Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Who Shares What? An Empirical Analysis of Security Conference Content Across Academia and Industry

Lukas Walter, Clemens Sauerwein, Daniel W. Woods

TL;DR

This study addresses who speaks at major security conferences and what topics dominate, identifying gaps in cross-domain information sharing between academia, information security practitioners, and cyber insurance. Using a longitudinal dataset of 9,728 abstracts and 1,686 sponsors across 10 conferences (2014–2022) and a two-stage NLP pipeline mapping content to MITRE ATT&CK and NIST CSF, the authors quantify speaker distribution, sponsorship patterns, and topic coverage. Validation shows the GPT-based mapping captures meaningful signal but with notable noise and imperfect agreement with cosine similarity, underscoring the challenges of mapping free-form text to high-level frameworks. Key findings include limited cross-domain sharing, inequality in speaking opportunities, and defensive talk dominance with industry conferences emphasizing governance and recovery, suggesting opportunities for organizers to broaden participation and topic diversity. The openly released dataset and code enable replication and extension, positioning security conferences as a valuable but improvable channel for information sharing.

Abstract

Security conferences are important venues for information sharing, where academics and practitioners share knowledge about new attacks and state-of-the-art defenses. Despite their importance, researchers have not systematically examined who shares information and which security topics are discussed. To address this gap, our paper characterizes the speakers, sponsors, and topics presented at prestigious academic and industry security conferences. We compile a longitudinal dataset containing 9,728 abstracts and 1,686 sponsors across four academic and six industry conferences. Our findings show limited information sharing between industry and academia. Conferences vary significantly in how equitably talks and authorship are distributed across individuals. The topics of academic and industry abstracts display consistent coverage of techniques within the MITRE ATT&CK framework. Top-tier academic conferences, as well as DEFCON and Black Hat, address the governance, response, and recovery functions of the NIST Cybersecurity Framework inconsistently. Commercial information security and insurance conferences (RSA, Gartner, Advisen and NetDiligence) more consistently cover the framework. Prevention and detection were the most common topics in the sample period, with no clear temporal trends.

Who Shares What? An Empirical Analysis of Security Conference Content Across Academia and Industry

TL;DR

This study addresses who speaks at major security conferences and what topics dominate, identifying gaps in cross-domain information sharing between academia, information security practitioners, and cyber insurance. Using a longitudinal dataset of 9,728 abstracts and 1,686 sponsors across 10 conferences (2014–2022) and a two-stage NLP pipeline mapping content to MITRE ATT&CK and NIST CSF, the authors quantify speaker distribution, sponsorship patterns, and topic coverage. Validation shows the GPT-based mapping captures meaningful signal but with notable noise and imperfect agreement with cosine similarity, underscoring the challenges of mapping free-form text to high-level frameworks. Key findings include limited cross-domain sharing, inequality in speaking opportunities, and defensive talk dominance with industry conferences emphasizing governance and recovery, suggesting opportunities for organizers to broaden participation and topic diversity. The openly released dataset and code enable replication and extension, positioning security conferences as a valuable but improvable channel for information sharing.

Abstract

Security conferences are important venues for information sharing, where academics and practitioners share knowledge about new attacks and state-of-the-art defenses. Despite their importance, researchers have not systematically examined who shares information and which security topics are discussed. To address this gap, our paper characterizes the speakers, sponsors, and topics presented at prestigious academic and industry security conferences. We compile a longitudinal dataset containing 9,728 abstracts and 1,686 sponsors across four academic and six industry conferences. Our findings show limited information sharing between industry and academia. Conferences vary significantly in how equitably talks and authorship are distributed across individuals. The topics of academic and industry abstracts display consistent coverage of techniques within the MITRE ATT&CK framework. Top-tier academic conferences, as well as DEFCON and Black Hat, address the governance, response, and recovery functions of the NIST Cybersecurity Framework inconsistently. Commercial information security and insurance conferences (RSA, Gartner, Advisen and NetDiligence) more consistently cover the framework. Prevention and detection were the most common topics in the sample period, with no clear temporal trends.
Paper Structure (29 sections, 24 figures, 5 tables)

This paper contains 29 sections, 24 figures, 5 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. Information Sharing
  4. Advice and Knowledge Sharing
  5. Methodology
  6. Data Collection
  7. Conferences
  8. Data Extraction
  9. Data Analysis
  10. Validation
  11. Open Science & Ethics
  12. Results
  13. Conference Statistics
  14. Speaker Statistics
  15. Content of Talks
  16. ...and 14 more sections

Figures (24)

  • Figure 1: Two-stage classification process. In the first stage, GPT-based natural language processing is used to classify abstracts. In the second stage, both GPT and cosine similarity are applied to map abstracts to cybersecurity frameworks.
  • Figure 2: Number of talks presented at each conference from 2014 to 2022.
  • Figure 3: Top sponsors of academic conferences aggregated over time (2014–2022). Numbers above the bars indicate sponsorship tier of each sponsor.
  • Figure 4: Relationship between speaker slots and sponsor slots at the Black Hat conference (2014–2022). Each point represents a company, with the x-axis showing speaker slots and the y-axis showing sponsor slots.
  • Figure 5: Number of talks per individual for the 30 most frequent speakers from 2014 to 2022 across industry, academic, and insurance conferences.
  • ...and 19 more figures