Cybersecurity Research Papers
Master's degree candidates at SANS.edu conduct research that is relevant, has real world impact, and often provides cutting-edge advancements to the field of cybersecurity, all under the guidance and review of our world-class instructors.
Know Your Blind Spots: Better Visibility Through EDR Policy Hardening
Research PaperDigital Forensics and Incident ResponseEndpoint Detection and Response (EDR) tools identify, detect, and respond to anomalous behavior.
- 9 Jun 2026
- Joshuah Williams
Risk-Adaptive Data Loss Prevention: Behavioral Intelligence with DLP
Research PaperCyber DefenseRisk-Adaptive Data Loss Prevention: Behavioral Intelligence with DLP
- 4 Jun 2026
- Matt Bromiley
Bridging the Gap Between Threat Intelligence and Business Risk
Research PaperCyber DefenseThe importance of the threat intelligence function has grown significantly over the years to become a cornerstone of any cybersecurity group.
- 29 May 2026
- Kevin Garvey
Secure By Design: An Exploration of the Application of Generative AI in Threat Modeling Technical Design Documents
Research PaperArtificial IntelligenceThis paper explores the efficacy of large language models (LLMs) for creating comprehensive threat models by analyzing technical design documents, particularly when provided with additional contextual information about the product's underlying infrastructure and deployment environment.
- 27 May 2026
- Mark Oswald
Identifying Security Vulnerabilities in Kubernetes Environments
Research PaperCloud SecurityThis research aims to develop a practical methodology for identifying security misconfigurations in Kubernetes environments, across both Infrastructure-as-Code (IaC) and live cluster states.
- 14 May 2026
- Patrick Trecek
Leveraging Large Language Models for Cross-Vendor Firewall Configuration Migration: A Comparative Case Study of Claude and ChatGPT
Research PaperArtificial IntelligenceThis paper investigates how two current-generation large language models (LLMs) perform on a single, representative firewall migration task.
- 12 May 2026
- Omar Zaman
Applying CIS Controls to AI Workflows
Research PaperDigital Forensics and Incident ResponseThis research provides guidance on using the CIS Controls in conjunction with AI-specific frameworks to build a robust information security program.
- 12 May 2026
- Brian Ventura
Autonomous Defense Induced Disruption: How AI-Driven Automated Response Can Be Manipulated to Disrupt Enterprise Operations
Research PaperArtificial IntelligenceThe research highlights the need for governance controls, privilege-aware safeguards, and system-level constraints to prevent autonomous containment from causing operational disruption.
- 12 May 2026
- Marcio Enriquez
Your Sensitive Data Has Left the Chat: LLMs as Sensitive Data Detectors
Research PaperArtificial IntelligenceThis paper seeks to evaluate the hypothesis that language models, large and small, can perform well at sensitive data classification and to offer a solution for companies trying to detect contextually sensitive data in their AI workflows.
- 12 May 2026
- Colten Davis
A Forensic Study of Artifact Persistence in Containerd-Based Kubernetes Workloads
Research PaperDigital Forensics and Incident ResponseA container is a standard unit of software that packages code, including its dependencies, so the application runs quickly and reliably across computing environments.
- 12 May 2026
- Ahmed Alharbi
Untested: An Overlooked Link in the Software Supply Chain
Research PaperCyber DefenseThis research explores test code as an attack surface and takes a first step toward creating a tool to help analysts detect and mitigate malware lurking in test libraries.
- 16 Apr 2026
- Evan Ottinger
Sanitized in the Source: Removing Embedded Objects from PLC Projects with CDR
Research PaperIndustrial Control Systems SecurityThis research seeks to outline a methodology to sanitize supported PLC project files for security while also confirming their operational reliability.
- 16 Apr 2026
- James Turner