Cyber Security Research

Cyber Security Research

Highlights of Graduate Student Research

In addition to pursuing class and lab exercises, SANS master's program candidates are always conducting research. Here are some highlights of their recent findings. You can follow the links in each of the sections below to find a complete copy of their research paper, and you can visit the SANS Reading room to view these and other students' research results.

Research Papers

STI master's program candidates conduct research which is relevant, has real world impact, and which often provides cutting edge advancements to the field of cybersecurity knowledge, all under the guidance and review of our world class instructors. Here are some highlights of their recent findings.

Featured Research Papers

View More Research Papers

Leadership Essays

It is the mission of STI to produce leaders for the field of cybersecurity. Leadership is a sometimes amorphous concept, with definitions, styles, and applications that can of necessity shift over time and in different scenarios. Many organizations use management competencies - skills, knowledge, or abilities - related to leadership to assess leadership skills. These essays by STI students are devoted to the consideration of transformational leadership and management competences.

Featured Leadership Essay

View More Leadership Essays

Group Projects

Whether as a leader of processes, people, or both, STI graduates are regularly called upon to work in group settings, to analyze problems, and to present their findings and recommendation to technical and non-technical C-suite executives. Working with their peers, STI master's program candidates engage with time-sensitive scenarios based upon real-world issues to arrive at technical solutions which also take into account risk management and business practice realities. These presentations and executive summaries demonstrate the full range of research, technical analysis, leadership, and communication skills which our students master in their program.

Featured Group Project

  • Hash - All Smoke or Stronger is Better?
    By Andre Shori, Matt Freeman, and Ronald Tallman
    June 2017

    • The current hashing algorithm being utilized is SHA1, which is depreciated and of increased risk of hash collisions, possibly resulting in database integrity and versioning issues. This report explores the current vulnerabilities of SHA1 and the accompanying risks and impacts.

      Download:  Hash - All Smoke or Stronger is Better?

  • Mergers, Acquisitions and Information Security Aspects
    By Andre Shori and Ed Yuwono
    March 2017

    • This project examines information security processes and posture as an increasingly important aspect of corporate mergers and acquisitions. In this exercise, the GIAC Fortune Cookie Company is in an early stage of acquiring Ya Mon Fortunes. The student team was asked to provide a preliminary plan for the safe integration of Ya Mon Fortunes into GIAC Fortune Cookie operations. Their report outlines a systematic and logical approach to the safe integration of Ya Mon's existing processes, with minimal disruption to current and future business processes and in the shortest timeframe.

      Download:  Mergers, Acquisitions and Information Security Aspects

  • OAuth 2.0 Web Application Vulnerability Analysis and Solution Project Plan
    By Brian Quick, Russel Van Tuyl & Sumesh Shivdas
    January 2017

    • This project examines concerns regarding a potential threat involving OAuth 2.0 and enterprise web applications. The examined vulnerabilities significantly impact enterprise security, allowing for possible covert remote attacks from the internet. Exploitation of the identified vulnerabilities could allow a remote attacker to gain access to enterprise user accounts and potentially access sensitive data, creating an unacceptable risk to intellectual property. The test cases conducted provided critical lessons on OAuth 2.0 traces and application calls which delineate how web applications are vulnerable. A detailed recommendation and an implementation plan are provided for in this project plan.

      Download:  OAuth 2.0 Web Application Vulnerability Analysis and Solution Project Plan

View More Group Projects

Student Presentations

Experts who struggle to communicate well are often unable to optimize their impact upon their organization. STI master's program candidates not only learn advanced technical skills, but they also experience and learn how to communicate their insights and realizations to both technical and non-technical audiences. Here are some example presentations where our students share the results of their guided research.

Featured Student Presentations

View More Student Presentations

Policy Papers

As security professionals we have seen the landscape change. Cybersecurity is now more vital and relevant to the growth of your organization than ever before. As a result, information security teams have more visibility, more budget, and more opportunity. However, with this increased responsibility comes more scrutiny. Policy is a manager's opportunity to express expectations for the workforce, set the boundaries of acceptable behavior, and empower people to do what they ought to be doing.

Featured Policy Paper

View More Policy Papers