InfoSec.pptx: A Longitudinal Study of Speakers, Topics, and Sponsors at Security Conferences in Academia and Industry

Security conferences are important venues at which academics and practitioners share knowledge about new attacks and state-of-the-art defenses. Despite this, researchers have not studied who shares information and about which security topics. To address this, our study characterizes the speakers, sponsors, and topics presented at the most prestigious academic and industry conferences. We collect a longitudinal data set that contains 9,728 abstracts and 1,686 sponsors across 4 academic and 6 industry conferences. There is limited knowledge sharing between industry and academia. Conferences vary significantly in the equality of how talks/authorship is distributed across individuals. The topics of academic and industry abstracts display consistent coverage of techniques within the MITRE ATT&CK framework. Top tier academic conferences, as well as DEFCON and Black Hat, inconsistently address the governance, response and recovery functions of the NIST Cybersecurity Framework. Commercial InfoSec and insurance conferences (RSA, Gartner, Advisen and NetDillgience) cover the framework more consistently. Prevention and detection remain the most common topic of talks, with no clear temporal trend.