Skip to main content

Cybersecurity Research Papers

Master's degree candidates at SANS.edu conduct research that is relevant, has real world impact, and often provides cutting-edge advancements to the field of cybersecurity, all under the guidance and review of our world-class instructors.

Learn About the Master's Degree Program
Showing 12 of 791

Securing the Sun: Impact-Effective Cybersecurity Controls for Solar SCADA

Research PaperIndustrial Control Systems Security

Based on research conducted with a custom-built lab emulating a utility-grade solar SCADA network, this paper details the greatest impact on a solar site, in the form of physical consequences to power generation capabilities.

  • 11 Jun 2026
  • Wesley D. Barrier

From Alert to Evidence: Evaluating AI Agents for Cyber Forensic Triage

Research PaperArtificial Intelligence

Cyber defense teams are beginning to experiment with large language models in security operations, but their usefulness in digital forensics and incident triage is still uncertain.

  • 11 Jun 2026
  • Connor Blackard

Know Your Blind Spots: Better Visibility Through EDR Policy Hardening

Research PaperDigital Forensics and Incident Response

Endpoint Detection and Response (EDR) tools identify, detect, and respond to anomalous behavior.

  • 9 Jun 2026
  • Joshuah Williams

Risk-Adaptive Data Loss Prevention: Behavioral Intelligence with DLP

Research PaperCyber Defense

Risk-Adaptive Data Loss Prevention: Behavioral Intelligence with DLP

  • 4 Jun 2026
  • Matt Bromiley

Bridging the Gap Between Threat Intelligence and Business Risk

Research PaperCyber Defense

The importance of the threat intelligence function has grown significantly over the years to become a cornerstone of any cybersecurity group.

  • 29 May 2026
  • Kevin Garvey

Secure By Design: An Exploration of the Application of Generative AI in Threat Modeling Technical Design Documents

Research PaperArtificial Intelligence

This paper explores the efficacy of large language models (LLMs) for creating comprehensive threat models by analyzing technical design documents, particularly when provided with additional contextual information about the product's underlying infrastructure and deployment environment.

  • 27 May 2026
  • Mark Oswald

2026 SANS Cyber Threat Intelligence (CTI) Survey Insights

Research PaperCyber Defense

Every year, the SANS CTI Survey gets sharper. This year, it takes a step the field has needed for a while. For the first time, the 2026 survey includes a dedicated module for security executives, capturing responses from 67 CISOs and CSOs.

  • 15 May 2026
  • Rebekah Brown, Andreas Sfakianakis

Identifying Security Vulnerabilities in Kubernetes Environments

Research PaperCloud Security

This research aims to develop a practical methodology for identifying security misconfigurations in Kubernetes environments, across both Infrastructure-as-Code (IaC) and live cluster states.

  • 14 May 2026
  • Patrick Trecek

Leveraging Large Language Models for Cross-Vendor Firewall Configuration Migration: A Comparative Case Study of Claude and ChatGPT

Research PaperArtificial Intelligence

This paper investigates how two current-generation large language models (LLMs) perform on a single, representative firewall migration task.

  • 12 May 2026
  • Omar Zaman

Applying CIS Controls to AI Workflows

Research PaperDigital Forensics and Incident Response

This research provides guidance on using the CIS Controls in conjunction with AI-specific frameworks to build a robust information security program.

  • 12 May 2026
  • Brian Ventura

Autonomous Defense Induced Disruption: How AI-Driven Automated Response Can Be Manipulated to Disrupt Enterprise Operations

Research PaperArtificial Intelligence

The research highlights the need for governance controls, privilege-aware safeguards, and system-level constraints to prevent autonomous containment from causing operational disruption.

  • 12 May 2026
  • Marcio Enriquez

Your Sensitive Data Has Left the Chat: LLMs as Sensitive Data Detectors

Research PaperArtificial Intelligence

This paper seeks to evaluate the hypothesis that language models, large and small, can perform well at sensitive data classification and to offer a solution for companies trying to detect contextually sensitive data in their AI workflows.

  • 12 May 2026
  • Colten Davis