Skip to main content
Cybersecurity Research

Cybersecurity Research

Students in SANS.edu bachelor’s and master’s degree programs conduct research that makes a meaningful contribution to the body of cybersecurity knowledge. SANS.edu is proud to be an NSA Center of Academic Excellence in Cyber Defense.

SANS.edu Research Review Journal | Volume 5

Explore the latest research from SANS.edu graduate students—professionals on the front lines of cybersecurity—tackling today’s toughest threats across AI, cloud security, digital forensics, zero trust, malware detection, and more.

SANS Technology Institute Research Review Journal

SANS.edu Cybersecurity Research Highlights

Two People Smiling While Surrounded by Books and a Laptop

Cybersecurity Research from Working InfoSec Professionals

Master's degree candidates at SANS.edu conduct research that is relevant, has real world impact, and often provides cutting-edge advancements to the field of cybersecurity.

See All Research Papers
Internet Storm Center

Internet Storm Center

Through its research arm, the Internet Storm Center (ISC), the SANS Technology Institute operates the world’s leading cyber threat detection network.

Visit Internet Storm Center
Students Typing on Laptops

Bachelor’s Degree Internship

Many of our bachelor’s degree students observe and report on emerging threats in a virtual internship as Apprentice Handlers with the Internet Storm Center, gaining real-world, hands-on experience few other programs can match.

Explore the Bachelor's Program

Featured Cybersecurity Research

Explore research from SANS.edu graduate students, cyber professionals on the front lines of today’s cybersecurity challenges.

See All Research Papers

Evaluating Configurations for Reducing Problematic Emotional Engagement in Enterprise LLM Deployments: Implications for Insider Threat Risk

Research Paper

The risks of Large Language Models (LLMs) include triggering psychological drivers associated with malicious insider threat behavior. This study utilized AWS Bedrock to demonstrate that specific system-level configurations and guardrails can effectively mitigate these risks by reducing problematic human-AI engagement.

  • 2 Mar 2026
  • J. Wolfgang Goerlich

How Many LLMs Does it Take to Classify a Suspicious Email?

Research Paper

This study examines the accuracy, reliability, and operational behavior of three widely available LLMs using a dataset of 2000 human-written emails containing both legitimate and suspicious messages.

  • 12 Mar 2026
  • Bridget Bartell

Reducing Excessive Trust in the Web PKI Ecosystem

Research Paper

This research examines the possibility of developing an add-on for the open-source mitmproxy project to add drift detection for root Certification Authority (CA) certificates, incorporate policy-based controls over which CAs are allowed, and leverage an ensemble of existing technologies—some in novel ways—to reduce the level of trust placed in the public Web PKI.

  • 12 Mar 2026
  • Daymon McCartney

Our Students Say

  • Slide 1 of 3

    I was surprised by how many attacks/port scans I encountered so soon after setting up the honeypot for my internship. Doing research on them has given me a deeper understanding of a variety of attacks and made me more confident in my ability to defend my own network.

    Josh Levine Red Team Researcher | Applied Cybersecurity Certificate Graduate
  • Slide 2 of 3

    I receive compliments from senior leadership when I present—all directly related to feedback I received from my SANS faculty research advisors. When SANS.edu advertises that the program changes careers, this is a concrete example—it's the best graduate program on the planet.

    Jim HorwathDirector of Security Engineering, Guardian Life | Master's Degree Graduate
  • Slide 3 of 3

    Over the past several months, I have gained practical insight into the challenges of deploying and operating a honeypot, even within a relatively simple environment. AI proved most valuable not as an automated solution, but as a collaborative aid.

    Austin BodolaySenior Data Technician, Microsoft | Bachelor's Degree in Applied Cybersecurity

Student Research and Innovation

Megan Roddie

Master of Science in Information Security Engineering

Megan Roddie’s presentation of her well received master’s degree research paper Automating Google Workspace Incident Response at the SANS DFIR Summit led to an invitation to join the authors of the popular SANS course FOR509: Enterprise Cloud Forensics and Incident Response as a co-author. Her work developing labs for the course gives students realistic, practical hands-on experiences that allow them to approach real-life incidents more effectively.

Read Megan's Story
Megan Roddie

Brian Davidson

Master of Science in Information Security Engineering

For his master’s degree research project, U.S. Marine veteran Brian Davidson created a first-of-its-kind human interface device firewall—a firewall between a keyboard and the computer—that is patent pending. Learn why Brian chose SANS.edu and how his education made him an increasingly valued asset to his employer.

Read Brian's Story
Brian Davidson

Lori Brumm

Bachelor’s Degree in Applied Cybersecurity

Lori Brumm says that working with Internet Storm Center director Dr. Johannes Ullrich was one of the most valuable parts of her internship as a bachelor’s student at SANS.edu. She chose to pursue her bachelor’s degree at SANS.edu to gain a strong competitive advantage in the job market—and because the online options gave this busy mother of three the flexibility she needed to succeed.

Read Lori's Story
Lori Brumm

Quantifying Threat Actor Assessments | Webcast

Andy Piazza, Senior Director of Threat Intelligence at Palo Alto Networks Unit 42 and a graduate of the SANS.edu master’s degree program, discusses his research on quantifying threat assessments in this Webcast with SANS faculty member and Principal Intelligence Analyst for Red Canary Katie Nickels.