Funded PhD + RA: youth online safety and privacy

I’m recruiting at the University of Melbourne for a project on how we can keep young people safer online without building surveillance-heavy systems. The work sits at the intersection of security/privacy engineering, human-centred methods, and policy.

Funding note: This project is funded by an ARC DECRA (Discovery Early Career Researcher Award), a competitive Australian Research Council fellowship that supports early-career researchers to build a small research team.

Funded PhD (3 years) — University of Melbourne

I’m seeking a PhD student for a funded, 3-year position based at the University of Melbourne. The PhD is co-advised (co-supervisor(s) will be confirmed based on fit and University requirements; expected to include a University of Melbourne faculty collaborator aligned with the human-subjects components).

At a glance

  • Location: University of Melbourne (Melbourne, Australia)
  • Duration: 3 years funded (PhD)
  • Core methods: usable security/privacy + empirical evaluation + human-subjects research
  • Co-advised: yes (to support the human-subjects components)

Research theme

How do we design and evaluate online safety measures for young people that are effective in practice while preserving privacy, autonomy, and security?

What you might work on (examples)

  • Adversarial / realistic evaluation of age assurance & age verification approaches (how they fail, how they can be improved).
  • Participatory / qualitative research with young people and parents to derive design requirements for safety features that preserve autonomy and privacy.
  • Translating findings into implementable technical and policy recommendations for regulators and industry.

Who should apply

Good fits often have experience (or strong interest) in usable security/privacy, security measurement, and/or HCI methods (e.g., interviews, focus groups, surveys), along with careful writing and an interest in impact-driven research.

I’m not looking for applicants approaching this solely from a governance/policy perspective, without interest in (or willingness to engage with) technical or empirical research methods.

How to apply (please read this carefully)

Step 0 (required): Read my general guidance first: Joining My Lab. I use this as a filter; emails that ignore it are unlikely to get a reply.

  1. Step 1: Email me with the subject line: PhD (UoM) — youth safety + privacy.
  2. Step 2: Attach these four items (PDF is best):
    1. CV
    2. Transcript(s) (required; unofficial is fine at first)
    3. Statement of Purpose (SoP) (USA-style “research statement”), ideally 1–2 pages
    4. One reference letter (preferred: emailed directly by the referee) that speaks to your research potential and writing/initiative. If the letter isn’t ready, include the referee’s name, role, and email address and I’ll follow up if needed.
    Optional but helpful: a writing sample; links to code or reports.
SoP guidance (click to expand)

I’m explicitly looking for a research-focused document (not an autobiography). In terms of style: optimize for clarity, specificity, and evidence. Use headings if helpful; avoid repeating your CV; and aim for a tight 1–2 pages.

A good structure is:

  • (1) Research direction (opening paragraph): the broad problems you want to work on (youth online safety + privacy), why they matter to you, and 1–2 concrete themes/questions you’re drawn to.
  • (2) Evidence you can do research (1–2 paragraphs): describe 1–2 prior projects with enough technical detail that I can see how you think. A good template is: the problem & context, your role, your approach/methods, what evidence you gathered (data, systems, participants), what worked/what didn’t, and what you learned. Critically, identify gaps/limitations in what you did (threats to validity, missing baselines, untested assumptions, confounds, data limitations, deployment constraints) and what you would do next to close them. It’s fine if a project “failed” scientifically—clarity and judgment matter more than polish.
  • (3) What you want to do in the PhD (1 paragraph): propose a plausible direction within this project (e.g., adversarial evaluation of age assurance; participatory design with young people/parents; mixed-methods work connecting measurement + user perspectives). You don’t need a full proposal, but you should show you understand the space.
  • (4) Fit (short paragraph): fit is a minor factor compared to evidence of research ability and clarity of interests, but you should still show you’ve done your homework: briefly note why University of Melbourne and why working with me (cite 1–2 relevant papers/projects and explain the match). If you have thoughts on the co-advised setup (e.g., methods mentorship vs. security engineering mentorship), include them.
  • (5) Brief trajectory: 1–2 sentences on what you hope to do after the PhD (academia, policy, industry research, etc.).

What a weak SoP tends to look like: a long narrative about how you “became interested” in the topic (origin stories, childhood anecdotes, inspirational arcs), plus generic statements about wanting to “make an impact”, with few specifics about what you would actually do as a researcher. A SoP like that makes it hard for me to assess your research judgment and whether there is a concrete path forward beyond “read papers”.

A better mental model: treat the SoP like an investment pitch for a research apprenticeship. A funded PhD is not “paying for a degree”; it’s closer to me (and the institution) making a multi-year bet on you with substantial resources (time, supervision bandwidth, and funding). Tactfully: you’re helping me answer “should I hire/invest in this person for a research role?” The pitch you need to make is:

  • The idea: a credible, concrete research direction with a path to doing things (measurements, systems work, studies, prototypes), not just literature review.
  • Execution: evidence you have (or can rapidly build) the skills/methods to carry it out, and that you know where the hard parts are.
  • Motivation: a sustained interest in doing this kind of work for years.

What I don’t find useful: generic praise, long life stories, re-listing your CV, or vague “I like cybersecurity” statements without a concrete research angle.

Research assistant (expressions of interest)

I’m also collecting expressions of interest for a casual research assistant (RA) role. A role is expected to open at some point during the DECRA (2026–2028); timing and hours will depend on project needs.

This is likely to be a good fit for an undergraduate (or Honours/Masters) student with an interest in youth online safety, privacy, and security.

Typical tasks may include coordination and admin support, helping draft and proof-check policy briefs/whitepapers and research outputs, lightweight literature review and synthesis, simple analysis/visualisation, and occasional website maintenance.

If you’re interested, email with subject RA (EOI) — youth safety + privacy and attach a CV plus a short writing sample (any genre is fine).

Contact: .