Cybersecurity Research Papers
Master's degree candidates at SANS.edu conduct research that is relevant, has real world impact, and often provides cutting-edge advancements to the field of cybersecurity, all under the guidance and review of our world-class instructors.
Cloud Ace Journeys: The Analyst Flight Plan
Research PaperCloud SecurityCloud security analysts are responsible for securing environments, detecting threats, locking down identity, and responding to breach.
- 18 Jun 2026
- SANS Institute
2026 SANS SOC Survey Insights: A Decade of Evolution in Cyber Defense
Research PaperSecurity AwarenessSANS 2026 SOC Survey findings that dive into: where SOCs are investing, where they are struggling, and where the gap between high-performing teams and everyone else is widening.
- 15 Jun 2026
- Christopher Crowley
Securing the Sun: Impact-Effective Cybersecurity Controls for Solar SCADA
Research PaperIndustrial Control Systems SecurityBased on research conducted with a custom-built lab emulating a utility-grade solar SCADA network, this paper details the greatest impact on a solar site, in the form of physical consequences to power generation capabilities.
- 11 Jun 2026
From Alert to Evidence: Evaluating AI Agents for Cyber Forensic Triage
Research PaperArtificial IntelligenceCyber defense teams are beginning to experiment with large language models in security operations, but their usefulness in digital forensics and incident triage is still uncertain.
- 11 Jun 2026
Know Your Blind Spots: Better Visibility Through EDR Policy Hardening
Research PaperDigital Forensics and Incident ResponseEndpoint Detection and Response (EDR) tools identify, detect, and respond to anomalous behavior.
- 9 Jun 2026
Risk-Adaptive Data Loss Prevention: Behavioral Intelligence with DLP
Research PaperCyber DefenseRisk-Adaptive Data Loss Prevention: Behavioral Intelligence with DLP
- 4 Jun 2026
- Matt Bromiley
Bridging the Gap Between Threat Intelligence and Business Risk
Research PaperCyber DefenseThe importance of the threat intelligence function has grown significantly over the years to become a cornerstone of any cybersecurity group.
- 29 May 2026
- Kevin Garvey
Secure By Design: An Exploration of the Application of Generative AI in Threat Modeling Technical Design Documents
Research PaperArtificial IntelligenceThis paper explores the efficacy of large language models (LLMs) for creating comprehensive threat models by analyzing technical design documents, particularly when provided with additional contextual information about the product's underlying infrastructure and deployment environment.
- 27 May 2026
2026 SANS Cyber Threat Intelligence (CTI) Survey Insights
Research PaperCyber DefenseEvery year, the SANS CTI Survey gets sharper. This year, it takes a step the field has needed for a while. For the first time, the 2026 survey includes a dedicated module for security executives, capturing responses from 67 CISOs and CSOs.
- 15 May 2026
- Rebekah Brown, Andreas Sfakianakis
Leveraging Large Language Models for Cross-Vendor Firewall Configuration Migration: A Comparative Case Study of Claude and ChatGPT
Research PaperArtificial IntelligenceThis paper investigates how two current-generation large language models (LLMs) perform on a single, representative firewall migration task.
- 12 May 2026
AI-Human Collaboration in Modern SOCs
Research PaperArtificial IntelligenceEnterprises face upwards of 3,000 security alerts daily, and according to the SANS 2025 SOC Survey, two-thirds of security operations center (SOC) teams cannot keep pace.
- 17 Mar 2026
- Mathias Fuchs
Infrastructure as Code-Driven Group Policy Infrastructure: A Comprehensive Engine for Group Policy Architecture and Enforcement
Research PaperCyber DefenseThis study introduces a PowerShell-based Infrastructure as Code (IaC) engine developed to automate the setup and enforcement of a STIG-compliant Group Policy framework.
- 5 Dec 2025