Welcome to the EPSRC Centre for Doctoral Training (CDT) in Cyber Security for the Everyday at Royal Holloway.
Please review the information below for full details on entrance requirements, eligibility and how to apply.
The Centre was first established in 2013, and has as its main objective to develop cohorts of multidisciplinary researchers with a broad understanding of cyber security and a strong appreciation of the interplay between technical and social issues.
Research in the CDT will address challenges concerning:
- the technologies deployed in digital systems that people use, sometimes inadvertently, every day.
- the everyday societal experience and practice of security.
The CDT is centred around Royal Holloway's Information Security Group and partners with departments throughout the institution. CDT researchers follow a four-year PhD programme. The first year consists of comprehensive multidisciplinary cyber security training. The remaining three years focus on research in an advanced topic in the field of cyber security.
In each annual cohort, we award approximately ten fully-funded PhD studentships (four years of enhanced stipend and fees). We welcome applications from candidates with undergraduate and/or masters qualifications in a wide range of technical and social disciplines of relevance to cyber security.
Follow us on our social media platforms to keep up to date with CDT news and activities
Please explore the tabs below to learn more about the entry requirements, funding and eligibility, and how to apply to Royal Holloway's CDT in Cyber Security for the Everyday
Course Of Study
CDT researchers follow a four-year PhD programme, consisting of a Taught Element, a Research Element and an Internship.
This is delivered over the first year and aims to equip students with a baseline cyber security “body of knowledge”, spanning both technical and social aspects, including a core understanding of cyber security in practice. The taught element is delivered through a combination of modules, projects and research skills development training.
- Cyber Security Fundamentals. The four core cyber security modules from Royal Holloway’s GCHQ-accredited MSc Information Security programme.
- Principles of Securing Cyber Societies. An introduction to reasoning about cyber security from a social science perspective.
- Human Aspects of Information Security and Privacy. Concerning the relationship between people and cyber security.
- Cyber Security “In the Wild”. A programme of visits to the premises of, and visits from, external CDT partner organisations.
- Security Practice Laboratory. Two-weeks of intensive “hands-on” training exercises in a cyber security laboratory.
- Mini project. A short six-week mini project, resulting in a “white paper” report and presentation.
- Summer project. A three-month research project resulting in a substantive research report and presentation.
- Research skills. A comprehensive research skills development programme running throughout the year.
Three years of research in an area of specialism relating to cyber security, under the supervision of a dedicated supervisory team. Throughout their study, CDT researchers are expected to attend and present work at research seminars, workshops or other events off-campus, including internationally.
Potential CDT research themes include:
- Embedded technology security. Providing security and privacy for a sensor-rich hyper-connected cyberspace, including consumer electronics, industrial automation, automotive (avionics and vehicles) and medical devices.
- Secure and trusted systems. Detecting security vulnerabilities and shielding against external threats for a variety of systems ranging from personal devices to desktop workstations and cloud infrastructure.
- Cryptography and its applications. Developing and analysing the strong cryptographic infrastructure necessary for future real world applications, including outsourced data storage systems, post-quantum settings, blockchain applications.
- Trust, rights and understanding. Exploring what mechanisms we can employ to better understand and practise cyber security in social, cultural and political contexts.
- Methodological innovation in researching cyber security. Developing new approaches to exploring cyber security in order to rethink cyber security policy and system design through, for example, community engagement and ethnographically-informed research.
- Difference and inequalities in cyber security. Exploring how digital systems influence social differences and inequalities and asking what more progressive, inclusive and just forms of cyber security might look like.
Every CDT researcher is expected to undertake the equivalent of a three-month internship with an external CDT partner during their study period. There is flexibility in when and how this is instantiated. Over twenty organizations have already pledged to support internships. Previous internship destinations include The Cabinet Office, Amazon Web Services, Microsoft Research Redmond, Shine TV (Hunted), Mozilla Foundation, IBM Zurich, and NATO SHAPE.
Applicants should have, or be expecting to obtain, a high-quality (ideally first class) undergraduate or masters (ideally distinction) degree in a relevant discipline. Suitable backgrounds are (but not limited to) computer science, criminology, economics, electronics engineering, geography, geopolitics, information security, law, mathematics, philosophy, politics, psychology, software engineering and war studies. We will also consider applicants with a professional background, so long as they are able to provide evidence of demonstrable academic skills as well as practical experience.
Following UKRI’s announcement that UKRI studentships will be opened up to international candidates, we can confirm that we are able to recruit international students to commence PhD study with the CDT in September 2023. International students* will receive the full award, to include stipend and fees.
*EU and EEA students are now considered international students.
