Skip to main content
Cybersecurity Research

Cybersecurity Research

Students in SANS.edu bachelor’s and master’s degree programs conduct research that makes a meaningful contribution to the body of cybersecurity knowledge. SANS.edu is proud to be an NSA Center of Academic Excellence in Cyber Defense.

SANS.edu Research Review Journal | Volume 5

Explore the latest research from SANS.edu graduate students—professionals on the front lines of cybersecurity—tackling today’s toughest threats across AI, cloud security, digital forensics, zero trust, malware detection, and more.

Woman reading a textbook at a desk

SANS.edu Cybersecurity Research Highlights

Two People Smiling While Surrounded by Books and a Laptop

Cybersecurity Research from Working InfoSec Professionals

Master's degree candidates at SANS.edu conduct research that is relevant, has real world impact, and often provides cutting-edge advancements to the field of cybersecurity.

See All Research Papers
Internet Storm Center

Internet Storm Center

Through its research arm, the Internet Storm Center (ISC), the SANS Technology Institute operates the world’s leading cyber threat detection network.

Visit Internet Storm Center
Students Typing on Laptops

Bachelor’s Degree Internship

Many of our bachelor’s degree students observe and report on emerging threats in a virtual internship as Apprentice Handlers with the Internet Storm Center, gaining real-world, hands-on experience few other programs can match.

Explore the Bachelor's Program

Featured Cybersecurity Research

Explore high-impact research from SANS.edu master's degree candidates, cyber professionals advancing solutions to today’s pressing cybersecurity challenges.

See All Research Papers

Building Scalable Detection-as-Code Pipelines with Agentic Validation and Refinement

Research Paper

The proposed DaC pipeline uses large language models (LLMs) for logic conversion, variant analysis, and simulation testing via Atomic Red Team, with queries executed against Splunk to measure true positives and false negatives.

  • 6 Nov 2025
  • Benjamin Opel

New-to-Cyber Field Manual: How to Break In, Build Skills, and Find Your Path in Cybersecurity

Research Paper

New-to-Cyber Field Manual: How to Break In, Build Skills, and Find Your Path in Cybersecurity

  • 11 Nov 2025
  • SANS Institute

Interrogators: Attack Surface

Research Paper

Mapping in an Agentic World Mapping in an Agentic World Mapping in an Agentic World Mapping in an Agentic World Mapping in an Agentic World Mapping in an Agentic World Mapping in an Agentic WorldMapping in an Agentic World Mapping in an Agentic World Mapping in an Agentic World Mapping in an Agentic World Mapping in an Agentic World Mapping in an Agentic World Mapping in an Agentic WorldMapping in an Agentic World Mapping in an Agentic World Mapping in an Agentic World Mapping in an Agentic World Mapping in an Agentic World Mapping in an Agentic World Mapping in an Agentic World

  • 13 Nov 2025

Our Students Say

  • Slide 1 of 3

    I was surprised by how many attacks/port scans I encountered so soon after setting up the honeypot for my internship. Doing research on them has given me a deeper understanding of a variety of attacks and made me more confident in my ability to defend my own network.

    Josh Levine Red Team Researcher | Applied Cybersecurity Certificate Graduate
  • Slide 2 of 3

    I receive compliments from senior leadership when I present—all directly related to feedback I received from my SANS faculty research advisors. When SANS.edu advertises that the program changes careers, this is a concrete example—it's the best graduate program on the planet.

    Jim HorwathDirector of Security Engineering, Guardian Life | Master's Degree Graduate
  • Slide 3 of 3

    Over the past several months, I have gained practical insight into the challenges of deploying and operating a honeypot, even within a relatively simple environment. AI proved most valuable not as an automated solution, but as a collaborative aid.

    Austin BodolaySenior Data Technician, Microsoft | Bachelor's Degree in Applied Cybersecurity

Student Research & Innovation

Megan Roddie

Master of Science in Information Security Engineering

Megan Roddie’s presentation of her well received master’s degree research paper Automating Google Workspace Incident Response at the SANS DFIR Summit led to an invitation to join the authors of the popular SANS course FOR509: Enterprise Cloud Forensics and Incident Response as a co-author. Her work developing labs for the course gives students realistic, practical hands-on experiences that allow them to approach real-life incidents more effectively.

Read Megan's Story
Megan Roddie

Brian Davidson

Master of Science in Information Security Engineering

For his master’s degree research project, U.S. Marine veteran Brian Davidson created a first-of-its-kind human interface device firewall—a firewall between a keyboard and the computer—that is patent pending. Learn why Brian chose SANS.edu and how his education made him an increasingly valued asset to his employer.

Read Brian's Story
Brian Davidson

Lori Brumm

Bachelor’s Degree in Applied Cybersecurity

Lori Brumm says that working with Internet Storm Center director Dr. Johannes Ullrich was one of the most valuable parts of her internship as a bachelor’s student at SANS.edu. She chose to pursue her bachelor’s degree at SANS.edu to gain a strong competitive advantage in the job market—and because the online options gave this busy mother of three the flexibility she needed to succeed.

Read Lori's Story
Lori Brumm

Quantifying Threat Actor Assessments | Webcast

Andy Piazza, Senior Director of Threat Intelligence at Palo Alto Networks Unit 42 and a graduate of the SANS.edu master’s degree program, discusses his research on quantifying threat assessments in this Webcast with SANS faculty member and Principal Intelligence Analyst for Red Canary Katie Nickels.