source my work?

Yes! We all strongly believe in open access to research, and barring weird unforeseen circumstances, you will be encouraged to open source your projects as soon as the associated paper is published (or your apprenticeship ends if there is no paper outcome).

What about CTF?

We love to CTF! ASU is called home by the pwndevils, who meet every Tuesday (beginner session) and Thursday (advanced session) and play CTFs on weekends, and some members of Shellphish, who play CTFs when they feel like it. Additionally, Yan, Adam, and Tiffany are members of the Order of the Overflow, and are hosting DEF CON CTF in that capacity.

If you like to CTF, then CTF will be a fundamental part of your apprenticeship! Come hack with us, develop ideas inspired by CTF, and help push the community forward!

What about life?

We don't expect you to be a robot (although if you are, beep boop beep). Tempe and the surrounding area are home to lots of awesome activities, including comedy clubs, paintball, boat rentals on the lake adjacent to campus, escape rooms, laser tag, countless art, wine, and culture festivals, skating rinks, theaters, and so on.

Tempe is also well-positioned for exploring the rest of the US. To begin with, the Grand Canyon, one of the most impressive natural attractions in the US, is a short drive north. Mexico is a short drive south. Los Angeles and San Diego are short drives west. On top of this, Phoenix Sky Harbor Airport ($15 Uber ride from ASU) is a major airport hub in the US, with relatively inexpensive nonstop flights to most of the US.

Do not spend your apprenticeship locked in the lab! Experience what Tempe, Arizona, and (if you're from abroad) the US have to offer!

So what is expected of me, really?

As a successful intern, you will demonstrate technical skill and/or academic promise. How you do this is a function of you. We hope that you will do this while also enjoying the process, and that you will leave with fond memories (or decide to stay here long-term!).

In general, we are looking for excellent hackers: folks who can code, think, and are self-driven.

Sounds great! How do I apply?

If you are interested in the apprenticeship, please reach out to Yan (yans@asu.edu). Include the following information:

• who you are
• what is your current academic status
• what general areas of cybersecurity interest you
• what are your tentative future plans (PhD, CTF, industry, etc.)
• when would you like to arrive
• how long do you want to stay, and, if this number is currently under 6 months, whether there is a chance that it will increase to over 6 months (as this requires a different visa if you are coming from out of the country)
• your resume or CV
• your CTF, open source, and research experience (if it's not in your resume, which it should be!)

If we are not aware of you by reputation, we will carry out a quick call to get to know each other. Then, if we have capacity and if you will make a good fit, we will recommend that you apply to the official ASU Intern application process (Yan will send you a link). An important note: if you answer "no" to any of the final questions of the application, the system will automatically disqualify you and it will significanlty postpone the opportunity for you to re-apply. This is not something that we can control or change.

To apply, you will need:

• a resume showing at least one year of laboratory research, field research, technical maintenance or any equivalent combination of experience and/or education from which comparable knowledge, skills and abilities have been achieved.
• three references
• a cover letter

The application process generally takes between one and three weeks, including a background check to verify the information provided on the resume (so please make sure there are no errors!). If you are a student, this process might require you to provide paperwork from your university showing proof of enrollment. If you have graduated, this might require you to send along your transcripts to ASU's HR office (not to us, don't worry). After this, you will receive the official offer of temporary employment and, if you are coming from outside of the US, the DS-2019 that you will use to apply for a J1 visa.

Once you receive the DS-2019, the process is out of our hands and in the hands of your local US embassy. It is very hard to estimate how long the visa application process takes, as it depends on the country in question, international events, and nondeterministic components. Visas have been acquired in a matter of days, and some have taken months. Plan accordingly!

What do I do on arrival?

You've arrived! Welcome to Arizona. Now, you should do a few things:

• (for international students) Apply for a Social Security Number (instructions here). You will need to bring your offer letter with you showing that you have a job with ASU.
• (for international students) Read the J-1 information booklets that were sent to you with your DS2019.
• (for international students) Make an appointment with International Programs to schedule a SEVIS check-in. The contact information for International Programs is in the J-1 information booklets.
• You will need to submit New Hire paperwork (here) in person to the ASU HR office located at Tempe University Center (UCNTRA), 1100 E. University Drive, Tempe, AZ 85281.
• Go to the Memorial Union on campus to get your ASU ID card. You will need your ASU ID number that was sent to you in an e-mail.
• Come back to the front office after you have your ASU ID and fill out a purple Isaac access form so that you have access to the building after 6pm and on weekends. See Monica (in the CIDSE office) for help in filling out the form.

When you get to the lab, you will be given a desk to sit at and (if you need it) a computer. Then, after the next weekly lab meeting, we will hold a pitch session to pitch potential projects to you (see above)!