To be classed as a home student, candidates must meet the following criteria:
• Be a UK National (meeting residency requirements), or
• Have settled status, or
• Have pre-settled status (meeting residency requirements), or
• Have indefinite leave to remain or enter
If a candidate does not meet the criteria above, they would be classed as an International student
Please ensure you are familiar with the eligibility criteria set by UKRI and their terms and conditions.
Please also refer to EPSRC Student Eligibility for further details.
How to Apply
Please review all information on entrance requirements, eligibility and how to apply.
Please note that prior to submitting a formal application, candidates are very welcome to contact the CDT directly to discuss their suitability for the programme. Prospective candidates can either contact a named supervisor from the list of sample research topics in the menu below, or email for an informal discussion with a member of the CDT recruitment panel.
Please complete an online application here, and select "PhD Information Security" (under "Information Security Group"). You should ensure you include a clear statement that you are applying to the CDT in Cyber Security for the Everyday, and upload all required documents, including an up to date CV, academic certificates & transcripts, and a personal statement detailing why you wish to pursue a PhD in Cyber Security.
This personal statement should include
- Why you wish to pursue a PhD in Cyber Security.
- Why you think you would be a good fit for the CDT
- Why the CDT training model is suitable for you.
- An indication of the research areas that most interest you, and why. (Note that you do not have to formally define a full research project, although you are welcome to do so). Why the CDT training model is suitable for you
In the online application, you will be asked to nominate one referee. For CDT admissions, we require a second reference letter, therefore, upon completion of the online application, contact this second referee, and ask them to send their reference letter directly to CyberSecurityCDT@royalholloway.ac.uk (the first referee will receive an automated request from the admissions system, and their reference letter will be included in your application).
Upon completion of the online application, please also email CyberSecurityCDT@royalholloway.ac.uk with your student reference number and the name of your second referee.
We will start a formal assessment shortly after we receive your application. The Committee may request further information from individual applicants. If you are unsuccessful at this stage you will be notified via email. If you are shortlisted, then you will be invited to an interview with the CDT management committee.
Recruitment will remain open until we fill all available places. This is a highly sought after programme, so we encourage early applications.
We welcome applications from all members of the community including those who are under-represented in the field of cyber security All submitted applications are considered on an equal basis in line with Royal Holloway's equality & diversity policy https://www.royalholloway.ac.uk/about-us/more/governance-and-strategy/equal-opportunities/.
Sample Research Topics
Our research topics take advantage of the CDT's interdisciplinary nature to tackle major challenges in many different areas of cyber security. These are not the only topics we supervise, but they do demonstrate the range of research areas we cover.
Note that applicants need not have a specific project to apply for the CDT, as a research project can be determined towards the end of the first year of the programme.
A list of sample research topics can be found here
Please also note that advertised projects are sample projects and prospective applicants are not required to apply to one of the advertised projects, but are welcome to discuss broader research interests with the academic named in the advert - and/or to apply with their own research proposal.
Management and Governence
Prof Keith Martin is the CDT Director and is responsible for the day-to-day management of the CDT. Responsibilities include coordinating recruitment, overseeing delivery of training, arrangement and management of supervision and liaison with external partners. The CDT Director also acts as the ultimate point of contact for CDT student welfare issues.
Claire Hudson is the CDT Manager, supporting day-to-day running of the CDT and acting as a first point of contact for CDT students, with particular responsibilities for managing admissions, financial reporting, communications and event management.
The Management Committee is chaired by the CDT Director, and supports all aspects of the CDT operation. The Management Committee is:
The Advisory Panel provides independent advice on the strategic direction, coverage and progress of the CDT. The Advisory Panel includes experts from industry, academia and public sector. The Advisory Panel is:
Professor Emma Barrett University of Manchester
Timothy Bauge Research Group Leader: Thales UK
Bedria Bedri Deloitte
Robert Carolina Executive Director: ICSI
Dr Sepi Chakaveh CEO/Founder Pixsellar
Professor Liqun Chen University of Surrey
Conn Crawford Partnership Development Manager: 5G North East
Budgie Dhanda 3BDA
Professor Paul Dorey (Advisory Panel Chair) CSO Confidential. IISP
Irfan Hemini DCMS
Dr Richard Horne PwC
Professor Johannes Kinder Bundeswehr University, Munich
Emma Leith Director Cyber Programme & Strategy: Santander
Peter Lockhart Roke Manor Research
Afia Masood Portfolio Manager EPSRC
Professor Igor Muttik CEO: Cyber Curio
Professor Kenny Paterson ETH Zurich
Professor Bart Preneel KU Leuven
Dr Simon Shiu HP Labs
Dr Thyla van der Merwe ETH Future Computing Laboratory
The CDT publications list highlights the work undertaken by our staff and students. The full list of published articles can be found here