Can I TA CY 3740 / CY 5770?

Yes.

Foremost, please do NOT email me. This page exists because I get a ludicrous amount of emails on the topic. I won't respond.

I have specific needs from my TAs. You'll assist students 1:1 during labs and office hours. You'll guide discussions online every day. Therefore, it's crucial that you already know the material well and have hands-on exploitation experience.

I prioritize applications in this order:

  1. You've already taken my courses.
  2. You've taken CY 5770 (not 3740, not 2550) with Engin, Wil, or Ziming.
  3. You have hands-on systems security experience and you can demonstrate it.

If you've taken my courses, I evaluate applicants based on a function that takes two inputs: 1) The number of challenges completed, and 2) the depth of in-person interactions during office hours and lectures. Trying, struggling, asking for help, and then completing challenges ranks you higher than being a prodigy who doesn't need any help. If you are in this group, don't hesitate to apply. Your job will be to assist students who will be in that same position; having firsthand experience of the pain points and the path to resolution through mentorship is a net plus. I regularly hire TAs who couldn't get an A themselves and they make the bestest mentors.

I immediately reject applicants who don't have a practical security background. Practical security background means discovering your own vulnerabilities and crafting your own exploits, NOT vulnerability management with Black Duck. If you aren't comfortable with those technical details, you're below the bargaining range. I hate to exclude you, but ensuring that students learn effectively is my top priority. I can't train TAs from scratch while simultaneously performing my teaching tasks to spec.

Even if you're an excellent fit, I get very few TA slots depending on class size, so you may not get picked. Have a plan B.

Here's how to apply:

  1. Resist the urge to email me.
  2. Apply through the normal hiring channels.
  3. Were you my student in a previous class?
    • YES? You're all set. No need to provide a resume. Leave blank the silly questions about why you want to be a TA and other irrelevancies; you aren't required to explain yourself and I won't read them.
    • NO? Read the course description here and present evidence that you're knowledgeable in the ways of systems attacks and defenses covered there. Don't email me! Add the evidence to your application.

I'll expect you to be available during class hours in person. I always teach late evening blocks, i.e., 6 to 10pm. You won't need to be there for all 4 hours, but if there's an emergency, I should be able to summon you on command. Check the course schedule and make sure you can make it before you apply.

In return, you can expect from me a fulfilling TA season and the opportunity to max out your pay hours.

PS. If you don't pick this course as your first preference, your chances are slim—even if you don't get hired for your other applications. I'll always rate first-preference applicants higher to guarantee a TA, and given the large applicant pool, the algorithm won't even consider the next tier. I've never hired a second or third-preference applicant so far.

I applied for a TA position. When do I hear back?

I don't know. That's an HR question.

Can I TA and co-op/intern at the same time?

Also an HR question.

Don't quote me on this, but I happen to know that the answer is no. If you don't disclose your side gig and anyone including myself finds out later, you'll be fired on the spot. Still, ask HR for an authoritaive answer and the full extent of consequences should you try to be sneaky about it.

Can I audit your classes?

Khoury no longer allows Khoury students to audit Khoury courses. That applies to both officially registering as an audit student and informally sitting in on lectures. I can't override that decision. No, really, that discussion has been had. Not possible. Sorry.

Students from other departments should see the official university audit policy and process, undergraduate here, and graduate here. Follow the process, and I'll approve your petition. Don't ask me for permission, consider yourself already approved. Fight it out with your academic advisor instead.

I don't allow students to informally sit in on classes. If you don't register as an audit student, you can't audit. This isn't negotiable.

Can I do a PhD/MS/XyZ with you?

No.

I'm not a full-time tenure-track professor and therefore I can't hire or fund graduate students on my own. You'll have to look elsewhere. Northeastern has one of the largest and highest quality security faculty pools in the area; there's no shortage of opportunities. After you secure your formal position and funding, I'd be happy to discuss research and mentor you if your official advisor agrees to it.

Can I do a directed study/research/reading course with you for credit?

No. Ditto above, not a full-time professor. The department has made it clear that this isn't doable.

But my advisor insists I can do a directed study/research/reading course with you for credit?

They are wrong.

Can I work with you just for the heck of it then?

Unlikely. I have an ever-increasing load of official work and students to mentor, they get priority, which unfortunately leaves little time for volunteering or fun projects these days. Also see above, I can offer you no pay or course credit; that's unfair and it doesn't sit well with me. I recommend that you seek formal placement with one of Northeastern's security labs instead. We may then find a way to collaborate.

Can you write me a recommendation letter?

Maybe.

If you have worked with me on a research project or TA'd for me: Let's chat.

If you only took my courses: No.

I do a fair share of reference letter reading and writing, and I can tell you with authority that "They got an A" is the kiss of death that guarantees your letter goes straight in the trash. Unfortunately I can't offer any higher praise given the content and context of my courses. My letters will hurt your application. Even if you have masochistic tendencies, I don't want to waste time writing you a bad letter. Go to professors or co-op managers with whom you have had a longer-term work relationship.

I won't reconsider this policy. Trust me on this one, and please don't ask.

Can I list you as a reference in my job application?

Ditto above. If you only took a course with me, that's still a no. If you ignore this, I'll have nothing substantial to say when your hiring manager calls me, which is guaranteed to kill your application.

Can I get a referral for <your workplace>?

Yes, if you meet one of the below conditions.

If you qualify, email me with links to specific job posts BEFORE you start your application. Due to standard HR processes, most companies don't accept referrals if the candidate has started a draft application. I'm fairly sure they want to avoid paying a referral bonus.

Can I connect with you on LinkedIn?

Yes, if I know you. I'm always happy to connect with my students. My network is very well curated; I'll ignore you if I've never met you.

Can you give me a LinkedIn endorsement/recommendation?

Just... no.

Can I connect with you on other social networks?

If you can find me, you've earned it.

My question isn't answered here. Can I contact you?

Yes. If it's truly not covered here, ask away. If it's covered, I'll ignore you.

Email is the only way to contact me. I'll ignore everything else.